Learn How to Increase the Awareness of Risk Management at Your Enterprise
|
|
- Lester George
- 6 years ago
- Views:
Transcription
1 Volume 22, 24 October 2012 Learn How to Increase the Awareness of Risk Management at Your Enterprise 5 Considerations for Choosing an MDM Solution ISACA Member Recognized for His Information Security Initiative Provide Flexible, Customizable On-site Training Grow by Synchronizing Personal and Professional Goals Book Review: IT Auditing: Using Controls to Protect Information Assets, 2 nd Edition Learn How One Member Finds Value in the Knowledge Center Learn How to Increase the Awareness of Risk Management at Your Enterprise Attend ISACA s Risk Workshops Are you looking to raise awareness of risk management concepts and techniques to enable your enterprise to identify risk and develop an appropriate plan to manage potential threats? ISACA s 2-day risk-related workshops in New York, USA, may be right for you. 5 Considerations for Choosing an MDM Solution Many professionals are being asked to provide recommendations for evaluating mobile device management (MDM) solutions. This is a rapidly growing area, so here are 5 important business and technical elements to consider.
2 ISACA Member Recognized for His Information Security Initiative ISACA congratulates Khawaja Faisal Javed, CISA, CRISC, CBCP, on winning the Senior Information Security Professional Category at the 6 th annual Asia-Pacific Information Security Leadership Achievements (ISLA) Awards in Tokyo, Japan. Provide Flexible, Customizable On-site Training ISACA On-site Training provides a flexible, customizable solution to align with your specific needs. Whether for a small group or an entire organization, ISACA s On-site Training team will develop a focused training plan to meet your objectives. Grow by Synchronizing Personal and Professional Goals Leroy Reynolds, CISA, CISM, CRISC, CIA, CISSP, Shares His Experiences I was in information systems development for many years and had always wanted to get into IT auditing. With the CRISC certification, it was easier to synchronize my personal goals with my professional goals, and I now enjoy working in IT auditing very much. Book Review: IT Auditing: Using Controls to Protect Information Assets, 2 nd Edition Reviewed by Dauda Sule, CISA This book covers IT auditing and control with an update on audits involving mobile devices and cloud computing.
3 Learn How One Member Finds Value in the Knowledge Center Ian Cooke Shares His Experiences as a Topic Leader Collaboration and experience have been crucial to make the Knowledge Center a site that bridges IT security, risk and governance knowledge and professionals from all industries. ISACA provides guidance, in a wide range of ways, in addition to frameworks and standards. The Knowledge Center makes these useful resources accessible for all ISACA members. Learn How to Increase the Awareness of Risk Management at Your Enterprise Attend ISACA s Risk Workshops Are you looking to raise awareness of risk management concepts and techniques to enable your enterprise to identify risk and develop an appropriate plan to manage potential threats? ISACA s 2-day risk-related workshops in New York, New York, USA, may be right for you. A Pragmatic Approach to Information Risk Management and Security on 6-7 November will explore the concepts of developing an information security and risk management strategy, the structure and associated functions of an information security program, threat and vulnerability analysis concepts and methodologies, and metrics and measures for effective information security governance. You will examine key areas and concepts and the business benefits that they provide. A Risk-based and Business-aligned Approach to Protecting Information Infrastructure and Assets on 8-9 November will explore the current and future states of information risk management and security. You will discuss the development of information and risk management and security strategies and programs, cultural considerations and development, threat and vulnerability management, business resiliency, metrics and measures for risk management, and security programs and
4 capabilities. Register now for A Pragmatic Approach to Information Risk Management and Security and/or A Risk-based and Business-aligned Approach to Protecting Information Infrastructure and Assets on the ISACA web site. 5 Considerations for Choosing an MDM Solution By John P. Pironti, CISA, CISM, CGEIT, CRISC, CISSP, ISSAP, ISSMP Many professionals are being asked to provide recommendations for evaluating mobile device management (MDM) solutions. A number of vendors, solutions and technologies are available in the global marketplace that provide a broad range of MDM capabilities and solutions. This is a rapidly growing area, so here are 5 important business and technical elements to consider. 1. What levels of capability and control are actually required? Each enterprise will have its own view on the level of control and access that it would like to have on mobile devices. Often security professionals seek a broad and extensive range of capabilities and controls when choosing an MDM solution. In many cases though, enterprises require and/or desire only a basic set of controls for the majority of their users and use cases. The best way to find a balance between these two differing points of view is to perform a threat and vulnerability analysis of your mobile device solutions to identify the appropriate control objectives and functionality. 2. What MDM functionality can you actually support and use on an ongoing basis? MDM solutions are constantly being advanced with new functions and capabilities. Some beneficial and appealing features, such as security analytics and mobile application management, may require full-time staff and extensive resources to be effectively utilized. Dedicating full-time, or even significant amounts of part-time, staff is often not desirable or even possible for many enterprises. 3. If you are managing personally owned devices, what level of capability do you want to have on these devices? MDM solutions can assist enterprises in providing operational support and security policy enforcement for the use of personal mobile devices to access corporate resources (bring your own device [BYOD]). Technologists and information security professionals are quick to point out the benefits of their use for this purpose, but often overlook the legal and cultural impacts that MDM solutions can create. It is important to consult with all stakeholders during the requirements-gathering stage of evaluation to ensure that
5 you have an understanding of the limitations or controls each would like put in place for the use of MDM solutions. This will ensure that your enterprise is not exposing itself to unwanted liability, risk and privacy concerns. It will also help to ensure that the users are educated about your capabilities and amenable to the level of control you have on their personal devices in a BYOD scenario. 4. Are your current MDM solutions good enough? When evaluating MDM solutions, it is important to evaluate the current solutions capabilities, whether in use or available. Many enterprises find that these solutions, while not ideal, meet a majority of their MDM business requirements and technical control objectives. Microsoft Active Synch, for example, is offered to enterprises as part of their Microsoft Exchange Server implementation. Active Synch provides MDM functionality, such as password policy enforcement, requirement for use of encryption for data at rest and in transit to the Exchange Server, and remote device data wipe for Active Synch-enabled mobile devices. For many enterprises, this level of capability and functionality is considered acceptable for the majority of their mobile-user population. While more advanced MDM solutions may be considered ideal because they provide features above and beyond this level of functionality, the total cost of ownership associated with them (e.g., license, maintenance, infrastructure, staff and support costs) may make the acceptable solution more palatable. 5. Can the MDM solution effectively manage the mobile devices you want to support? MDM solutions typically require software agents that require highly privileged access to the mobile device s operating system and associated applications to be installed and active on target devices. Unfortunately, some of the most popular mobile devices severely limit the functionality of most MDM software agents. While many MDM solution vendors are attempting to overcome these challenges, they are unlikely to be successful without a shift in strategy and approach from the mobile device manufacturers. It is important to ensure your minimum business and technical requirements can be met by the MDM solution for all popular mobile platforms that you plan on leveraging, especially if you plan to implement a BYOD approach to their use in your enterprise. John P. Pironti, CISA, CISM, CGEIT, CRISC, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC.
6 ISACA Member Recognized for His Information Security Initiative ISACA congratulates Khawaja Faisal Javed, CISA, CRISC, CBCP, on winning the Senior Information Security Professional Category at the 6 th annual Asia-Pacific Information Security Leadership Achievements (ISLA) Awards in Tokyo, Japan. This award from (ISC) 2 recognizes outstanding leadership and achievement in workforce improvement of information security and management professionals in the region, based on their contribution to the enhancement of the information security workforce by demonstrating a leadership role in any information security workforce improvement initiative, program or project. Khawaja s distinguished workforce initiative was achieved due to his leadership role in designing and conducting several certification courses on information security and related topics, training approximately 2,000 professionals in the field for more than 300 organizations across the globe, and serving the security community with volunteer research. Khawaja is manager of operations and information and communication technology (ICT) products for SGS Pakistan (Pvt.) Limited (a subsidiary of SGS S.A. based in Switzerland). Khawaja is responsible for controlling the day-to-day activities related to overall auditing and training operations in systems and services certification in Pakistan. Furthermore, he is handling the management, execution and development of auditors and trainers in the ICT products (ISO 27000, ISO and BS 25999) division in Pakistan and other Gulf Cooperation Council (GCC) countries. Provide Flexible, Customizable On-site Training Do you manage a training budget that you want to maintain and would like to use toward next year s training? Or, perhaps you are preparing for end-of-the-year training and want to get your needs addressed as soon as possible. ISACA On-site Training provides a flexible, customizable solution to align with your specific needs. What to expect? ISACA training delivers:
7 Value Train groups of 10 or more in a single session for one flat fee. Eliminate high travel costs. Customization Tailor training to your specific requirements. You choose the topic, location and course length. Experienced instruction Receive high-quality training and expertise from ISACAaccredited trainers. Whether it is training a small group or an entire organization, ISACA s On-site Training team will develop a focused training plan to meet your objectives. Learn more about available courses on such topics as COBIT, IT risk, governance, security, audit and assurance. Visit the On-site Training page of the ISACA web site or contact onsitetraining@isaca.org with your training needs. Grow by Synchronizing Personal and Professional Goals Leroy Reynolds, CISA, CISM, CRISC, CIA, CISSP, Shares His Experiences In the field of IT auditing, The best part about my job is learning about new and emerging technologies and assessing their impact on the enterprise when those get deployed. Working with management in addressing probable threats associated with linking legacy technologies with new technologies, even though it can be risky, offers some of the greatest rewards, when implemented properly, Leroy Reynolds says. Over the years, auditing has remained a critical interest in Reynolds career. Having a career road map in place was very important to him and selecting a certification path was a critical next step. I was in information systems development for many years and had always wanted to get into IT auditing. With the Certified in Risk and Information Systems Control (CRISC ) certification, it was easier to synchronize my personal goals with my professional goals, and I now enjoy working in IT auditing. The risk-related certification has provided a good source of opportunities for interacting with multiple groups within and outside my organization, as well as helping me to ensure a continued improvement and refinement on how to approach each audit in terms of planning, executing and reporting on issues based on threats.
8 From a more personal perspective, Reynolds explains that the successful completion of the CRISC certification was gratifying and the recognition from my peers was also very uplifting. CRISC is recognized throughout the world and in many professional bodies and social networking platforms where I share knowledge and information with peers and others with similar interests. CRISC provides a great opportunity not only to share, but to learn from others. Once Reynolds achieved his professional goal of becoming a CRISC, he put these risk management concepts into practice in his personal life. The principles covered in the CRISC courses are applicable to life outside of the profession. If I am negotiating a loan or buying a property or automobile, the knowledge I have gained as a result of achieving the CRISC certification helps me to focus on the risk associated with any of these transactions. Frankly, these principles and practices are not only relevant to information systems professionals, but can in fact be applied to any discipline or circumstance. Reynolds has found it gratifying to keep a balance between his personal plans and his professional objectives. Challenges within my job have been opportunities for improvement. It is rewarding to obtain good results when you have concentrated on keeping abreast of emerging threats related to new technology deployment. CRISC certification has helped me to do a better job in identifying and ranking the risk associated with new technology deployment and has provided a framework for addressing key areas of risk within the IT environment. Book Review: IT Auditing: Using Controls to Protect Information Assets, 2 nd Edition Reviewed by Dauda Sule, CISA The second edition of IT Auditing: Using Controls to Protect Information Assets, by Chris Davis, Mike Schiller and Kevin Wheeler covers IT auditing and control with an update on audits involving mobile devices and cloud computing. In fact, even the foreword, although brief, is a beneficial read for anyone interested in auditing. IT Auditing: Using Controls to Protect Information Assets, 2 nd Edition is targeted toward IT auditors and the IT audit function. The book provides a clear and practical approach to the topic. The authors, for example, suggest that IT auditors and IT audit teams refer to their auditees as customers encouraging auditors to be friendlier and be seen as such. The book reminds auditors that they are supposed to help the enterprise s
9 development by plugging loopholes that can lead to losses and are not there simply to highlight mistakes without actively participating in proffering solutions. The book is subdivided into 3 parts and has 18 chapters. The 1 st part (Audit Overview) provides guidance to IT auditors based on best practices on how to carry out their function in a way that would be cherished by their employers (whether internal or external). Part 2, Auditing Techniques, offers a guide on how and why to perform the IT audit function, ensuring that the auditor comprehends why each task is carried out and, thereby, ensuring more efficiency. Frameworks, standards and regulations, such as COSO, COBIT, ITIL, ISO 27001, the US Sarbanes-Oxley Act and the Payment Card Industry Data Security Standard (PCI DSS), are discussed in the third part. The book is a useful guide and good reference for IT auditors and auditing trainers (including academics and researchers) in the field of information security, audit, assurance and control. The book is also useful for top management of enterprises, government agencies and anyone with an interest in IT audit. IT Auditing: Using Controls to Protect Information Assets, 2 nd Edition is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in the latest issue of the ISACA Journal, visit the ISACA Bookstore online or bookstore@isaca.org. Dauda Sule, CISA, is marketing manager at Audit Associates Limited, a consultancy firm that specializes in designing and organizing training programs pertaining to auditing, fraud detection and prevention, information security and assurance, and antimoney laundering. Sule has more than 5 years of experience in the Nigerian banking industry and previously worked as a systems security and assurance supervisor for Gtech Computers (a computer and allied services company). Learn How One Member Finds Value in the Knowledge Center Ian Cooke Shares His Experiences as a Topic Leader Q: How were you introduced to the Knowledge Center? A: I was preparing for an audit in an area that I was not that familiar with at the time IT governance and found a wealth of information on the ISACA web site and specifically in the Knowledge Center.
10 Q: In your opinion, what makes the Knowledge Center a valuable resource for ISACA members? A: Collaboration and experience have been crucial in making the Knowledge Center a site that bridges IT security, risk and governance knowledge and professionals from all industries. ISACA provides guidance, in a wide range of ways, in addition to frameworks and standards. The Knowledge Center makes these useful resources accessible for all ISACA members. Q: What made you decide to become a topic leader? A: I was impressed by some of the speakers at the European Computer Audit, Control and Security (EuroCACS) Conference in 2011 and decided that I too should volunteer in some capacity. Being a topic leader provides me an opportunity to give back to the profession. Q: How did you choose your topic? A: As is probably the case for most topic leaders, it was the subject I felt most comfortable with. For me, it has worked well to concentrate and provide my input on a single subject matter. Q: What is one thing you wish all ISACA members knew about the Knowledge Center? A: The Knowledge Center is supported by topic leaders on a voluntary basis. Topic leaders do so because they are passionate about the subject matters, are willing to share their experiences and enjoy helping other members. Q: Which feature do you wish was used more? A: The User Contributed External Links feature. If all members contributed external links, this feature would become the go-to resource for related topics on the web. Q: Any parting words of advice to those who have not yet visited the Knowledge Center? A: Give it a go; you have nothing to lose! Once you have embraced the site, contact me with questions. As a topic leader, it would be my pleasure to help ISACA. All rights reserved.
BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW
BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW BECOME AN ISACA MEMBER TODAY. Nearing its 50th year, ISACA is a global association helping individuals and enterprises achieve the positive potential
More informationBRING EXPERT TRAINING TO YOUR WORKPLACE.
BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique
More informationMY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.
MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE. TIMO HEIKKINEN, CISA, CGEIT SENIOR AUDIT SPECIALIST, NORDEA HELSINKI, FINLAND ISACA MEMBER SINCE 1999 ABOUT US BE MORE INFORMED, VALUED
More informationWELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT
WELCOME TO ISACA 2015 Claudio CILLI, CISA, CISM, CRISC, CGEIT cilli@di.uniroma1.it http://dsi.uniroma1.it/~cilli WHO IS ISACA? ABOUT ISACA The trusted source of guidance, networking and career development
More informationTop Business/Technology Issues Survey 2011
Volume 9, 27 April 2011 In This Issue: Top Business/Technology Issues Survey 2011 Results Released 5 Considerations When Evaluating ISRM Programs and Capabilities Now Available in the Apple App Store:
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationbuilding for my Future 2013 Certification
I am building for my Future 2013 Certification Let ISACA help you open new doors of opportunity With more complex IT challenges arising, enterprises demand qualified professionals with proven knowledge
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationISACA International Perspective
ISACA International Perspective 11 th October 2013 Allan Boardman ISACA International Vice President and Board Director Member of ISACA s Strategic Advisory Council Member of the IT Governance Institute
More informationCOURSE BROCHURE CISA TRAINING
COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within
More informationEffective COBIT Learning Solutions Information package Corporate customers
Effective COBIT Learning Solutions Information package Corporate customers Thank you f o r y o u r interest Thank you for showing interest in COBIT learning solutions from ITpreneurs. This document provides
More informationISACA Enterprise. Solutions and Resources
ISACA Enterprise Solutions and Resources About ISACA Global association serving 140,000 members and certification holders Members in 180+ countries; 210+ chapters worldwide Developed and maintains the
More information5 Ways to Limit Data Leakage and Exposure
Volume 3, 2 February 2011 In This Issue: 5 Ways to Limit Data Leakage and Exposure The Joy of Item Writing The Review Process Uncover Renewed Perspectives to Identity Management at Asia-Pacific CACS 2011
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018
GLOBAL ICT CAPACITY BUILDING SYMPOSIUM ITU CBS SANTO DOMINGO 2018 Digital Capacity Building: Role of the University 18 20 June 2018 Santo Domingo, Dominican Republic Dr. Nizar Ben Neji Faculty of Sciences
More informationInvest in. ISACA-certified professionals, see the. rewards.
Invest in ISACA-certified professionals, see the rewards. Invest in ISACA-certified professionals, see the rewards. As a global IT association that has been around for more than 40 years, ISACA provides
More informationFramewOrk to DeSign and implement ifc
Marketing Partner Hotel Radisson GRT, 15 Leveraging COSO internal COntrOLS FramewOrk to DeSign and implement ifc 8 CPE Hours Networking Opportunities Qualified CIA Faculty about the Seminar The COSO Internal
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationThe President s Message 3. ISACA Karachi Chapter Presentation Flyer 5. ISACA Karachi Chapter Presentation Report 6. ISACA Book Store Update 9
Table of Content Editor Absar Khan The President s Message 3 ISACA Karachi Chapter Presentation Flyer 5 ISACA Karachi Chapter Presentation Report 6 ISACA Book Store Update 9 ISACA International News /
More informationแนวทางการพ ฒนา Information Security Professional ในประเทศไทย
แนวทางการพ ฒนา Information Security Professional ในประเทศไทย โดย Thailand Information Security Association (TISA) Agenda 1) Global Information Security Professional Situation 2) Current Thailand Information
More information2018 CALENDAR OF ACTIVITIES
2018 CALENDAR OF ACTIVITIES WHO WE ARE AND WHAT WE OFFER Ý Public Trainings Technical Sessions Reviews GMM Other Chapter Activities Conferences Professionals Night ISACA was incorporated by individuals
More informationCOBIT 5 Foundation Workshop
COBIT 5 Foundation Workshop Dear Members, ISACA Pune chapter is pleased to organize Two / Three Days COBIT-5 Foundation course Dates of Training & Workshop: Date: Friday, 19 th Dec 2014 and Saturday, 20
More informationOperations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ
Operations & Technology Seminar Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Roundtable Crowne Plaza Monroe, Monroe Township, NJ Tuesday, November 8, 2016
More informationMohammad Shahadat Hossain
Mohammad Shahadat Hossain Principal Security Architect at Grameenphone Limited Summary Has extensive knowledge and experience on following:- NIST Cyber Security Framework SANS Top 20 Security Control Network
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationPROFILE FRANCIS KAITANO. Francis Kaitano is a strategic, innovative, delivery focused Cyber Security professional.
PROFILE FRANCIS KAITANO Francis Kaitano is a strategic, innovative, delivery focused Cyber Security professional. Originally from Zimbabwe Francis Kaitano came to New Zealand more than 10 years ago for
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationImplementation PREVIEW VERSION
Implementation These following pages provide a preview of the information contained in COBIT 5 Implementation. The publication provides a good-practice approach for implementation governance of enterprise
More information2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers
2017 PORT SECURITY SEMINAR & EXPO ISACA/CISM Information Security Management Training for Security Directors/Managers Agenda Introduction ISACA Information security vs. cybersecurity CISM certification
More informationApplication for Certification
Application for Certification Requirements to Become a Certified Information Security Manager To become a Certified Information Security Manager (CISM), an applicant must: 1. Score a passing grade on the
More informationAPNIC 35 Conference Sponsorship Proposal
35 CONFERENCE SINGAPORE 9 February - March 03 APNIC 35 Conference Sponsorship Proposal APNIC, the Asia Pacific Network Information Centre, offers a wide range of sponsorship opportunities for the APNIC
More informationCERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS
CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS Good IT governance is a key element of a well-performing enterprise. Enterprises need qualified information
More informationWhat Makes PMI Certifications Stand Apart?
What Makes PMI Certifications Stand Apart? Many certifications exist for managers that claim to offer practitioners and organizations a number of benefits. So, why are PMI certifications unique? PMI certifications
More informationIS Audit and Assurance Guideline 2002 Organisational Independence
IS Audit and Assurance Guideline 2002 Organisational Independence The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards
More informationMapping PCI DSS v2.0 With COBIT 4.1 By Pritam Bankar, CISA, CISM, and Sharad Verma
Volume 2, April 2011 Come join the discussion! Pritam Bankar and Sharad Verma will be responding to questions and comments in the discussion area of the COBIT Use It Effectively topic beginning 21 April
More informationA Global Look at IT Audit Best Practices
A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory
More informationBENEFITS of MEMBERSHIP FOR YOUR INSTITUTION
PROFILE The Fiduciary and Investment Risk Management Association, Inc. (FIRMA ) is the leading provider of fiduciary and investment risk management education and networking to the fiduciary and investment
More informationWHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.
Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationThe Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA
The Experience of Generali Group in Implementing COBIT 5 Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA Generali Group at a glance Let me introduce myself Marco Salvato CISA, CISM, CGEIT,
More informationTHE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :
THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY 18 2017: INFORMATION SYSTEM AUDIT AND SECURITY MANAGEMENT ( 2 DAYS) MAY 15 AND 16 o INFORMATION
More informationROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.
ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success. ROI for Your Enterprise Through ISACA With the growing complexities of global business and
More informationISSEP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: March 2018 About CISSP-ISSEP The Information Systems Security Engineering Professional (ISSEP) is a CISSP who specializes in the practical application of systems
More informationSecurity Director - VisionFund International
Security Director - VisionFund International Location: [Europe & the Middle East] [United Kingdom] Category: Security Job Type: Open-ended, Full-time *Preferred location: United Kingdom/Eastern Time Zone
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationCOBIT 5 Foundation Certification Training Course - Brochure
COBIT 5 Foundation Certification Training Course - Brochure The Next Level of IT Security Governance Course Name : COBIT 5 Foundation Version : INVL_Cobit5_BR_02_081_1.1 Course ID : ITSG-130 www.invensislearning.com
More informationBusiness Process Design and Internal Audit UNIVERSITY OF TEXAS AT DALLAS Course Syllabus Spring 2005
Business Process Design and Internal Audit UNIVERSITY OF TEXAS AT DALLAS Course Syllabus Spring 2005 Instructor: Mark Salamasick, CIA, CISA, CSP Course Number: AIM 6380 Semester Hours: 3 Location: SOM
More informationCITP Mentoring Program Guidelines
CITP Mentoring Program Guidelines 1 AICPA CITP Mentoring Program Guidelines 2017 American Institute of CPAs. All rights reserved. DISCLAIMER: The contents of this publication do not necessarily reflect
More informationExam Requirements v4.1
COBIT Foundation Exam Exam Requirements v4.1 The purpose of this document is to provide information to those interested in participating in the COBIT Foundation Exam. The document provides information
More informationCYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD
CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationWorkshop description
Workshop description COBIT5 for Assurance With information and technology at the heart of creating value for enterprises, it is more important than ever for organizations to optimize their IT assurance
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationINFORMATION TECHNOLOGY AUDIT &
One day training on INFORMATION TECHNOLOGY AUDIT & 10 th May 2018 - Mövenpick Hotel, Karachi 14 th May 2018 - Sunfort Hotel, Lahore (10:00 AM to 5:00 PM) TRAINING OVERVIEW Every time people get to hear
More informationISACA MANILA CHAPTER CALENDAR OF ACTIVITIES
MANILA CHAPTER 2017 CALENDAR OF ACTIVITIES 2017 MANILA CALENDAR OF ACTIVITIES GMM Professionals Night Public Trainings Reviews Conferences Technical Session & MANILA PROFILE HISTORY AND MISSION Who we
More informationReasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS
Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS Overview Certification review Organizational needs Individual needs Get paid more! See the world! CISSP requirements Common Body of Knowledge
More informationCISA Training.
CISA Training www.austech.edu.au WHAT IS CISA TRAINING? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationISACA MANILA CHAPTER CALENDAR OF ACTIVITIES
MANILA CHAPTER 2017 CALENDAR OF ACTIVITIES 2017 MANILA CALENDAR OF ACTIVITIES GMM Professionals Night Public Trainings Reviews Conferences Technical Session & MANILA PROFILE HISTORY AND MISSION Who we
More informationOpportunities to Integrate Technology Into the Classroom. Presented by:
Opportunities to Integrate Technology Into the Classroom Presented by: Mark Salamasick, CIA, CISA, CRMA, CSP Executive Director of Audit University of Texas System Discussion Topics Internal Audit Textbook
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationIT Audit Essentials. Date: 10 th 12 th March 2015 Time: 9 am to 5.30 pm Venue: Iverson Associates, Center Point Bandar Utama, Kuala Lumpur
IT Audit Essentials Date: 10 th 12 th March 2015 Time: 9 am to 5.30 pm Venue: Iverson Associates, Center Point Bandar Utama, Kuala Lumpur IT Audit Essentials Workshop Overview ISACA Malaysia Chapter is
More informationThe President s Message 3. ISACA Karachi Chapter AGM & Elections Members Event: Cloud Adoption & (Secaas) 11. ISACA Book Store Update 11
Table of Content Editor Absar Khan The President s Message 3 ISACA Karachi Chapter AGM & Elections 2015 5 Members Event: Cloud Adoption & (Secaas) 11 Asia Leadership Conference Asia Pacific CACS ISRM 14
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationISACA MADRID DECEMBER Robert E Stroud CEGIT CRISC International President December 2014
ISACA MADRID DECEMBER 2014 Robert E Stroud CEGIT CRISC International President December 2014 CHANGING DYNAMICS OF BUSINESS Source: http://www.securedgenetworks.com/secure-edge-networks-blog/bid/84023/10-ways-mobile-device-management-can-help-your-school
More informationRequest for Proposal (RFP)
Request for Proposal (RFP) BOK PENETRATION TESTING Date of Issue Closing Date Place Enquiries Table of Contents 1. Project Introduction... 3 1.1 About The Bank of Khyber... 3 1.2 Critical Success Factors...
More informationITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure
ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure Gain Knowledge to Align IT Services to Business Needs US Course Name : CISSP Version : INVL_CISSP_BR_02_089_1.2
More informationVolume 2014, Number 4. Volunteers Needed!
Volume 2014, Number 4 Volunteers Needed! Volunteering for NJ ISACA is a great opportunity to expand your professional contacts and your IT knowledge base. NJ ISACA needs talented professionals like you
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationInternational Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 25 April 2008 International Auditing and Assurance
More informationThe Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.
The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation Tichaona Zororo CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor B.Sc. Honours Information Systems,
More informationEUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE
EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationTRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.
TRAINING WEEK COURSE OUTLINE May 9-13 2016 RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I. Page2 FACILITATOR S BIOGRAPHY John Tannahill, CA, CISM, CGEIT, CRISC is a management consultant specializing
More informationDeanship of Academic Development. Comprehensive eportfolio Strategy for KFU Dr. Kathryn Chang Barker Director, Department of Professional Development
Deanship of Academic Development Comprehensive eportfolio Strategy for KFU Dr. Kathryn Chang Barker Director, Department of Professional Development The new Department of Professional Development (DPD)
More informationBritish Columbia International Academy
Largest Professional Academy Professional Courses Corporate s Short-Duration Public Courses Study In UAE Scholarship Available Multiple Options Design Your Course Proven Track Record Placement Assistance
More informationWorkshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support
Workshop IT Star 2016 IT Security Professional Positioning and Monitoring: e-cfplus support Roberto Bellini AICA-Milan October, 28 th 2016 agenda 1. e-cf standard and the enriched e-cfplus System 2. IT
More informationFill in the attached registration Form and send to fax number or at
Information Security Workshop 7-10 April 2013, Gulf Hotel Key Learning Objectives: 1. Understand Information Security needs 2. Learn About Risk management Essentials 3. Understand Standards and Best Practices
More informationAdvance Your Career. Be recognized as an industry leader. Get ahead of the competition. Validate your expertise with CBIP.
2019 Advance Your Career. Be recognized as an industry leader. Get ahead of the competition. Validate your expertise with CBIP. Get Started Today Be recognized as an industry leader. Distinguishing yourself
More informationBackground of the North America Top Technology Initiatives Survey
Kevin M. Martin, CPA.CITP, MCSE, MCP+I The 2013 North America* Top Technology Initiatives Survey *AICPA and CPA Canada The views expressed by the presenters do not necessarily represent the views, positions,
More informationITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure
ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure Get a Management-level overview of Service Design to advance in your Career Course Name : ITIL SD Version : INVL_ITILSD_BR_02_033_1.2
More informationDUNS CAGE 5T5C3
Response to Department of Management Services Cyber Security Assessment, Remediation, and Identity Protection, Monitoring and Restoration Services Request For Information 131 Guilford Road, Bloomfield
More informationHearing Voices: The Cybersecurity Pro s View of the Profession
SESSION ID: AST2-W02 Hearing Voices: The Cybersecurity Pro s View of the Profession Jon Oltsik Senior Principal Analyst and ESG Fellow Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International
More informationKENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)
KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT) 1. DIRECTOR, LEARNING & DEVELOPMENT - LOWER KABETE Reporting to the Director General, Campus Directors will be responsible for
More informationSALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually
SALARY $49.72 - $72.54 Hourly $3,977.88 - $5,803.27 Biweekly $8,618.75 - $12,573.75 Monthly $103,425.00 - $150,885.00 Annually ISSUE DATE: 03/21/18 THE POSITION DIRECTOR OF CYBER SECURITY OPEN TO THE PUBLIC
More informationYour CONNECTION to the CREDENTIALING COMMUNITY JOIN TODAY
Your CONNECTION to the CREDENTIALING COMMUNITY JOIN TODAY ACHIEVE SUCCESS with ICE ICE has given me a real edge in knowing more about the intricacies of credentialing and connecting with others in the
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationNew Global ITGI Report: Value Creation a Top Priority
Volume 2, 19 January 2011 In This Issue: New Global ITGI Report: Value Creation a Top Priority 5 Steps in Evidence Examination The Joy of Item Writing Writing a Good Question Remembering Past President
More informationPCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1
PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman
More informationISO/IEC ISO/IEC White Paper
White Paper 2 Contents Foreword from Richard Pharro, CEO, APMG 3 Introduction 4 Overview 5 Benefits 8 Conclusion 10 Further information 10 3 Foreword by Richard Pharro, CEO, APMG The close relationship
More informationPresent. 5th May - Chennai. Internal. auditing. today: Beginning Auditor Tools and Techniques. 6 CPE hours.
Present 5th May - Chennai Internal auditing today: Beginning Auditor Tools and Techniques 6 CPE hours www.achromicpoint.com About the Seminar To become a successful auditor, a strong base of knowledge
More informationBring Your Own Device (BYOD)
Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationROJECT ANAGEMENT PROGRAM AND COURSE GUIDE
ROJECT ANAGEMENT PROGRAM AND COURSE GUIDE PROJECT MANAGEMENT CERTIFICATE PROGRAM Further your career and gain an understanding of what it takes to lead a project to successful completion functional skills,
More informationData Security Standards
Data Security Standards Overall guide The bigger picture of where the standards fit in 2018 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a
More informationPredstavenie štandardu ISO/IEC 27005
PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,
More informationHelping you understand the impact of GDPR.
Helping you understand the impact of GDPR. GENERAL DATA PROTECTION REGULATION (GDPR) RSM s GDPR experts GREGOR STROBL Munich, Germany Partner Risk Advisory Services (RAS) Master of Arts (M.A.) in Corporate
More information