Newsletter October Now 253 Members Strong

Transcription

1 Newsletter October 2014 Welcome to this first edition of our new look monthly newsletter. In this regular communication you will find what is happening within our membership and chapter, with additional news from ISACA International. We aim to help you get the best from your membership and support you with your career development. Who Do You Think We Are? Are you aware we have been growing? From our humble Special Interest Group beginnings back in 2008 to the current day chapter, our membership has been steadily increased over the past 6 years to a total of 253. Many of our members have been with ISACA for a number of years plus we also have a good balance of new member join us as well. All are welcome. Now 253 Members Strong ISACA Service Category Members Unclassified (< 3 years) 98 Bronze (3-4 years) 58 Silver (5-9 years) 58 Gold (10-14 years) 24 Platinum (15+ years) 14 This is a map of our current member s working locations. As you can see our catchment area stretches across the South of England and we even have members in Wales. Also noted we have members working in Edinburgh, Liverpool, Manchester and even abroad. Our membership comes from many industry sectors and spreads across many professions and their associated positions (more on this subject in the next month s newsletter). For more information please contact Simon Reeves Membership Director at membership@isaca-winchester.net. Monthly Meetings Current Agenda For this year, we plan to alternate between our two main location of Serco s Discovery House in Hook and the BDO Office in Southampton to help you plan your visits in advance. There is ample free parking at both locations.

2 Date Topic Company Speaker Location 19-Nov-14 Next Generation Security and The Kill Chain Palo Alto Networks Stephen Arnold Southampton 10-Dec Jan Feb Mar Apr-15 TBA Seeking New Employees and Job Hunting 101 Also CV Clinic CxO Level Cyber Awareness And Assessment Tool-Kit Information Risk Leadership Council Advanced Resource Managers Alex Stille Damian Hicklin Hook Gartner Chris McLoughlin Hook Southampton Insider Threat ISACA Winchester Mark Henshaw Southampton The State of Security Pen Test Partners Ken Munro Hook 20-May-15 Securing The Network Through Behaviour Anomaly Detection ChemringIT Roke Manor Research Peter Lockhart Southampton 17-Jun-15 Chapter AGM ISACA Winchester Board Hook Note - speakers can change prior to meeting date so please check our website for updates Remember attending a chapter meeting allows you to claim CPE points against the speaker s presentation. Notes From Our October s Meeting ISACA Cybersecurity Nexus CSX, delivered by Steven Babb, was a fascinating insight into how ISACA are planning to address the cybersecurity skills gap. Earlier this year a report by Symantec indicated that there were around a million open information security vacancies globally and that many of these were likely to go unfilled as there were not enough skilled personnel available. The new Cybersecurity Fundamentals certification will provide recognition to those new to the field with 0-3 years experience. The certification has 5 domains - Cyber Concepts, Cyber Architecture, Security of Networks Systems, Applications and Data plus Incident Response and Security of Evolving Technology. There are plans to supplement this with a Cybersecurity Practitioner certification in 2015 for those with 3-5 years experience and as a planned progression path after that, the existing Certified Information Security Manager (CISM), recalls Simon Reeves who attended the event. If you have any additional feedback or comments you would like to share with us about your experience at future meetings, please let us know. *Call for new speakers* We are constantly on the lookout for new and interesting speakers to fill our meeting agenda. If you would like the opportunity to present, with the associated CPE, or know of a non-member / local company that would of interest to our membership, please contact Philip Katz - Education Chair at events@isaca-winchester.net.

3 Special Events/ Information ISACA Winchester Special Event On April 25 th this year we held a Penetration Testing Workshop attended by over 30 chapter members. The event was a great success, and provided the membership with an opportunity to try out a number of software tools on staged targets provided by Pen Test Partners. We plan to hold another special event in March 2015, this time we will look at website vulnerabilities and use the Kali tool-set to demonstrate how to identify, exploit and fix security gaps. If this is something that would be of interest to you then please Alex Krupa - ISACA Winchester Chapter Program Chair at program@isaca-winchester.net. UK Government Cyber Essentials Scheme Did you know that a large number of organisations struggle to even get the security basics in place, and that simple boundary protection, user access control, malware protection, and patch management is not really business as usual practice. These are simple and well understood controls that as ISACA professionals we should all understand. In an effort to identify and fix the security control gaps that continue to exist within their supply chain, the UK Government in cooperation with industry partners, produced the Cyber Essentials Scheme assurance framework setting out requirements for basic technical protection from cyber-attacks. The scheme is available in two flavours; Cyber Essentials which is self-assessed targeting SMEs, and Cyber Essentials Plus which is independently assessed and aimed at larger organisations. It's only a matter of time before many organisations will expect their suppliers to have this level of assurance, so if you do work in an organisation that is struggling with the security basics, and you are looking for a lever to gain investment in a stalled security program, or to support a vital security project, then perhaps the UK Government has done you a favour. You may be able to cite the Cyber Essentials Plus assurance scheme as a benchmark and recommend that your organisation must meet this to compete in the future. If this topic is something you are interested in and would like expanded further at a chapter meeting then please Phil Katz the ISACA Winchester Events Chair at events@isaca-winchester.net. Spotlight On Member s Activities Chris Cooper Professional Standards and Career Management Committee This month we spotlight on Chris Cooper, a Winchester Chapter member, who also sits on ISACA s International Professional Standards and Career Management Committee. Chris says This is my third term on the Professional Standards and Career Management Committee (PSCMC), where we are charged with developing the IS Audit and Assurance Standards/Guidelines and Career Management products. As well as having oversight over the Academic Sub-Committee and the development of certification study materials. In my time on the committee we have produced updated versions of both the Audit Standards and Guidelines, as well as taking on responsibility for career management and importantly to me, extended our scope to include information/cyber security as well as auditing. Through this we have involvement from students studying to join the profession, to maintaining the standards of our profession and the existing members.

4 ISACA Research ISACA International are always looking for your support as Subject Matter Experts (SME) to help develop its research material. This is a great opportunity to use your knowledge to help shape your industries future plus an alternative method of accumulating CPEs. Current ISACA Research Opportunities Audit/Assurance Programs We will begin work on the updating of the COBIT 4.1 Business/Technology audit programs using the new template created in COBIT 5 for Assurance. Looking for SMEs as well as program developers for this project. Ongoing. DevOps Series Looking for SMEs as well as writers for these white papers. Work to begin in December Getting Started With Governance This white paper will focus on the core concepts of governance and the practical aspects of implementing a governance framework. It is scheduled to be issued in the first quarter of Internal Controls This white paper will attempt to clarify the issue of using and implementing internal controls and using the COBIT framework. It will also address the move from having control objectives to governance and management practices in COBIT 5. This publication is scheduled to be available in the first quarter of 2015 Operational Risk Management/Basel Using COBIT 5 This book will provide an update of the existing publication IT Control Objectives Basel II to align it with COBIT 5 and related publications. Concepts will be updated to reflect the current state of the technology, challenges, risk and necessary assurance practices. The work will begin in the first quarter of If you are interested in getting involved or supporting ISACA International research programs, please contact Arnie Bates - Research Director at research@isaca-winchester.net for the current opportunities Membership Renewal Now Open It is that time of year again and membership renewals are currently open. We hope you will continue your membership and carry on receiving all the excellent benefits ISACA has to offer you. Fancy Some Tax Relief? As another little incentive we have just received this news from HMRC: - With effect from 6th April 2014, tax relief is available to members of the ISACA Winchester Chapter in respect of the local Chapter Due. Tax relief is not available for the membership of ISACA International. If you require more information please contact Adam Hopkins - Vice President at vpres@isacawinchester.net Do You Want To Help Save The Planet? Did you know you can opt out of receiving a paper copy of ISACA Journal and access the digital versions instead? The ISACA Journal digitals editions are available as an on-line version, as an app

5 for Android devices and the Kindle Fire, in addition to Apple devices. This opt out option is available to you as part of the profile update section within the membership renewal process on the ISACA site. Hope you all have a great Halloween and safe Bonfire Night. If you have any suggestions or feedbacks for the next newsletter, please do not hesitate to contact me Graham Carter CISA, CGEIT - Newsletter Editor