5 Ways to Limit Data Leakage and Exposure
|
|
- Prosper Black
- 5 years ago
- Views:
Transcription
1 Volume 3, 2 February 2011 In This Issue: 5 Ways to Limit Data Leakage and Exposure The Joy of Item Writing The Review Process Uncover Renewed Perspectives to Identity Management at Asia-Pacific CACS 2011 ISACA Certifications Bridge the Gap Between IT and the Business Invitation to Participate Application Deadline Near Report Says Best-performing Organizations Are Using COBIT Updated CISA Online Review Course 5 Ways to Limit Data Leakage and Exposure By John P. Pironti, CISA, CISM, CGEIT, CRISC, CISSP, ISSAP, ISSMP 1. Develop a clean-desk policy that includes a clean-white-board policy for conference rooms and public areas. Data leakage and exposure can come from the most obvious and innocent of oversights by personnel who have access to or handle sensitive data. The Joy of Item Writing The Review Process By Alisdair McKenzie, CISA, CISSP An exam item writer supports the development of ISACA exams, and writing items is a rewarding way to get involved and help support the continuation of your profession for years to come. Part 2 of series discusses what is involved in the item review process.
2 Uncover Renewed Perspectives to Identity Management at Asia-Pacific CACS 2011 R. Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, Shares His Experience as an ISACA Speaker R. Vittal Raj will be presenting Auditing Identity Management in Extended Enterprises at this year s Asia-Pacific CACS SM conference to be held in Dubai, UAE, February Raj s session will uncover renewed perspectives to understanding the vulnerabilities to managing identities in extended enterprises. ISACA Certifications Bridge the Gap Between IT and the Business Kathleen Ann Mullin, CISA, CISM, CGEIT, CRISC, CIA, CISSP, Shares Her Experiences With ISACA Certifications The first certification Kathleen Ann Mullin sought was the CISA. What I was doing was based on business experience, compliance and regulatory requirements and best practices. However, I had only one staff member who was a CPA and no other employees with certifications. I knew I needed some external guidance Invitation to Participate Application Deadline Near The invitation to participate application period will close on Friday, 25 February This will be your final opportunity to apply to participate on the ISACA boards, committees and subcommittees.
3 Report Says Best-performing Organizations Are Using COBIT A new report by the IT Policy Compliance Group, titled How the Masters of IT Deliver More Value and Less Risk, reveals findings from research conducted on organizations with the best-performing IT and what they are doing differently with IT to deliver the most value and least risk, compared with all other organizations. According to the report, the masters of IT are using COBIT Updated CISA Online Review Course The CISA Online Review Course has been updated to include the new 2011 CISA certification job practice, which is now in place and posted on the ISACA web site. 5 Ways to Limit Data Leakage and Exposure By John P. Pironti, CISA, CISM, CGEIT, CRISC, CISSP, ISSAP, ISSMP 1. Develop a clean-desk policy that includes a clean-white-board policy for conference rooms and public areas. Data leakage and exposure can come from the most obvious and innocent of oversights by personnel who have access to or handle sensitive data. A clean desk policy will ensure that sensitive information that is being used during the business day is not viewed or removed by unauthorized personnel when not under the direct control of the authorized personnel. A clean-white-board policy (which includes nightly cleaning of conference rooms and public areas) will ensure that sensitive information is not viewed by personnel who are appropriately using facilities but are not authorized to view sensitive data. 2. Implement secure printing. Even in the age of the paperless office, more and more people are printing sensitive materials than ever before. Sensitive documents are often left at communal printers for long periods of time where anyone can read them or collect the printouts. Using secure printing capabilities, such as follow-me printing or PINrequired printing for sensitive documents, will ensure that the printer only activates when the authorized user is near the printer and ready to pick up the printout.
4 3. Implement and maintain an asset inventory. Data leakage and exposure often occur when sensitive or controlled data are unaccounted for and not in the direct control of the data owners. Implementing and maintaining an asset inventory of both physical and logical data assets will allow an organization to identify and classify data and apply appropriate controls. 4. Implement trust-but-verify policies and procedures for sensitive data. The unfortunate reality of data leakage often is the fact that an insider either knowingly or unknowingly contributed to the incident. Individuals are less likely to act upon a malicious action, such as data theft, if they know their activities are being monitored. Implementing trust-but-verify policies and procedures for access to and handling of sensitive data will provide protection to both the individual and organization. The individual with privileged access will not have to worry about wrongful prosecution and the organization can quickly identify the scope as well as methods and practices used if a data leakage incident were to occur. Examples of trust-but-verify policy and procedures are pervasive and consistent logging and monitoring of all access and activities to technical infrastructure and environments that contain sensitive data. 5. Establish hardware configuration password protection. The ability for data leakage and exposure to occur has been greatly enhanced by the advanced technologies organizations deploy to their users and the vast amount of data that they store on these technologies. One area that should be protected in these situations but is often neglected is the hardware configuration s basic input/output system (BIOS) settings. Once an organization has established the settings for its users, the settings should be password-protected to prevent the user from changing them. This is especially important in the case of Bluetooth-enabled devices, which can allow a user to establish a short-range data network connection to mass storage devices (including smartphones) without being detected by typical network or application controls such as network-based intrusion detection or data leak prevention tools. More information on data leak prevention is available in ISACA s Data Leak Prevention white paper, as a complimentary download to members and nonmembers. John P. Pironti, CISA, CISM, CGEIT, CRISC, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC.
5 The Joy of Item Writing The Review Process By Alisdair McKenzie, CISA, CISSP An exam item writer supports the development of ISACA exams, and writing items is a rewarding way to get involved and help support the continuation of your profession for years to come. It is also a creative way to earn free continuing professional education (CPE) hours and make extra money. Items include a stem and options for answers, and can either be direct questions, incomplete statements, or issue/scenario descriptions. Part 2 of series discusses what is involved in the item review process. Item Review Process Questions that are submitted by item writers are initially reviewed by ISACA staff members to ensure compliance with ISACA s basic item-writing principles and grammar. Items that are flawed in any significant way will be sent back to the item writer with appropriate and constructive feedback. Items that are initially accepted are then reviewed during the next semiannual Test Enhancement Subcommittee (TES) meeting for the appropriate certification. During this meeting, the TES members analyze, discuss and debate how well each question reflects the job practice and whether it will test the appropriate knowledge required of a CISA candidate. This discussion is often animated and stimulating. At this point, items may be accepted by the TES or returned to the item writer for further work. The TES will provide detailed feedback, summarizing the discussion, on items returned to the item writer. Accepted questions become the property of ISACA. Items accepted by the TES are then reviewed by the appropriate certification committee for final approval. This review process mirrors the TES reviews. Items accepted by the CISA Certification Committee are placed into the CISA exam item pool for inclusion on future CISA exams. Part 1 of this series on exam item writing discussed developing a good question and appeared volume 2, Next month, the benefits of being an item writer will be discussed in the final article in the 3-part series. Information on item writing and how to be an item writer is available on the item writing page of the ISACA web site. Alisdair McKenzie, CISA, CISSP, has been active for more than 15 years in the ISACA Wellington Chapter and is a past president of the chapter. He has spent 3 years as a member
6 of the CISA Test Enhancement Subcommitee and is currently a member of the CISA Certification Committee. His career in IT spans almost 40 years. Uncover Renewed Perspectives to Identity Management at Asia-Pacific CACS 2011 R. Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, Shares His Experience as an ISACA Speaker R. Vittal Raj will present Auditing Identity Management in Extended Enterprises at this year s Asia-Pacific Computer Audit, Control and Security (CACS SM ) conference to be held in Dubai, UAE, February Internet technologies and the cloud are radically transforming the way businesses run, and managing identities is assuming newer dimensions and challenges. Today, an individual s digital identity has assumed sacred proportions, often more significant than one s physical identity, Raj said. Everything related to ownership, access and rights to information and applications is linked to identities in these vulnerable digital spaces. Given the ever-extending, cyber-agile enterprises, managing risks and protecting digital identities and attached information assets are increasingly complex challenges. Raj s session at Asia-Pacific CACS will uncover renewed perspectives to understanding the vulnerabilities to managing identities in extended enterprises and will address the need for innovative approaches to managing them in the emerging era of doing business in the cloud. Participants will share thoughts, approaches and solutions through a lively exchange of knowledge, experience, case studies and quick polls. Raj also finds the session Designing Next Generation Security and Audit for Cloud Computing Environments of particular interest. The mobile phone and Internet were once technologies that were considered a myth and so appears the cloud, today, he said. It will be interesting to understand newer perspectives that will help intensify my research for security paradigms in this emerging, hazy information age. Raj has been associated with ISACA since 1997 and has held several positions at the Chennai Chapter, including serving as the president, CISA coordinator and director of certification. In global roles, he has served as a member of the Governmental and Regulatory Agencies Board Asia I (GRAB Asia I) and is currently a member of the Asia-Pacific CACS Task Force. Raj is eager to visit this dynamic hub of intense activity in the lap of the Gulf region. I am looking forward to getting more insights into the Persian Gulf culture and to visit some of its recent masterpieces in construction. For information on this conference, including sessions and registration, visit the Asia-Pacific
7 CACS page of the ISACA web site. R. Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, is a partner with Kumar & Raj and is director of Pristine Consulting, India. ISACA Certifications Bridge the Gap Between IT and the Business Kathleen Ann Mullin, CISA, CISM, CGEIT, CRISC, CIA, CISSP, Shares Her Experiences With ISACA Certifications The first certification Kathleen Ann Mullin sought was the Certified Information Systems Auditor (CISA ). She was the director of internal audit and property records for a large school district. What I was doing was based on business experience, compliance and regulatory requirements and best practices, Mullin said. However, I had only one staff member who was a CPA and no other employees with certifications. I knew I needed some external guidance. Mullin sought the advice of Steven Smith, director of internal audit at the City of St Petersburg, Florida, USA. She asked him for guidance on developing her staff and motivating them to get certified as CPAs and CIAs, as well as what direction to take her own career. Steven told me about ISACA and the CISA certification, Mullin said. I left his office with a job offer, the opportunity to take both the CIA and the CISA exams, and encouragement to become involved in the local ISACA chapter. The only condition he presented was that I needed to pass the CISA exam the first time. Some may consider her choice to accept Smith s offer an illogical jump. However, the opportunity to join an organization that would allow me the opportunity to keep current and advance in my knowledge and experience was one that I could not pass up, Mullin explained. As I pursued the CISA and learned about COBIT, I found a framework that made sense and a way to recommend changes that helped the organization while taking the element of surprise out of the audit experience. I was hooked on ISACA and as my career progressed, ISACA developed certifications that matched what I had done and was doing. While attaining the CISA designation was a requirement for Mullin s position with the City of St. Petersburg, the Certified Information Security Manager (CISM ) is a requirement for her current position with Hillsborough County Aviation Authority, where they would have also accepted a CISSP. I now have both of those certifications and I find that the job knowledge and job task areas of the CISM more closely relate to my current position, even when using the (ISC) 2 common body of knowledge, Mullin said.
8 Mullin feels that having ISACA certifications provides a baseline so that others know what her knowledge and background includes. It helps provide a common viewpoint that allows for discussion and consensus building when solving everyday business problems, she said. My time with St. Petersburg, the Technical Answer Group and the Tampa International Airport has helped build my understanding of the intricacies of information assurance. Today, my certifications help me on a daily basis: CISA assists me in preparing the organization for what internal and external auditors are looking to find when auditing, and more importantly, why they are looking for specific controls. This helps management decide what frameworks to adopt and what processes to put in place. CISM is the core part of my position where monitoring and controls fall into place. I utilize CISM knowledge when working with management to ensure that they have the information they need to manage information effectively, developing and managing the Computer Security Incident Response Team (CSIRT); building relationships with other local governments, vendors and the Federal Bureau of Investigation; developing and delivering information security awareness and training. Certified in the Governance of Enterprise IT (CGEIT ) is useful when I work with senior management as they provide management and IT the business direction and expectations. We discuss what technology can and should do to enhance the business and minimize the risks. Certified in Risk and Information Systems Control (CRISC ) assists me in developing risk analysis and assessment, as well as business impact analysis. Risk and how it is handled determines what I do to develop and run the information security program. Mullin said she approaches challenges as opportunities in her job and the people involved pose the greatest challenges. Business leaders tend to be focused on the bottom line and when they want something done, they rely on IT to put appropriate measures in place. Often, IT will focus on the technology without focusing on what the business is trying to achieve, she explained. Bridging that disconnect between the business leaders and IT in a language they can both understand becomes the largest and most important challenge I face. Kathleen Ann Mullin, CISA, CISM, CGEIT, CRISC, CIA, CISSP, is a member of the CGEIT Certification Committee and is the IT systems security manager for Hillsborough County Aviation Authority (Tampa International Airport) Invitation to Participate Application Deadline Near The invitation to participate application period will close on Friday, 25 February This is
9 your final opportunity to apply to participate on the ISACA boards, committees and subcommittees. The Invitation to Participate provides a great opportunity for those who would like to volunteer with ISACA in a hands-on environment, collaborating with peers to ensure successful certification programs, comprehensive professional conferences and educational resources that are representative of professional standards and sound infrastructures. The selection of volunteers is based upon the current needs of the groups, the relevant professional background of the candidates and the need to reflect a global perspective. All appointments are for a one-year term and are ratified by the Board of Directors. For more information and to apply to be an ISACA volunteer, visit the Volunteering page of the ISACA web site. Report Says Best-performing Organizations Are Using COBIT A new report by the IT Policy Compliance Group (ITPCG), titled How the Masters of IT Deliver More Value and Less Risk, reveals findings from research conducted on organizations with the best-performing IT and what they are doing differently with IT to deliver the most value and least risk, compared with all other organizations. The major findings reveal several management practices, tools and supporting IT systems that are unique to the masters of IT. According to the report, the masters of IT are using COBIT, IT balanced scorecards and IT portfolio management to improve alignment and deliver more value. The report states, The use of COBIT, IT portfolio management, IT balanced scorecards and IT strategy maps were found to be emerging management tools in 2005 and 2006, were more widely adopted by 2008, and by 2010 are the principle strategic tools being employed by the best-performing organizations to manage and govern value and risk related to the use of IT. This widespread adoption confirms previous findings, including the use of COBIT to manage and govern the value being delivered by IT and the use of IT governance, risk and compliance (GRC) systems with COBIT. According to the report, COBIT is now the principle strategic tool employed to manage value and risk related to the use of IT. The report points out that the COBIT management tools go beyond strategic alignment by including delivery of value, management of risk, measurement and assessment of performance. Because of this, the report states, when it comes to managing value and risk related to the use of IT, the best-in-class organizations consistently take the same actions: governance of IT via the use of COBIT and the preservation of value and management of risk
10 through the use of IT GRC systems, COBIT, ISO and CIS benchmarks. The full report is on the ITGI Global Survey Results page of the ISACA web site. More information on COBIT can be found on the COBIT page. Updated CISA Online Review Course The CISA Online Review Course has been updated to include the new 2011 CISA certification job practice, which is now in place and posted on the ISACA web site. This update reflects the reorganization of and revision to the task statements and knowledge statements in the 2011 CISA job practice. One of the major changes in the new job practice is the incorporation of domain 6 from the previous job practice into job domains 2 and 4. The updated CISA Online Review Course reflects this change. The 5 updated course modules are: Module 1 CISA: The Process of Auditing Information Systems Module 2 CISA's Role in IT Governance Module 3 CISA's Role in Systems and Infrastructure Life Cycle Management Module 4 CISA's Role in IT Service Delivery and Support Module 5 CISA's Role in Protection of Information Assets The number of continuing professional education (CPE) hours (26) and the seat time (26 hours) to complete the course remain the same ISACA. All rights reserved.
Top Business/Technology Issues Survey 2011
Volume 9, 27 April 2011 In This Issue: Top Business/Technology Issues Survey 2011 Results Released 5 Considerations When Evaluating ISRM Programs and Capabilities Now Available in the Apple App Store:
More informationLearn How to Increase the Awareness of Risk Management at Your Enterprise
Volume 22, 24 October 2012 Learn How to Increase the Awareness of Risk Management at Your Enterprise 5 Considerations for Choosing an MDM Solution ISACA Member Recognized for His Information Security Initiative
More informationISACA International Perspective
ISACA International Perspective 11 th October 2013 Allan Boardman ISACA International Vice President and Board Director Member of ISACA s Strategic Advisory Council Member of the IT Governance Institute
More informationBECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW
BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW BECOME AN ISACA MEMBER TODAY. Nearing its 50th year, ISACA is a global association helping individuals and enterprises achieve the positive potential
More informationEffective COBIT Learning Solutions Information package Corporate customers
Effective COBIT Learning Solutions Information package Corporate customers Thank you f o r y o u r interest Thank you for showing interest in COBIT learning solutions from ITpreneurs. This document provides
More informationCYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD
CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)
More informationbuilding for my Future 2013 Certification
I am building for my Future 2013 Certification Let ISACA help you open new doors of opportunity With more complex IT challenges arising, enterprises demand qualified professionals with proven knowledge
More informationE-guide CISSP Prep: 4 Steps to Achieve Your Certification
CISSP Prep: 4 Steps to Achieve Your Certification Practice for the exam and keep your skills sharp : Thank you for downloading our CISSP certification guide. Aside from this handy PDF, you can also access
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationMY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.
MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE. TIMO HEIKKINEN, CISA, CGEIT SENIOR AUDIT SPECIALIST, NORDEA HELSINKI, FINLAND ISACA MEMBER SINCE 1999 ABOUT US BE MORE INFORMED, VALUED
More informationWELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT
WELCOME TO ISACA 2015 Claudio CILLI, CISA, CISM, CRISC, CGEIT cilli@di.uniroma1.it http://dsi.uniroma1.it/~cilli WHO IS ISACA? ABOUT ISACA The trusted source of guidance, networking and career development
More informationBRING EXPERT TRAINING TO YOUR WORKPLACE.
BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique
More informationNew Global ITGI Report: Value Creation a Top Priority
Volume 2, 19 January 2011 In This Issue: New Global ITGI Report: Value Creation a Top Priority 5 Steps in Evidence Examination The Joy of Item Writing Writing a Good Question Remembering Past President
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationIT in Healthcare Day
San Francisco ISACA Chapter Proudly Presents IT in Healthcare Day A Day-Long, Multi-Session Event, being held in Walnut Creek! Where: Walnut Creek Marriott - 2355 North Main Street Walnut Creek, CA 94596
More informationIS Audit and Assurance Guideline 2002 Organisational Independence
IS Audit and Assurance Guideline 2002 Organisational Independence The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationCERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS
CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS Good IT governance is a key element of a well-performing enterprise. Enterprises need qualified information
More informationISACA MADRID DECEMBER Robert E Stroud CEGIT CRISC International President December 2014
ISACA MADRID DECEMBER 2014 Robert E Stroud CEGIT CRISC International President December 2014 CHANGING DYNAMICS OF BUSINESS Source: http://www.securedgenetworks.com/secure-edge-networks-blog/bid/84023/10-ways-mobile-device-management-can-help-your-school
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationA Global Look at IT Audit Best Practices
A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory
More informationPlenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every
More informationISACA Enterprise. Solutions and Resources
ISACA Enterprise Solutions and Resources About ISACA Global association serving 140,000 members and certification holders Members in 180+ countries; 210+ chapters worldwide Developed and maintains the
More informationแนวทางการพ ฒนา Information Security Professional ในประเทศไทย
แนวทางการพ ฒนา Information Security Professional ในประเทศไทย โดย Thailand Information Security Association (TISA) Agenda 1) Global Information Security Professional Situation 2) Current Thailand Information
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationHearing Voices: The Cybersecurity Pro s View of the Profession
SESSION ID: AST2-W02 Hearing Voices: The Cybersecurity Pro s View of the Profession Jon Oltsik Senior Principal Analyst and ESG Fellow Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationCISM QAE ITEM DEVELOPMENT GUIDE
CISM QAE ITEM DEVELOPMENT GUIDE ISACA 2015. All Rights Reserved. 2 TABLE OF CONTENTS PURPOSE OF THE CISM QAE ITEM DEVELOPMENT GUIDE... 3 PURPOSE OF THE CISM QAE... 3 CISM EXAM STRUCTURE... 3 WRITING QUALITY
More informationROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.
ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success. ROI for Your Enterprise Through ISACA With the growing complexities of global business and
More informationISACA MOSCOW CHAPTER Chapter meeting 22 September 2016
ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016 Introduction Special guest speaker ISACA Audit committee member, Rosemary Amato Open dialog Wrap-up and close Special guest speaker CISA, CMA, CPA,
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationNext Generation Policy & Compliance
Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...
More informationIS Audit and Assurance Guideline 2001 Audit Charter
IS Audit and Assurance Guideline 2001 Audit Charter The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply
More informationSALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually
SALARY $49.72 - $72.54 Hourly $3,977.88 - $5,803.27 Biweekly $8,618.75 - $12,573.75 Monthly $103,425.00 - $150,885.00 Annually ISSUE DATE: 03/21/18 THE POSITION DIRECTOR OF CYBER SECURITY OPEN TO THE PUBLIC
More informationInvest in. ISACA-certified professionals, see the. rewards.
Invest in ISACA-certified professionals, see the rewards. Invest in ISACA-certified professionals, see the rewards. As a global IT association that has been around for more than 40 years, ISACA provides
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationWorkshop description
Workshop description COBIT5 for Assurance With information and technology at the heart of creating value for enterprises, it is more important than ever for organizations to optimize their IT assurance
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationWelcome October, 2013 INSIDE THIS ISSUE. Jesse A. Hanford Greater Cincinnati ISACA President
October, 2013 INSIDE THIS ISSUE Welcome Message....1 Monthly Meeting......2 Events 3 Education......5 Meet A Board member...8 Editor s Corner....9 About Our Chapter... 10 Welcome Greater Cincinnati ISACA
More informationBusiness Context: Key for Successful Risk Management
Business Context: Key for Successful Risk Management Philip Aldrich, CISSP, CISM, CISA, CRISC, CIPP Program Director, Risk Management EMC Event Alert Finding Incident Law Vulnerability Regulation Audit
More informationHow Secure is Blockchain? June 6 th, 2017
How Secure is Blockchain? June 6 th, 2017 Before we get started... This is a 60 minute webcast For better viewing experience, close all other applications For better sound quality, please use headphones
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationReport of the Nominating Committee
Volume 7, 31 March 2011 In This Issue: Report of the Nominating Committee Slate of 2011-2012 Board of Directors New COBIT Case Study: Grupo Bancolombia New COBIT Process Assessment Model: The Market Need
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationISACA Certification Your Blueprint for Success
TM ISACA Certification Your Blueprint for Success Ensure the success of your enterprise and your career with ISACA s certifications: Certified Information Systems Auditor TM (CISA ) Certified Information
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationYour CONNECTION to the CREDENTIALING COMMUNITY JOIN TODAY
Your CONNECTION to the CREDENTIALING COMMUNITY JOIN TODAY ACHIEVE SUCCESS with ICE ICE has given me a real edge in knowing more about the intricacies of credentialing and connecting with others in the
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationExam Requirements v4.1
COBIT Foundation Exam Exam Requirements v4.1 The purpose of this document is to provide information to those interested in participating in the COBIT Foundation Exam. The document provides information
More informationISO/ IEC (ITSM) Certification Roadmap
ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )
ISACA Pasitikėjimas informacinėmis sistemomis ir jų nauda Certification Details for Certified in the Governance of Enterprise IT (CGEIT ) Dainius Jakimavičius, CGEIT ISACA Lietuva tyrimų ir metodikos koordinatorius
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationPROFILE FRANCIS KAITANO. Francis Kaitano is a strategic, innovative, delivery focused Cyber Security professional.
PROFILE FRANCIS KAITANO Francis Kaitano is a strategic, innovative, delivery focused Cyber Security professional. Originally from Zimbabwe Francis Kaitano came to New Zealand more than 10 years ago for
More informationINFORMATION SYSTEMS AUDITOR EXAM PREPARATION COURSE NICOSIA LIVE ON-LINE. 1 P a g e
CERTIFIED INFORMATION SYSTEMS AUDITOR EXAM PREPARATION COURSE NICOSIA LIVE ON-LINE 1 P a g e COURSE DESCRIPTION The Certified Information Systems Auditor () is a world renowned accreditation awarded by
More informationApplication for Certification
Application for Certification Requirements to Become a Certified Information Security Manager To become a Certified Information Security Manager (CISM), an applicant must: 1. Score a passing grade on the
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure
ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure Gain Knowledge to Align IT Services to Business Needs US Course Name : CISSP Version : INVL_CISSP_BR_02_089_1.2
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationImplementation PREVIEW VERSION
Implementation These following pages provide a preview of the information contained in COBIT 5 Implementation. The publication provides a good-practice approach for implementation governance of enterprise
More informationReport of the Nominating Committee
Volume 8, 9 April 2014 Report of the Nominating Committee Slate of 2014-15 Board of Directors New NIST Cybersecurity Framework Features COBIT 5 in Its Core Parameters to Consider When Acquiring Software
More informationModern Database Architectures Demand Modern Data Security Measures
Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing
More informationThe Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA
The Experience of Generali Group in Implementing COBIT 5 Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA Generali Group at a glance Let me introduce myself Marco Salvato CISA, CISM, CGEIT,
More informationCOBIT 5 Foundation Workshop
COBIT 5 Foundation Workshop Dear Members, ISACA Pune chapter is pleased to organize Two / Three Days COBIT-5 Foundation course Dates of Training & Workshop: Date: Friday, 19 th Dec 2014 and Saturday, 20
More information2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers
2017 PORT SECURITY SEMINAR & EXPO ISACA/CISM Information Security Management Training for Security Directors/Managers Agenda Introduction ISACA Information security vs. cybersecurity CISM certification
More informationVolume 2014, Number 4. Volunteers Needed!
Volume 2014, Number 4 Volunteers Needed! Volunteering for NJ ISACA is a great opportunity to expand your professional contacts and your IT knowledge base. NJ ISACA needs talented professionals like you
More informationGUIDELINES FOR SUBMITTING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS
GUIDELINES FOR SUBMITTING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS (ISC) 2 CISSP Recertification Guidelines (rev. 8-06) Page 1 of 16 CONTENTS Introduction... 3 CPE Record Keeping... 4 CPE Credit
More informationISACA Webcram CISA & CISM. Sean Hanna
ISACA Webcram CISA & CISM Sean Hanna Sean Hanna GRC & Cyber Warfare Consultant EC-Council Global Security Trainer of the Year 2007, 2008, 2010 and again in 2011 EC Council Circle of Excellence Member 2012
More informationDUNS CAGE 5T5C3
Response to Department of Management Services Cyber Security Assessment, Remediation, and Identity Protection, Monitoring and Restoration Services Request For Information 131 Guilford Road, Bloomfield
More informationHYDERABAD CHAPTER OF ISACA FIFTEENTH ANNUAL REPORT
Dear Members, It is my privilege and honor to present the 15 th Annual Report of the Hyderabad for the year. 1. FINANCIAL RESULTS Rs.in lakhs Particulars 2013 14 Income 9.84 8.96 Surplus 2.31 2.56 Investments(Bank
More informationRISK MANAGEMENT Education and Certification
RISK MANAGEMENT Education and Certification aba.com/risked 1-800-BANKERS A new type of risk management professional is now in demand one that can demonstrate a thorough understanding of the complexities
More informationRisk Based IT Auditing Master Class. Unlocking your World to a Sea of Opportunities
Risk Based IT Auditing Master Class Unlocking your World to a Sea of Opportunities The Digital World Information Technology has developed into a nerve center of every organisation. It has become an intrinsic
More informationEARN UP TO 18 CPE CREDITS
Join Us in Nashville, TN, USA 370 Stay at the Heart of the Conference Action! The Omni Nashville 250 5th Avenue South Nashville, TN 37203, USA Hotel Reservations: 615-782-5300 2018 Governance, Risk, and
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationWHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.
Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle
More informationMemphis Chapter. President s Message. This annual event is designed to provide students with a
Memphis Chapter F E B R U A R Y 2 0 1 5 Remember: Update your IIA profile for the most up-to-date news. RSVP for the Annual Student Day February 24, 2015 This annual event is designed to provide students
More informationThe President s Message 3. ISACA Karachi Chapter AGM & Elections Members Event: Cloud Adoption & (Secaas) 11. ISACA Book Store Update 11
Table of Content Editor Absar Khan The President s Message 3 ISACA Karachi Chapter AGM & Elections 2015 5 Members Event: Cloud Adoption & (Secaas) 11 Asia Leadership Conference Asia Pacific CACS ISRM 14
More informationFOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY
FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide
More informationKENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)
KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT) 1. DIRECTOR, LEARNING & DEVELOPMENT - LOWER KABETE Reporting to the Director General, Campus Directors will be responsible for
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationSpring Education Conference. Securing the Organization (Ensuring Trustworthy Systems)
Spring Education Conference Securing the Organization (Ensuring Trustworthy Systems) Ken Vander Wal, CISA, CPA Past President, ISACA vandeke@gmail.com 1 2012-2013 Board of Directors International President
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationManagement Update: Information Security Risk Best Practices
IGG-07022003-01 R. Witty Article 2 July 2003 Management Update: Information Security Risk Best Practices The growing focus on managing information security risk is challenging most enterprises to determine
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationISACA Survey Results. 27 April Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 27 April 2006 Ms. Nancy M. Morris, Secretary
More informationINFORMATION TECHNOLOGY AUDIT &
One day training on INFORMATION TECHNOLOGY AUDIT & 10 th May 2018 - Mövenpick Hotel, Karachi 14 th May 2018 - Sunfort Hotel, Lahore (10:00 AM to 5:00 PM) TRAINING OVERVIEW Every time people get to hear
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018
GLOBAL ICT CAPACITY BUILDING SYMPOSIUM ITU CBS SANTO DOMINGO 2018 Digital Capacity Building: Role of the University 18 20 June 2018 Santo Domingo, Dominican Republic Dr. Nizar Ben Neji Faculty of Sciences
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationFiscal 2015 Activities Review and Plan for Fiscal 2016
Fiscal 2015 Activities Review and 1. The Ricoh Group s Information Security Activities In response to changes emerging in the social environment, the Ricoh Group is promoting its PDCA management system
More informationInternational Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 25 April 2008 International Auditing and Assurance
More information