ISACA Tools Help Develop Cybersecurity Expertise
|
|
- Cleopatra Chase
- 8 years ago
- Views:
Transcription
1 Volume 21, 8 October 2014 ISACA Tools Help Develop Cybersecurity Expertise Nominate Qualified Candidates for the ISACA Board of Directors Tips for Solving Data Classification Challenges Earn CPE at Professional Guidance Webinar Participate in Cyber Security Awareness Month This October Explore Governance, Cybersecurity and Leadership at 2014 Oceania CACS Learn to Protect Organizational Data at Audit Webinar Cybersecurity Focus at North America ISRM COBIT-related Risk Scenarios Available Book Review: Networking: A Beginner s Guide ISACA Tools Help Develop Cybersecurity Expertise Cybersecurity is a constantly changing field. New threats are uncovered every day as enterprises race to secure their systems. Mitigate your enterprise s risk with access to the latest developments in cybersecurity. October is Cyber Security Awareness Month, and ISACA has tools to help you develop your cybersecurity skills. Nominate Qualified Candidates for the ISACA Board of Directors Nominations for the ISACA Board of Directors for the term are open. Note that only about a week remains in the nomination period for international president. Members may submit nominations for themselves or for others (or both).
2 Tips for Solving Data Classification Challenges By Sunil Bakshi, CISA, CISM, CGEIT, CRISC, AMIIB, ABCI, CEH, CISSP, ISO LA, BS LI, MCA, PMP Information is a primary enabler for any organization, as established in COBIT 5. Organizations today generate, process, use and store volumes of data/information. However, the major concern for organizations is, Are these data secure? Information security best practices state that in order to optimize security, data must be classified. But organizations find that this is easier said than done. Earn CPE at Professional Guidance Webinar The US National Initiative for Cybersecurity Education (NICE) is using public -private relationships to promote awareness, education and professional development in the area of cybersecurity. To help cybersecurity professionals understand NICE and its changes, ISACA has partnered with Capella University to create the National Initiative for Cybersecurity Education in Transitions: Update and Overview. ISACA members can earn 1 free CPE hour by attending this webinar, which will take place on 9 October at 11:00 a.m. CDT (UTC -5 hours). Participate in Cyber Security Awareness Month This October ISACA is a champion of Cyber Security Awareness Month in October. The goal of Cyber Security Awareness Month is to inform people about the importance of online safety and ISACA has the tools to help you become a cybersecurity leader.
3 Explore Governance, Cybersecurity and Leadership at 2014 Oceania CACS The 2014 Oceania Computer Audit, Control and Security (CACS) conference addresses the governance, cybersecurity and leadership challenges that IT professionals face today. The conference, hosted by the ISACA Perth (Western Australia) Chapter, will take place on October. Learn to Protect Organizational Data at Audit Webinar An important component of any good security strategy is to protect databases that contain sensitive data. To help organizations learn how to create such a plan, Oracle is sponsoring an ISACA webinar to help enterprises reduce their organization s risk. The Data -centric Audit and Protection: Reducing Risk and Improving Security Posture webinar will take place on 23 October at 11:00 a.m. CDT (UTC -5 hours), and ISACA members can earn 1 continuing professional education (CPE) hour for attending. Cybersecurity Focus at North America ISRM The 2014 North America ISRM Conference provides valuable resources for anyone interested in the field of cybersecurity. As cybersecurity is a growing concern for enterprises, 2 of the 5 conference tracks focus on cybersecurity and contain the latest information on cybersecurity trends and how to use ISACA s numerous cybersecurity -related resources. COBIT-related Risk Scenarios Available Risk scenarios are powerful tools that help risk professionals prepare for the unexpected. ISACA understands that scenario analysis is an important component of enterprise risk management and has issued Risk Scenarios Using COBIT 5 for Risk to provide guidance to professionals tasked with utilizing risk scenarios.
4 Book Review: Networking: A Beginner s Guide Reviewed by Upesh Parekh, CISA Many people do not know how networking in the networked world works. How a message sent from point A reaches point B over the Internet is still a mystery to many. As a result, network security is becoming increasingly important. Networking A Beginners Guide explains the fundamentals of networking, which is necessary for audit and security professionals who are entrusted with the responsibility of ensuring network security. ISACA Tools Help Develop Cybersecurity Expertise Cybersecurity is a constantly changing field. New threats are uncovered every day as enterprises race to secure their systems. Mitigate your enterprise s risk with access to the latest developments in cybersecurity. October is Cyber Security Awareness Month, and ISACA has tools to help you develop your cybersecurity skills. ISACA s Cybersecurity Nexus (CSX) includes the most innovative advancements in the cybersecurity field. For example, the Advanced Persistent Threat Awareness Study Results report highlights the need for enterprises to cultivate new defenses. Implementing the NIST Cybersecurity Framework and its accompanying tool kit describe the application of ISACA methods as an effective way to use the cybersecurity framework. Both publications empower you to proactively secure your enterprise. Cybersecurity webinars on the CSX platform offer cutting-edge thought leadership, research and advice on the current and emerging threat environments. The webinars explore controls for cyberdefense, diagnostics and COBIT 5. Watch the upcoming and archived webinars today to earn continuing professional education (CPE) hours before the year ends You can become more knowledgeable about cybersecurity with the tools and resources provided by your ISACA membership. I cannot think of an organization that is more apt for professionals in the IT security field than ISACA, says Manu Kuriakose Varghese, CISA, CIA, internal auditor. To learn more about membership benefits, visit the IT Professional Membership Benefits page of the ISACA web site.
5 Nominate Qualified Candidates for the ISACA Board of Directors Nominations for the ISACA Board of Directors for the term are open. Information about serving on the board, the attributes for office and the nomination form itself are available on the Board Nominations page of the ISACA web site. Note that only about a week remains in the nomination period for international president. Members may submit nominations for themselves or for others (or both). All nominations will be acknowledged and all candidates will be required to complete a candidate profile form that confirms the candidate s willingness to serve if selected and provides the Nominating Committee information about the candidate. Self-nominating candidates will also be asked to submit a letter of recommendation from an ISACA member, outlining how the candidate demonstrates the attributes for office. Information on candidates will be gathered in other ways as well, including review of public web sites (e.g., Google, Facebook, LinkedIn) and interviews with the candidates. Nominations for international president close at 5:00 p.m. CDT (UTC -5 hours) on 14 October 2014; nominations for vice president close at 5:00 p.m. CST (UTC -6 hours) on 6 January These are the dates by which all materials must be received at ISACA International Headquarters (i.e., completed candidate profile form and letter of recommendation, if required). Questions? Contact nominate@isaca.org. Tips for Solving Data Classification Challenges By Sunil Bakshi, CISA, CISM, CGEIT, CRISC, AMIIB, ABCI, CEH, CISSP, ISO LA, BS LI, MCA, PMP Information is a primary enabler for any organization, as established in COBIT 5. Organizations today generate, process, use and store volumes of data/information. However, the major concern for organizations is, Are these data secure? Information security best practices state that in order to optimize security, data must be classified. But organizations find that this is easier said than done. Data classification best practices suggest the following steps: 1. Define a classification scheme in which the information within the organization shall be classified in predefined buckets (e.g., top secret, confidential, sensitive, internal, public). Organizations may adopt a different scheme. 2. Identify the organization s data electronic and physical. 3. Classify and label the data.
6 4. Implement controls for protection. Organizations face major challenges while executing the second step, primarily due to: Volume of data generated, processed and stored Multiple data owners and coordination among them Cross-functional dependency and, hence, accesses required Classifying and labeling historical data Organizations may consider the following suggestions during data classification: Educate business process owners on the need and scheme for classification. Ask business process owners to identify data elements and the source of data. This will help in identifying data owners/custodians. (For example, employee data generated and owned by the human resource function, but used by other departments, must be classified by human resources and others must use that classification.) Independent data elements often cannot be classified, except for a few (e.g., credit card number), therefore, it is best to form small data sets that make meaningful information from data elements and classify them (e.g., employee number, name, date of birth, address, and date of hire can form 1 data set that is generally used by other functions like payroll, physical security). Any information or report generally contains multiple data sets. While classifying such information, identify the data sets (partial or complete) used and dete rmine the classification level of report/information based on classification of data sets; generally the highest level shall prevail. Determine and document exceptions. Maintain a function-wise and centralized data set inventory with validity. Implement a process for periodic review. Implement an ongoing classification process. Once the classification process is on its way, further steps to optimize security may be considered. Sunil Bakshi, CISA, CISM, CGEIT, CRISC, AMIIB, ABCI, CEH, CISSP, ISO LA, BS LI, MCA, PMP, is a consultant and trainer in IT governance and information security. Earn CPE at Professional Guidance Webinar The US National Initiative for Cybersecurity Education (NICE) has created the National Cybersecurity Workforce Framework (Workforce Framework), which provides a common language for defining cybersecurity work. To help cybersecurity professionals understand the Workforce Framework and its changes, ISACA has partnered with Capella University to create the Why Implement the NICE Cybersecurity Workforce Framework?, which
7 will take place on 9 October at 11:00 a.m. CDT (UTC -5 hours). After attending and passing a quiz about the webinar, ISACA members can earn 1 free continuing professional education (CPE) hour. Cybersecurity is rapidly evolving, and protecting cyberspace relies on the quality and quantity of the cyberworkforce. This webinar will be led by Ben Scribner, from the Cybersecurity Education and Awareness Branch of the US Department of Homeland Security. To register for this webinar, visit the Why Implement the NICE Cybersecurity Workforce Framework? page of the ISACA web site. Participate in Cyber Security Awareness Month This October ISACA is a champion of Cyber Security Awareness Month in October. The goal of Cyber Security Awareness Month is to inform people about the importance of online safety and ISACA has the tools to help you become a cybersecurity leader. ISACA has created Cybersecurity Nexus (CSX) to help address the growing need for cybersecurity professionals. One component of the CSX portfolio is the knowledge-based Cybersecurity Fundamentals Certificate. The Cybersecurity Fundamentals Certificat e exam is now available online. To earn the certificate, candidates must pass the exam and agree to adhere to ISACA s Code of Professional Ethics. To help those interested in the certificate prepare for the exam, ISACA has issued the Cybersecurity Fundamentals Study Guide, which covers the key areas that will be tested on the exam. On the CSX page of the ISACA web site, you can find webinars, studies, certificates and white papers with up-to-date information on cybersecurity trends. You can post about cybersecurity issues on social media to engage others and encourage discussion. You can also interact with others on cybersecurity-related issues by using the hashtag #ChatSTC to participate in Twitter chats on 16 October at 2:00 p.m. CDT (UTC -5 hours) and 30 October at 2:00 p.m. CDT (UTC -5 hours). The Get Involved page of the Stay Safe Online web site has specific actions you can take to help others learn about cybersecurity. For more information on Cyber Security Awareness Month, visit the National Cyber Security Alliance s Cyber Security Awareness Month web site and the European Union Agency for Network and Information Security s European Cyber Security Month web site. For more information on the fundamentals exam or CSX, visit the Cybersecurity Nexus page of the ISACA web site.
8 Explore Governance, Cybersecurity and Leadership at 2014 Oceania CACS The 2014 Oceania Computer Audit, Control and Security (CACS) Conference addresses the governance, cybersecurity and leadership challenges that IT professionals face today. The conference, hosted by the ISACA Perth (Western Australia) Chapter, will take place on October. The keynote speakers for this conference have years of experience in cybersecurity, audit and governance. In addition to learning from industry leaders, attendees will also be provided with information on ISACA s Cybersecurity Nexus (CSX) and how it can be used to strengthen their organization s cybersecurity practices. Attendees can also network with professionals from around the region and the world. A networking session and dedicated networking time have been built in to the conference schedule. To register for or learn more about the conference, visit the Oceania CACS web site. Learn to Protect Organizational Data at Audit Webinar An important component of any good security strategy is to protect databases that conta in sensitive data. To help organizations learn how to create such a plan, Oracle is sponsoring an ISACA webinar to help enterprises reduce their organization s risk. The Data-centric Audit and Protection: Reducing Risk and Improving Security Posture webinar will take place on 23 October at 11:00 a.m. CDT (UTC -5 hours), and ISACA members can earn 1 continuing professional education (CPE) hour for attending. Roxana Bradescu, CISSP, director of product management, database security at Oracle will lead this webinar and will teach attendees what and how to audit, secure infrastructure practices and how to prevent information leaks. To register for the webinar or learn more about it, visit the Data-centric Audit and Protection page of the ISACA web site.
9 Cybersecurity Focus at North America ISRM The 2014 North America Information Security and Risk Management (ISRM) Conference provides valuable resources for anyone interested in the field of cybersecurity. As cybersecurity is a growing concern for enterprises, 2 of the 5 conference tracks focus on cybersecurity and contain the latest information on cybersecurity trends and how to use ISACA s numerous cybersecurity-related resources. The sessions at this conference are led by experts in the field of cybersecurity and cover topics including cybersecurity for small businesses, security trends, privacy and security, and how to involve the board of directors in cybersecurity discussions. In addition to the cybersecurity lectures, North America ISRM also offers cybersecurity workshops, including the in-demand Cybersecurity Fundamentals Workshop, which prepares attendees for ISACA s Cybersecurity Fundamentals Certificate exam. The other tracks at this conference are compliance, privacy/security and risk management. To learn more about the presentations and workshops offered at the conference, visit the North America ISRM 2014 Presentations and Descriptions page of the ISACA web site. To learn more about the conference, visit the North America ISRM page. COBIT-related Risk Scenarios Available Risk scenarios are powerful tools that help risk professionals prepare for the unexpected. ISACA understands that scenario analysis is an important component of enterprise risk management and has issued Risk Scenarios Using COBIT 5 for Risk to provide guidance to professionals tasked with utilizing risk scenarios. Risk Scenarios Using COBIT 5 for Risk provides practical guidance on how to use COBIT 5 for Risk to solve for current business issues. The publication provides a high -level overview of risk concepts, along with more than 50 complete risk scenarios covering all 20 categories described in COBIT 5 for Risk. An accompanying online tool kit is available and contains interactive risk scenario templates for each of the 20 categories. Risk Scenarios Using COBIT 5 for Risk is available to ISACA members as a complimentary download. Nonmembers can purchase the PDF in the ISACA Bookstore. A print version of the book will be released in the coming weeks.
10 Book Review: Networking: A Beginner s Guide Reviewed by Upesh Parekh, CISA Many people do not know how networking in the networked world works. How a message sent from point A reaches point B over the Internet is still a mystery to many. As a result, network security is increasingly important. Networking A Beginners Guide explains the fundamentals of networking, which is necessary for audit and security professionals who are entrusted with the responsibility of ensuring network security. Networking A Beginner s Guide is a technical book focused on explaining the basics of networking. The book is divided in 2 parts. Part I, Networking Ins and Outs, deals with fundamental concepts; Part II, Hands-on Knowledge, is a practical guide to working with selected platforms. Part I of the book starts with a basic explanation of why networking is re quired by a company. It then goes on to cover network hardware, network protocols, directory services, remote connections, network design, network security and network disaster recovery. Part II of the book covers hands-on knowledge of Windows 2012 server, Exchange server 2013 and Linux, and includes an introduction to virtualization. The book presumes a certain level of understanding of terminology most commonly used in the IT world. It is written in very lucid, simple language and flows very easily. The tips, warnings and diagrams support the technical explanations. Many students and job seekers are looking forward to a career as network professionals. They need to start with an understanding of the nuts and bolts of networking. Novice network professionals or nontechnical assurance professionals who want to take the first step toward a better understanding of networking will find this book immensely helpful. Networking A Beginner s Guide is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in the latest issue of the ISACA Journal, visit the ISACA Bookstore online or bookstore@isaca.org. Upesh Parekh, CISA, is a governance and risk professional with more than 10 years of experience in the fields of IT risk management and audit. He is based in Pune, India, and works for Barclays Technology Centre, India ISACA. All rights reserved.
CYBERSECURITY NEXUS CSX. 15 October 2014 ISACA Winchester Chapter
CYBERSECURITY NEXUS CSX 15 October 2014 ISACA Winchester Chapter INTRODUCTION Career International Brewer, various roles (1991-1996) KPMG, IT Risk Service Line Leader (1996-2012) Betfair, Head of Governance,
More informationINSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL
INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL BY 2 In enterprise IT, there is a single point where everything that matters in information, technology and business converges: Cybersecurity Nexus
More informationHOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE
HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE ISACA S CYBER SECURITY NEXUS Ivan Sanchez-Lopez Senior Manager Information Security, IT Risk & Continuity, DHL Global Forwarding ISACA Luxembourg
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationProfil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP www.ostendogroup.
Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP www.ostendogroup.com DA! (by Global knowledge & TechRepublic) Top certifications by salary:
More informationNational Cyber Security Awareness Month. Week Two: Creating a Culture of Cybersecurity at Work
National Cyber Security Awareness Month Week Two: Creating a Culture of Cybersecurity at Work Webinar Recording and Evaluation Survey This webinar is being recorded and will be made available online to
More informationCYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA
CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA Robert Stroud International President, ISACA VP Strategy & Innovation, CA Technologies
More informationISACA S CYBERSECURITY NEXUS (CSX) October 2015
ISACA S CYBERSECURITY NEXUS (CSX) October 2015 DO2 EXECUTIVE OVERVIEW Will you be a Cyber defender? ISACA launched the Cybersecurity Nexus (CSX) program earlier this year. CSX, developed in collaboration
More informationRe: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )
10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationAalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014
Aalborg Universitet Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationTHE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW
www.isaca.org/cyber THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW ROBERT E STROUD CGEIT CRISC INTERNATIONAL PRESIDENT ISACA & VP STRATEGY & INNOVATION CA TECHNOLOGIES February 2015 ISACA
More informationInfoSec Academy Application & Secure Code Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationSo Why on Earth Would You WANT To be a CISO?
So Why on Earth Would You WANT To be a CISO? SESSION ID: PROF-M05A Todd Fitzgerald CISSP, CISA, CISM, CRISC, CGEIT, PMP, ISO27000, CIPP, CIPP/US, ITILV3f Global Director of Information Security Grant Thornton
More informationMANY CERTIFICATES WHAT S THE WORTH?
MANY CERTIFICATES WHAT S THE WORTH? CLUSIT Security Summit Milano 17 Marzo 2016 Stefano Niccolini AIEA ISACA Milan Chapter (President) Basato su un lavoro di Umberto Annino, ISACA Switzerland Chapter (Certification
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationSocial Media Security Training and Certifications. Stay Ahead. Get Certified. Ultimate Knowledge Institute. ultimateknowledge.com
Ultimate Knowledge Institute ultimateknowledge.com Social Media Security Training and Certifications Social Media Security Professional (SMSP) Social Media Engineering & Forensics Professional (SMEFP)
More informationI, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES?
I, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES? Todd Fitzgerald Director Global Information Security Information Security Management Author ManpowerGroup, Inc. (NYSE:MAN, Fortune 500 #129)
More informationInformation Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications
Thomas K. Lee, Executive Director/CIO Human Resources Department (518) 447-2906 Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) The New York State
More informationISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE
create better trained employees. choose the best value in training. ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE PRODUCTIVE train your workforce on-site. save on employee downtime
More informationAll about CPEs. David Gittens CISA CISM CISSP CRISC HISP
All about CPEs David Gittens CISA CISM CISSP CRISC HISP The Designer David Gittens ISSA Barbados Past President Certified in ethical hacking and computer forensics Certified in security management and
More informationCompliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire
Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on
More informationCybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
More informationCareer Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88
Career Survey 1. In which country are you based? 88 answered question 88 skipped question 0 2. What is your job title? 88 answered question 88 skipped question 0 3. Travel budget not at all 21.0% 17 somewhat
More informationISACA. Trust in, and value from, information systems. www.isaca.org
ISACA Trust in, and value from, information systems www.isaca.org 2011 CISM Review Course Introduction ISACA Facts Founded in 1969 as the EDP Auditors Association More than 86,000 members in over 160 countries
More informationStrategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013
Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5
More informationInfoSec Academy Forensics Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationUnderstanding the Federal IT Security Professional (FITSP) Certification
Understanding the Federal IT Security Professional (FITSP) Certification Jim Wiggins Executive Director Federal IT Security Institute ISACA NCAC Conference Certification and Emerging Standards Holiday
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationAccess FedVTE online at: fedvte.usalearning.gov
FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk
More information3/17/2015. Healthcare Technology Audit Basics. Session Objectives. Jennifer McGill, CIA, CISA, CGEIT April 20, 2015
Healthcare Technology Audit Basics Jennifer McGill, CIA, CISA, CGEIT April 20, 2015 Session Objectives Review information technology basic concepts. Use real world examples to identify and understand healthcare
More informationHealthcare Technology Audit Basics. Session Objectives
Healthcare Technology Audit Basics Jennifer McGill, CIA, CISA, CGEIT April 20, 2015 Session Objectives Review information technology basic concepts. Use real world examples to identify and understand healthcare
More informationIRAP Policy and Procedures up to date as of 16 September 2014.
Australian Signals Directorate Cyber and Information Security Division Information Security Registered Assessors Program Policy and Procedures 09/2014 IRAP Policy and Procedures 09/2014 1 IRAP Policy and
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationCybercrime & Cybersecurity: the Ongoing Battle International Hellenic University
Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More informationThe Hunt for Fraud. September 25, 2014. Seminar / Training. September 26, 2014
BYOD and Securing Mobile Devices September 25, 2014 The Hunt for Fraud September 26, 2014 Seminar / Training Central Arkansas Chapter Information Systems Audit and Control Association, Arkansas Division
More informationAthens, 2 December 2011 Hellenic American Union Conference Center
Athens, 2 December 2011 Hellenic American Union Conference Center ISACA Athens Chapter and the Hellenic American Union are organizing the 1 st ISACA Athens Chapter Conference on December 2 nd, 2011. The
More informationIntroduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors
Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationDatabase Security and Auditing
Database Security and Auditing COURSE DESCRIPTION: This seminar aims to provide the Database Administrators, System Administrators, Auditors and IT Security Officers an overview on how to secure and audit
More informationFeature. Developing an Information Security and Risk Management Strategy
Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide
More informationCLASSIFICATION SPECIFICATION FORM
www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information
More informationCASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link
CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link Peter Milla CASRO Technical Consultant/CIRQ Technical Advisor peter@petermilla.com Background CASRO and Standards CASRO takes
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More informationWhat if you could spend three exciting days surrounded by peers, focused on exploring the topics most important to you and your organization?
What if you could spend three exciting days surrounded by peers, focused on exploring the topics most important to you and your organization? What if you could not only maintain, but update and upgrade
More informationHans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA
Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA HANS HENRIK BERTHING Married with Louise and dad for Dagmar and Johannes CPA, CRISC, CGEIT, CISA and CIA ISO 9000 Lead Auditor Partner and owner for Verifica
More informationThe Next Generation of Security Leaders
The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish
More informationCertified Information Security Manager
Certified Information Security Manager Secrets To Acing The Exam and Successful Finding And Landing Your Next Certified Information Security Manager Certified Job 1 2 Write a review to receive any FREE
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationState of South Carolina InfoSec and Privacy Career Path Model
State of South Carolina InfoSec and Privacy Career Path Model Start Introduction This Career Path Model for the State of South Carolina (State) is designed to help define the various career options available
More informationA Privacy Primer for Security Officers
SESSION ID: DSP-T08 A Privacy Primer for Security Officers Todd Fitzgerald, CISSP, CISA, CISM, CIPP, CIPP/US, CIPP/E, PMP, ISO27001, CGEIT, CRISC Global Director Information Security Grant Thornton International,
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationDEVELOPING A CYBERSECURITY POLICY ARCHITECTURE
TECHNICAL PROPOSAL DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE A White Paper Sandy Bacik, CISSP, CISM, ISSMP, CGEIT July 2011 7/8/2011 II355868IRK ii Study of the Integration Cost of Wind and Solar
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationG13 USE OF RISK ASSESSMENT IN AUDIT PLANNING
IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply
More informationISACA Singapore Chapter
ISACA Singapore Chapter Annual Report 2014/2015 Contents Introduction... 2 Chapter Administration... 3 K. Wayne Snipes Award Special Mention... 4 Industry Outreach... 4 Industry Collaborations... 5 Monthly
More informationSECURING PAYMENTS IN THE CYBER WORLD
The Central Bank of Kuwait Presents An Information Security Forum on SECURING PAYMENTS IN THE CYBER WORLD 16th NOVEMBER 2014 JUMEIRAH MESSILAH BEACH HOTEL, KUWAIT WELCOME In the last few years, the usages
More informationInfoSec Academy Pen Testing & Hacking Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationInformation Systems Security Certificate Program
Information Technologies Programs Information Systems Security Certificate Program Accelerate Your Career extension.uci.edu/infosec University of California, Irvine Extension s professional certificate
More informationWhy CISM? Who Earns CISM Certification? CISA, CISM and CGEIT Program Accreditation Renewed Under ISO/IEC 17024:2003
The Certified Information Security Manager (CISM) certification is a unique management-focused certification that has been earned by more than 16,000 professionals since its introduction in 2003. Unlike
More informationOffice of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug
More informationSecurity Transcends Technology
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationInformation Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
More informationEncyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.
Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:
More informationMEETING THE NATION S INFORMATION SECURITY CHALLENGES
MEETING THE NATION S INFORMATION SECURITY CHALLENGES TO ADDRESS SKILLS AND WORKFORCE SHORTAGES IN THE INFORMATION SECURITY INDUSTRY, THE NATIONAL SECURITY AGENCY AND THE DEPARTMENT OF HOMELAND SECURITY
More informationPROVING YOUR GRC KNOWLEDGE WITH CERTIFICATIONS
PROVING YOUR GRC KNOWLEDGE WITH CERTIFICATIONS PRESENTER: JASON MEFFORD, MEFFORD ASSOCIATES October 9, 2014 OCEG WEBINAR SERIES Housekeeping Download slides at http://www.oceg.org/event/ proving-your-grc-knowledge-with-certifications/
More informationTERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO
TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) Consultant - Enterprise Systems & Applications 1. Reporting Function. The Applications Consultant reports directly to the CIO 2. Qualification and Experience
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationCertification Programs
Registration Questions? Please contact us directly. 507 S. Grand Ave., Lansing, MI 48933 sfisher@mibankers.com (517) 342-9057 Certification Programs 2015 Following the lecture on day 2, students have the
More informationEarning Your Security Trustmark+
QUICK START GUIDE Earning Your Security Trustmark+ CompTIA.org www.comptia.org/communities Introduction One of the biggest challenges for solution providers is protecting their clients networks and information
More informationIMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES
IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES OBJECTIVES This course is specifically designed to improve your skills as an information security manager. Using O-ISM3 as a framework,
More informationEnabling Information PREVIEW VERSION
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
More informationVal-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning
Val-EdTM Valiant Technologies Education & Training Services 2-day Workshop on Business Continuity & Disaster Recovery Planning All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies.
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationJOINT EVENT WITH IIBA-LA. Trends & Best Practices in. Cybersecurity for networks, cloud computing and mobile
JOINT EVENT WITH IIBA-LA Trends & Best Practices in Cybersecurity for networks, cloud computing and mobile April 23 rd, 2015 Hands-on Experts Share Current Strategies to Manage Cybersecurity Today s enterprise
More informationExperienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision.
Application for CRMP Certification (part 1) GRCSI is now offering the Certified Risk Management Professional (CRMP) certification to support and recognize professionals who have skills and experience in
More informationConducting a System Implementation Risk Review at Higher Education Institutions
Conducting a System Implementation Risk Review at Higher Education Institutions October 23, 2013 1 Webinar moderator Justin T. Noble ACUA Distance Learning Chairman 2 Your presenters Mike Cullen, Senior
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationIT Service Management ITIL, COBIT
IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service
More informationMicrosoft Services Premier Support. Security Services Catalogue
Microsoft Services Premier Support Security Services Catalogue 2014 Microsoft Services Microsoft Services helps you get the most out of your Microsoft Information Technology (IT) investment with integrated
More informationCyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
More informationJOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities
JOB DESCRIPTION Job title: IT Security Analyst Grade: Responsible to: Responsible for: Liaises with: Head of IS N/A IS teams, Hanover colleagues, third party suppliers Role Purpose: Location: The purpose
More informationCYBERSECURITY & ANALYTICS
CYBERSECURITY & ANALYTICS How Both Will Change Your Career in e-discovery ACEDS Webinar 10/29/15 ACEDS Membership Benefits Training, Resources and Networking for the E-Discovery Community Exclusive News
More informationIT Governance Implementation Workshop
IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,
More informationLINUX / INFORMATION SECURITY
LINUX / INFORMATION SECURITY CERTIFICATE IN LINUX SYSTEM ADMINISTRATION The Linux open source operating system offers a wide range of graphical and command line tools that can be used to implement a high-performance,
More informationMANAGEMENT DEVELOPMENT COURSES
(FULL VIEW) MANAGEMENT DEVELOPMENT COURSES MANAGEMENT DEVELOPMENT COURSES LEADERSHIP DEVELOPMENT Developing Leadership Competencies 4 4 days 230,000 1-4 13-16 26-29 6-9 Critical Thinking: Tools for Problem
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More information70-673 Q&A. DEMO Version
TS: Designing, Assessing, and Optimizing Software Asset Management (SAM) Q&A DEMO Version Copyright (c) 2010 Chinatag LLC. All rights reserved. Important Note Please Read Carefully For demonstration purpose
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationNational Cyber Security Awareness Month. Week Five: Building the Next Generation of Cyber Professionals
National Cyber Security Awareness Month Week Five: Building the Next Generation of Cyber Professionals Webinar recording and evaluation survey This webinar is being recorded and will be made available
More informationCORE Security and GLBA
CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com
More information