SC Midlands Chapter 54 of ISACA

SC Midlands Chapter 54 of ISACA

September 2011 Newsletter
In This Issue
Welcome New Members!
Congrats Newly Certified!
2012 Membership Renewals Begin
New COBIT Process Assessment Model Now Available
Become a Topic Leader
Job Hunting?
ACL - Getting Started and Moving Forward (6 CPEs)
Emerging Threats and Trends in Cyber Security (3 CPEs)
Advanced Persistent Threat: The Battle to Own Your Network (6 CPEs)
Welcome New Members!  

August
Samuel Mills
Karen Price
Tracy Smith

September
Arinola Adebayo
Robert Holland
Congrats Newly Certified!

CISA
Kristopher Thomas

CRISC

Timothy Larkin
Richard Wooten
Michael McGinniss
William Yocum  
2012 Membership Renewals Begin

The ISACA� 2012 membership renewals open 20 September 2011, and this year will see the first dues increase (by US $5) since 2008. In those 4 years, member benefits have expanded substantially.  

 

* A full suite of COBIT�-related products and tools for implementing information systems audit, control, risk and security, including:
- Val IT™:  Based on COBIT� (2008)
- IT Assurance Framework™ (ITAF™) (2008)
- Risk IT:  Based on COBIT� (2009)
- Business Model for Information Security™ (BMIS™) (2010)


* Steep discounts on COBIT products (including COBIT� 5, scheduled for release in 2012):
- 85 percent discount on COBIT Online�
- Free COBIT Quickstart�


* Substantial discounts on exam fees and review materials for ISACA's four certifications: Certified Information Systems Auditor� (CISA�), Certified Information Security Manager� (CISM�), Certified in the Governance of Enterprise IT� (CGEIT�), and Certified in Risk and Information Systems Control™ (CRISC™)


* More than 75 research deliverables in just the last 4 years, including new audit programs and COBIT mapping documents that are free to members only


* Free, members-only eSymposium events that provide 36 continuing professional education (CPE) hours per year


* An eLibrary of more than 425 searchable books


* An expanded Career Centre with new capabilities to post and search for jobs by country


* The new Knowledge Center, which offers members-only online communities on more than 100 topics of interest


* A free, members-only digital edition and mobile app of the ISACA� Journal     

 

For additional information on the value of ISACA membership, visit the Member Benefits page of the ISACA web site.

New COBIT Process Assessment Model Now Available

Once the need and value of a formal assessment approach based on COBIT� were established through a survey and analysis (more information can be found in volume 7, 2011, of @ISACA), ISACA� began development on a process assessment model (PAM) based on COBIT� 4.1 and ISO/IEC 15504-2:2003 Information technology-Process assessment-Part 2:  Performing an assessment. Process assessment requirements have also been provided as input to the COBIT� 5 initiative for consideration in updating the COBIT framework.

 

The new ISACA publication COBIT� Process Assessment Model (PAM):  Using COBIT� 4.1 provides specific guidance and evidential requirements on how to determine where a process is in terms of the measurement scale. COBIT� Assessor Guide:  Using COBIT� 4.1, scheduled for release in October 2011, will support COBIT PAM and detail how to undertake an assessment.

 

Assessment sponsors and assessors will be provided with options for scoping the assessment, including risk and scoping tools that are based on existing COBIT mappings. As a specific example, this scoping approach supports an assessment of IT processes relevant to cloud computing. The COBIT processes in scope are defined in Cloud Computing Management Audit/Assurance Program published by ISACA in August 2010.

 

The initial PAM release will be progressive, subject to the successful completion of pilot assessments, and includes:

  • COBIT PAM-The base reference document for the assessment of an enterprise's IT processes against COBIT 4.1 and ISO/IEC 15504
  • COBIT Assessor Guide-Will provide information on how to undertake an assessment
  • COBIT� Self-assessment Guide:  Using COBIT� 4.1-To be used by enterprises to perform self-assessments and develop their own improvement plans, scheduled for release in November 2011
  • Supplementary tools-Will support process assessment activities and include scoping templates

The COBIT Self-assessment Guide will enable enterprises to undertake a preliminary internal determination, and the self-assessment results will enable initial process improvement planning. The COBIT Assessor Guide will enable a more formal ISO/IEC 15504 compliance assessment. To meet the requirements of ISO/IEC 15504, it is essential for these evidential-based assessments to be undertaken by competent assessors.

 

Look for the COBIT Process Assessment Model in the ISACA Bookstore, and watch the Research page for more information on upcoming related releases.

Become a Topic Leader

Looking for volunteer opportunities within ISACA? ISACA invites you to serve as topic leaders in the ISACA Knowledge Center. Members can connect with other professionals that share their common interests and collaborate by contributing to discussions, uploading documents, adding links and contributing to wikis.
 
 
Topic leaders facilitate this activity by ensuring a topic remains active, including starting conversations and responding with advice and expertise. Topic leaders spend an average of two hours per week on their topic and can earn up to 10 continuing professional education (CPE) credits per year for their involvement.
 
 
Responsibilities can be found here. Interested individuals should complete the application and send it, along with a resume, to [email protected].  
Job Hunting?

Frequently, the ISACA SC Midlands Chapter is contacted by businesses that have an employment opportunity that would be of interest to our membership.  We've received quite a few in the past few weeks so we wanted to remind you that these opportunities are posted on our web site at www.scisaca.org under the heading "Current Job Openings".  Be sure to check the site regularly to stay informed of the latest postings.

::
Join Our Mailing List
From the President

Hello friends and members: 

Calling all CISA and CISM candidates!  Final date to register for a December exam is October 5, 2011.  To help in your preparation, we have instructors waiting to help you to review the material for the exam in December.  If you are considering the ISACA certifications and ISACA International membership and you are on the fence - all of our local classes provide an additional discount to our members.  Classes start in October, so get signed up now!  These classes are also available for CPE hours for those already certified.  Need a refresher?  Come and get it - the CISA class provides 18 CPE hours ($5.55 a CPE) and the CISM class provides 16 CPE hours at $6.25 a CPE. 

Registration is now up for our ISACA classes through the end of the year!  Lots of CPE hours available.  Be sure to catch these early bird prices!  2011 - 2012 academic year for our SC Midlands Chapter is lining up nicely!   So far in the line up is a full day of ACL training in October, Modern Cyber Trends and Threats in November, Advanced Persistent Threat News and Penetration Testing in December and IT Audit Concepts in January.  In 2012, look forward to a full day introduction to Computer Forensics and a session on Network and Telecommunications Security.  More to come.  Send your ideas for topics and speakers to help fill in the remaining sessions.

Additionally, Registration continues for the 19th Annual Internal Auditor Conference to be held in Columbia, SC on October 17th - 19th.  The IT Audit track is a Hands-On Three Day IT Audit Boot Camp for 24 CPEs and is sure to thrill even veteran IT Auditors.  Bring your computer with administrative rights to take full advantage of the course.  Attendees will do actual audit steps on a large variety of topics.  The event will be held at the Embassy Suites on I-26 just across from RiverBanks Zoo.  There are special room rates as well.  Great location and great learning opportunity.  Go to the event registration page to sign up!

We are looking for a couple of volunteers for the Chapter Board:  We need a Marketing Director who would help us find opportunities to host a booth at conferences to get the ISACA word out.  Additionally, we are looking for a few good people to help us get the ISACA information out to students at our universities.  If either one of these tasks appeals to you, please contact either Tom Hart or Sue Rusher to let us know.  Working on the Board offers great networking with leaders locally, nationally, and internationally, extra CPEs and a chance to make a difference.

Sincerely,
Sue Rusher
2011 - 2012 President
ACL - Getting Started and Moving Forward
(6 CPEs)
Sonya Gales, CISA, CFE, ACDA - Data Specialist at Arrowpoint Capital

DATE:          October 5, 2011
LOCATION:   BCBSSC Tower Auditorium
                    2501 Faraway Drive, Columbia, SC 29223
                    Free Parking
TIME:            
Registration:   8:30 am (Breakfast served)
Lunch:            12 noon - 1pm
Seminar:        9:00 - 12 noon and 1:00 to 4:00 pm

Pre-Registration and payment required at http://www.scisaca.org/  Click on future events, and locate this date.  Checks and credit cards accepted for pre-registration.  

Pricing:
Late Registration: Sep 24th - Oct 4th
$115 - SC Midlands ISACA Members
$135 - Affiliate Members
$155 - Non-Members

*Affiliate Members of IIA, SIAA, IMA, other ISACA chapters, etc.

What you will learn:
Do you want to use that desktop version of ACL you bought 2 years ago? Are you already using it but only scratching the surface with basic commands? Are you scripting some but would like to know more and how other companies might be using the software? Here is your opportunity to learn. This 6 hour class will cover getting started and organizing your project, accessing your data, using the ACL commands and functions, specific testing examples, scripting techniques, and managing your data mining function. This course will be ACL desktop specific with software demos to illustrate discussion topics.

Sonya Gales, CISA, CFE, ACDA - Data Specialist
Sonya has been a Data Specialist in the internal audit department at Arrowpoint Capital since 2002. She uses ACL extensively to support the audit staff for both traditional and continuous auditing as well as providing support for management for continuous monitoring. Sonya has presented ACL topics for ISACA, IIA, Charlotte Area ACL Users Group, and UNCC. She began her career as a computer programmer in 1987 and since then has held positions as an information systems auditor at Jefferson Pilot Life Insurance Company, Deloitte and Touche and Arrowpoint Capital (formerly known as Royal & SunAlliance).

Sonya graduated from NC State with a Bachelor of Science degree in Applied Mathematics. She earned her CISA designation in 2005, her CFE designation in 2006 and her ACDA (ACL Certified Data Analyst) designation in 2008. She is a member of ISACA, the Institute of Internal Auditors, and the Association of Certified Fraud Examiners.

 

Emerging Threats and Trends in Cyber Security
(3 CPEs)
Leighton Johnson - CTO of ISFMT (Information Security & Forensics Management Team

DATE:           November 4, 2011

LOCATION:
   BCBSSC Tower Auditorium
                    2501 Faraway Drive, Columbia, SC 29223
                    Free Parking
TIME:            
Registration:  8:30 am (Breakfast served)
Class Time:   9:00 am - 12 noon
Lunch:           12 noon - 1:00 pm

Pre-Registration and payment required at http://www.scisaca.org/ Click on future events, and locate this date.  Checks and credit cards accepted for pre-registration.  

Pricing:
Regular Registration: Sep 25th- Oct 25th     
$55- SC Midlands ISACA Members
$75- Affiliate Members
$95- Non-Members

Late Registration: Oct 26th- Nov 3rd
$75- SC Midlands ISACA Members
$95- Affiliate Members
$115- Non-Members

*Affiliate Members of IIA, SIAA, IMA, other ISACA chapters, etc.

What you will learn:
Cybersecurity incidents are major concerns for enterprises and governments worldwide. Data breaches are expected to account for US $130.1 billion in global corporate losses this year, according to the Ponemon Institute.

This course will help enterprises to be prepared against the rise in threats from cyber criminals. The latest cybersecurity threats will be identified; the current cyber-trends across the Internet will be defined; network vulnerabilities will be discussed; and tools, techniques, and tactics will be provided to combat threats.

Current threats to the information security landscape are:

�         Data breaches
�         Identity theft
�         Web 2.0 and client-side attacks
�         Targeted messaging attacks
�         Botnets
�         Rootkits
�         Logic Bombs

Phishing e-mails are the most common attack vector, and combating them requires a varied approach that includes:

�         User awareness and training
�         Incident response capability
�         In-bound and out-bound filters at gateways

Each threat and attack is different, and should be considered independently. This course will provide tips on how to gather a team of well-trained experts to develop the best approach possible and how to be sure your filtering methods and incident response capabilities are up to date and efficient to effectively combat attacks.

Leighton Johnson, the CTO of ISFMT (Information Security & Forensics Management Team), has presented computer security, cyber security and forensics classes and seminars all across the United States and Europe. He was the regional CIO and Senior Security Engineer for a 450 person
directorate within Lockheed Martin Information Systems & Global Solutions Company covering 7 locations within the Eastern and Midwestern parts of the U.S. He is an adjunct instructor of digital and network forensics and incident response at Augusta State University. He has over 35 years experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling. He holds CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator) CSSLP (Certified Security Software Lifecycle Professional), CMAS (Certified Master Antiterrorism Specialist) and CISA (Certified Information Systems Auditor) credentials. He has taught CISSP, CISA, CISM, DIACAP, Digital and Network Forensics, and Risk Management courses around the US over the past 7 years. He has presented at EuroCACS 2010, ISMC 2007, ISMC 2006, CyberCrime Summit 2007, multiple year presentations for OPNET Technologies international conferences, INFOSEC WORLD 2005, multiple presentations for military and civilian conferences for customers and clients worldwide.

 

Advanced Persistent Threat: The Battle to Own Your Network (6 CPEs)
Peter Morin CISSP, CISA, CGEIT, CRISC and GCFA - Senior Manager of Information Security at Bell Aliant Corporate Security

DATE:          December 7, 2011 (Columbia)
                    December 8, 2011 (Greenville)

LOCATION:   Columbia:
                    BCBSSC Tower Auditorium
                    2501 Faraway Drive, Columbia, SC 29223
                    Free Parking

                    Greenville

                    Clemson at the Falls

                    55 Camperdown Way

                    Greenville, SC 29601

 

TIME:            
Registration:   8:30 am (Breakfast served)
Lunch:            12 noon - 1pm
Seminar:        9:00 - 12 noon and 1:00 to 4:00 pm

Pre-Registration and payment required at http://www.scisaca.org/  Click on future events, and locate this date.  Checks and credit cards accepted for pre-registration.  

Pricing:
Early Bird: Now - Oct 28th
$85- SC Midlands ISACA Members
$105- Affiliate Members
$125 - Non-Members

Regular Registration: Oct 29th- Nov 23rd     
$105- SC Midlands ISACA Members
$125 - Affiliate Members
$145 - Non-Members

Late Registration: Nov 24th- Dec 4th
$125 - SC Midlands ISACA Members
$145 - Affiliate Members
$165 - Non-Members

*Affiliate Members of IIA, SIAA, IMA, other ISACA chapters, etc.

What you will learn:

The current cyber-battlefield involves persistent campaigns of targeted and sophisticated hacking attacks aimed at governments, military, fortune 500 corporations and other sources of high-value targets, commonly referred to as Advanced Persistent Threats or APT.

Do the following questions interest you?

  • How do groups such as Lulzsec and Anonymous hack into seemingly high-security networks with such ease?
  • Curious what terms such as "command and control" refer to?
  • Interested how a spear phishing attack can lead to a data breach?
  • How can a Security Information Event Management (SIEM) system help my organization identify when it is under attack?   

This one day workshop will provide insight into the anatomy of Advanced Persistent Threats including the various stages of attack, common attack vectors used, and examples of high-value targets (i.e. SCADA). We will also discuss some examples of organizations that have been breached and the complex attack methods used (i.e. RSA, Sony, Lockheed Martin, HB Gary, etc) as well as some of the defenses organizations are employing to better protect their information assets. During this workshop we will use common hacker tools such as MetaSploit and BackTrack to perform real-life demonstrations to highlight the significance of the attacks occurring today.

 

Peter Morin is a Senior Manager with Bell Aliant where he is responsible for managing security planning, vulnerability assessments, security event management and incident response. His position with Bell Aliant focuses on information security risk management, penetration testing, application code analysis, malware analysis, and developing standards for secure application development. Peter has over 15 years of in-depth information technology experience in the fields of enterprise computing and networking with an emphasis on IT security, application development, business continuity, incident response and forensics. Prior to Bell Aliant, Peter was a Senior Manager with KPMG LLP and Ernst & Young LLP's IT Security, Risk Advisory & Forensic practices. Peter is a frequent speaker on the subject of social networking, risk management, information security, penetration testing, malware analysis and forensics and has presented at numerous events held by the HTCIA, Blackhat/DefCon, PMI, Computer Security Institute, Interop, SANS, and ISACA. Peter is also a frequent guest lecturer at numerous colleges and university throughout North America.