SC Midlands Chapter 54 of ISACA

SC Midlands Chapter 54 of ISACA

December 2012 Newsletter
In This Issue
New members in November
Exam Registrations
ISACA Links
Cobit 5
January 2013 Session
ISACA IT Risk/Reward
Food For Thought
Current Events
2013 Techno Security Conference

New Members in November

 

Mr. Gaurav Mithani

Timothy Mark Harris

Shannon L. Rosson

Mr. George Mason(transfer)

 

We now have 200 members!

 

Registered for the December 2012 Exam:

 

CISA

 

Robert Holland

Rachel Andal

Lisa Willett

John Harte

David Krieg

James Shell

Edwin Waleh

 

 We wish everyone  GOOD LUCK!

 
Some very useful ISACA links:

 

Knowledge Base:

 

 

Bookstore:

 


::

 

 

COBIT 5 is now available to everyone!

 

COBIT 5 provides globally accepted principles, practices, analytical tools and models designed to help business and IT leaders maximize trust in, and value from, their enterprise's information and technology assets. This update is the result of a four-year initiative led by a global task force and has been reviewed by more than 95 experts worldwide. COBIT 5 is available to all as a free-of-charge download at https://www.isaca.org/COBIT/Pages/default.aspx.

ISACA also released COBIT 5: Enabling Processes (free to ISACA members and US $134 for nonmembers) and COBIT 5 Implementation (free to ISACA members and US $50 for nonmembers), which help framework users apply the guidance. Print editions of all three guides are available for purchase from the ISACA Bookstore (www.isaca.org/bookstore).

January 2013 Session

Basics of All Aspects of Continuous Auditing and Monitoring

Presented by Danny M. Goldberg, CPA, CIA, CISA, CGEIT, CCSA

 

8 CPEs

DATE:               Wednesday, January 9, 2013

LOCATION:                    BCBSSC Tower Auditorium

                                    2501 Faraway Drive, Columbia, SC 29223

                                    Free Parking

TIME:                           

Registration:                  7:30 am (Breakfast served)

Seminar:                       8:00 - 12 noon

Lunch:                           noon - 1:00 pm

Seminar:                       1:00 - 5:00 pm

 

Pre-Registration and payment required at http://www.scisaca.org/   Click on future events, and locate this date.  Checks and credit cards accepted for pre-registration. 

 

Pricing*:

  

 

Early Bird:   now until December 7, 2012

$100 - SC Midlands ISACA Members

$125 - Non-Members

 

Regular Registration: December 8, 2012 - January 4, 2013

$125 - SC Midlands ISACA Members

$150 - Non-Members

 

Late Registration: January 5, 2013 - January 8, 2013

$150 - SC Midlands ISACA Members

$175 - Non-Members

 

 

What you will learn:

Continuous auditing has changed the internal auditing paradigm from periodic reviews of a small sample of transactions to ongoing audit testing of volumes of transactions. This seminar focuses identifying what must be done to make effective use of information technology in support of continuous auditing.

 

Objectives:

� General overview of the concepts of continuous auditing and monitoring, including key terms.

� How to optimize usage of CA and CM in internal audit departments

� Use of CA/CM to deter fraud.

 

Agenda:

 

I. Introduction

 

II. What is CGRC and CA/CM and Types

a. Data Analytics

b. Continuous Monitoring

c. Continuous Auditing

d. Continuous Risk Assessment

e. Continuous Controls Monitoring

f. Data Warehousing

g. Data Mining

h. Fraud Detection Tool

 

III. Controls Monitoring/COSO Overview

 

IV. How to Use CA/CM in Your Organization

a. Benefits

b. Meta Control

c. Where to Apply Data Analytics

d. Generic Continuous Auditing Approach

e. Data Analytics Opportunities

 

V. Benford's Law

 

VI. Using CA/CM to Detect Fraud

 

VII. Fraud Red Flags

 

VIII. Comprehensive Example Using ACL

 

Danny M. Goldberg leads the Professional Development Practice at Sunera. Prior to joining Sunera in January 2011, Danny founded SOFT GRC, an advisory services and professional development firm. Danny has over 15 years of audit experience, including five as a CAE/Audit Director at two diverse companies.

 

Join Our Mailing List
From the President

 

Please join us for our January class.  The topic is Continuous Auditing and Monitoring and will be presented by Danny Goldberg on January 9th.  Let's get the New Year started and get a jump on earning your CPE's for 2013. 

 

We regret having to cancel the December class.  Sometimes life changes our plans and we simply have to move forward.  At this point we are hopeful the Change Management topic will be presented at our February session.  There are still opportunities to earn CPE's this month. 

 

Virtual Conference: Secure the Hybrid Cloud

Cloud security has evolved rapidly and now involves a hybrid approach to secure apps and data with enterprise or partner apps hosted in the cloud. In this virtual conference on 12 December, ISACA separates fact from fiction, and drills into actionable design patterns that can be applied today for end to end security in the cloud. 

You will learn to:

  • Control and manage the API lifecycle across cloud environments
  • Understand portal managed services in the cloud
  • Discover how the Cloud Security Readiness Tool can simplify some of the hard-to-make decisions through its use of the Cloud Security Alliance's Cloud Control Matrix

Utilize ISACA's toolkit based on COBIT 5 for Information Security to identify the security factors to be considered when evaluating the cloud as a potential solution

Don't miss out on this FREE educational event on Wednesday, 12 December from 9:00 AM to 4:00 PM CST --earn up to 6 CPEs!

 

One-hour seminars have replaced the monthly e-Symposium webinars.  These are now offered twice each month, however they are not archived for viewing.  The next webinar is scheduled for at 11:00 AM CST on 13 December 2012

 

Other ways to earn CPE throughout the year include; attending the CACS conferences, volunteering as a board member for your local chapter, teaching CISA / CISM classes, and completing the ISACA e-journal quiz that are offered each month.  

  

Tom Hart

2012 - 2013 President

 

 

  

ISACA's 2012 IT Risk/Reward Barometer 


 

ISACA's annual IT Risk/Reward Barometer survey examines cloud computing plans, risk management hurdles, BYOD concerns and more. More than 4,500 IT professionals from 83 countries participated in the 2012 survey.

The global survey results reveal:

  • Whether enterprises are allowing or prohibiting BYOD (bring your own device)
  • The percentage of enterprises that still do not address BYOD in their security policies
  • The percentage of enterprises that have adopted private, public and hybrid cloud models
  • 2013 staffing plans for IT audit, security and risk positions
  • The biggest risk management hurdles facing enterprises today
  • And much more

Separate consumer surveys in the US and UK reveal privacy concerns, online holiday shopping habits, risky online activities and more.

  

For more information:

  • View the survey results below
  • Read the news releases on the right side of this page
  • Read a blog post by Robert Stroud, member of ISACA's Strategic Advisory Council.

For more information see: https://www.isaca.org/Pages/2012-Risk-Reward-Barometer

Release of classified documents via wikileaks.

Though many do not work directly for a Federal / Government agency, they interact with them nearly every day. There are over 1000 Federal level agenices and what they do has an impact of our daily lives.

Presidential Memorandum -- National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs

MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

SUBJECT: National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs

This Presidential Memorandum transmits the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Minimum Standards) to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the Nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems.

The Minimum Standards provide departments and agencies with the minimum elements necessary to establish effective insider threat programs. These elements include the capability to gather, integrate, and centrally analyze and respond to key threat-related information; monitor employee use of classified networks; provide the workforce with insider threat awareness training; and protect the civil liberties and privacy of all personnel.

The resulting insider threat capabilities will strengthen the protection of classified information across the executive branch and reinforce our defenses against both adversaries and insiders who misuse their access and endanger our national security.

http://en.wikipedia.org/wiki/List_of_United_States_federal_agencies

http://www.usa.gov/directory/federal/index.shtml

http://www.sc.gov/public-safety/Pages/FederalSecurityAgencies.aspx

 

 

 

Current Events

 
  

ISACA 2013 RENEWAL REMINDER

 

 

 Be sure to renew your membership to ensure your continued access to ISACA's growing network and expanding list of professional benefits.  Your local chapter also provides significant benfits and local networking opportuntites.  Please keep in mind that the certification maintenance fee for members is about one half of that for non-members.  Should you drop your membership, the higher certification maintenance fee(s) will apply next year.

 

 Renew Today!       www.isaca.org/renew

2013 Techno Security Conference

 

The Techno Security Conference will be held at Myrtle Beach, SC on June 2-5, 2013.   This will be the 15th year for Techno Security and the 6th year for Mobile Forensics.  Attendees have registered from 52 different countries over the years.  Frequent attendees are some of the top practitioners in the world in the fields of Information Security, eDiscovery, Mobile Forensics, Digital Forensics and Technical Business Continuity Planning.  Last year, there were over 1,400 people registered.

 

 

 

See this link for more information:

http://www.thetrainingco.com