|
Monthly Message November 2007 Luncheon CISA Exam Review Class CISM Study Group, CISM Exam Review Class Cancelled CISA and CISM Dates
Monthly Message The exponential growth in technology, the ubiquitous Internet, complex integrations of systems and new forms of data processing have enhanced the need for the detailed governance of IT systems. In the middle of this changing scenario is the IT audit professional trying to satisfy various stakeholders. The expectations from the public, shareholders and the regulating agencies have also increased manifold. Various legislations, such as the Health Insurance Portability and Accountability Act (HIPAA, 1996), Graham-Bliley-Leach (1999) and the Sarbanes-Oxley Act (2002), has brought new legislations for better internal controls. Meanwhile certain Governance standards, such as COSO (Committee of Sponsoring Organizations of the Treadway Commission), COBIT (Control Objectives for Information and related Technology from the IT Governance Institute) and ITIL (IT Infrastructure Library), have laid down the guiding frameworks for achieving effective internal controls. The IT audit profession has always tried to live up to the expectations of its stakeholders. In 1967, a small group of individuals met to discuss the need for a centralized source of information and guidance in IT auditing. This was the era when the computer systems were becoming increasingly involved in the day to day functioning of an organization.. However, it took two years for this group to get formalized under the banner of EDP Auditors Association. By 1976 ISACA, a formal professional body whose goal was to improve the knowledge and skills in the field of IT governance and control field, was born. The first CISA examination was administered in 1981 and registration numbers have grown each year. The exam is now offered in 11 languages, twice a year, at more than 200 locations worldwide. Currently, the 50,000 strong worldwide ISACA’s membership is characterized by its diversity. Members live and work in more than 140 countries and cover a variety of professional IT-related positions, including chief information officer, IT auditor, internal auditor, consultant, security professional, regulator etc. The CISA certification has been recognized with ANSI accreditation, along with the CISM certification- both of these certifications are managed by ISACA. It is one of the few certifications formally approved by the US Department of Defense in their Information Assurance Technical category (DoD 8570.01-M).. A recent survey revealed that 70 percent of CISAs think that certification helps to advance in their careers. When all ISACA members, CISA or not, were asked whether they thought gaining the CISA would help their careers, the response was nearly 77 percent. Another recent report released by Foote Partners LLC concluded that formally certified IT professionals on average were commanding about 10% to 15% higher salaries than non-certified individuals. According to an ISACA report, “more than 400 CISAs are employed in organizations as CEOs or CFOs. More than 900 CISAs serve as CIOs or IS security directors, more than 2,300 CISAs serve as audit directors or audit partners and more than 8,500 CISAs are employed in managerial or consulting positions in IT operations, security or auditing”. In order to facilitate the acquiring of CISA designation, our Chapter from time to time has organized training programs. It is my pleasure to inform that on Nov 10-11, 2007, we are organizing another CISA review course. The response so far has been good and we hope to aim for very high passing rates. Who knows? Maybe this review course may help someone achieve his/her dreams of getting a job title, beginning with a “C”. Finally, the ISACA PSC Board would like to thank Ms. Mary Marino of Jefferson Wells for getting Jefferson Wells to donate a number of $25 AMEX gift cards to the chapter. One $25 AMEX gift card will be presented as a door prize to a lucky attendee for the next few ISACA PSC luncheons. Again, our thanks go out to Mary and Jefferson Wells for their generosity and support of the ISACA luncheons. Regards, Kamal Sharma CISA Coordinator, 2007/2008 ISACA Puget Sound Chapter top
November Luncheon & Presentation Date and Time: Tuesday, November 20, 2007 11:15 AM - 1:00 PM Location: Columbia Tower Club, Seattle, WA Presentation: The Silent Epidemic – The Rise of Economically Motivated Malware and Targeted Attacks Speaker: Ryan Sherstobitoff , Panda Software Registration and more details: http://guest.cvent.com/i.aspx?1Q,M3,569dfc2b-1391-4668-99bf-1559b63d260b Summary: With the recent change in malware dynamics security professionals are faced with the challenge of defending against a new breed of malware designed to remain hidden and undetectable by traditional security solutions. This new breed no longer relies on massive propagation or that of destructive pay-loads; rather the sole purpose is economical gain. Malware is now being designed to capture personal information and other data with the hopes of performing ID theft or exploiting a legitimate business model. More and more variants are released in hopes to overwhelm anti-virus labs. Bot-Networks are being established to de-fraud users and businesses financially. Highly coordinated targeted attacks against organizations are becoming very popular. Therefore, the “Silent Epidemic” has begun. In this session you will learn proactive defense strategies to counter-act and neutralize this new breed of malware. As the Chief Corporate Evangelist at Panda US, Ryan Sherstobitoff oversees and manages the US strategic response to new and emerging virus attacks. Mr. Sherstobitoff’s extensive experience includes work designing and managing network infrastructures as well as mobilizing and managing security technologies throughout widely dispersed large-scale networks. As an intrinsic part of designing security infrastructures, Ryan has worked on a variety of security technologies in a myriad of platforms and environments, including financial, industrial, and service infrastructures. Ryan holds industry certifications in Microsoft MCSE, Microsoft MCSA, A+, Cisco CCNA and Comptia A+ Certified. top
CISA Exam Review Course The ISACA-PSC Chapter is sponsoring a two day CISA review course to be held from Saturday, November 10 to Sunday November 11. This course focuses exclusively on the six Job Practice Areas covered in the CISA exam: IS Audit Process (10%), IT Governance (15%), Systems and Infrastructure Lifecycle (16%), IT Service Delivery and Support (14%), Protection of Information Assets (31%), Business Continuity and Disaster Recovery (14%). The course covers these subjects and an extensive series of sample exam questions that provide participants with a feel of the format and types of questions encountered on the exam. The correct and incorrect answers of each question are also reviewed for a better understanding of the expectations of the ISACA Certification Board. This intensive course is an ideal way to prepare for the exam. Participants gain valuable experience reviewing the core sections and answering sample exam questions with an experienced instructor while strengthening their skills and building confidence. Who Should Attend: IT, financial, operational, and external auditors who are taking or considering taking the December 8, 2007 CISA examination; anyone seeking an overall understanding of essential IT risks and controls. For more information on the CISA examination and certification, refer to: www.isaca.org/cisa. Review Course Dates: November 10 - -November 11, 2007 Registration Deadline: November 7, 2007 (Friday) Cost: $325 members; $375 non-members;. Registration is Required – No Walk-Ins. Online Registration at http://guest.cvent.com/i.aspx?1Q,M3,6915d1b9-8882-4d25-9ad4-94da42686d83 Instructor Bio: Trony Clifton, CISA, is currently the CEO of Mandem Consulting in based in New York and New Jersey. He is also an adjunct professor at New Jersey Institute of technology (NJIT) teaching graduate courses (IS 680 AND IS 681) in IT Audit and Information Security Audit. In his tenure as a CISA Instructor, the passing rate of Trony’s students has ranged from 72 to 80 percent. In 2002 Trony’s studying and training techniques enabled two students, one from Atlanta and one from New Jersey, to obtain the highest CISA scores in their respective states. Mr. Clifton is an active board member of the New Jersey ISACA Chapter. He currently teaches CISA Review courses for various ISACA chapters, including Atlanta (1997-present), New Jersey (1999-present), Pittsburgh (2004-present), Philadelphia (2005-present), as well as Deloitte & Touche (2005-present). Trony previously taught CISA review courses for various other ISACA chapters, including Chicago (1995-1998), Mexico City (1997-2001), Beijing China (2001-2003), and at North America CACS Conferences (1996-1998). Trony is a published author. His works include: IT Auditing: A Practical Guide to the CISA Exam (ISBN-0970674171, Feb 2007, Mandem, Inc., soft cover, 488 pages, 2000 multiple-choice questions) and Auditing Oracle: Conducting The IS Audit (ISBN-0471274747, Nov 2003, John Wiley and Sons Ltd., hardback, 288 pages). Meals: To help keep costs down, lunches and snacks are not included Location: WaMu Center (Downtown Seattle)1301 2nd AveSeattle, Wa 98101The conference room is "CR WMC11-A084 (Whitbey)" and it is on the 11th floor. Regards, Kamal Sharma CISA Coordinator, 2007/2008 ISACA Puget Sound Chapter top
CISM Study Group, CISM Exam Review Course is cancelled. CISM Preparation – The December CISM course is just a few weeks away. A few members have stated that they are interesting forming a local study group to prepare for the exam. If you would be interested in an informal, peer study session, please e-mail Tom McAndrew at mailto:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
this week Due to a very low turnout, the ISACA PSC Board unfortunately decided to cancel the ISACA PSC CISM review course. Apologies to those who were looking at the course. Regards, Tim Smit CISM Coordinator, 2007/2008 ISACA Puget Sound Chapter top
CISA and CISM Exam Dates Here is an overview of upcoming CISA and CISM exams. Additional details are availabe on the ISACA.org website. December 2007 Exam Dates (Details) 17 August: Early Registration Deadline 28 September: Final Registration Deadline 8 December: Exam June 2008 Exam Dates (Details) 13 February: Early Registration Deadline 9 April: Final Registration Deadline 14 June: Exam top
|
Newsletter 
