ISACA® Western New York Chapter - August 2009 Newsletter

Published in

Monthly ISACA Newsletter

Login or register to post comments

		*Monthly Newsletter* *August 2009* Vol.1 Issue 5
CHAPTER NEWS ISACA-WNY Board Approves Rochester Security Summit Partnership ISACA Western New York Chapter's Board Of Directors recently reviewed and approved a partnership with the Rochester ISSA and OWASP chapters to share a lead role in this year's Rochester Security Summit on October 28-29. The chapter will coordinate and provide this year's Business Track which will include presentations on compliance, controls, and strategies. The track will also feature a Chief Security Officer panel discussion with attendee Questions and Answers. Other tracks include Technical/Professional and Technical Developer tracks. The event will further feature a Key Note address by Ed Skoudis and and Note by Larry Pesce. This up to 12-CPE event is available to chapter members at a 10% discount from the standard $120 registration rate. Early bird registration rates of $110 apply as well until September 30th.		In This Issue: • Chapter News • Member Spotlight • President's Message • Upcoming Events • Certification News • Technology News • Featured Download • Trivia
MEMBER SPOTLIGHT Carolann G. Lazarus Carolann G. Lazarus, is an ITAuditor for University at Buffalo, Internal Audit. Lazarus has over 24 years of industry experience and holds her CISA certification. A chapter member for over 20 years, she has recently served as chapter Treasurer and sits on the Board of Directors. In the past, she has also served in President and Vice President roles. She appreciates ISACA's valuable resources and reference materials. "The local chapter provides networking and learning opportunities. This is important to me as I'm the only IT auditor at my employer," says Lazarus.		PRESIDENT'S MESSAGE I would like to thank you for being a member of our chapter. I am looking forward our remaining 2009 events and hope to see you at them. Please review our newsletter's Upcoming Events section in addition to our web site's calendar. Peter Spier Chapter President
UPCOMING EVENTS IT GRC Framework with Bruce Jones IT GRC has emerged as a unifying theme aligning IT governance, risk and compliance with the priorities of the business. GRC is about collaboration and communication - it is getting many silos of risk, compliance, and governance to work together and share information and processes. Join us at Mario's Italian Steakhouse for this breakfast presentation on August 20^th from 7:30-10:00am Register Now! Information Security and Risk Management Conference - Las Vegas, NV This conference will build on and include the key elements of information security management practices and information security practices. The conference will cover related business, program and technical issues and the impact of risk management. September 28-30 More Information If you plan to attend, please also notify Chapter Secretary Alex Douds to allow other chapter attendees to join you. Rochester Security Summit Come to the 4th annual Rochester Security Summit at the WoodCliff Lodge in Fairport, NY (October 28-29)! Our chapter is joining efforts with the Rochester ISSA and OWASP chapter to bring this valuable two-day educational conference to you with members receiving a 10% discount off standard registration rates. Register Now CERTIFICATION NEWS ISACA’s CISA Certification Earns 2009 SC Magazine Award for Best Professional Certification Program Rolling Meadows, IL, USA (23 April 2009)—ISACA, a nonprofit association serving more than 86,000 IT governance professionals in 160 countries, has been recognized with an SC Magazine 2009 Professional Award. ISACA’s Certified Information Systems Auditor (CISA) designation was selected as the winner of the Best Professional Certification Program, and its Certified Information Security Manager (CISM) certification was named a finalist. The award, which recognizes ISACA’s outstanding achievement in IT security, was presented Tuesday at the exclusive SC Awards Gala, held in conjunction with the annual RSA Conference in San Francisco, California, USA. The CISA certification has been earned by more than 60,000 professionals since its inception in 1978. It is recognized internationally as the global standard for IS audit, control and security professionals. CISM, introduced in 2002, has been earned by more than 10,000 professionals. “We are honored that ISACA’s commitment to the information security field has been recognized by SC Magazine’s distinguished award program,” said Lynn Lawton, CISA, FBCS CITP, FCA, FIIA. “The CISA and CISM designations are based on real-world professional experience and are highly regarded by employers and information security professionals seeking to advance their careers.” ISACA’s CISA and other 2009 Professional Awards winners were chosen by a panel of 22 judges from major corporations and public-sector organizations that were hand-picked by SC Magazine’s editorial team for their breadth of knowledge and experience in the information security industry. The awards highlight and showcase the best solutions, services and professionals, while recognizing achievement and technical excellence in the information security industry. With almost 700 entries submitted in 30 categories, the 2009 SC Awards were the most competitive yet in the program’s 12-year history. “ISACA represents one of the industry’s beacons of leadership, and the 2009 SC Awards judges have given it this high distinction for its innovative contributions to IT security over the past year,” said Illena Armstrong, editor in chief, SC Magazine. For more information and a detailed list of categories and winners, please visit www.scmagazineus.com/Best-professional-certification/article/130888/. Additional information on ISACA’s CISA and CISM certifications, as well as the new Certified in the Governance of Enterprise IT (CGEIT) designation, is available at www.isaca.org/certification. TRIVIA Sarbanes-Oxley What is Title III of Sarbanes-Oxley and how many sections does it have? Submit your response through our Contact form. The first received, correct answer wins a $5 Amazon Gift Certificate* and special mention in our next issue!*		TECHNOLOGY NEWS Twitter briefly knocked offline by hackers (again) Just when you thought it was safe to go back into Twitter... By John Leydon Source:THE REGISTER Twitter suffered from yet more security jitters on Tuesday night, after another attack left the site briefly unavailable. The outage lasted only about 30 minutes, from about 2020 (BST) and was far less severe than an attack last Thursday that took out the site for around two hours and left it offering impaired services for days afterwards. Last week's attack is widely attributed to an assault on accounts run by a Georgian blogger. The apparent assault on Cyxymu coincided with the first anniversary of the ground war between Georgia and Russia. Accounts maintained by Cyxymu on Facebook, Blogger and LiveJournal were also targeted, as well as Twitter, but only the micro-blogging service suffered downtime. Twitter is still investigating the cause of Tuesday's brief outage, which followed a site update that may (or may not) have played a role in subsequent events. ®
		FEATURED DOWNLOAD • Aligning CobiT 4.1, ITIL v3, and ISO/IEC 27002 for Business Benefit Every enterprise needs to tailor the use of standards and practices to suit its individual requirements. All three standards/practices covered in this guide can play a very useful part—Cobi T and ISO/IEC 27002 helping to define what should be done and ITIL providing the how for service management aspects. The growing adoption of IT best practices has been driven by a requirement for the IT industry to better manage the quality and reliability of IT in business and respond to a growing number of regulatory and contractual requirements. There is a danger, however, that implementation of these potentially helpful best practices can be costly and unfocused if they are treated as purely technical guidance. To be most effective, best practices should be applied within the business context, focusing on where their use would provide the most benefit to the organisation. Top management, business management, auditors, compliance officers and IT managers should work together to make sure IT best practices lead to cost-effective and well-controlled IT delivery. IT best practices enable and support: • Better management of IT, which is critical to the success of enterprise strategy • Effective governance of IT activities • An effective management framework of policies, internal controls and defined practices, which is needed so everyone knows what to do • Many other business benefits, including efficiency gains, less reliance on experts, fewer errors, increased trust from business partners and respect from regulators
Copyright © 2009 ISACA® Western New York Chapter. All rights reserved.
If you wish to cancel your subscription to this newsletter click here