Home

ISACA® Western New York Chapter - September 2009 Newsletter

Published in


Monthly Newsletter

September 2009 

Vol.1 Issue 6

CHAPTER NEWS

Bruce Jones Presents on General Risk Controls (GRC)

Eastman Kodak Company's Bruce E. Jones Presents to Chapter Members at Mario's Italian Steakhouse

Eastman Kodak Company Global IT Security, Risk and Compliance Manager Bruce E. Jones presented on Information Technology General Risk Controls (GRC) and their alignment with IT governance, risk, and compliance this past August 20th.  Attendees learned risk identification and mitigation strategies among other information.

 

 In This Issue:

Chapter News
Member Spotlight
President's Message
Upcoming Events
ISACA News
Technology News
Featured Download
Trivia

MEMBER SPOTLIGHT

Tom Penska

M&T IT Senior Auditor, Tom Pensak, has over 3 years of industry experience and holds both his CISSP and CISA certification. A chapter member for near 3 years, he has served as chapter web site administrator and currently contributes as a member of the web committee.

He enjoys ISACA's ability to provide networking opportunities with "different industry professionals from across the area," says Penska.

PRESIDENT'S MESSAGE

If you haven't had a chance to sign up for this year's Rochester Security Summit, now is an excellent time to take advantage of this valuable training opportunity.  Our chapter is working with the Rochester ISSA and OWASP chapters to provide a well rounded program for this 4th annual event, October 28-29 at the WoodCliff Lodge. Chapter members will also receive a 10% discount.  Please review our newsletter's Upcoming Events section in addition to our web site's calendar. 


Peter Spier
Chapter President

UPCOMING EVENTS

Information Security and Risk Management Conference - Las Vegas, NV
This conference will build on and include the key elements of information security management practices and information security practices. The conference will cover related business, program and technical issues and the impact of risk management. September 28-30 More Information If you plan to attend, please also notify Chapter Secretary Alex Douds to allow other chapter attendees to join you.

2009 CISA Exam Study Sessions
CISA study sessions will be offered in Buffalo on Saturday, October 24th and preding the Rochester Security Summit at the WoodCliff Lodge in Fairport on Tuesday, October 28th.  Please join us for this high-level Review of the CISA Exam followed by open forum discussion of questions and issues to help prepare for the exam.  If you plan to attend, please also notify Chapter Secretary Alex Douds to allow other chapter attendees to join you.

Rochester Security Summit
Come to the 4th annual Rochester Security Summit at the WoodCliff Lodge in Fairport, NY (October 28-29)!  Our chapter is joining efforts with the Rochester ISSA and OWASP chapter to bring this valuable two-day educational conference to you with members receiving a 10% discount off standard registration rates.  Register Now

ISACA NEWS

ISACA Updates Model Curriculum to Help Universities
Prepare Students for Careers in IS Audit

Rolling Meadows, IL, USA (15 September 2009)—Recent events, corporate scandals, government regulations and changes in the business environment have increased the importance of IS audit and affected the methodologies that auditors use. To reflect the growing demands of the field and help universities develop and update relevant courses, ISACA has released a second edition of its Model Curriculum for IS Audit and Control.

“Information systems auditors must regularly update their skills to match the rapid pace of technological change, and must possess strong written and oral communication skills,” said Scott Summers, Ph.D., associate professor of accounting information systems at Brigham Young University and chair of ISACA’s Academic Relations Committee. “The ISACA model curriculum reflects both of those needs and helps universities produce graduates with a marketable skill set for the IS audit and control profession.”

ISACA, a nonprofit association serving 86,000 IT audit, security and governance professionals around the world, based the model curriculum on the needs and expectations of the IS audit and control profession, as well as the research of academics, practitioners, audit organizations and professional associations.

The topics in the model reflect the skills and knowledge that graduates will need to obtain entry-level jobs in the field. It matches academic courses with professional requirements and provides a framework for universities to use when developing or redesigning courses.

“Universities with a curriculum tailored to match the real-world needs of the IS audit and control profession are very desirable to students pursuing a degree in that field,” said Summers.

ISACA also publishes the Model Curriculum for Information Security Management, released in 2008. Both model curriculum guides are available as free downloads at www.isaca.org/modelcurricula.

 

TRIVIA

Audit
Which of the following is a benefit of a risk-based approach to audit planning? Audit:
A. scheduling may be performed months in advance.
B. budgets are more likely to be met by the IS audit staff.
C. staff will be exposed to a variety of technologies.
D. resources are allocated to the areas of highest concern.


Submit your response through our Contact form. The first received, correct answer wins a $5 Amazon Gift Certificate and special mention in our next issue!

 

TECHNOLOGY NEWS

 

No Excuses: Managing Operational Security Risk

Headlines about high-profile white-collar criminals sometimes mask underlying weakness in business controls and risk management. This book excerpt looks behind the curtain.

By Dennis Dickstein and Robert Flast
Source:CSO Online

This article is excerpted from No Excuses: A Business Process Approach to Managing Operational Risk by Dennis Dickstein and Robert Flast.

Surviving a Series of Unfortunate Events

As we left the twentieth century and welcomed the beginning of the twenty-first, the world economy appeared to be in greater shape than ever before. Things were probably going well for you, too.You had an enjoyable job, working for a first-rate company. Every day you looked forward to your commute. On any given morning, you would make your way downstairs to your front door to be the first to take the morning's newspaper. Opening the paper, you would read the headlines. Let's take a look at the following news headlines and consider how much you or your company's board members would like to see headlines like these about the first-rate company for which you worked:

  • Exxon Takes a Spill in Alaska
    Newsday April 2, 1989
  • Heads Roll at Showa Shell
    The Independent—London February 26, 1993
  • Kidder Scandal Rocks Wall Street
    The Plain Dealer April 19, 1994
  • NASDAQ: An Embarrassment of Embarrassments
    BusinessWeek November 7, 1994
  • A Big Bank Goes Belly Up
    Los Angeles Times February 28,1995
  • How Many Other Barings Are There?
    Wall Street Journal February 28, 1995
  • Boss Resigns as More Daiwa Losses Emerge
    South China Morning Post October 10, 1995
  • Enron Falls—With a Whimper
    Miami Herald January 16, 2002
  • Andersen, Enron Get Federal Review
    Washington Post January 26, 2002
  • Allied Irish Plunges after Suspected Fraud
    Reuters News February 2, 2002
  • MCI Expected to Pay Massive Fine in SEC Deal
    Wall Street Journal May 19, 2003
  • Citigroup Private Banks Kicked Out of Japan
    New York Times September 20, 2004
  • Prudential to Pay Restitution and Fines of $ 600 Million
    Deseret Morning News August 29, 2006

Note that these headlines not only point to the financial impact on companies, but also have consequences beyond their earnings—from the personal to the greater community. Many people, especially those never involved in any wrongdoing, have been hurt and even ruined. Aside from resulting in headline news and adversely affecting a variety of industries and thousands of people, these obviously independent and unfortunate events have something else in common. Let us examine one of the more famous cases to help us better understand this unique commonality.

FEATURED DOWNLOAD

Security, Audit, and Control Features SAP® ERP, 3rd Edition

The original COSO internal control framework contained five components. In 2004, COSO was revised as the Enterprise Risk Management (ERM) Integrated Framework and extended to eight components. The primary difference between the two frameworks is the additional focus on ERM and integration into the business decision model. ERM is in the process of being adopted by large enterprises.
Copyright © 2009 ISACA® Western New York Chapter. All rights reserved.
If you wish to cancel your subscription to this newsletter click here