ISACA® Western New York Chapter - October 2009 Newsletter

Published in

Monthly ISACA Newsletter

		*Monthly Newsletter* *October 2009* Vol.1 Issue 7
CHAPTER NEWS ISACA Western New York Chapter Completes Incorporation We are pleased to announce that our chapter has completed incorporation as a 501(c)(6) corporation. We are additionally in the process of filing for non-profit status with the State of New York so as to provide our chapter with the ability to operate its event offerings without being required to pay sales tax. Chapter insurance is further being obtained to protect the organization going forward.		In This Issue: • Chapter News • Member Spotlight • President's Message • Upcoming Events • ISACA Resources • Technology News • Featured Download • Trivia
MEMBER SPOTLIGHT Farah Sammour Farah Sammour, is a Senior IT Auditor with Ernst & Young. Sammour has over 8 years of industry experience and holds both her CISSP and CISA certifications. A chapter member for 6 years, she has served on the Audit Committee and most recently has assumed the role of Chapter Treasurer. Sammour is looking forward to the upcoming Rochester Security Summit. She values her membership for professional development and networking opportunities gained, "through the chapter's educational seminars, workshops, meetings, and technical sessions".		PRESIDENT'S MESSAGE If you haven't had a chance to sign up for this year's Rochester Security Summit, now is an excellent time to take advantage of this valuable training opportunity. Our chapter is working with the Rochester ISSA and OWASP chapters to provide a well rounded program for this 4th annual event, October 28-29 at the WoodCliff Lodge. Chapter members will also receive a 10% discount. Please review our newsletter's Upcoming Events section in addition to our web site's calendar. Peter Spier Chapter President
UPCOMING EVENTS 2009 CISA Exam Study Sessions CISA study sessions will be offered in Buffalo on Saturday, October 24th and preding the Rochester Security Summit at the WoodCliff Lodge in Fairport on Tuesday, October 28th. Please join us for this high-level Review of the CISA Exam followed by open forum discussion of questions and issues to help prepare for the exam. If you plan to attend, please also notify Chapter Secretary Alex Douds to allow other chapter attendees to join you. Rochester Security Summit Come to the 4th annual Rochester Security Summit at the WoodCliff Lodge in Fairport, NY (October 28-29)! Our chapter is joining efforts with the Rochester ISSA and OWASP chapter to bring this valuable two-day educational conference to you with members receiving a 10% discount off standard registration rates. Register Now ISO/IEC 27002:2005 Presentation by Joel Cort Xerox's Joel Cort will offer an informational presentation on ISO/IEC 27002:2005 in Buffalo on Tuesday, November 10^th at Chef's Restaurant. If you plan to attend, please also notify Chapter Secretary Alex Douds to allow other chapter attendees to join you. ISACA RESOURCES ISACA eLibrary is a comprehensive collection of content from nearly all ISACA/ITGI published books and over 250 additional titles – all available free-of-charge as a benefit of your ISACA membership investment. Today's dynamic business climate commands you to know and do more, often demanding immediate knowledge and expertise. ISACA eLibrary gives you on-demand access to a goldmine of readily usable information. Key Benefits: - Access all books and browse the content immediately – when you need it - Download up to five chapters per month from the available book titles - Find exactly what you are looking for with a robust searching mechanism - Place the most frequently accessed book titles on your own private bookshelf - Easily purchase the book after you had an opportunity to browse it online - Bookmark the content you use most - Effortlessly create citations TRIVIA When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware of which of the following? A. The point at which controls are exercised as data flow through the system B. Only preventive and detective controls are relevant C. Corrective controls can only be regarded as compensating D. Classification allows an IS auditor to determine which controls are missing Submit your response through our Contact form. The first received, correct answer wins a $5 Amazon Gift Certificate* and special mention in our next issue!*		TECHNOLOGY NEWS Social networking security concerns top of mind for businesses Today's most compelling social networking technologies technologies are also the biggest security headaches By Bill Brenner Source:itbusiness.ca Today's most compelling technologies are giving you the biggest security headaches. Social networking sites such as Twitter, Facebook and LinkedIn enhance collaboration and help your company connect with customers, but they also make it easier than ever for your employees to share customer data and company secrets with outsiders. Virtualization and cloud computing let you simplify your physical IT infrastructure and cut overhead costs, but you've only just begun to see the security risks involved. Putting more of your infrastructure in the cloud has left you vulnerable to hackers who have redoubled efforts to launch denial-of-service attacks against the likes of Google, Yahoo and other Internet-based service providers. A massive Google outage earlier this year illustrates the kind of disruptions cloud-dependent businesses can suffer. But there's also good news. Even though the worst economic recession in decades has compelled you to spend less on outsourced security services and do more in-house, your security budget is holding steady. And more of you are employing a chief security officer. Such are the big takeaways from the seventh-annual Global Information Security survey, which CIO and CSO magazines conducted with PricewaterhouseCoopers earlier this year. Nearly 7,300 business and technology executives worldwide responded from a variety of industries, including government, health care, financial services and retail.
		FEATURED DOWNLOAD • COBIT and Application Controls Appendix E Defining Application Control Requirements/Identifying Relevant Application Control Objectives Chapter 4 discusses management’s responsibilities for identifying relevant application control objectives as part of defining the business requirements for new automated solutions. COBIT Online can be used by management as a tool for determining relevant application control objectives.
Copyright © 2009 ISACA® Western New York Chapter. All rights reserved.
If you wish to cancel your subscription to this newsletter click here