|
CHAPTER NEWS
Happy New Year!
We hope that you and yours enjoyed a very happy holidays and are looking forward to an exciting 2010. In celebration of the new year and our chapter's 30th anniversary, please extend congratulations to Parvin Singal of the University of Rochester, Dianne Strauf of Wegman's, and James McFee of MVP Health Care, who have been selected to receive ISACA bookstore items. Be sure to join us at this year's Annual General Meeting (Announcement Pending) for more prize opportunities.
|
In This Issue:
• Chapter News
• Member Spotlight
• President's Message
• Upcoming Events
• ISACA Resources
• Technology News
• Featured Download
• Trivia |
|
MEMBER SPOTLIGHT
Liam Downward
Liam Downward, is the Chief Security Officer of Pervasive Solutions, LLC. Downward has over 12 years of industry experience and, among other credentials, holds his CISM, CISSP, SSCP, C|EH, Security +, MCSE Security certifications. He has been a chapter member for over 3 years.
Downward is looking forward to the chapter's 2010 program. He
values his membership for its many networking opportunities and access to ISACA e-book resources. At this year's conference and chapter meetings, Downward is, "looking forward to having open discussions about security and other topics that will enhance the American security posture as we enter into a new decade."
|
PRESIDENT'S MESSAGE
Happy New Year! Did you know that our chapter will be celebrating its 30th anniversary this coming March 15th? We are currently planning our 2010 program and looking for both suggestions and volunteers. Please use our web site feedback form should you have suggestions or wish to contribute.
Peter Spier
Chapter President
|
|
UPCOMING EVENTS
2010 Program of Events
2010 events are currently being planned. Please be certain to review our web site's Events Calendar to learn more as they are announced.
ISACA RESOURCES
Cloud Computing Benefits and Risks Detailed in New ISACA Guidance
Cloud computing is rapidly becoming a business information technology (IT) buzz word, but there is still much debate on what exactly it is and how it benefits enterprises. A new white paper from ISACA, a nonprofit association of 86,000 global information technology professionals, clearly describes how enterprises can achieve greater efficiencies and mitigate new risks associated with cloud computing. The white paper, Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives, is available as a free download from www.isaca.org/cloud.
Cloud computing offers enterprises the ability to reduce IT infrastructure costs through a model of paying for service on demand. This requires less upfront capital expenditure and allows businesses to benefit from the ability to efficiently ramp up and power down based on current needs, as well as the flexibility to introduce new IT services.
“One way of describing cloud computing is to compare it to a utility,” said Jeff Spivey, trustee for the IT Governance Institute, which is affiliated with ISACA, and director of Security Risk Management, Inc. “In the same way businesses pay for the amount of electricity, gas and water that they use, there is now the ability to pay for IT services based on how much is consumed.”
TRIVIA
Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?
A. Test data run
B. Code review
C. Automated code comparison
D. Review of code migration procedures
Submit your response through our Contact form. The first received, correct answer wins a $5 Amazon Gift Certificate and special mention in our next issue!
|
TECHNOLOGY NEWS
Adobe To Surpass Microsoft As Hacker Target
McAfee says Adobe Reader and Flash will top Microsoft Office as the favorite target of cybercriminals in 2010.
By Antone Gonsalves
Source:InformationWeek
Adobe Reader and Flash will surpass Microsoft Office applications as favorite targets of cybercriminals, a security vendor predicted Tuesday.
In unveiling its 2010 Threat Predictions report, McAfee said the growing popularity of the Adobe products has attracted the attention of cybercriminals, who have been increasingly targeting the applications. Adobe Reader and Flash are two of the most widely deployed applications in the world.
As a result of Adobe's success in client software, McAfee Labs believes "Adobe product exploitation will likely surpass that of Microsoft Office applications in 2010."
Security experts for quite a while have warned of the potential security risk posed by Flash. In November, Foreground Security identified a flaw in the way Web browsers handle Flash files that could be used to compromise Web sites that have users submit content.
Beyond Adobe, cybercriminals are also expected to step up efforts next year to crack social networking sites, as well as third-party applications in general. Internet users can expect crooks to use more complex Trojans and botnets to build and execute attacks and to take advantage of HTML 5 to create threats. HTML 5 is the next major revision of hypertext markup language, the core markup language of the Web.
"We're now facing emerging threats from the explosive growth of social networking sites, the exploitation of popular applications, and more advanced techniques used by cybercriminals, but we're confident that 2010 will be a successful year for the cybersecurity community," Jeff Green, senior VP of McAfee labs, said in a statement.
Facebook, Twitter, and the third-party applications that incorporate the social networks have given criminals new technologies to target and exploit. In 2010, users will be most vulnerable to "rogue apps" distributed by criminals across the networks and to crooks that use the names of people on friends lists to get victims to click on unfamiliar links they might otherwise avoid, McAfee said. In addition, the use of abbreviated URLs on sites like Twitter will make it easier for cybercriminals to mask and direct users to malicious Web sites.
|
|
FEATURED DOWNLOAD
• Security, Audit and Control Features Oracle Database, 3rd Edition Excerpt of the Audit/Assurance Program and ICQs
Executive Summary of Audit/Assurance Focus
Oracle Database Security
The review of the Oracle database configuration ensures management that the application platform that supports the various applications is secure.
In the enterprise, UNIX/Linux and Windows are the underlying computing platforms for servers that execute essential business applications (both centralized and distributed), database servers that manage the massive database used to store business data, and web servers that provide the public face of the business on the Internet and process transactions. Recognizing the development strategies of both UNIX/Linux and Windows, it is essential that the source of the Oracle Database distribution be known, and care must be taken to ensure that only authorized and tested functions, processes and configurations are allowed to enter the production environment.
|
