CobiT - ISACA

Download Report

Transcript CobiT - ISACA

ISACA Research Initiatives

Presented by Shannon Donahue, PhD, CISM

[email protected]

Practical & Pragmatic Guidance

2

GPC

The Guidance & Practices Committee (GPC) is responsible for developing practical and pragmatic guidance for ISACA’s constituents related to ISACA’s frameworks, emerging technologies and other issues that are relevant to members.

3

GPC Deliverables

• Creating a Culture of Security – Builds upon ISACA’s Business Model for Information Security (BMIS) to examine how culture impacts information security – Provides practical advice on how to influence an enterprise culture 4

GPC Deliverables

• IT Control Objectives for Cloud Computing – Explores security, risk and assurance issues in Cloud – Provides mapping to Cloud Computing to COBIT 4.1

5

Cloud Computing: Business Benefits with Security, Assurance and Governance Perspectives

– –

Available at www.isaca.org

Also available is a webcast focusing on the whitepaper

GPC Whitepapers

6

White Papers Issued in 2011-2012 1.

2.

3.

4.

5.

6.

7.

Electronic Discovery Sustainability Leveraging XBRL for Value Data Analytics – A Practical Approach Geolocation: Risk, Issues and Strategies Mobile Payments: Risk, Security & Assurance Issues Guiding Principles for Cloud Computing Adoption and Use 8.

9.

Incident Management and Response Virtualized Desktop Infrastructure (VDI) 10. Calculating Cloud ROI Currently there are 19 white papers available at www.isaca.org/research 7

Guidance and Practices Cloud Projects

    IT Control Objectives for Cloud Computing – Issued July 2011 Guiding Principles for Cloud Computing – Issued March 2012 Governance of IT for Cloud Computing – in development    Cloud Vision Series Security in the Cloud – September 11, 2012 ROI in the Cloud –July 2012 Vendor Management in the Cloud Q2 2013 8

Audit Programs

The GPC is responsible for creating audit programs. There are over 30 audit programs which are free for members. Some topics include: –

IPv6 Security Audit / Assurance Audit Program

VOIP Audit / Assurance Program

Microsoft Exchange Server 2010 Audit / Assurance Program

Microsoft SharePoint 2010 Audit / Assurance Program

VMware Server Virtualization Audit / Assurance Program

Social Media Audit / Assurance Program

9

Security, Audit &

 

Control Features Series

Security, Audit and Control Features PeopleSoft, 3rd Edition  focuses on the attributes and incremental functionality in the most recent version of PeopleSoft  Audit / assurance program and internal control questionnaire available as a download to members  www.isaca.org/research Others in series include:  Oracle Database 3 rd Edition  SAP ERP 3 rd Edition  Oracle E-Business Suite 3 rd Edition 10

Guidance and Practices Future Projects

11

Questions For You

• What topics would be on your list?

• Can you/your staff/your chapter provide resources (SMEs) to help?

• Do you know about the Chapter Research Directors?

What other questions do you have?

12

2012 Europe/Africa Leadership Conference, Munich, Germany, 8-9 September

Successful Delivery of the Basic Membership Benefits

Sue Milton, President, London Chapter

2012/13 Benefits Strategy

• Objective: to engage with the wider ISACA London Chapter membership through benefit provision, thereby encouraging greater membership retention.

4 th September 2012 (8 th ): • Membership total: 2641 (2661) • CISA: 1391 (1401) • CGEIT: 80 (81) • CRISC: 320 (323) • Events attract 100 – 120.

• Exam revision: 6 -12 people at each session.

Proposal for 2012/13 Events

• Stream 1: Monthly Thursday events. Longer sessions for 1.5 CPEs so minimum requirement of 20 CPEs more easily achievable.

• Stream 2: introduce a series of events at Canary Wharf, London’s 2 nd financial centre now employing more staff than the City.

Introduction to the GRA – SC Government Regulatory Advocacy Sub-Committee

What is ISACA?

Vision and Mission ISACA’s vision (to aspire to as an organization)

“Trust in, and value from, information and information systems”

ISACA’s mission (to guide decision making and investments)

“For professionals and organizations

be the leading global provider of knowledge, certifications, community, advocacy and education

on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance”

What does ISACA do?

Respected Professional Credentials

70,000+ CISAs certified since inception in 1978 12,000+ CISMs certified since inception in 2003 4,000+ CGEITs certified since inception in 2007 10,000+ CRISCs certified since inception in 2010

ISACA Member Benefits

Professional Development Increasing your value advancing your career • E-Library • E-Symposia and Virtual Trade Shows (VTS) (free CPE quizzes) and Webcasts • Career Centre • CISA, CISM, CGEIT, CRISC discounts • Mentoring (free CPE) • Reduced certification maintenance fees • Conference/training discounts • Bookstore discounts Research and Knowledge Community & Leadership Opening the door to thought leadership, research and knowledge  Journal (free CPE)  Research publications (many free to members!)  COBIT 4.1

 Val IT  Risk IT  ITAF  BMIS  COBIT mappings  COBIT Security Baseline 2nd Ed.

 Interactive Web site  Audit programs and ICQs Connecting you with a global community of nearly 100,000 • Networking • Leadership opportunities at local and global level • Enhanced online communities via new ISACA web site Local Chapters Providing a local network of professionals • Low-cost education • In person training • Exam preparation • Business and social events • Engage with people who understand your professional needs

• Key Responsibilities  Increase ISACA’s visibility by promoting ISACA member’s credibility and capability, value of ISACA’s certifications, and robustness of COBIT and all knowledge products, including professional development  On behalf of ISACA, monitor, coordinate and potentially respond to

What does the GRA do?

and certification holders professionally.

 2012 Focus  National Audit Bodies  Reserve banks and financial services regulators  Agencies focused on Cyber Security, Privacy and Forensics  National Workforce and IT Skill Development  Communicate Subcommittee activities and opportunities for regulatory and legislative advocacy to ISACA Chapter leaders and members

IT Audit Regulation in Turkey

Kaya Kazmirci, CISA, CISM

Chapter President

Assoc. Prof. Dr. İzzet Gökhan Özbilgin, CRISC

Government Relations Director Leadership Conference Munich, 8.9.2012

IT Audit Regulation

• Banking Regulatory and Supervision Agency • Capital Markets Board of Turkey • Turkish Court of Accounts • Information Technology and Communication Agency • Republic of Turkey Prime Ministry Undersecretariat of Treasury

Banking Regulatory and Supervision Agency

www.bddk.org.tr

• Regulation on IS Audit to be made in banks by independent audit institutions (published in the Offical Gazette dated December 5, 2006) – Comminique on the report format of IS Audit • Mandates statutory CobiT compliance for banks (1st in Europe, maybe in the world)

Banking Regulatory and Supervision Agency

• Article 19 says ¨each control object realized in the scope of articles written in regulation is evaluated in compliance with the methods in the framework of

CobiT

¨

Capital Markets Board of Turkey

• www.spk.gov.tr

• Regulations based on CobiT, ISO 27001.

• IT Audit is implemented periodically in organizations regulated by CMB (i.e. İstanbul Stock Exchange, Central Registry Agancy) • Regulation on IS Audit for the brokerage houses implementing foreign exchange

Other institutions

• Turkish Court of Accounts – www.sayistay.gov.tr

• Information Technology and Communication Agency – www.btk.gov.tr

• Republic of Turkey Prime Ministry Undersecretariat of Treasury – www.treasury.gov.tr

Communities Committee and Knowledge Center Overview

2012 Europe/Africa Leadership Conference Miroslaw Kalinski, CC member, ISACA Warsaw chapter

Communities Committee

Charge: Identify and support activities to encourage the development of ISACA communities.

• Analyze community characteristics of all visitors to the web site to identify community interests or opportunities to develop communities based on characteristics such as language, geography, etc.

• Identify online communities outside website and determine response.

• Assist boards, committees and task forces to identify communities that may support project or program initiatives.

• Develop programs to create and support communities. • Develop criteria to evaluate Communities Committee program activities and report progress to the Relations Board.

The Knowledge Center The Objective is Participation….

How do you secure the cloud?

I need an audit program …the Goal is Community

Total and Unique Members As of 1 September 2012

25000 20000

13990 14624 14941 15882 16875 18208 18941 20089 20908 21383 22202 22993 23448

15000 10000 5000 0

0 0 0 0 7041 7832 8108 8149 8557 7891 9131 9842 10106

Unique Total © 2012 ISACA. All rights reserved - Confidential 31

The Knowledge Center houses all of ISACA’s research deliverables as well as topic-based communities.

Resources and Collaboration

Knowledge Center Topics

2000 1800 1600 1400 1200 1000 800 600 400 200 0 1746 1479 1401

Top 10 Communities As of 1 September 2012

1024 780 750 743 720 720 638 © 2012 ISACA. All rights reserved - Confidential 34

THANK YOU!!!!!