2014 training programs - information technology ... events/isac… · 2014 training programs ......
Post on 07-Mar-2018
214 Views
Preview:
TRANSCRIPT
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1
1
Page 1
2014 Training Programs Courses & Workshops
Course Title Dates Venue Fees(BHD)
1- IT Security Workshop 16-18 March 5 Star Hotel 600
2- IT GRC Workshop 13-14 April 5 Star Hotel 400
3- COBIT 5 Foundation & Exam 11-13 May 5 Star Hotel 600*
4- WebApp, Mobile, Email Security 18-19 May 5 Star Hotel 400
5- Auditing IT Operations Workshop 12-14 October 5 Star Hotel 600
Note: ISACA Members receive 25% discount on listed fees for above courses
Certification Courses
Course Title Dates Venue Fees(BHD) 1- CISA Preparation Course 4 May-3 June TBA 800**
2- CISM Preparation Course 4 May- 3 June TBA 800**
3- CISA Weekend Crash Course 23-24 May TBA 120***
4- CISM Weekend Crash Course 30-31 May TBA 120***
5- CGEIT Weekend Crash Course 23-24 May TBA 120***
6- CRISC Weekend Crash Course 30-31 May TBA 120***
* Option to set for Foundation Certification Exam at a fee
** Inclusive of Lectures, Membership and Exam Fees, 2014 Review Manual and Q&A Database CD
*** Lectures only and will be held if minimum of 5 candidates registered.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 2
2
Page 2
Information Security Workshop
16-18 March 2014, Crowne Plaza Hotel
Key Learning Objectives:
1. Understand Information Security needs and learn about Risk Management Essentials
2. Understand Standards and Best Practices in Information Security Management
3. Policies, Standards, Procedures, Guidelines
4. Understand Business Continuity as essential element of Information Security
5. Understanding Controls to manage Security
6. Measuring Security Management Effectiveness
Target audience:
IT Security Professionals
IT Auditors
IT Professionals
Fees: BD600
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 3
3
Page 3
8:30 - 9:00 Registration
9:00 - 10:30 Session I
10:30 - 11:00 Coffee Break
11:00 - 12:30 Session II
12:30 - 13:30 Lunch Break
13:30 - 15:00 Session III
Day one:
1.Definitions:
a. Security
b. Information, Data Asset
c. Standards, Best Practices
2.Accountability, Responsibility for Security & Risks
3.Information Security Governance
4.Process Approach – SIPOC, ETVX, PDCA8.Compliance Vs Conformity
5.Laws - basic needs – Information Act, Privacy, Intellectual Property
6.Risk Management – Part 1
a. Risk Culture of an Organization
b. Asset recognition
c. Risk Recognition
d. Risk Evaluation – Qualitative and Quantitative
e. Risk Response Process – Defining Residual risks
f. Risk Prioritization
g. Essentials of Risk Monitoring
7. Risk Management - Part II
a. Risk management Considerations
b. Risk Treatment Plans
c. Risk response Process
d. Risk KRIs
e. Information Systems Control Design and Implementation
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 4
4
Page 4
Day two:
1. Risk Management in Information Systems Control – Part 111
a. Determine IT Strategy - Security as part of planning Process not an Add on – Strategic Intent
b. Project and Program Management
c. Acquisition, Development, Maintenance
d. Change Management
e. Third Party Service management
f. Information Security Management
g. Data Management
2. Security Policies:
a. Essentials
b. Controls
c. Awareness
d. Training
3. Elements of Information Security Controls
a. People
b. Physical Security
c. Environmental Security
d. Asset Management
e. Access Control
f. Change Control
g. Operations Management
h. Availability Planning
i. Capacity Planning
j. Third Party Service management
4. Recognizing Controls to Manage Security risks – SOA Perspective of ISO 27001
5. Measuring Security Implementation:
a. Critical Success factors
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 5
5
Page 5
b. KPIs
c. Metrics
6.Technology:
a. Perimeter – Firewalls, Proxy, Honey-pots...
b. Internal – IPS, IDS, Network Security, Virus Control
c. Storage – Encryption
d. Communication & Business – PKI Keys, Cryptography,
e. Data Loss prevention – Content Management
Day Three:
1.Business Continuity Planning (plan beyond Availability Management) - I:
a. Its a business Call
b. Business Impact Analysis
c. IT Service Continuity Planning – Parameters for consideration
d. How Much, How Fast - RTO / RPO1.Business Continuity Planning (plan beyond Availability Management) - II:
e. Implementation
f. Testing – Different Types of testing BCP
g. Maintaining BCP Plans
2.Define Security Incident
3.Define Incident Response process
4.Security Incident recognition awareness, Recognizing Security Incident
5.Stakeholders in Security Incidents
6.Incident Response – 3 elements
a. Containment
b. Eradication
c. Recovery
7.Documentation:
a. Documents Vs Records
b. Document Control, Record Control
c. What to maintain and how much is necessary
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 6
6
Page 6
About the Workshop Leader
Rohinton Dumasia Rohinton is a graduate in Mathematics and Physics from Bombay University in 1973 and a Post-
Graduate in Operations Research and Statistics also from Mumbai University in 1977. He has over 35
years of experience in Information Systems Planning, Design, Operations, Control and Management
Domain having tackled various assignments in the areas of Service Support, Service Delivery, Software
Development and Implementation, Project Management and Training. His Career ranges from Computer
Operations, Software Development, to being a CIO and now an Independent Consultant and Trainer.
Also has been associated with implementing ITIL processes since 1999 – 2000. His assignments include
COBIT Implementation for a oil refinery, ISO 20000 implementation for Finance company, defining
processes for a Software development company, defining Architecture for Shipping company. His
current assignment is Planning and Implementation of BCM plan for uqasi-government organization. He
is a trainer for ITIL up to Expert level, ISO 27001, COBIT certification Programs. He has also completed
certifications in TIPA,TOGAF and KT Foundation. He also conducts training in Essential Project
Management, Business Analysis, Requirement Engineering and Information Security Framework. He has
been taking ITIL trainings since ITIL V2 and now ITIL V3. He has conducted trainings in India,
Philippines, Malaysia, and other countries of Far East. He is a regular speaker at various forums and
conferences. He is ex-Chairman and an active member of Computer Society of India and contributes to
their activities, seminars and conferences. He has worked in various domains – Manufacturing, FMCG,
Shipping, IT Services and consulted for Software Development, Airlines and Oil Refinery.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 7
7
Page 7
IT Governance, Risk & Compliance Workshop
13-14 April 2014, Crowne Plaza Hotel
Key Learning Objectives:
This interactive 2 day workshop provides practical scenarios and discussion of the ICT
GRC (Governance, Risk Management, and Compliance) issues facing governments,
companies and organizations in today’s age of fast pace social networks and cloud
computing. Each topic is presented with practical scenarios that audience will
understand and relate to with a full discussion of topics and references needed to make
decision on how best to proceed with a solution to the scenario.
Target audience:
1- All Business and Technical managers and staff involved in the IT Governance, Risk
Management and Compliance of ICT within their organization.
2- CIOs, CTO, Risk Managers, IT technical staff will all benefit from the interactive and
facilitated approach using practical scenarios.
Fees: BD400
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 8
8
Page 8
Day one:
1. Trends in Governance, Risk Management, and Compliance 2. Risk Management from Business Perspective integrated to ICT
3. Business Continuity from standards and practical scenarios
4. ICT Policy and Governance at country and company level
Day two:
1. The business Case for GRC, with scenarios for cost effective control implementation.
2. Practical scenarios and solutions in Risk Management of ICT
3. Compliance In the Cloud: Privacy and legislation scenarios considered for strategic advantage.
4. An integrated approach to IT Security with GRC in practice.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 9
9
Page 9
About the Workshop Leader
PHILLIP M. SPARKS, MBA CISA CISM Phillip is a Director of Innovation and Technology at the Center for Innovation, Excellence and Leadership (IXL Center), as well as director of the Action Learning Program for HULT’s Innovation Olympics at the Dubai Campus. He has over 20 years in business advisor within the Information, Communication and Technology Industry and is a global instructor and consultant in IT Governance, Risk Management, and Compliance for Financial, Telecom, and Military/Government/NATO organizations in the US, Europe and Middle East. Phillip is an educator with extensive experience in the application of Knowledge Management and founder of a process integrating educational design theory with practical workforce development needs called CertME™: Continuous Education using Role-based Training and Modular Environments. Phillip is an ISACA Certified Information System Auditor and Certified Information Security Manager (CISA, CISM) and uses his Masters of Business Administration, educational development focus, and consulting skills to blend together the Senior Business Management strategy and Information Technology into a common language that achieves sustainable value for organizations. Phillip has spent several years since 2004 between Europe and Middle East (Saudi Arabia, Egypt, Dubai) working with corporate Governance, Risk management and compliance with telecom, financial, and educational development sectors as well as a 1 year project with the Saudi Stock market (Tadawul) where he developed a risk management awareness program during the economic downturn. Phillip built his leadership and organizational experience as both platoon leader and company commander in the US Military during the first Gulf War and as Automation Officer (CIO equivalent) for a 600 personnel unit in the US Army and European Command spanning six countries and recognized for outstanding achievement by several of the General Officers during his service and efforts as advisor and consultant for the European Command in both Army and Air Force. Phillip is a BS Liberal Arts/Physics from Centre College, BS Electrical Engineering, a Masters Certification in Telecommunication from Air Force Institute of Technology, and has a Masters degrees in Business Administration and Public Administrations from University of Maryland European Division.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 0
1 0
Page 10
COBIT 5 Foundation Workshop and Exam
11-13 May 2014, Crowne Plaza Hotel
Key Learning Objectives:
COBIT is the only business framework for the governance and management of enterprise IT. COBIT 5
incorporates the latest thinking in enterprise governance and management techniques and provides
globally accepted principles, practices, analytical tools and models to help increase the trust in, and
value derived from information systems which have become pervasive in today’s business environment.
This workshop provides practical scenarios and discussion of the governance and management of
enterprise IT issues facing governments, companies and organizations. Each topic is presented with
practical scenarios that audience will understand and relate to with a full discussion of topics and
references needed to make decision on how best to proceed with a solution to the scenario.
Target audience:
IT Auditors, IT Managers, IT Quality professionals, IT Executive leadership, IT Process Practitioners,
Managers in IT service providing firms, IT Consultants, and anyone who wants to gain an insight into the
Enterprise Governance of IT and to be certified as a COBIT Implementer or Assessor.
Fees: Workshop BD600
Exam BD120
Registration: Kindly indicate " Cobit 5 Foundation Workshop and Exam" or "Cobit 5 Foundation Workshop only" in the Course title field in the Registration form.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 1
1 1
Page 11
Day one: Overview/Key Features and Principles of COBIT 5
5. Meeting Stakeholder Needs
6. Covering the Enterprise End-to-end
7. Applying a single Integrated Framework
8. Enabling a Holistic Approach
9. Separating Governance from Management
Day two: The 7 Enablers
1. The Principles, Policies and Frameworks
2. Processes
3. Organizational Structures
4. Culture, Ethics and Behaviour
5. Information
6. Services, Infrastructure and Applications
7. People, Skills and Competencies
Day 3: COBIT 5 Implementation and Process Maturity
1. COBIT 5 Implementation Life cycle and its interrelated components
2. Internal/external environment factors, Pain points, Trigger Events etc.
3. The business case to a programme initiative leveraging COBIT 5.
4. Capability Levels, Attributes and Rating Scale based on ISO 15504
5. Process Capability Assessment and COBIT assessment programme.
6. The differences between a Maturity and a Capability Assessment:
7. The purpose of a Process Reference Model as defined by ISO 15504
8. The benefits of the COBIT Capability Assessment approach
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 2
1 2
Page 12
Optional COBIT 5 Foundation Exam
ISACA offers professionals who have mastered the content in the COBIT 5 Foundation Course an opportunity to demonstrate their knowledge by taking an exam and earning a certificate of completion. These professionals understand the IT management issues organizations face today and know how to use COBIT to respond to these challenges. These professionals have used the elements of COBIT, in practice, and are prepared to recommend applications of COBIT for enterprise-wide projects.
The exam consists of 50 multiple-choice questions and requires a score of 50% or higher to pass. The exam is administered at the end of the last day of the course and computer based with initial results provided at the end of the exam.
The exam format is as follows:
Multiple choice 50 questions per paper with 1 mark available per question 25 marks required to pass - 50% 40 minutes duration Closed book.
Requirements for the online based exam
1- Bring laptop 2- The following browsers are supported:
Internet Explorer - All Versions
FireFox - All Versions
Safari - All Versions
Google Chrome - All Versions
Opera - All Versions
Mozilla - All Versions.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 3
1 3
Page 13
About the Workshop Leader
KESTER E. IRABOR, CISA CISM Kester is a Manager for IT and Telecom Network Audit with Protiviti Middle East and also an APMG Accredited COBIT 5 Foundation Trainer. He has over 12 years’ experience covering Information and Communication Technology Administration, Management, Security, Controls and Audit. Kester has been involved in professional education since 2003. He has trained professionals in Information Systems Audit especially those preparing for the CISA certification exam and has presented papers in many Mandatory Continuing Professional Education (MCPE) Programs on Information Technology for the Institute of Chartered Accountants of Nigeria (ICAN). He has also facilitated in private training programs organized for Banks e.g. the Central Bank of Nigeria, Diamond Bank, Nigeria and Telcos like MTN and Glo Mobile in Nigeria covering technology topics in Fraud, IT Management and Security, Telecommunications Convergence and Network Security. He started his Internal Audit career with CELTEL Nigeria in 2007 after working in IT Services Management departments of then 2 largest Telcos in Nigeria; MTN and Vmobile. Kester managed the IT Audit Operation for PROTIVITI in Zain Nigeria for close to 4 years handling IT Audit Projects lifecycle end to end. He is currently in the PROTIVITI Middle East, planning, managing and conducting Technology audits projects mostly in the Telecommunications sector for clients across the region Kester holds a B.Sc in Applied Mathematics from the University of Lagos, Nigeria and has the following professional certifications; CISA, CISM, ITIL(f).
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 4
1 4
Page 14
Securing Mobile, Web, Email and System Apps,
Security strategies for the workplace
18-19 May 2014, Crowne Plaza Hotel, Bahrain
Key Learning Objectives:
1. To address the most recent attack vectors in the Cyber Eco space and keep pace with developments in the Cyber Space to counter probable attacks
2. To sensitize audiences to latest web application Security threats in the IT Ecosystem and help understand defense mechanism to combat such threats
3. To help understand risks and defenses from Next Generation attacks
4. To understand day-to-day security concerns and make security a ‘way of life’
Target audience:
IT Security Officers and Managers
IT Professionals and practicing developers
CISOs, CIOs, CTOs
Fees: BD400
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 5
1 5
Page 15
Workshop Outline
Session ID Module Duration LSCP0481 Introduction to Information Security & IT Acts
Introduction Importance & Need of Information Security Cyber Law & IT Acts Conclusion
0.5 Hour
LSCP0482 Web Application Attacks Introduction to Web Application Development Basics of SQL MySQL, MS-SQL database Different Types of Attacks
o OWASP Top 10 o Insecure Direct Object Reference o SQL Injections
Authentication Bypass Injection Union Based Injection Error Based Injection Blind Injections Double Query Injection Time Based Injection Post Method Injections
o Web Application Firewalls o Cross Site Scripting o Session Hijacking o Broken Authentication and Session Management o Security Misconfiguration o Sensitive Data Exposure o Using Components with Known Vulnerabilities o Invalidated Redirects and Forwards o File Inclusion Vulnerabilities o Arbitrary File Upload o View State Vulnerability o Padding Oracle Vulnerability o Source Code Analysis Tools
Applications to Perform Security Tests Google Dorks
o Using Google as Hacking Tool o Advanced operators of Google and Google Dorks o Finding Vulnerable websites using Google o Finding Target networks using Google
9.0 Hours
LSCP0483 Mobile Security SMS and SMSC Introduction SMS Forgery and Countermeasures Send &Track Fake SMS VOIP Introduction Install VOIP Server
0.5 Hour
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 6
1 6
Page 16
Call Forging Android Exploitation Framework
LSCP0484 System Hacking Introduction to the Malwares (Virus, Worms & Trojans) Create your own Trojans Evade Firewalls & Anti-Virus Scan System for the Malicious Application Security Counter Measures
1.0 Hour
LSCP0485 Security Essentials in Workplace Email Security Social Media Security Credit Card Frauds Nigerian Frauds System Attacks & Preventions Online Privacy
1.0
Total Duration 12 Hours
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 7
1 7
Page 17
About the Workshop Leaders
Saket Modi, CEO & Co-Founder, Lucideus Saket has been awarded the title of Indian Ambassador of Cyber Security in education at National Education Awards 2013 for his contributions to the info-sec community. Over last 5 years, he along with his team has been conducting training and consultancy sessions across the globe. He has been invited to most of the elite Institutions of India including IIT-Bombay, IIT-Delhi& IIT-Guwahati for conducting seminars or workshops on Ethical Hacking. At a young age, he has already trained more than 5000 individuals across 75 plus Colleges, Corporate &Government Departments. Some of the organizations include IBM, Microsoft, TCS, HCL, and Intelligence Agencies& Special Task Forces. Saket is also an advisor to reputed organizations, banks and e-commerce companies on web space penetration testing and in designing safe cyber architecture for their webs servers and networks globally.
Vidit Baxi, Director Lucideus Training Vidit is pioneering in web security analysis and has a vast experience in ethical hacking training, cyber crime investigation and penetration testing. With over 4 years of training experience, he has constantly been engaged in conducting workshops for corporate houses and academic institutions such as IIT's and NIT's and has trained more than 5000 students. Had conducted training for over 4500 hours for officers in security organizations, state police agencies, universities and professionals working with Infosys, TCS, Patni and many more. A Certified Ethical Hacker, he is an ideal to many young students in India who take up security as their career objective and a motivation to those who see and understand IT Security and its needs.He is an MCP and MCTS in web based and client side security. Also, a Microsoft Certified Technology Specialist and a Microsoft Certified Professional and has high level of expertise in handling server side operations based on the windows platform.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 8
1 8
Page 18
Workshop on Auditing IT Operations
12-14 October 2014, Crowne Plaza Hotel
This 3 day workshop shall cover the following key topics:
1. Information Risk Management
2. The Hunt for Fraud: Prevention and Detection Techniques
3. Auditing Critical Business System Applications
4. Successful Application Design: Auditing the System Development Life Cycle
5. Business Continuity, Disaster Recovery and Incident Management Planning
Target audience:
IT auditors
Financial and operational auditors who need to understand IT controls
Auditors and assurance professionals who need to understand IT controls
IT professionals
Fees: BD600
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 1 9
1 9
Page 19
Day 1 Session I Information Risk Management Session Description In today’s global economy, every organization has a mission. In this digital era, as organizations critically depend upon information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s
information assets, and therefore its mission, from IT-related risk. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization
and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization. Risk is the net negative impact of the exercise of vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. This session provides an overview into the specific criteria, steps and actions necessary to implement, sustain and assess a comprehensive Information Risk Management program.
Day 1 Session II The Hunt for Fraud: Prevention and Detection Techniques Session Description This session provides attendees with a general overview of basic fraud concepts, as well as a review of specific areas such as procedures related to the recording, reporting, and prosecution of fraudulent activities, internal auditor responsibilities in the audit for fraud, and fraud detection and mitigation techniques. Also addressed during this seminar is the classification of frauds, investigation techniques, and fraud within information technology. This session will incorporate several case analyses of frauds perpetrated by employees and how such frauds were identified and investigated. The session will also introduce and incorporate the basic concepts of forensic analysis as a means of further investigating fraudulent activities by organization personnel, third party providers, and contractors.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 2 0
2 0
Page 20
Day 2 Auditing Critical Business System Applications Session Description An Information Technology (IT) Auditor and Information Security (Info Sec) Professional are really both pursuing the same goals but through different terminology. The IT auditor evaluates for the presence of “controls” whereas Info Sec professional pursues the implementation of “security”. It is essential that both end users and IT professionals understand the process of IT Audit and the concepts of risk and control associated with critical business applications, those applications essential to the daily operational functionality of the enterprise. Applications are often vulnerable to attacks that will not be detected by network and server security controls, and could compromise not only the application and its data, but the network and servers as well. The primary focus of this session is on the process of auditing critical business applications, the associated IT infrastructure that supports these applications and the auditor’s role in assessing the internal
control environment in which these applications are designed to function.
Day 3 Session I Successful Application Design: Auditing the System Development Life Cycle Session Description Managing software projects is difficult under the best circumstances. You can reduce the difficulty and improve your organization’s changes of success by applying known industry smart practices for software project management. The system development life cycle (SDLC) is a common methodology for systems development in many organizations. This methodology features distinctive phases, each of which records the progress of the systems analysis and design project. The potential for abuse, inefficiencies, and the potential to deliver application systems, which do not meet the needs of the end-user, warrants the involvement of IT and user management as well as the audit function in most all software development efforts. This session will examine the basic elements of the SDLC process, and how the process of designing new systems has (and continues to) evolve. Attendees will also discuss strategic system design methodologies, and how the auditor can be an effective change agent within this process.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 2 1
2 1
Page 21
Day 3 Session II Business Continuity, Disaster Recovery and Incident Management Planning Session Description The continued successful operation of an organization depends on senior management's awareness of potential disasters, their ability to develop a plan to minimize disruptions of critical functions and the capability to recover operations expediently and successfully. This session examines the various causes of computer failure, and presents feasible alternatives for recovery. Session participants will examine the key components of disaster recovery, business continuity and incident management planning, how to measure, assess and audit the effectiveness of their organization's business recovery, continuity and planning program, and what questions they should be asking to determine their organization's overall preparedness to endure a disaster "event".
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 2 2
2 2
Page 22
About the Workshop Leader
Albert J. Marcella Jr., Ph.D., CISA, CISM Albert J. Marcella Jr., is president of Business Automation Consultants, LLC a global information technology and management-consulting firm providing information technology (IT) management consulting and IT audit and security reviews and training for an international clientele. Dr. Marcella is an internationally recognized public speaker, researcher, workshop and seminar leader with 35 years of experience in IT audit, security and assessing internal controls, and an author of numerous articles and 25 books on various IT, audit and security related subjects. Dr. Marcella’s most recent book, Cyber Forensics: From Data to Digital Evidence, published by John Wiley & Sons, provides the reader with insights into how data are stored, processed, identified, analyzed, and eventually end up as evidential matter…all this leading to a more thorough and detailed
understanding of which data are relevant, significant, and most critical in a cyber-forensic investigation, and why, which ultimately is the basis for and foundation of a comprehensive, well executed cyber forensic investigation Dr. Marcella’s articles on cyber extortion, workplace violence, Electronic Stored Information (ESI), privacy risks in multifunctional devices (MFDs), cyber forensics, incident management planning and ethics have appeared in the ISACA Journal, Disaster Recovery Journal, Journal of Forensic & Investigative Accounting, EDPACS, ISSA Journal, Continuity Insights, and the Internal Auditor Magazine. Dr. Marcella is the Institute of Internal Auditors Leon R. Radde Educator of the Year, 2000, Award recipient. Dr. Marcella has taught IT audit seminar courses for the Institute of Internal Auditors (IIA), continues to teach for the Information Systems Audit and Control Association (ISACA), and has been recognized by the IIA as a Distinguished Adjunct Faculty Member.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 2 3
2 3
Page 23
Exam Preparation Course Start date: Sunday, 4 May 2014, for 5 weeks every Sunday & Tuesday from 6pm-9pm Location: Manama, Bahrain Workshop Registration deadline: Thursday, 1st May 2014 (minimum of 5 registrations required to conduct the course) Exam date: Saturday 14th June 2014 Exam Registration Deadline: Friday, 11th April 2014 COURSE DETAILS Objectives: The course reviews the content that is covered in the CISA exam. Attendees will learn:
1. IS Audit principles and practices 2. Skills for improving CISA exam success
Course dates and topics
Date Tentative topics Time
Sunday 4 & Tuesday 6 May 2014
The process of Auditing Information Systems Governance and management of IT
6:00pm – 9:00pm
Sunday 11 & Tuesday 13 May 2014
Information Systems Acquisition, Development and Implementation
6:00pm – 9:00pm
Sunday 18 & Tuesday 20 May 2014
Information Systems Operations, Maintenance and Support
6:00pm – 9:00pm
Sunday 25 & Tuesday 27 May 2014
Protection of Information Assets 6:00 – 9:pm
Sunday 1 & Tuesday 3 June 2014
Revision & Mock Exam 9:00-13:00
Study Materials included in course fee are CISA 2014 Review manual and CISA Practice Question Database v14. Prerequisites: Read the CISA 2014 Review manual before the course Do the self-assessment at http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Prepare-for-the-Exam/Pages/CISA-Self-Assessment.aspx. Course Fees(BD800)
Inclusive of Tuition, Exam Fees, ISACA Membership Fees, Study Manual, Q&A Database CD.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 2 4
2 4
Page 24
Exam Preparation Course
Start date: Sunday, 4 May 2014, for 5 weeks every Sunday & Tuesday from 6pm-9pm Location: Manama, Bahrain Workshop Registration deadline: Thursday, 1st May 2014 (minimum 5 registrations required) Exam date: 14th June 2014 Exam Registration Deadline: Friday, 11th April 2014 COURSE DETAILS Objectives: The course reviews the content that is covered in the CISM exam. Attendees will learn:
3. Information security governance principles and practices 4. Skills for improving CISM exam success
Course dates and topics
Date Tentative topics Time Sunday 4 & Tuesday 6 May 2014 Information Security Governance 6:00pm – 9:00pm Sunday 11 & Tuesday 13 May 2014
Information Risk Management and Compliance
6:00pm – 9:00pm
Sunday 18 & Tuesday 20 May 2014
Information Systems Program Development and Management
6:00pm – 9:00pm
Sunday 25 & Tuesday 27 May 2014
Incident Management and Response 6:00pm – 9:00pm
Sunday 1 & Tuesday 3 June 2014 Revision & Mock Exam 6:00pm - 9:00pm Study Materials included in course fee are CISM 2014 Review manual and CISM Practice Question Database v14. Prerequisites:
1- Read the CISM 2014 Review manual before the course
2- Attempt the self-assessment at http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Prepare-for-the-Exam/Pages/CISM-Self-Assessment.aspx.
Course Fees(BD800)
Inclusive of Tuition, Exam Fees, ISACA Membership Fees, Study Manual, Q&A Database CD.
P . O . B o x 5 0 9 3 3 K i n g d o m o f B a h r a i n F a x : + 9 7 3 1 7 9 1 1 4 7 7
P h o n e : + 9 7 3 3 5 3 4 2 5 1 3 P G . 2 5
2 5
Page 25
Registration Form
Fill in this Form and send fax to +973-17911477 or e-mail toibchapter@gmail.com Course Title: _____________________________________________________ Date_____/___/______ Company information
Person in charge Contact no.
Company Name Fax No
Department Email
Position Country
Candidate’s information
S.No. Candidate’s Name Job Title Contact No.
1.
2.
3.
4.
Terms of Payment
Cheque payable to “ISACA Bahrain Chapter” to be sent to P.O. Box 50933, Kingdom of Bahrain By Wire transfer to “ISACA Bahrain Chapter” Account Bank: Ahli United Bank IBAN: BH48 AUBB 0000 1655 2220 02 Account #: 0001-655222-002 Swift Code: AUBBBHBM
Registration Approval: I hereby approve the above details for registration Signature: __________________________ Date : ____________________ Company Stamp:_____________________________
top related