slide 1 - dama-ncr data management association - national capital

23
© 2007 ISACA ® All Rights Reserved DAMA-NCR Chapter Meeting DAMA-NCR Chapter Meeting March 11, 2008 March 11, 2008

Upload: billy82

Post on 17-Jan-2015

632 views

Category:

Technology


1 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

DAMA-NCR Chapter DAMA-NCR Chapter MeetingMeeting

March 11, 2008March 11, 2008

Page 2: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

• Recognized Global Leaders in IT Governance, Control, Security and Assurance.

• International founded in 1969, as the EDP Auditors Association

• More than 65,000 members in over 140 countries

• More than 170 chapters in over 70 countries worldwide

• Expanding focus to include Risk Management

• One of three leading international security associations that formed the Alliance for Enterprise Security Risk Management (AESRM), the other two associations are ASIS International and Information Systems Security Association (ISSA). http://www.aesrm.org/

Page 3: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

• NCAC founded in 1974

• 5th Largest Chapter in the World With More than 2000 members

• Award Winning Chapter Web Site

• Worldwide CISM®® Growth Award for 2004 and 2006

• K Wayne Snipes Award for Best Chapter 3 of last 5 years

Page 4: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

• Certifications– Certified Information System Auditor (CISA)– Certified Information Security Manager (CISM)– Certified in the Governance of Enterprise IT (CGEIT)

Page 5: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Who is the CISA Certification Intended for:• IT audit and assurance services • Assurance that:

– the organization can achieve corporate governance of IT– systems and infrastructure life cycle management meets the

organization’s objectives– IT service management practices meet the organization’s

objectives– an organization’s security architecture ensures confidentiality,

integrity and availability of information assets– disaster recovery and business continuity plans will ensure timely

resumption of IT services while minimizing the business impact

Page 6: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

• CISA Certification Current Facts:– More than 50,000 CISAs worldwide– Exam offered in 11 languages, in 220+ locations– June 2007, over 15,000 individuals registered for the

exam

Page 7: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

A current profile of CISAs demonstrates the increasing managerial influence and authority achieved by CISAs within their organizations:

• More than 1,000 CISAs are now employed in organizations as the chiefexecutive officer, chief financial officer or an equivalent executive position.• More than 2,300 serve as chief audit executives, audit partnersor audit heads.• More than 2,700 serve as chief information officers, chief informationsecurity officers, security directors, security managers or consultants.• More than 4,000 serve as audit directors, managers or consultants.• Nearly 8,000 additional CISAs are currently employed in managerial or consulting positions in IT operations or compliance.

Page 8: Slide 1 - DAMA-NCR Data Management Association - National Capital

CISM Certification Intended for individuals who design, implement and manage an enterprise’s information security program.

• Security managers

• Security directors

• Security officers

• Security consultants

Page 9: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

A profile of CISMs at the end of 2005 demonstrates the increasing managerial influence and authority achieved by CISMs:

IS Security

Professional 7%Other

22%

IS Security Director

12%

IS Consultant17%

CEO,CFO,CIO10%

IS Security Manager

32%

Page 10: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

• Certified in the Governance of Enterprise IT• The CGEIT certification

– recognizes a wide range of professionals for their knowledge and application of IT governance principles and practices.

– is designed for professionals who have management, advisory, and/or assurance responsibilities relating to the governance of IT.

Page 11: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

• Information Systems Control Journal /journal

• JournalOnline articles /jonline

• Discounts on ISACA conferences /conferences

• Global Communiqué online /globalcommunique

www.isaca.org/benefits

Membership Benefits

Page 12: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

• Standards, Guidelines & Procedures

• Career Centre

• K-NET (over 5,200 links)

• Discounts on CISA®, CISM®, &CGEIT™ exams & materials

Membership Benefits

Page 13: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Membership Benefits

• Research publication downloads /research

• Discounts on IT Governance Institute (ITGI) research publications

• Discounted registration fee for Protiviti’s KnowledgeLeader site

• Audit programs & Internal Control Questionnaires /auditprograms /icq

• Peer-reviewed bookstore /bookstore

Page 14: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

The Liaison to Professional Organizations Committee goal is to partner with other organizations in the greater Washington DC area to provide networking opportunities. Examples of networking opportunities are - joint special seminars, meeting, publications, social events, workshops, electronic forums and certification training sessions. Member benefits for all include:•Opportunity to attend alternate training and networking events•Meet professionals from other disciplines, providing different perspectives•Leveraging resources to provide extended member benefits (job fairs, roundtables, etc.)•Knowledge sharing

Page 15: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Page 16: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

“Process of risk management is an ongoing iterative process, repeated indefinitely. The business environment is constantly changing and new threats and vulnerabilities emerge every day. Choice of countermeasures (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected.Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man made or act of nature) that has the potential to cause harm.”(1)

(1) http://en.wikipedia.org/wiki/Information_security

Page 17: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

“Increasingly internationally accepted set of guidance materials for IT governance”

First organization to provide guidance for Sarbanes-Oxley Controls

Control Objectives for Information and related Technology (CoBIT)

Page 18: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Process Controls PC Process Controls

Plan and Organise PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Processes, Organisation and Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims and Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage IT Risks PO10 Manage Projects

CoBIT Contents

Page 19: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Acquire and Implement AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes

CoBIT Contents

Page 20: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Deliver and Support DS1 Define and Manage Service Levels DS2 Manage Third-party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations

CoBIT Contents

Page 21: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Monitor and Evaluate ME1 Monitor and Evaluate IT Performance ME2 Monitor and Evaluate Internal Control ME3 Ensure Compliance With External Requirements ME4 Provide IT Governance

Application Controls AC Application Controls

CoBIT Contents

Page 22: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Mapping of CoBIT to Other Guidance and Best Practices (Partial Listing)• Aligning COBIT, ITIL and ISO 17799 for Business Benefit • COBIT Mapping ISO/IEC 17799 :2000 With COBIT, 2nd Edition • COBIT Mapping: Mapping ISO/IES 17799:2005 With COBIT 4.0 • Critical Elements of Information Security Program Success • Customer Relationship Management • e-Commerce Security: Securing the Network Perimeter • Electronic and Digital Signatures: A Global Status Report • Information Security Governance: Guidance for Boards of Directors and Executive

Management 2nd Edition • Information Security Governance: Guidance for Boards of Directors and Executive

Management, 2nd Edition (Japanese Supplement)

Page 23: Slide 1 - DAMA-NCR Data Management Association - National Capital

© 2007 ISACA® All Rights Reserved

Contact Information

Linda Kostic, CPA, CISA, CISSPPast President, National Capital Area Chapter, [email protected]: www.isaca-washdc.org