President's Message

No, I am not mad about having to cancel the October meeting. I understand not all topics are of interest to everyone and that work and family schedules impact our membership. There are great many folks in our chapter that do not take an active or any role as members. No, I am not mad at them either. I appreciate them for their input from email or surveys and their dues contribution which enables us to contract with outside speakers and cover any shortages from the monthly meetings or spring seminar.

I am concerned about issues with the Western Michigan Chapter of ISACA. The Board is trying to provide presentation content that was surveyed as being of interest. For the last six years or more, these attempts have had mixed results. The Board will be meeting occasionally before the February meeting to gather ideas and alternatives to our current business model. These changes may require changes to the bylaws or votes from listed alternatives. We will strive to keep the email to a minimum, however we do value your opinion in helping make the organization stronger.

Professionally, everyone likely has concerns for the SEC / Government mandates and the swirl of interpretations. I am certain the impact for these changes are felt differently depending on the business sector, but how much of this seems like common sense? Sure, the economy is sour and office furniture seems to be worse than most. Go out this weekend and buy something to energize the economy. Heck, get a jump start on Christmas shopping.

More in tune with the season, I am grateful for a healthy family, my job and that it is a job I really enjoy. I hope you feel the same and take a moment to tell people you are thankful for them and to have them in your life.

Back to top

Meeting Announcement

Current Security Issues: Windows 2000/Active Directory, Firewalls and More!
Date: Wednesday, November 20, 2002
Location: Holiday Inn-West, 2747 S. 11th St., Kalamazoo
Directions: US-131 to exit 36B (north of I-94), turn left at the first light, hotel entrance is 1/4 mile down on left
Speaker: Mark Lachniet, Technical Lead, Analysts International/Sequoia Services Group
Cost: $24 for Western Michigan ISACA members, $27 for non-members

See the Events & Program page for a full description of the meeting.

Register by November 15! Contact Jamie Depuydt by email or phone (616-248-7426) for more information.

Back to top

News From the Wild

Job openings are now posted on our web site! See the Reference Center page for the link.

News from National

Revision of recent ExpressLine article: In the October issue of ExpressLine, in the article titled "ISACA Web Apps Nearing Implementation," it was stated that phase 1 of the web application implementation was completed at the end of the September, and phase 2 would be completed by the end of the year. The implementation schedule has had to be changed. Phase 1 now will be available by the end of the year, and phase 2 soon thereafter. The copy of the October ExpressLine that is posted in the Chapter Leadership area of the ISACA web site reflects this updated information. Thank you.
Jane Seago, ISACA Director of Corporate Communications and Relations, jseago@isaca.org

IMPORTANT CISM INFORMATION: The success of this program will be greatly enhanced by your participation. We would like to request that you assist us in informing other interested parties of this new designation by performing the following activities:
- Notify people that information can be found at www.isaca.org/cism and distribute brochures as necessary.
- Post CISM advertisements on your chapter website, place in newsletter and geographical publications.
- Notify members who practice as information security managers to participate in the “job practice analysis” survey. Access to this survey can be gained by emailing Terry Trsar at ttrsar@isaca.org until 1 November 2002.
- Solicit your chapter membership in order to develop exam items. Individuals can earn US $100 and 1 credit CPE for each accepted question. Further information may be found at http://www.isaca.org/examitemwriter.htm.

CISA Exam Item Writing Program: Put your IS audit, control and security knowledge to use by writing exam questions. Earn US $50.00 and 1 CISA CE hour for each accepted question! To become an item writer you must submit an Item Writer Application and a signed Non-disclosure Agreement. The Non-disclosure Agreement must be received by the Certification Department at ISACA Headquarters before submission of items.

ISACA National Training Calendar: To help in choosing what educational opportunities to attend, ISACA is proud to provide its global event calendar. This concise calendar can also be used to assist with the preparation of your 2003 training budget. A complete listing of conference locations may be found at www.isaca.org/globalevents.pdf. Of course if you require additional detailed information about any ISACA event, this information is constantly updated and can be accessed at www.isaca.org. Also feel free to phone or email ISACA at +1.847.253.1545 ext. 485 or conference@isaca.org.

2003 CISA Exam: For the 22nd consecutive year ISACA will administer the Certified Information Systems Auditor (CISA) Examination. The 2003 CISA Examination will be conducted on Saturday, June 14, 2003. The CISA designation is widely recognized as a professional standard of excellence. More than 23,000 specialists in Information Systems Auditing Security and Control have earned the designation worldwide.

A Candidates Guide to the CISA Examination, the 2003 CISA Review Technical Information Manual, the 2003 CISA Review Questions, Answers and Explanations Manual, the CISA Review Questions, Answers and Explanations 2003 Supplement and the CISA Review Questions, Answers and Explanations CD_ROM are available from ISACA to help candidates prepare for the exam. Detailed information can be obtained from ISACA by phone at 1.847.253.1545, Certification Department, by fax at 1.847.253.1443, or by e-mail at certification@isaca.org.

The Detroit Chapter will once again offer a CISA Examination Review Course. Please watch future issues of the Databyte and website, www.isaca-det.org for further details.

Membership Dues: Membership dues are processed and submitted in November and December for the 2003 year. For those of you completing the third year of your three-year CPE reporting cycle, please remember to get this information submitted. Also be aware that ISACA National does conduct random reviews of these CPE documents. If you find yourself in need of last-minute CPE, check out our program page for training opportunities at other ISACA chapters or other organizations or request a filing extension.

IT Audit Forum Updated

The IIA ITAudit Forum has been updated. Articles include:
- "Introduction to XBRL" - XBRL may enable public companies to quickly publish business and financial data using Web technologies.
- "eSAC: Managing Resources - Technical Overview" - The technical overview section of the eSAC Managing Resources module looks at the technologies used in resource management.
- "Essential Relationships in Corporate Governance" - Corporate governance has become a focal point for homeland security, assurance, and IT management and security. This article provides an overview of current issues.
- "Business Considerations of U.S. Cyber-security Plan" - The U.S. National Strategy to Secure Cyberspace makes businesses responsible for protecting their own information security and critical infrastructures.
- SANS Institute and the U.S. FBI announce top 20 IT security vulnerabilities. Bugbear virus spreads worldwide. IT spending to increase in 2002.
- "The Evolution of Assurance Software and Methodology" - New developments in audit software tools and techniques could improve the effectiveness of internal auditors and provide greater assurance to audit clients and stakeholders.
- "Performance Assessment Benchmarks" - Establishing benchmarks enables organizations to effectively assess the performance of new IT systems.
- "U.S. National Strategy to Secure Cyberspace" - The recently released draft of the National Strategy to Secure Cyberspace makes the case for improving information security at all levels.
- U.S. IT security strategy is released for public comment. Linux Slapper worm infects Web servers worldwide. September sets a record for most computer attacks.
- "Using Risk Models to Determine Information Risk Levels" - Once auditors have taken high-level and detailed looks at information security risks, they can use risk models to estimate the overall level of risk for their organizations.
- Summary from InformationWeek's Fall Conference in Tucson, Ariz.
If hacker threats aren't enough to get you worried, here's another one. One executive at the conference said his business loses about 300 notebook computers a year. That's a lot of sensitive company information roaming free. What's on your colleagues' notebooks?

Back to top

Coming Attractions

Other Events

Detroit, MI: The Detroit Chapter if ISACA has announced their 4th Annual Spring Conference dates. They are March 24-26. This conference is co-sponsored by the Detroit Chapter of the IIA and Detroit Area Chapter of ISACA. The Detroit ISACA chapter has their newsletters on the web as PDF files. For their training opportunities visit their site.

Fairfax, VA: IT Audit & Security Boot Camp - by CANAUDIT, December 2-6.
This intensive session combines over ten days of training and twelve hundred pages of material into a one-week technical audit and security boot camp. Under the skillful guidance of Canaudit s best instructors, participants will learn how to perform complex technical audits using the Canaudit Audit Approach. This approach provides participants with the knowledge to conduct a series of rapid-fire technical audits when they return to the office. Using Canaudit's COSO compliant Technical Audit guides they will be able to reduce the field time for each audit while increasing audit scope and depth of coverage.

Simi Valley: IT Audit & Security Boot Camp - by CANAUDIT, January 27-31.
This is the same intensive session as described above. Register by the Early Registration Deadline of December 27 and save $200.

MIS Training Institute
Dozen of courses and locations offered in their most recent catalog November 2002-December 2003. Check them out for their large-scale conferences as well.

Back to top

Thanks and Kudos

The CISA Exam date was June 8, 2002. Two chapter members completed the necessary certification criteria to earn their CISA designation:
 - Andre LeBaron, CPA, CISA of BDO Seidman, LLP in Grand Rapids
 - Greg Kolvoord, CIA, CISA of Michigan Farm Bureau

Give them a much-deserved congratulation the next time you see them.

Back to top

Control Bits and Audit Bytes is a publication of the Western Michigan Chapter of the Information Systems Audit and Control Association (ISACA). The purpose of this publication is to disseminate useful and timely information on automated systems control and security issues to Chapter members and selected practitioners of computer systems audit and security. Articles, submissions, and advertisements are the responsibility of the submitter, and do not reflect the opinions, beliefs, or practices of the Western Michigan Chapter. Materials submitted for publication in Control Bits and Audit Bytes must be received by the Newsletter Editor no later than the submission deadline published in the newsletter. If no submission deadline is published, the default deadline is approximately three weeks prior to the next scheduled meeting of the Western Michigan Chapter of the Information Systems Audit and Control Association.