|
February, 2003 ContentsPresident's Message
Meeting Announcement
|
Officers
President
Vice President
Secretary
Treasurer Directors
CISA Coordinator
Webmaster
Past President
Newsletter Editor |
The Board, and more specifically Rick Cummings, has been very flexible in the process of gathering topics and determining dates for the chapter's events. In conjunction with Rick's duties as Program Chair and in the effort of learning more about what the membership would like from the chapter, the Board members will be telephoning members over the course of the next couple of weeks.
No, this is not an effort to abuse anyone or to apply peer pressure or guilt to drive up attendance at the dinner meetings or spring seminar. This might be a good byproduct, but not our intention. I continue to be concerned about issues with the Western Michigan Chapter of ISACA. National ISACA has provided a contact to assist us in developing the chapter and volunteers. For the last six years or more, the Board and chapter have relied upon the efforts of a dozen people out of a chapter of 60 with mixed results. The Board will be meeting before the February meeting to gather ideas and alternatives to our current business model. We would like your input and involvement. Please discuss these items with the Board member who contacts you, by attending the social time prior to the February meeting or by emailing a Board member. The changes being suggested may require changes to the bylaws or votes from listed alternatives. We will strive to keep the email to a minimum, however we do value your opinion in helping make the organization stronger.
Speaking of flexible, the Sarbanes-Oxley Act of 2002 continues to be refined and better defined. If you have not taken the time to review the expectations from the latest changes, here are some reference materials:
www.sarbanes-oxley.com/
www.coso.com
www.sec.gov/news/press.shtml
www.protiviti.com/downloads/sarbanesOxleyFAQs.pdf
www.bdo.com/services/assurance/
www.skadden.com/articleDetailIndex.ihtml?ID=822
www.aicpa.com
More in tune with the season, I am pleased my car started this morning and got me to work and back. I would not have wanted to be stranded by the roadside on a day like today. Brrr.
Vulnerability Assessments
Date: Tuesday, February 18, 2003 (Please note
date change)
Location: Holiday Inn-West, 2747 S. 11th St., Kalamazoo
Directions: US-131 to exit 36B (north of I-94), turn left at the first light, hotel entrance is 1/4 mile down on left
Speaker: Mark Lachniet, Technical Lead, Analysts International/Sequoia Services Group
Cost: $24 for Western Michigan ISACA members, $27 for non-members
See the Events & Program page for a full description of the meeting.
Register by February 13! Contact Jamie Depuydt by email or phone (616-248-7426) for more information.
IIA ITAudit Forum
Another edition of the ITAudit Forum has just been published.
News from National
Volume 1 2003 of Global Communiqué
This issue features an article written by CISM Certification Board Chair Leslie McCartney, CISA, on "The Birth of the CISM Certification."
A number of CISM FAQs also is provided for additional information. In addition, this issue offers an article focused on the upcoming EuroCACS
conference in Amsterdam, The Netherlands, as well as updates on other 2003 conferences and Training Weeks and other ISACA/F activities.
We hope you enjoy reading this issue and find its new electronic format and online availability productive and useful.
From International President, Robert Roussey
As International President of ISACA and ISACF, I am very pleased to have this opportunity to contact you regarding International Headquarters'
new computer implementation. As you have seen in the articles in Global Communiqué, the Board of Directors and the board-appointed Computer
Acquisition Task Force have worked with International Headquarters staff throughout the new computer project, from creation of RFPs, through
acquisition, to implementation. It has been an excellent opportunity for all of us to practice the IT governance principles we promote.
I am writing you today to advise you that the first phase of the web applications portion of the implementation process is complete and operational. This phase is available to members and CISAs only, and will save you time and effort by allowing you to update your profile and renew your membership and certification online, any time of the day, any day of the week. To take advantage of this new capability, you will need your personal user ID and password, which has been provided to constituents in a variety of ways. The initial test group received it with the first invoice and ALL yet to renew will receive it with the second invoice, which is due to mail later this month. Your credentials also will be provided on your 2003 member renewal notice and/or CISA certification renewal letter.
The site will be further developed over the coming months to provide greater convenience and functionality, which will make it even more convenient for you to interact with International Headquarters on a 24/7/365 basis. These enhancements will enable such e-commerce activities as online registration for conferences and certification exams (CISA and CISM) and online purchase of books from the Bookstore; and will include a chapter portal which will provide chapters access to information from the membership database and document download. Plus a document download area from which members may download publications exclusive to members only (for example, the IT control practice statements, the COBIT Audit Guidelines, etc.). Implementation of this additional functionality will conclude near the middle of this year.
Many thanks to those selected ISACA chapters and members who have been involved in the testing of the web site up until now. We feel certain these new capabilities provided online will facilitate your interactions with International Headquarters and make it much easier for you to participate fully in your ISACA membership. We hope you find these new services to be of use and look forward to serving you in the future.
ISACA National Training Calendar
To help in choosing what educational opportunities to attend, ISACA is proud to provide its global event calendar. This concise calendar can
also be used to assist with the preparation of your 2003 training budget. ISACA offers IS audit, control, security and assurance professionals a
wide variety of technical and managerial conferences and training opportunities. For more than thirty years ISACA technical programs have
attracted thousands of practitioners who attend to learn how to solve their most pressing problems and challenges. ISACA conferences and training
weeks are globally recognized for providing in-depth coverage of the leading edge technical and managerial issues facing the IT profession.
Of course, if you require additional detailed information about any ISACA event, this information is constantly updated and can be accessed at www.isaca.org. Also feel free to phone or email ISACA at +1.847.253.1545 ext. 485 or conference@isaca.org.
ISACA announces the 2003 Certified Information Systems Auditor Examination
The only globally recognized certification program for information systems audit, control and security professionals announces it's next examination.
For the 22nd consecutive year ISACA will administer the Certified Information Systems Auditor (CISA) Examination. The 2003 CISA Examination will be
conducted on Saturday, June 14, 2003, and will be offered at more than 180 international test centers in 58 countries. The exam, composed of 200
multiple choice questions, will be held in one four-hour session. The 2003 CISA Examination will be offered in ten languages.
The exam covers the following process and content areas: 1) The IS Audit Process; 2) Management, Planning and Organization of IS; 3) Technical Infrastructure and Operational Practices; 4) Protection of Information Assets; 5) Disaster Recovery and Business Continuity; 6) Business Application System Development, Acquisition, Implementation and Maintenance; 7) Business Process Evaluation and Risk Management.
This international certification program grants the title of Certified Information Systems Auditor (CISA) to candidates who achieve a passing score on the examination and demonstrate five or more years experience in the information systems auditing, security, or control professions. The CISA designation is widely recognized as a professional standard of excellence. More than 23,000 specialists in Information Systems Auditing Security and Control have earned the designation worldwide. A Candidates Guide to the CISA Examination, the 2003 CISA Review Technical Information Manual, the 2003 CISA Review Questions, Answers and Explanations Manual, the CISA Review Questions, Answers and Explanations 2003 Supplement and the CISA Review Questions, Answers and Explanations CD_ROM are available from ISACA to help candidates prepare for the exam. Detailed information can be obtained from ISACA by phone at 1.847.253.1545, Certification Department, by fax at 1.847.253.1443, or by e-mail at certification@isaca.org.
The Detroit Chapter will once again offer a CISA Examination Review Course. Please watch future issues of the Databyte and website, www.isaca-det.org for further details.
Certified Information Security
Manager (CISM)
*************************
2003 CISM Exam Registration
Early deadline: 5 February 2003
Final deadline: 2 April 2003
*************************
The 2003 CISM exam early registration deadline is quickly approaching. Register today for the 2003 CISM exam. To take advantage of the early registration
discount, ISACA must receive your completed registration form and payment no later than 5 February 2003. The CISM application is on pages 9 and 10 of the
CISM Bulletin of Information. To contact the certification department, call +1.847.253.1545,
ext. 471 or 474; or e-mail certification@isaca.org.
Note: To complete your registration, mail or fax both sides of the CISM exam registration form to Information Systems Audit and Control Association.
Please include complete credit card information, check or draft in U.S. currency drawn on a U.S. bank. Due to heavy volume as the deadline approaches, we
ask for your patience when faxing this information. Thank you.
Administered by Information Systems Audit and Control Association (ISACA), the CISM certification focuses on the management of information security,
rather than specific platforms, or general or technical knowledge. CISM certification ensures those information security professionals, and specifically
information security program managers, have the experience and knowledge necessary to provide effective management and consulting services. CISM defines the
core competencies and international performance standards that those who have information security responsibilities are expected to master.
Through 31 December 2003, ISACA is offering a CISM grandfathering opportunity, which allows information security managers and those who have information
security management responsibilities to apply for CISM certification without taking the exam. Individuals with information security related credentials (e.g.,
CISA and CISSP) qualify for experience waivers.
Spring Seminar – Lansing MI, April 21 and 22. Brochures and registration will be available soon. Keep an eye on the web site for new information.
Other Events
Detroit ISACA Spring Seminar
The Detroit Chapter if ISACA has announced their 4th Annual Spring Conference dates. They are March 24-26. This conference is co-sponsored by
the Detroit Chapter of the IIA and Detroit Area Chapter of ISACA.
Canaudit Professional Development Seminars
Build your technical audit skills and keep up-to-date by attending any of our upcoming 2-day professional development workshops. Our instructors excel in explaining new techniques in terms participants can easily understand. At Canaudit, we believe in the control self-assessment process. Therefore, most of our auditing courses contain a complete set of COSO-compliant checklists.
The Ultimate Network Penetration Class ($2,495): This five-day, hands-on class is designed for those security officers, IT auditors and administrators who want to learn how to penetration test their organization s network. This class, taught by two members of the Canaudit "Strike Force", will teach you how to attack your network from the Internet, Intranet and dial-up modems.
Los Angeles, CA area - June 2-6 (Register by April 25th and save $200.)
The IT Audit & Security Boot Camp ($2,295): This five-day, hands-on technical audit course is designed for new IT Auditors, financial or integrated auditors making the transition to IT auditing, and existing IT auditors who need to refresh their skills. This intensive session combines over ten days of training and fourteen hundred pages of material into a one-week technical audit and security boot camp.
Chicago, IL area - March 3-7 (Register by January 24th and save $200.)*
*Registrants in these classes who pay full price will receive a Free Internet Audit. For more information, contact Kristie Tryk either at (805) 583-3723 or via email, kristie@canaudit.com.
Professional Development Week (****Register by March 3rd and Save up to $100****)
Washington, DC area:
Control & Security of Oracle, April 14-15
Control & Security of UNIX, April 14-15
I.S. Auditing: The First Step, April 14-15
Understanding & Preventing Electronic Fraud, April 16-17
Control & Security of PeopleSoft, April 16-17
MIS Training Institute
Dozen of courses and locations offered in their most recent catalog November 2002-December 2003. Check them out
for their large-scale conferences as well.
Last updated 01/01/2006
Control Bits and Audit Bytes is a publication of the Western Michigan Chapter of the Information Systems Audit and
Control Association (ISACA). The purpose of this publication is to disseminate useful and timely information on automated
systems control and security issues to Chapter members and selected practitioners of computer systems audit and security.
Articles, submissions, and advertisements are the responsibility of the submitter, and do not reflect the opinions, beliefs, or
practices of the Western Michigan Chapter.
Materials submitted for publication in Control Bits and Audit Bytes must be received by the Newsletter Editor no later than
the submission deadline published in the newsletter. If no submission deadline is published, the default deadline is
approximately three weeks prior to the next scheduled meeting of the Western Michigan Chapter of the Information Systems
Audit and Control Association.