|Enterprise Architecture and Compliance News - RegWatch and Latest News|
Mobile Security Technical Conference
Thursday Nov 15th 2012
8:30 am PST till 4:30 PM PST
Biltmore Hotel @ 2151 Laurelwood Road Santa Clara, CA 95054
Registration: Early Bird Registration (ends Nov 5th, 2012)
Please join us on Nov 15th for one day Mobile Security Technical Conference. Learn from the industry leader’s experiences and help create a secure mobile working environment for your organization.
Announcement for FedRamp
As of 9am on Wednesday, June 6th, 2012, the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) achieved Initial Operating Capability. As a part of IOC, the FedRAMP PMO is now accepting applications for provisional authorization of cloud systems. The application is currently housed on fedramp.gov and can be accessed via the following URL:http://www.gsa.gov/portal/content/125991
http://thegrcbluebook.com The GRC Blue Book is the world's largest database of risk and compliance applications. TheGRCBlueBook is the "Angie's List" of GRC vendor applications. Let's support our well respected colleague James Bone, who's done the homework for us but we must write the reviews!
James Bone President,
(Reminder to self, get listed in the BlueBook!)
If you are interested in what is going on in DC regarding cyber security legislation, here are two easy ways to check in:
National Public Radio’s “Morning Edition” airing about a 5 minute segment on the cyber bill on Tuesday, May 8th that will probably air at either 20 past the hour or 40 past the hour depending on when you receive the show in your area. I was interviewed for the story.
I also recently sat for an extensive interview with Richard Schlesinger, correspondent for CBS Evening News and EMC, addressing the cyber bills in Congress and how and why regulation will not effectively address our cyber security problems. That interview is available on the EMC website, just click on the link below.
Listen on playback. Conversation was outstanding!
For more information, please visit us at www.brighttalk.com, BrightTALK™, 501 Folsom Street, 2nd Floor, San Francisco, CA 94105
AuditNet® has developed an Audit Utilization of Technology Optimization Scale (AUTOS) to measure the maturity level of the use of audit technology by auditors. How would you rate your department on the use of audit technology?
Here are some of the key findings from other surveys on technology and internal audit1:
According to a recent survey by the Institute of Internal Auditors data mining and analytics are one of the top five skills sought for new internal auditors.
The 2012 Internal Audit Capabilities and Needs Survey by Protiviti reported that CAATs, continuous auditing and continuous monitoring are skills areas that auditors need to improve as the profession moves toward these approaches and techniques.
According to the 2011 TeamMate User Survey it is imperative that all auditors understand the technology tools available and use them on all audits.
The options available to CAE emphasize either hiring auditors with the technology skills to jump start implementation of technology initiatives which helps shorten the learning curve. Additionally providing staff with training for audit technology tools is a must.
According to the Grant Thornton 2012 CAE Survey … most CAEs seem to recognize that their departments can better harness the power of technology. Half of respondents acknowledged their organizations do not effectively use governance, risk and compliance (GRC)-specific technology. Data analytics and continuous auditing technologies are gaining wider acceptance, however. Still, given the power of today’s technology tools, internal audit can do more.
Also here is the link to the AuditNet® survey which will shed light on how auditors are using technology and how far they have to go to achieve the highest level of maturity.
2012 State of Technology Use by Auditors Survey http://svy.mk/JfsCMC
Also if you are looking for CPE then check out http://www.auditnet.org/ATI_ACLSO.htm
Working Effectively In Geographically Distributed Agile Project Teams
Geographically distributed agile is not an oxymoron. And, it sure isn’t easy. Each organization has its own unique culture, so you’ll have to find what works best for you. You need to start with the agile principles and values to derive your approach to distributed agile.
The good news is: You don’t have to do this alone!
Let Shane Hastie and Johanna Rothman guide you with the help of their two-day experiential workshop, Working Effectively In Geographically Distributed Agile Project Teams, April 17-18, 2012 . In the workshop, you will learn which kind of geographically distributed team you have, whether you are working on a project or a program, and which approaches might work best. You’ll experience planning and implementation on a distributed project, and we’ll examine how being human affects us all.
We’ll practice with iterations and kanban and see which—or both—might work best for you.
Come armed with your questions, we’ll make sure that we address the problems in the room. Want more information or to join us? See more or sign up here, http://www.jrothman.com/2012/01/working-effectively-in-geographically-distributed-agile-project-teams/
To see the video broadcast click here and register for the playback. You won't be cookied or profiled, and you'll love what you hear
EnterprisGRC Solutions consistently applauds Symplipfied's company's committment to education in identity. Forrester provides the speaker Eva Maler, who is a gem.
Got an issue or GRC event you want to promote? Talk2me. Chat back. Send me a tweet.
Announcing extended special offers for ITIL Expert Brochure
Participants in ITIL Expert Still receiving a free IPad!
Have you been looking for the Perils of Mount Must Read? It's going to be released again, except with a whole new spin for Virtualized business. Get a copy while it lasts. Perils of Mount Must Read, circa 2006, soon to be renewed for 2012
Cloud Computing & Virtualization How would you like a free iPad2? Learn more about the CompTIA Cloud Essentials Examination or Sign up to take the ITIL Expert program and you could get an iPad2 for free.
ITpreneurs Announces the Next Evolution in ITIL Training- (EnterpriseGRC Solutions is an Implementation Partner)
ITIL v3 Courses Updated to ITIL 2011 ROTTERDAM, THE NETHERLANDS (Marketwire - Dec 1, 2011) - ITpreneurs is implementing the next phase in the ITIL training evolution, announcing that ITIL v3 courses are being updated to ITIL 2011. The ITIL 2011 update will allow ITpreneurs' global strategic partners to access the most current and relevant ITIL materials for IT professional training.
ITIL 2011 is not a new version of ITIL, but a major upgrade of the existing ITIL v3 material. While the basic ITIL training framework remains the same, enhancements will ensure clear and concise concepts, resolve inconsistencies in text and diagrams, address suggestions from trainers for simplicity and improve publication materials.
"It is our priority to continue creating the best and most up-to-date training materials," said Sukhbir Jasuja, CEO, ITpreneurs. "With these updates, our partners now have immediate access to the highest quality ITIL competence training, eliminating the time and expense of them ... ITpreneurs has already released a number of courses in its ITIL portfolio with the 2011 updates: ITIL Foundation, Operational Support and Analysis (OSA) module of the Service Capability stream and Service Operation (SO) of the Service Lifecycle stream. Additionally, the First Aid Kit and Quick Reference Card have been updated to reflect the ITIL 2011 update. Nine additional courses, the balance of the ITIL portfolio, will be updated in English by the end of December. To accommodate the global audience, portions of the ITIL portfolio are available in 11 languages, and will also incorporate the ITIL 2011 update.
Learn more at www.ITpreneurs.com.
The Holistic Information Security Practitioner Institute (HISPI) now welcomes EnterpriseGRC Solutions as member of their HISP Certification Board/Committee. We are in the initial stages of establishing how we can best offer support to this very worthwhile organization.
EnterpriseGRC Solutions is an active member of Cloud Credential Council, an ITGI ISACA Sponsor and board member to multiple standards organizations both currently and across the last decade. The goal of our participation is to extend awareness of best practices in security and to make the examination process more accessible to learners from all age, gender and cultural backgrounds. We believe the purpose of these certifications must go beyond the stacking of credentials on an elite and socially homogeneous stack of resumes. The application of security and technology principals must reach into ethical and social behaviors, driving legal, organization and educational objectives in all countries and governments.
EnterpriseGRC Solutions is committed to a facilitated learning approach, where content is able to adapt to a broader range of learning styles. Classic book knowledge is not enough to apply the important knowledge that is transferred by the body of information covered by such examinations as the CSA Certificate of Cloud Security Knowledge (CCSK), or the Holistic Information Security Practitioner Certification (HISP). We want to see more women and more diversity in general among the persons who pass and contribute to these important exams. It is also critical that people with less background in security be able to master concepts of Green Technology, the foundations of Cloud through CompTIA Cloud Essentials, and the foundations of virtualization throughITpreneurs Virtualization Essentials.
The Holistic Information Security Practitioner (HISP) Institute (HISPI) is an independent certification organization consisting of volunteers that are true information security practitioners, such as Chief Information Security Officers (CISOs), Information Security Officers (ISOs), Information Security Managers, Directors of Information Security, Security Analysts, Security Engineers and Technology Risk Managers from major corporations and organizations.
More About HISPI - HISPI promotes a holistic approach to information security program management by providing certification opportunities in information security, information assurance and governance.
HISPI focuses on international standards, best practices, and comprehensive frameworks for developing robust and effective information security programs.
The objectives of HISPI include:
Knowledge is only as valuable as the audience that gains understanding… Everything is here is (for now) registration cookie and advertisement free.
A free training for Cloud and Virtualization, aims to encourage further study and achieving CompTIA Cloud Essentials and ITpreneurs Virtualization Essentials. You’ll get some gems. It will take around an hour.
Recently delivered to IMA and ISACA GRC Strategy – was to assist the CGEIT class.
CobiT Foundations Overview, enough to refresh before you take the exam, or allow you to prepare to attend and absorb foundation training. Please, never skip the live interaction. That’s where we make facts become practice.
GreenGRC a 4Point Method to integrate sustainability into your GRC Program
Perils of Mount Must Read – where you just might find your own name
Everyone should be concerned with CobiT 5, but if you really want to test your 4.1 Control Objective and Domain recognition, you can still quiz yourself with
In case you need a little more than a virtual vocab, study this
Then time yourself with three word search challenges
If any of you finish all three word searches, and you send me proof in a screen capture, I’ll find a way to make you famous on the enterprisegrc.com site. I used to maintain a public page called URock. I’ve got plans to create a rotating article about our best contributors again. Just motivate me a little, and you can be first.
Why all this free stuff? In case you want to become a Cloud Ready Professional, YES, I want to sell you training!http://www.eventbrite.com/org/1867093805?s=6818363
For Immediate Release
January 20, 2012
Consider Risk Appetite When Developing Business Strategy and Goals, Says New COSO Thought Paper
ALTAMONTE SPRINGS, Fla. – Jan. 20, 2012 – A new thought paper aimed at helping organizations better articulate, develop, and implement “risk appetite,” was released today by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on enterprise risk management (ERM), internal controls and fraud deterrence. Enterprise Risk Management – Understanding and Communicating Risk Appetite is the latest in a series of COSO papers providing ERM practitioners thought leadership on performing more effective risk management.
“An important COSO goal is to help executives and boards implement effective ERM processes by providing them with thought papers that discuss issues crucial to ERM success,” said COSO Chairman David Landsittel. “This paper emphasizes the idea that developing and communicating a risk appetite should be viewed by organizations as an important part of their ERM processes.”
According to the authors of the paper, risk appetite is the amount of risk organizations are willing to accept in pursuit of their objectives. Written by Larry Rittenberg, the Ernst & Young Professor of Accounting at the University of Wisconsin-Madison, and Frank Martens, a director in the Advisory Practice of PwC, the thought paper provides examples of statements of risk appetite and emphasizes the notion that risk appetite should be communicated by management, embraced by the board, and integrated throughout the entity.
“Organizations encounter risk every day as they pursue their objectives, and risk appetite is an integral part of an effective ERM system,” said Rittenberg “It may seem to be an elusive topic, but the reality is that a well communicated risk appetite serves as a boundary around the amount of risk an organization might take on, and should be considered when setting strategy or business goals.”
Enterprise Risk Management – Understanding and Communicating Risk Appetite is available for free download at www.coso.org or any of the sponsoring organization’s websites. COSO also encourages ERM practitioners and others to explore its other thought papers, as well as the 2004 Enterprise Risk Management –Integrated Framework, all available on COSO’s website.
Originally formed in 1985, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM), internal control and fraud deterrence. COSO’s supporting organizations are The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA). www.coso.org.
Please allow me to pass along an important request from Jim Kaplan.
The professional standards relating to the auditor's responsibility for detecting and preventing fraud changed in 2009 when the Institute of Internal Auditors (IIA) updated the International Professional Practices Framework (IPPF). Auditors must now consider fraud risks and red flags as part of planning audits. In conjunction with these changes the IIA released Practice Guides for Internal Auditing and Fraud, Fraud Prevention and Detection in an Automated World (GTAG 13) and Data Analysis Technologies (GTAG 16). ISACA also issued a White Paper titled Data Analytics - A Practical Approach.
Most audit professionals and fraud examiners are aware of the ACFE Report to the Nation survey covering how frauds are detected, who commits fraud and the types of frauds perpetrated. The ACFE survey found that over 40% of reported frauds are uncovered by tips. The report does not however ask questions relating to the use of technology in uncovering frauds.
Recipient of the IIA's 2007 Bradford Cadmus Memorial Award, AuditNet LLC, http://www.auditnet.org, The Global Resource for Auditors
ISACA Issues COBIT Assessment Program to Help Enterprises Ensure - Consistent and Reliable Processes
Rolling Meadows, IL, USA (7 December 2011)—For the past 15 years, enterprises around the world have been using COBIT to improve and assess their IT processes. Until now, however, a there has been no consistent approach for internal and external professionals to assess these processes. ISACA’s new COBIT Assessment Programme provides consistency and reliability so business and IT leaders can have confidence in the assessment process and the quality of the results as they maximize the business value of their IT investments.
After conducting a global survey in 2010 to determine market need, ISACA found that 89% of the nearly 1,400 respondents expressed a need for a rigorous and reliable IT process capability assessment. To fill the gap, ISACA has released the three-part
“The new assessment program provides a methodology that results in repeatable, reliable and robust assessments of process capability,” said Max Shanahan, CISA, CGEIT, FCPA, a member of the development team. “In addition to delivering immediate added market value from process capability assessment results, COBIT Assessment Programme also provides the basis for the establishment of broader maturity assessments.”
Norman Kromberg, CISA, CGEIT, CRISC, participated in the pilot program for the COBIT Assessment Programme with Alliance Data, where he serves as IT audit director.
“The COBIT Assessment Programme is not only workable, but also an effective tool for IT auditors to supplement their existing scope. It fills a gap by putting the lens on process capability,” said Kromberg. “Auditors and consultants will find it particularly useful, as will large and medium-sized organizations that are heavily regulated, such as banks and financial institutions, health care companies, government and state departments, and technology and service providers.”
The COBIT process assessment approach will be integrated into the upcoming COBIT 5 in early 2012. COBIT provides a comprehensive approach to ensure that IT is enabling the achievement of strategic business objectives. It is available as a free download at www.isaca.org/cobit.
The COBIT Assessment Programme guides are available at http://www.isaca.org/cobit-assessment-program. About ISACA - With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
EnterpriseGRC Solutions really believes in this company and product, and we have permission to present two areas on this web site. Our commitment to educating compliance professionals to manage risk in the cloud is entirely supported by their mission and design.
If you understand the value proposition on these two products, you'll get at least ten questions right on the CompTIA Cloud Essentials Exam.
Symplified was modeled to address governing business and technology in the Cloud.
|Last Updated on Sunday, 21 October 2012 14:36|
Written by Robin Basham
Thursday, 01 December 2011 00:00
The GRC Buzz
Holistic Information Security Practitioner Institute (HISPI) welcomes EnterpriseGRC Solutions as member of their HISP Certification Board/Committee Read More
ITpreneurs is proud to name EnterpriseGRC Solutions as its newest certified partner. ITpreneurs and EnterpriseGRC Solutions will collaborate to increase Cloud and Virtualization concepts and controls, ISO 27001, COBIT and ITIL courses offered through EnterpriseGRC Solutions. “Every member of my organization has achieved at least one certification through ITpreneurs, and this is the second company that I’ve founded with that same promise. [...] It is a proud day, that we can be a part of ITpreneurs’ landmark efforts to bring forward CompTIA Cloud Essentials training and certification. - Robin Basham, Managing Partner.
Spontaneous Kudos - We've really been digging our digest from The Compliance Exchange
Partners and Client Information
Ryma Technology Solutions names EnterpriseGRC Solutions as an Affiliate Partner. More. Recent Wins: EnterpriseGRC Provides IS0 27001 Policy and SOA readiness for NetSuite Inc. EnterpriseGRC Solutions Sponsor to ISACA ITGI. Recent Partner Alignments include ITpreneurs, Control Solutions International
Request For Information? Please fill out our Wufoo form.