| Enterprise Architecture and Compliance News - RegWatch and Latest News | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mobile Security Technical ConferenceThursday Nov 15th 20128:30 am PST till 4:30 PM PSTBiltmore Hotel @ 2151 Laurelwood Road Santa Clara, CA 95054 |
|
Session Schedule |
Session Topics |
Speaker's |
|
8:00 AM – 8:30 AM |
Registration |
|
|
8:30 AM - 9:30 AM |
Risk Assessment for Mobile Devices and Applications |
Kartik Trivedi Co-Founder at Symosis |
|
9:30 AM - 9:45 AM |
Break |
|
|
9:45 AM - 10:45 AM |
MDM Solutions: Business and Technical Considerations |
Bryan Wise Director of IT at Coherent |
|
10:45 AM - 11:00 AM |
Break |
|
|
11:00 AM - 12:00 PM |
Mobile Security Innovation: BYOS (Bring Your Own Security) |
Ben Ayed Founder - CEO at Secure Access Technologies |
|
12:00 PM - 1:00 PM |
Break |
|
|
1:00 PM - 2:00 PM |
Mobile Commerce Security |
Selim Aissi Chief Security Architect at Visa |
|
2:00 PM - 2:15 PM |
Break |
|
|
2:15 PM – 3:15 PM |
Lessons Learned: 2 Years into Mobile Security |
Mark Mellis |
|
3:15 PM - 3:30 PM |
Break |
|
|
3:30 PM - 4:30 PM |
Panel Discussion: Risk Management in Mobile Society |
|
For details please contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it or call on (650) 762-9478.
Announcement for FedRamp
As of 9am on Wednesday, June 6th, 2012, the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) achieved Initial Operating Capability. As a part of IOC, the FedRAMP PMO is now accepting applications for provisional authorization of cloud systems. The application is currently housed on fedramp.gov and can be accessed via the following URL:http://www.gsa.gov/portal/content/125991
FedRamp's communication encourages all cloud service providers and agencies with cloud services to apply for FedRAMP accreditation. All cloud service offerings used by the federal government are now required to meet the FedRAMP requirements. Should you have any questions or concerns, please don't hesitate to contact the FedRAMP PMO directly ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ).
James Bone President,
Global Compliance Associates, LLC
Risk Luminosity Seminars, LLC
TheGRCBlueBook, LLC
www.globalcomplianceassociates.com
www.riskluminosityseminars.com
www.thegrcbluebook.com
(Reminder to self, get listed in the BlueBook!)
http://www.informaglobalevents.com/event/Risk-Minds-Usa-Conference
- June 4th - 8th in Boston, MA at Hyatt Regency Boston
- Risk Minds USA: North America's Leading Risk Management Event With 300+ Delegates
- TheGRCBlueBook is a media sponsor for this event.
http://www.complianceonline.com/ecommerce/control/seminar?product_id=80026SEM
- June 18th - 20th in San Francisco, CA at the Grand Hyatt
- "Thriving on Risk – Risk Management for 21st Century"
- Sponsored by ComplianceOnline and Produced by Risk Luminosity Seminars
- Key Note Speaker: Dr. Sam Savage, author of "The Flaw of Averages", Sanford University
- Mention Risk Luminosity Seminars to receive discounts for this conference!
If you are interested in what is going on in DC regarding cyber security legislation, here are two easy ways to check in:
National Public Radio’s “Morning Edition” airing about a 5 minute segment on the cyber bill on Tuesday, May 8th that will probably air at either 20 past the hour or 40 past the hour depending on when you receive the show in your area. I was interviewed for the story.
I also recently sat for an extensive interview with Richard Schlesinger, correspondent for CBS Evening News and EMC, addressing the cyber bills in Congress and how and why regulation will not effectively address our cyber security problems. That interview is available on the EMC website, just click on the link below.
http://www.emc.com/emc-plus/index.htm
Listen on playback. Conversation was outstanding!
|
||||||||||||
|
||||||||||||
|
About BrightTALK
BrightTALK provides webinars and videos for professionals and their communities. Every day thousands of thought leaders are actively sharing their insights, their ideas and their most up-to-date knowledge with professionals all over the globe through the webinar and video technologies that BrightTALK has created.
|
Connect with BrightTALK |
|
|
For more information, please visit us at www.brighttalk.com, BrightTALK™, 501 Folsom Street, 2nd Floor, San Francisco, CA 94105
AuditNet® has developed an Audit Utilization of Technology Optimization Scale (AUTOS) to measure the maturity level of the use of audit technology by auditors. How would you rate your department on the use of audit technology?
Here are some of the key findings from other surveys on technology and internal audit1:
According to a recent survey by the Institute of Internal Auditors data mining and analytics are one of the top five skills sought for new internal auditors.
The 2012 Internal Audit Capabilities and Needs Survey by Protiviti reported that CAATs, continuous auditing and continuous monitoring are skills areas that auditors need to improve as the profession moves toward these approaches and techniques.
According to the 2011 TeamMate User Survey it is imperative that all auditors understand the technology tools available and use them on all audits.
The options available to CAE emphasize either hiring auditors with the technology skills to jump start implementation of technology initiatives which helps shorten the learning curve. Additionally providing staff with training for audit technology tools is a must.
According to the Grant Thornton 2012 CAE Survey … most CAEs seem to recognize that their departments can better harness the power of technology. Half of respondents acknowledged their organizations do not effectively use governance, risk and compliance (GRC)-specific technology. Data analytics and continuous auditing technologies are gaining wider acceptance, however. Still, given the power of today’s technology tools, internal audit can do more.
Also here is the link to the AuditNet® survey which will shed light on how auditors are using technology and how far they have to go to achieve the highest level of maturity.
2012 State of Technology Use by Auditors Survey http://svy.mk/JfsCMC
Also if you are looking for CPE then check out http://www.auditnet.org/ATI_ACLSO.htm
If you are an ISACA member then send an email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it for special discounted pricing!
Visit the SANS TOP 20 Security Issues Poster
Working Effectively In Geographically Distributed Agile Project Teams
Geographically distributed agile is not an oxymoron. And, it sure isn’t easy. Each organization has its own unique culture, so you’ll have to find what works best for you. You need to start with the agile principles and values to derive your approach to distributed agile.
The good news is: You don’t have to do this alone!
Let Shane Hastie and Johanna Rothman guide you with the help of their two-day experiential workshop, Working Effectively In Geographically Distributed Agile Project Teams, April 17-18, 2012 . In the workshop, you will learn which kind of geographically distributed team you have, whether you are working on a project or a program, and which approaches might work best. You’ll experience planning and implementation on a distributed project, and we’ll examine how being human affects us all.
We’ll practice with iterations and kanban and see which—or both—might work best for you.
Come armed with your questions, we’ll make sure that we address the problems in the room. Want more information or to join us? See more or sign up here, http://www.jrothman.com/2012/01/working-effectively-in-geographically-distributed-agile-project-teams/
In case you missed the Eva Maler and Symplified on Zero Trust Identity, and it was, hands DOWN, the best hour on identity this year!...
To see the video broadcast click here and register for the playback. You won't be cookied or profiled, and you'll love what you hear
EnterprisGRC Solutions consistently applauds Symplipfied's company's committment to education in identity. Forrester provides the speaker Eva Maler, who is a gem.
Got an issue or GRC event you want to promote? Talk2me. Chat back. Send me a tweet.
2/23/2012
PLEASE SIGN UP
Announcing extended special offers for ITIL Expert Brochure
Participants in ITIL Expert Still receiving a free IPad!
Have you been looking for the Perils of Mount Must Read? It's going to be released again, except with a whole new spin for Virtualized business. Get a copy while it lasts. Perils of Mount Must Read, circa 2006, soon to be renewed for 2012
Cloud Computing & Virtualization How would you like a free iPad2? Learn more about the CompTIA Cloud Essentials Examination or Sign up to take the ITIL Expert program and you could get an iPad2 for free.
ITpreneurs Announces the Next Evolution in ITIL Training- (EnterpriseGRC Solutions is an Implementation Partner)
ITIL v3 Courses Updated to ITIL 2011 ROTTERDAM, THE NETHERLANDS (Marketwire - Dec 1, 2011) - ITpreneurs is implementing the next phase in the ITIL training evolution, announcing that ITIL v3 courses are being updated to ITIL 2011. The ITIL 2011 update will allow ITpreneurs' global strategic partners to access the most current and relevant ITIL materials for IT professional training.
ITIL 2011 is not a new version of ITIL, but a major upgrade of the existing ITIL v3 material. While the basic ITIL training framework remains the same, enhancements will ensure clear and concise concepts, resolve inconsistencies in text and diagrams, address suggestions from trainers for simplicity and improve publication materials.
"It is our priority to continue creating the best and most up-to-date training materials," said Sukhbir Jasuja, CEO, ITpreneurs. "With these updates, our partners now have immediate access to the highest quality ITIL competence training, eliminating the time and expense of them ... ITpreneurs has already released a number of courses in its ITIL portfolio with the 2011 updates: ITIL Foundation, Operational Support and Analysis (OSA) module of the Service Capability stream and Service Operation (SO) of the Service Lifecycle stream. Additionally, the First Aid Kit and Quick Reference Card have been updated to reflect the ITIL 2011 update. Nine additional courses, the balance of the ITIL portfolio, will be updated in English by the end of December. To accommodate the global audience, portions of the ITIL portfolio are available in 11 languages, and will also incorporate the ITIL 2011 update.
The Holistic Information Security Practitioner Institute (HISPI) now welcomes EnterpriseGRC Solutions as member of their HISP Certification Board/Committee. We are in the initial stages of establishing how we can best offer support to this very worthwhile organization.
EnterpriseGRC Solutions is an active member of Cloud Credential Council, an ITGI ISACA Sponsor and board member to multiple standards organizations both currently and across the last decade. The goal of our participation is to extend awareness of best practices in security and to make the examination process more accessible to learners from all age, gender and cultural backgrounds. We believe the purpose of these certifications must go beyond the stacking of credentials on an elite and socially homogeneous stack of resumes. The application of security and technology principals must reach into ethical and social behaviors, driving legal, organization and educational objectives in all countries and governments.
EnterpriseGRC Solutions is committed to a facilitated learning approach, where content is able to adapt to a broader range of learning styles. Classic book knowledge is not enough to apply the important knowledge that is transferred by the body of information covered by such examinations as the CSA Certificate of Cloud Security Knowledge (CCSK), or the Holistic Information Security Practitioner Certification (HISP). We want to see more women and more diversity in general among the persons who pass and contribute to these important exams. It is also critical that people with less background in security be able to master concepts of Green Technology, the foundations of Cloud through CompTIA Cloud Essentials, and the foundations of virtualization throughITpreneurs Virtualization Essentials.
The Holistic Information Security Practitioner (HISP) Institute (HISPI) is an independent certification organization consisting of volunteers that are true information security practitioners, such as Chief Information Security Officers (CISOs), Information Security Officers (ISOs), Information Security Managers, Directors of Information Security, Security Analysts, Security Engineers and Technology Risk Managers from major corporations and organizations.
More About HISPI - HISPI promotes a holistic approach to information security program management by providing certification opportunities in information security, information assurance and governance.
HISPI focuses on international standards, best practices, and comprehensive frameworks for developing robust and effective information security programs.
The objectives of HISPI include:
- To bridge the current gap between existing professional certification programs by proactively promoting the need to develop comprehensive and holistic information security programs amongst information security, audit and compliance professionals representing various sectors internationally.
- To promote cost-effective training and certification to information security, audit and compliance professionals, particularly Public Sector and Higher Education employees, where budget constraints can be a barrier to obtaining such quality training and certification.
- To provide a vendor neutral forum that will facilitate the sharing of knowledge, ideas and other positive initiatives for enhancing the current state of information security in various sectors internationally.
- To research and develop an integrated system for widely accepted best practice frameworks that are applicable to Information Security such as ISO/IEC 27002, ISO/IEC 27001, COBIT, COSO, ISO/IEC 20000 (ITIL), NIST Guidelines, FIPS 200 (NIST 800-53).
- To foster collaborative efforts across various sectors internationally, particularly government, law enforcement and commercial sector.
- To foster a positive code of ethics amongst information security, audit and compliance professionals.
- To reduce the cost of meeting legal, regulatory and contractual requirements pertaining to information security, across various sectors internationally.
- In addition to the existing partnership with British Standards Institute (BSI) Americas, to also partner and collaborate with other reputable organization.
Here's a holiday present that will never cease giving, read "Legacy Letters" Or visit http://www.LegacyLetter.org
Knowledge is only as valuable as the audience that gains understanding… Everything is here is (for now) registration cookie and advertisement free.
A free training for Cloud and Virtualization, aims to encourage further study and achieving CompTIA Cloud Essentials and ITpreneurs Virtualization Essentials. You’ll get some gems. It will take around an hour.
Recently delivered to IMA and ISACA GRC Strategy – was to assist the CGEIT class.
CobiT Foundations Overview, enough to refresh before you take the exam, or allow you to prepare to attend and absorb foundation training. Please, never skip the live interaction. That’s where we make facts become practice.
GreenGRC a 4Point Method to integrate sustainability into your GRC Program
Perils of Mount Must Read – where you just might find your own name
Everyone should be concerned with CobiT 5, but if you really want to test your 4.1 Control Objective and Domain recognition, you can still quiz yourself with
- http://www.enterprisegrc.com/index.php?option=com_wrapper&view=wrapper&Itemid=166 (But, please do the real study on isaca.org.)
In case you need a little more than a virtual vocab, study this
Then time yourself with three word search challenges
If any of you finish all three word searches, and you send me proof in a screen capture, I’ll find a way to make you famous on the enterprisegrc.com site. I used to maintain a public page called URock. I’ve got plans to create a rotating article about our best contributors again. Just motivate me a little, and you can be first.
Why all this free stuff? In case you want to become a Cloud Ready Professional, YES, I want to sell you training!http://www.eventbrite.com/org/1867093805?s=6818363
For Immediate Release
January 20, 2012
Scott McCallum, COSO
Office: +1-407-937-1247
Cell: +1-321-246-7649
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Consider Risk Appetite When Developing Business Strategy and Goals, Says New COSO Thought Paper
ALTAMONTE SPRINGS, Fla. – Jan. 20, 2012 – A new thought paper aimed at helping organizations better articulate, develop, and implement “risk appetite,” was released today by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on enterprise risk management (ERM), internal controls and fraud deterrence. Enterprise Risk Management – Understanding and Communicating Risk Appetite is the latest in a series of COSO papers providing ERM practitioners thought leadership on performing more effective risk management.
“An important COSO goal is to help executives and boards implement effective ERM processes by providing them with thought papers that discuss issues crucial to ERM success,” said COSO Chairman David Landsittel. “This paper emphasizes the idea that developing and communicating a risk appetite should be viewed by organizations as an important part of their ERM processes.”
According to the authors of the paper, risk appetite is the amount of risk organizations are willing to accept in pursuit of their objectives. Written by Larry Rittenberg, the Ernst & Young Professor of Accounting at the University of Wisconsin-Madison, and Frank Martens, a director in the Advisory Practice of PwC, the thought paper provides examples of statements of risk appetite and emphasizes the notion that risk appetite should be communicated by management, embraced by the board, and integrated throughout the entity.
“Organizations encounter risk every day as they pursue their objectives, and risk appetite is an integral part of an effective ERM system,” said Rittenberg “It may seem to be an elusive topic, but the reality is that a well communicated risk appetite serves as a boundary around the amount of risk an organization might take on, and should be considered when setting strategy or business goals.”
Enterprise Risk Management – Understanding and Communicating Risk Appetite is available for free download at www.coso.org or any of the sponsoring organization’s websites. COSO also encourages ERM practitioners and others to explore its other thought papers, as well as the 2004 Enterprise Risk Management –Integrated Framework, all available on COSO’s website.
About COSO
Originally formed in 1985, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM), internal control and fraud deterrence. COSO’s supporting organizations are The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA). www.coso.org.
Please allow me to pass along an important request from Jim Kaplan.
The professional standards relating to the auditor's responsibility for detecting and preventing fraud changed in 2009 when the Institute of Internal Auditors (IIA) updated the International Professional Practices Framework (IPPF). Auditors must now consider fraud risks and red flags as part of planning audits. In conjunction with these changes the IIA released Practice Guides for Internal Auditing and Fraud, Fraud Prevention and Detection in an Automated World (GTAG 13) and Data Analysis Technologies (GTAG 16). ISACA also issued a White Paper titled Data Analytics - A Practical Approach.
According to GTAG 13:
Data analysis technology enables auditors and other fraud examiners to analyze transactional data to obtain insights into the operating effectiveness of internal controls and to identify indicators of fraud risk or actual fraudulent activities.
Most audit professionals and fraud examiners are aware of the ACFE Report to the Nation survey covering how frauds are detected, who commits fraud and the types of frauds perpetrated. The ACFE survey found that over 40% of reported frauds are uncovered by tips. The report does not however ask questions relating to the use of technology in uncovering frauds.
AuditNet is conducting a survey to answer the question and determine fraud detection techniques using technology.
This survey seeks to determine the extent to which auditors and other fraud examiners are using technology as part of their fraud detection and investigation strategy.
Please help us provide answers to the question relating to using technology in detecting and investigating frauds. In appreciation for your taking this short survey (15 questions) we offer attendance at a 2012 AuditNet/FraudAware Webinar or a one year basic subscription to AuditNet. (You must complete the survey and provide a valid email address (Hotmail and Yahoo not allowed).
Here is the link to the survey https://www.surveymonkey.com/s/AuditNetFraudDetection
Please forward this email to your network and discussion groups that you participate in as we want a broad and comprehensive representation for this survey.
Thanks for your support!
Jim Kaplan
Recipient of the IIA's 2007 Bradford Cadmus Memorial Award, AuditNet LLC, http://www.auditnet.org, The Global Resource for Auditors
ISACA Issues COBIT Assessment Program to Help Enterprises Ensure - Consistent and Reliable Processes
Rolling Meadows, IL, USA (7 December 2011)—For the past 15 years, enterprises around the world have been using COBIT to improve and assess their IT processes. Until now, however, a there has been no consistent approach for internal and external professionals to assess these processes. ISACA’s new COBIT Assessment Programme provides consistency and reliability so business and IT leaders can have confidence in the assessment process and the quality of the results as they maximize the business value of their IT investments.
After conducting a global survey in 2010 to determine market need, ISACA found that 89% of the nearly 1,400 respondents expressed a need for a rigorous and reliable IT process capability assessment. To fill the gap, ISACA has released the three-part
- COBIT Assessment Programme based on COBIT 4.1 and ISO/IEC 15504-2:2003 Information technology—Process assessment—Part 2: Performing an assessment:
- COBIT Process Assessment Model: Using COBIT 4.1
- COBIT Assessor Guide: Using COBIT 4.1
- COBIT Self-Assessment Guide: Using COBIT 4.1
“The new assessment program provides a methodology that results in repeatable, reliable and robust assessments of process capability,” said Max Shanahan, CISA, CGEIT, FCPA, a member of the development team. “In addition to delivering immediate added market value from process capability assessment results, COBIT Assessment Programme also provides the basis for the establishment of broader maturity assessments.”
Norman Kromberg, CISA, CGEIT, CRISC, participated in the pilot program for the COBIT Assessment Programme with Alliance Data, where he serves as IT audit director.
“The COBIT Assessment Programme is not only workable, but also an effective tool for IT auditors to supplement their existing scope. It fills a gap by putting the lens on process capability,” said Kromberg. “Auditors and consultants will find it particularly useful, as will large and medium-sized organizations that are heavily regulated, such as banks and financial institutions, health care companies, government and state departments, and technology and service providers.”
The COBIT process assessment approach will be integrated into the upcoming COBIT 5 in early 2012. COBIT provides a comprehensive approach to ensure that IT is enabling the achievement of strategic business objectives. It is available as a free download at www.isaca.org/cobit.
The COBIT Assessment Programme guides are available at http://www.isaca.org/cobit-assessment-program. About ISACA - With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
- ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
- Follow ISACA on Twitter: https://twitter.com/ISACANews
- Join ISACA on LinkedIn: ISACA (Official), http://tinyurl.com/42vbrlz
- Like ISACA on Facebook: www.facebook.com/ISACAHQ
- Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
- Kristen Kessinger, +1.847.660.5512, This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- Joanne Duffer, +1.847.660.5564, This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Last summer's ISACA SV conference Auditing and Securing the Cloud was a tremendous success, but with one regret, that we weren't able to get Symplified in front of our audience.
EnterpriseGRC Solutions really believes in this company and product, and we have permission to present two areas on this web site. Our commitment to educating compliance professionals to manage risk in the cloud is entirely supported by their mission and design.
If you understand the value proposition on these two products, you'll get at least ten questions right on the CompTIA Cloud Essentials Exam.
Symplified was modeled to address governing business and technology in the Cloud.
Call 800 847-6821
or reach out via Skype
| < Prev | Next > |
|---|
ITpreneurs is proud to name EnterpriseGRC Solutions as its newest certified partner. ITpreneurs and EnterpriseGRC Solutions will collaborate to increase Cloud and Virtualization concepts and controls, ISO 27001, COBIT and ITIL courses offered through EnterpriseGRC Solutions. “Every member of my organization has achieved at least one certification through ITpreneurs, and this is the second company that I’ve founded with that same promise. [...] It is a proud day, that we can be a part of ITpreneurs’ landmark efforts to bring forward 
