2010 Data Breach Investigation Report – Who stole my client’s cheese? #in

Posted on August 25, 2010

The first-ever joint report by the Verizon Business Risk data crime investigation team and the U.S. Secret Service presents a fascinating and current insight into the murky world of data theft and cyber crime. Contrary to general expectations 85% of all stolen data records can be traced back to organised crime. Woaah. While almost 50% of cases had active insider involvement, these were small-time jobs resulting in only 3% of records lost. So yes, watch out for your employees, but beware of those syndicates!

Read more in Woody Leonhard’s summation of the report here.

Download a copy of the VBR/USSS report from Verizon Business here

Howto : Small Business IT Governance Implementation #in

Posted on August 25, 2010

One of the key challenges of IT governance is how to break it up and make it understandable and implementable for small businesses. Cost/benefit is always a key challenge and unless there is a practical sensible way that adds value to the business then IT governance is not going to work in small business.

ISACA have released a nicely put together article in their J-Online section of the website. Small Business IT Governance Implementation  by Janeane Leyer and Katelyn Quigley provides useful practical advice on how to implement. In doing so the article provides three key questions in a simple framework and discusses six critical success factors for the implementation.


The largest risks to businesses today are failure to align information technology to real business needs and failure to use information technology to create value for the business. Effectively managed IT can provide small businesses with a competitive advantage, whereas ineffective management can impair the business as a whole. With recent increases in demand for cost reduction, the need for small businesses to actively manage their IT resources has never been greater.

This article will provide an overview of IT governance, discuss the benefits to small businesses, suggest a framework for implementation in small businesses and discuss critical success factors.

Download the article here.

ISACA Whitepaper “Securing Mobile Devices” #in

Posted on August 25, 2010

ISACA have released a whitepaper on the securing of mobile devices. This is the first in a series of documents which will eventually include audit/assurance programs for such devices. The overview of these documents can be found here.

Abstract of white paper

Mobile computing devices have become a critical tool in today’s networked world. Enterprises and individuals alike rely on mobile devices to remain reachable when away from the office or home. While mobile devices such as smartphones, laptops, personal digital assistants (PDAs) and Universal Serial Bus (USB) memory sticks have facilitated increased convenience for individuals as well as the potential for increased productivity in the workplace, these benefits are not without risks. Mobile devices have been, and continue to be, a source of various types of security incidents. These stem from issues such as device loss, malware and external breaches. As the availability of human resources and systems continues to be critical to society and business operations, it stands to reason that mobile device usage will continue to escalate as will the features that these devices offer. It is therefore imperative that proper risk management be applied and security controls implemented to maximize the benefits while minimizing the risks associated with such devices.

Download the whitepaper here.

Securitysearch.co.uk writeup on the whitepaper here.

ISACA SA Chapter meetings in October (Dbn, Jhb, Pta) #in

Posted on August 25, 2010

Three of the ISACA chapters are having meetings in October. Details are below and will be updated as confirmation of speakers is obtained. Don’t forget the #isaca2010 conference in September.

KZN regional chapter meeting

  • Date : 7 October 2010
  • Venue : PKF Offices in Umhlanga
  • Topic : To be confirmed

Pretoria regional chapter meeting

  • Date : 14 October 2010
  • Venue : To be confirmed
  • Topic : To be confirmed

Johannesburg regional chapter meeting

  • Date : 26 October 2010
  • Venue : To be confirmed
  • Topic : To be confirmed

Confirmation of attendance

As always, please confirm your attendance with Nadine on 011-803 0803 or admin@isaca.org.za a few days ahead of time.

%d bloggers like this: