j-j.co.za
Sharing thoughts and ideas on business, security and photographySlides for Facilitated CISA Study Sessions 24/3/2015 & 31/3/2015 : Chapter 1 Part 2 & Chapter 2 Part 1
Posted on March 31, 2015Last week we held the third of the CISA facilitated study sessions at the ITSec offices. The number of attendees is still growing and we have an increasingly diverse group of attendees which is greatly beneficial to all participating. The last two sessions were broadcast on Google Hangouts on Air. Our listener count was up to two 
The benefit of doing the broadcast is that it is recorded and now available for anybody to watch / listen to. Check it out (links in post below) and let us know if it is useful.
This evening’s session beings in about two hours. Please feel free to join us.
Attached below are the slides from the session of 24/3/2014 as well as tonight’s session (they are also in the recorded hangout).
ITSec CISA Prep June 2015 session 3 24th March 2015 Chapter 1 pt 2
ITSec CISA Prep June 2015 session 4 31st March 2015 Chapter 2 pt 1
Facilitated CISA Study Session 31/3/2015 : Chapter 2 Part 1 to be broadcast via Google Hangouts
Posted on March 31, 2015The sessions from the last two weeks have been reasonably successfully broadcast and recorded on Google Hangouts On Air so we will try and do the same for this afternoon’s session. If there is something we can improve ahead of the next session please let us know.
Link to the Google Hangout event
Link to Youtube live broadcast
Hangouts are limited to a maximum of 10 people participating via video / audio and many more who can watch the video feed and participate in the chat. First come first serve.
Facilitated CISA Study Session 24/3/2015 : Chapter 1 Part 2 to be broadcast via Google Hangouts
Posted on March 19, 2015Last week’s session seemed to work reasonably well on Google Hangouts On Air so we will try and do the same for the next session. If you have missed it the recording is available. If there is something we can improve ahead of the next session please let us know.
Link to the Google Hangout event
Link to Youtube live broadcast
Hangouts are limited to a maximum of 10 people participating via video / audio and many more who can watch the video feed and participate in the chat. First come first serve.
Slides for Facilitated CISA Study Session 17/3/2015 : Chapter 1 Part 1
Posted on March 18, 2015Last night we held the second of the CISA facilitated study sessions at the ITSec offices. The number of attendees is growing and we have an increasingly diverse group of attendees which is greatly beneficial to all participating. We also broadcast the session on Google Hangouts on Air. We had a total of zero live listeners to the event. The benefit of doing the broadcast is that it is recorded and now available for anybody to watch / listen to. Check it out (links in post below) and let us know if it is useful. I encourage anybody who would like to join the live session next week to listen to this week’s session and just leave a comment here or pop me a mail / message on twitter to let me know you will be joining.
Attached below are the slides from last night for your reference (they are also in the recorded hangout).
ITSec CISA Prep June 2015 session 17th March 2015 Chapte 01 part 1
Facilitated CISA Study Session 17/3/2015 : Chapter 1 Part 1 to be broadcast via Google Hangouts
Posted on March 16, 2015ITSec is hosting CISA Exam Preparation facilitated study sessions at our offices in West Riding, Durban. Last week we had the kickoff session where we just did some introductions, discussed expectations of the participants for the exam and for the study sessions, spoke a bit about the structure of the exam and the five practice domains, spoke through Geroge Pajari’s Ten Steps to acing the exam, agreed and approach to the studies and set some objectives and pre-work for the next study session (to be held on Tuesday 17th March 2015).
If you are based in KZN you are welcome to join us for these sessions. Take a look on the ITSec website for directions to our offices (a map is included in the presentation pack).
On Tuesday 17th March at 4:45pm South Africa time (GMT+2) we will be covering Chapter 1 of the study guide. Participants were asked to do the self assessment on the ISACA website, read Chapter 1, note down area of concern, do some of the sample questions and come with a list of questions that went wrong.
For those not close enough to join us for the sessions, download the slides, read through and see if you can find some useful tips in there. You can also use the study schedule, customise it for your use, and then have a structured plan for your exam prep. Having a structure to assist in your study discipline is always a good idea.
We are going to try and set up a Google hangout for the session Tuesday afternoon. I am not sure how that will work out, we don’t have professional equipment to broadcoast the session, so it will be done off a reasonable webcam. Feel free to join us.
Download a copy of the introductory presentation from last week.
ITSec CISA Prep June 2015 session 1 10th March 2015 with slides for Prep 17th March
Mugg and Bean nespresso compatible pods now available
Posted on October 30, 2014I was delighted to discover that my local Checkers now stocks a new range of Mugg and Bean nespresso compatible pods.
There seemed to be four flavours available, three of which are pictured below. Espresso (no 47), House Blend (no 52), Single Origin (no 24) and a Decaf.
They are presented in a cute square box and each box contains two puffed up airtight bags with 5 capsules in each. The foil tops are of each capsule are printed with the name and number of the coffee and seem to be aligned with the new “extra compatible” design being used by Caffè Luxe so should work in most machines.
Interestingly the box doesn’t mention the Nespresso brand anywhere but it’s clear from the pod shapes that they are the same.
Always good to have more options. They are priced at a mid range of R49.99 for the box so a bit cheaper than the Nespresso foil pods and R13 more than Checkers’ own Foreign Ground range.
Guest lecture to UKZN 2014 MBA Class : Security & Ethics
Posted on August 24, 2014In this past week I once again had the pleasure of speaking with the UKZN MBA Class. It is always a pleasure to speak to a large group of some of the brightest minds in KZN. Unlike other presentations, these sessions are normally quite interactive and the class willing to share their ideas, experiences and questions.
What stands out for me in this set of discussions were three key diversions.
1. Bank fraud, and the divergence in opinions between the bank representatives and victims (customers)
There is always a lot of interest in, and debate over on-line frauds as they affect individuals. We all know someone, if not ourselves, who has been hit through some kind of bank fraud. In the class were a number of (un-named) employees of various (nameless) banks. They were adamant that the banks do their utmost to refund their customers in the event of frauds. The victims, however, had a polar opposite view and experience. They contended that the banks make it difficult to get your money back, denying, obstructing and delaying in the process while the victim suffers through no having access to the affected funds. For a bank dealing with hundreds of thousands of affected customers and millions in losses, a month may be a short period to resolve such an incident. For a victim needing access to their funds, a month is a payday away and that money could mean the difference between being able to pay your bills or defaulting.
2. Online identities (and password management)
Online identities are increasingly becoming integrated with your professional life. When being hired more and more organisations scan these to see whether they wish to employ you. Whether this is done as part of the background checks (for which prospective employees normally sign permission) or through other means varies. However, needing to take control of and responsibility for your on-line identity is important. Also don’t forget about your children. They may not yet comprehend the gravity of the situation, and could be creating a fun-filled but wholly undesirable persona that they come to regret later in life when they join the job market and are unable to control or erase their past sharings.
Related to this discussion was the age old one of passwords and password re-use. The dangers of password re-use were discussed in detail with some schemes for password protection. The example of people using the same password across all on-line services, and then having the local camera club hacked, with usernames and passwords being revealed and then those same passwords being used to log into gmail, a facebook “I lost my password” event resulting in the password being mailed to gmail, and very quickly the entire on-line identity can be stolen.
Some tips : Use different passwords on-line, and at very least don’t use your primary mail account password anywhere else. It is better to use a password manager on your mobile (LastPass, Blackberry password keeper etc) then to re-use passwords. Also don’t use your phone address book to store passwords or bank pins and account numbers. If you use an iPhone or Android phone then this information is generally synchronised to the cloud, so when that Gmail account is hacked they also have all of your phone book without you ever knowing.
3. Return to old school
There was a comment / view put forward that with all of the information security breaches and discoveries of organisations and nation states lying to citizens about what is happening in this space that it would be better to return to the (golden) “olden days” . While that may appear to be the case, memory can be a strange thing. We often remember the good and forget the bad. Not so many years ago when cheques were still in common use cheque fraud was rife. The banks didnt like to disclose information on fraud (and still don’t) but some of the stats I remember seeing flashed up at fraud conferences indicate that the fraud we are seeing now is just a fraction of what was experienced at the peak of cheque fraud. Social media and the online information era just increase the level and speed of information sharing. The fewer incidents that happen now are just more widely reported and shared then ever before. Instances of misrepresentation and abuse by companies(and countries) are now more widely shared and reported, what is not clear is whether the actual occurrences are on the rise or just more visible.
We cannot go back in time, we need to move with the times. That said a dose of healthy skepticism in all we are doing can only be a good thing. Ask questions until your are satisfied with the answers. You may choose to trust, but trust and verify, don’t trust blindly.
Finally
Embedded below is a link to download the slides. Thanks for attending the sessions and for participating. Feel free to drop me any questions you may have (or leave them here).
Information Security and Ethics 2014 August 2014
Thanks Andrew for the invitation and facilitating the discussion.
Finally tried Uber (X), great service!
Posted on August 23, 2014I finally got around to trying out Uber last night. I must say I was pleasantly surprised by the experience. Everything was just slick, pleasant and worked. I ordered the ride off my phone (using the App I had installed the week before), it gave me the estimated time of arrival of the driver, his name and the car registration and details of the vehicle. He arrived right on time and Mthokozisi was very pleasant. He had been working for Uber for 6 months and seemed quite happy with them as an employer.
I was delivered home 12 minutes later, right to the address I had entered when I ordered the car. In-between ordering my ride and arriving home my phone battery had gone flat, so I was concerned it may have been an issue but not to be. My credit card details were preloaded into the app so no issue with payment, and its all cashless. The trip cost is calculated based on a combination of time and distance. R7/km and 70 cents (or so) per minute. So my 12 minute 7.5km trip came to R65.59.
My trip was however free as there is an UberX launch campaign going on in Durban this weekend (See details below).
After the trip the driver “rated” me as a passenger and provided feedback on his Uber App. He asked me to do the same on mine (which I did a few minutes later). A short while after I also received a follow-up email from Uber summarising the journey, the costs, time, and showing the exact route. All super slick.
If you are interested, then download the app and sign up. It’s free. If you use promo code Uberjjza you can get R90 credited to your account (and I get R90 too). Furthermore, if you enter the second promo code UBERXDBN you can get six uberX rides in Durban, up to R250 in value each, until Sun 24 Aug 2014 at 11pm.
It is no wonder that Uber is changing the face of personalised public transport across the Globe. I don’t see myself using conventional Taxi services again. Install the App and give them a try, you will be pleasantly surprised. Whats really cool is you can use the App to get quotes of how much it would be for various trips, so you can already price the trip to and from the rugby / motor cycle event etc.
Share you experiences, good (or bad) once you have given it a go.
Below is a screenshot of the summary mail that arrived post trip (with address and credit card digits removed)
Summary mail
The Heartbleed bug : a short presentation given at the Kzn ISACA Chapter Meeting
Posted on June 03, 2014I was honoured to be asked to make a (short) presentation at the May 2014 KZN ISACA Chapter meeting. The meeting went down well with probably around 25 people attending.
Attached is the PDF of the presentation.
I hope that some of the members present found it useful and that you, my readers, do too.
Feedback as always most welcome.
The Heartbleed Bug ISACA presentation v3
UKZN MBA presentation 8th August 2013 : Information Security & Ethics
Posted on August 11, 2013On Thursday the 8th August 2013 I was once again privileged to be the guest lecturer for the UKZN MBA programme. Despite Friday being a holiday and the start of the long weekend there was a great turnout. Thanks to all the students for all your questions and contributing to making it an entertaining session.
Below is the link to the slides. Please feel free to contact me if you have an questions or would like to discuss the subject further.
What people say
Close block