j-j.co.za
Sharing thoughts and ideas on business, security and photographyISACA SA Annual Conference 2014 : 25/26 August 2014
Posted on June 03, 2014Just some advanced notice that the ISACA South African Chapter Annual conference for 2014 has been announced.
The conference is taking place from 25 August 2014 To 26 August 2014 at Emperors Palace. Visit the conference page for details and online bookings or contact: Nadine Schreiber – admin@isaca.org.za
ISACA is also still looking for speakers so if you have something interesting to share please contact Nadine.
The Heartbleed bug : a short presentation given at the Kzn ISACA Chapter Meeting
Posted on June 03, 2014I was honoured to be asked to make a (short) presentation at the May 2014 KZN ISACA Chapter meeting. The meeting went down well with probably around 25 people attending.
Attached is the PDF of the presentation.
I hope that some of the members present found it useful and that you, my readers, do too.
Feedback as always most welcome.
The Heartbleed Bug ISACA presentation v3
Security considerations for Cloud Computing (ISACA publication)
Posted on October 13, 2012ISACA has released their latest book on cloud computing : Security Considerations for Cloud Computing, earlier in the week I received notification that my personal copy is with FedEx on it’s way to South Africa for me, one of the perks of being an expert reviewer on the panel for the publication.
This guide is Another publication in the Cloud Computing Vision Series, Security Considerations for Cloud Computing presents practical guidance to facilitate the decision process for IT and business professionals concerning the decision to move to the cloud. It helps enable effective analysis and measurement of risk through use of decision trees and checklists outlining the security factors to be considered when evaluating the cloud as a potential solution.
There are five essential characteristics, three types of service models and four major deployment models taken into account relative to cloud computing. To ensure a common understanding of these models, this publication describes the characteristics of each characteristic and model.
This guide is meant for all current and potential cloud users who need to ensure protection of information assets moving to the cloud.
If you are making any significant use of Cloud Computing I would recommend you get your hands on the publication. It’s free for members to download, otherwise $35 for a hard copy, $70 for non-members.
ISACA 2012 conference happening from 10-12 September 2012, registrations open soon
Posted on June 17, 2012The ISACA South Africa 2012 conference is happening from the 10-12 September. Diarise the dates, get those purchase requisitions in. If you are wanting to present at the conference then mail Nadine (admin@isaca.org.za) – the speaker lineup is being finalised shortly so hurry up to make sure you don’t miss out.
The conference is being held at the Wanderer’s Club in Illovo. It’s right next door to the Protea hotel if you need accommodation, and is also served by the Gautrain and their buses, with a bus stopping right outside the hotel gates.
Hope to see you all there.
Bring your own device (BYOD) : workplace mobility presentation
Posted on May 24, 2012I was privileged to speak at this month’s ISACA KZN Chapter meeting held last Monday at KPMG’s offices in Durban. Thanks to Terence (the local chapter leader) for the invite.
My topic was around workplace mobility, focusing on implementation challenges and leanings experienced within the workplace. For this presentation I tried something a little different, using Keynote on the iPad to develop and present the talk. This resulted in a slide deck that looks a bit different from my normal style, with far fewer words, more pictures and I hope a smoother flowing more natural presentation. At the same time, it’s probably a bit more difficult for somebody who wasn’t at the presentation to get a lot of value out of the slide deck. If you download it and have questions, please go ahead and ask. It is presented below as a PDF since so few have Keynote.
Presentation here : BYOD workplace mobility v2 (download the PDF)
Daniel Cuthbert presenting at ISACA KZN Chapter meeting at Deloitte on 15 July 2011
Posted on June 28, 2011The next meeting of the ISACA KZN Chapter will be held on Friday 15th July at Deloitte’s offices on La Lucia Ridge. Please spread the word and make every effort to attend.
KZN regional chapter meeting
- Date : 15 July 2011
- Venue : Deloitte’s offices on La Lucia Ridge
- Speaker : Daniel Cuthbert
- Topic : “Doing it for the Lulz : Why Lulzsec has shown us to be an ineffective industry.”
- Daniel will be talking on current activities in information security, web hacking and how to protect yourselves.
- ISACA Website link : http://isaca.org.za/other.asp?page=Event&eId=188
Confirmation of attendance
As always, please confirm your attendance with Nadine on 011-803 0803 or admin@isaca.org.za a few days ahead of time.
New ISACA audit programs: Cloud computing, Crisis mgt, Infosec mgt, Active Directory, Oracle eBusiness #in
Posted on September 02, 2010ISACA has recently made 5 new audit programs available, 4 in August and one in July, bringing the total number of available programs to 31.
These new audit programs cover :
- Cloud Computing Management Audit/Assurance Program (Aug 2010)
- Crisis Management Audit/Assurance Program (Aug 2010)
- Information Security Management Audit/Assurance Program (Aug 2010)
- Windows Active Directory Audit Program (20 Aug 2010)
- Security, Audit and Control Features Oracle E-Business Suite, 3rd Edition – Audit programs and ICQs (July 2010)
They are all available for download on the ISACA knowledge centre website.
ISACA makes the material available at no cost as a benefit of ISACA membership. Anybody wanting to contribute material to share with fellow professionals can send it to ISACA via research@isaca.org.
ISACA Annual Conference 2010
Posted on August 30, 2010Dates: 13 to 15 September 2010
Venue: Indaba Conference Centre, Fourways/Johannesburg
Over the last few years the ISACA SA Conference (#isaca2010) has drawn between 230 – 260 delegates. High profile local and international speakers provide delegates with insight into the latest developments in the IT, security and governance. The 2010 conference has 3 streams of presentations and focuses on the latest strategies to address business, managerial, operational, auditing and security challenges associated with information technology and information systems. The conference topics are applicable to a wide range of attendees from CEO’s and CIO’s through security, audit, risk and IT professionals.
Follow @isacaza on twitter for #isaca2010 conference news and updates
Attendance
Should you be interested in attending the conference use the online booking facility at the ISACA website or contact Nadine on admin@isaca.org.za.
See you there for another great conference.
Howto : Small Business IT Governance Implementation #in
Posted on August 25, 2010One of the key challenges of IT governance is how to break it up and make it understandable and implementable for small businesses. Cost/benefit is always a key challenge and unless there is a practical sensible way that adds value to the business then IT governance is not going to work in small business.
ISACA have released a nicely put together article in their J-Online section of the website. Small Business IT Governance Implementation by Janeane Leyer and Katelyn Quigley provides useful practical advice on how to implement. In doing so the article provides three key questions in a simple framework and discusses six critical success factors for the implementation.
Abstract
The largest risks to businesses today are failure to align information technology to real business needs and failure to use information technology to create value for the business. Effectively managed IT can provide small businesses with a competitive advantage, whereas ineffective management can impair the business as a whole. With recent increases in demand for cost reduction, the need for small businesses to actively manage their IT resources has never been greater.
This article will provide an overview of IT governance, discuss the benefits to small businesses, suggest a framework for implementation in small businesses and discuss critical success factors.
ISACA Whitepaper “Securing Mobile Devices” #in
Posted on August 25, 2010ISACA have released a whitepaper on the securing of mobile devices. This is the first in a series of documents which will eventually include audit/assurance programs for such devices. The overview of these documents can be found here.
Abstract of white paper
Mobile computing devices have become a critical tool in today’s networked world. Enterprises and individuals alike rely on mobile devices to remain reachable when away from the office or home. While mobile devices such as smartphones, laptops, personal digital assistants (PDAs) and Universal Serial Bus (USB) memory sticks have facilitated increased convenience for individuals as well as the potential for increased productivity in the workplace, these benefits are not without risks. Mobile devices have been, and continue to be, a source of various types of security incidents. These stem from issues such as device loss, malware and external breaches. As the availability of human resources and systems continues to be critical to society and business operations, it stands to reason that mobile device usage will continue to escalate as will the features that these devices offer. It is therefore imperative that proper risk management be applied and security controls implemented to maximize the benefits while minimizing the risks associated with such devices.
Securitysearch.co.uk writeup on the whitepaper here.
ISACA SA Chapter meetings in October (Dbn, Jhb, Pta) #in
Posted on August 25, 2010Three of the ISACA chapters are having meetings in October. Details are below and will be updated as confirmation of speakers is obtained. Don’t forget the #isaca2010 conference in September.
KZN regional chapter meeting
- Date : 7 October 2010
- Venue : PKF Offices in Umhlanga
- Topic : To be confirmed
Pretoria regional chapter meeting
- Date : 14 October 2010
- Venue : To be confirmed
- Topic : To be confirmed
Johannesburg regional chapter meeting
- Date : 26 October 2010
- Venue : To be confirmed
- Topic : To be confirmed
Confirmation of attendance
As always, please confirm your attendance with Nadine on 011-803 0803 or admin@isaca.org.za a few days ahead of time.
Upcoming ISACA chapter meetings in East London and Jhb #in
Posted on August 13, 2010There are two chapter meetings coming up in East London and Johannesburg in the next few days. Hope to see lots of people there. I personally hope to attend the Jhb meeting, travel plans allowing.
Date: 18 August 2010 at 2:30 pm
Venue: PricewaterhouseCoopers , Palm Square office park , Acacia House , Bonza Bay Rd , Beacon Bay
1) Andrew William Mpofu will be presenting: “Information Security as a strategic business asset”
2) Chris Knox will be presenting: “Information Security Risk Assessment methodologies”
3) Networking & Refreshments
Date : 24 August 2010 5pm Registration with the event starting at 5:30pm
Venue : PriceWaterhouseCoopers offices in Sunninghill, Johannesburg
1) Jason Gottschalk will be presenting on “Access Governance – The precursor to Identity and Access Management”.
2) Gerhard Hechter, PKF will be presenting on “Taking risks cleverly / Business intelligence”
Attendance
To confirm attendance to either of these meetings please contact Nadine on 011-8030803 or admin@isaca.org.za
Congratulations
Lastly, congratulations to all those who wrote and passed CISA, CISM and CISSP. I believe results for all 3 were released today.
Feedback on ISACA KZN chapter meeting control frameworks presentation
Posted on August 07, 2010On Thursday evening (5th August) I presented at the ISACA KZN Chapter meeting. As Chapter coordinator I have the privilege of finding speakers and venues, and from time to time an arranged speaker has other commitments and so is unable to make the presentation. I always try and keep a “backup” presentation of my own and this time around it was my (our) “Tale of two cities – or control frameworks” presentation that was first presented at the IT Web security summit earlier in the year. This time I did the presentation without the assistance of my colleague from Jhb, David Volschenk, as he had other work commitments which prevented him traveling to Durban for the day.
It IT Web we had 45m for the presentation and Q&A so where fairly time constrained and did not have much time at all for discussion or questions. At the Chapter meeting we had much more time to go through the presentation at a leisurely place, have discussion around certain aspects and make it a much more interaction (and fun) session.
There were about 20 people present, representing the consulting firms (EY, PKF, Deloitte), public sector and private sector.
Off the top of my head (I was presenting rather than taking notes the main areas of discussion were around :
- Getting executive buy in for the project
- Getting adequate funding
- Instilling change in an organisation where the maturity level is low and the corporate culture is such that the environment is generally poorly controlled
- What the drivers are for the implementation of a control framework, and particularly King 3 and how it is changing perspectives (creating the fire)
- The implications of King 3, and how they will drive change from the top (rather then it being left to middle management to drive failed projects)
- The apparent lack of understanding of King 3 on the part of directors, and how negative statements having to be made in the Annual Financials with respect to King 3 compliance could affect their reputations and those of the organisations they represent (or what happens if they “lie” and put in statements of compliance when they aren’t compliant). Company directors really do need to start taking notice of this.
- The implementation of control frameworks is a long term process, not a quick fix. Deciding 6 months ahead of the King 3 implementation deadline that the organisation needs to be compliant may be an impossible task
In “off the record” discussions after the presentation a number of consultants wanted to know if the failed company (Company B) was actually Company XYZ or Company ABC. The answer each time was know, it wasn’t that company, Company B was a combination of failed projects. That said, the names of companies mentioned by the other parties in each case also were not one of the companies involved in the combined “Company B”. It seems there are a lot of failed control framework and security framework implementations out there.
I really enjoyed the presentation and the discussions that went with it. Thanks to all who attended for your attendance and participation. If you are interested in having further discussions around this, or have me meet with your directors to discuss further, please contact me. j-j (at) worldonline (dot) co (dot) za or on Twitter.
Thanks to Ernst & Young for hosting the chapter meeting.
See you next time at PKF.
Justin
You can find a copy of the presentation in the original article or directly here. More on King 3 here. And get a copy of the King 3 report from the IOD website.