E-Newsletter

Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Vol 02

Seminar on Data Security Inside this issue:

Data Security 1

Risk Management 2

Chapter News 3

Chapter News 4

Full Day Seminar 5

Full Day Seminar 6

President speaks 7

Editor’s Corner 7

About us 8

Chapter Contacts 8

This Newsletter is

sponsored by

5 t imes Winner of K. Wayne Snipes Award

Sponsored by the CBFS

Contact us

P.O Box No: 397,

Medinat Sultan Qaboos,

PC –115,

Sultanate of Oman,

Chapter Statistics

Members 272

CISA 122

CISM 37

CGEIT 8

CRISC 28

Turn to page 5 for details

ISACA Muscat chapter, in an effort to bring in knowledge sessions to the chapter mem-

bers, has arranged a full day seminar on 12th June 2012 at Hotel Muscat Holiday. The

session was sponsored by Muscat Pharmacy. Speakers from various domains presented

on data security related topics. Mr. Alex deGraph from McAfee presented on data loss

prevention and educated the audience on the importance of data, risks involved in data

leaks and discussed various ways to prevent the same. Mr. Mohammed Nayaz, very

well known speaker and very active member of ISACA Muscat chapter discussed about

COBIT 4.1. Mr. Ali Lawati presented about wireless security. overall the session was

well received among the ISACA member community and it is important to note that a

good number of student community was present in the session. Mr. Badri , President,

ISCA Muscat Chapter opened session with a welcome note and mentioned that ISACA

Muscat is committed to bring CPE session to its member community.

Note: This newsletter is intended purely as an informational service to the members of ISACA Muscat Chapter. The contents are those of the authors

as named and from material made available to the newsletter editor and are not necessarily those of ISACA or ISACA Muscat . Neither ISACA nor its

sponsor in Oman may be held liable for the use of the information contained in this newsletter.

Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 2

Risk Management - continued...

Chapter News

Having understood the Risk Management fundamentals with several illustrations, it is the time to move forward onto Infor-

mation Security Risk Management. First, let us see the Definitions of Information and Information Security.

What is Information?

Data* that (1) has been verified to be accurate and timely, (2) is specific and organised for a purpose, (3) is presented within

a context that gives it meaning and relevance, and (4) that can lead to an increase in understanding and decrease in uncer-

tainty.

The value of information lies solely in its ability to affect a behaviour, decision, or outcome.

* The term ‘Data’ is not restricted to Information Technology or electronic form, but also refers to various other forms of

medium, such as paper, audio, visual, etc. Even furniture can be considered as ‘information’, provided that the furniture is

the custodian of certain form of data, either electronic or conventional.

For example, if Office Box Files, CD-ROMs and Backup Tapes are stored in a Fire-proof cup-board, then the cup-board is

also considered as ‘Information’. We will further justify, in later part of our article, on why the ‘cup-board’ needs to be con-

sidered as ‘information’.

What is Information Security?

Information Security is the preservation of confidentiality, integrity and availability of information; in addition, other prop-

erties such as authenticity, accountability, non-repudiation and reliability can also be involved as part of Information Secu-

rity.

In other words, Information security means protecting information and information systems from unauthorised access, use,

disclosure, disruption, modification, perusal, inspection, recording or destruction.

The terms information security, computer security and information assurance are frequently used interchangeably. These

are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information;

however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the

methodologies used, and the areas of concentration.

Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data

may take (as we discussed before): electronic, print, or other forms.

Computer security can focus on ensuring the availability and correct operation of a computer system without concern for

the information stored or processed by the computer. Information assurance focuses on the reasons for assurance that infor-

mation is protected, and is thus reasoning about information security.

Should confidential information about a business' customers or finances or new product line fall into the hands of a compet-

itor, such a breach of security could lead to negative consequences. Protecting confidential information is a business re-

quirement, and in many cases also an ethical and legal requirement. For the individual, information security has a signifi-

cant effect on privacy, which is viewed very differently in different cultures.

In the coming articles, we will be discussing more on Information Security Event/Incident, Information Security Risk As-

sessment and so on.

About the Author:

Mr. CRV Ganesh is a Senior Auditor – Audit & Risk Assurance Department of Abu Dhabi Company for Onshore Oil Oper-

ations (ADCO). He is a very active member of ISACA and holder of CISA, CISM, CRISC and CobiT-F Certifications. He

can be reached at his Email: crvganesh@yahoo.com

Quarterly Newsletter from the Muscat Chapter of ISACA

CPE Session on 13/05/2012

Chapter News

June 2012 Page: 3

Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 4

Chapter News

CPE Session on

29/05/2012

www.isacamuscat .org

Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 5

Chapter News

Full Day Seminar on 12th June

What would you like to read in the Newsletter? Do you have some suggestions? Would you like to send a short article— anything which you

feel members would be interested in..

Would you like to share your experience in preparing for the CISA, CISM exam… You need not be a topper to give ideas… If you have an-

swered “Yes” to any of these questions...then share with others…

please send the material or suggestions to

subbarao@bahwanit.com or call 9921 6802.

Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 6

Chapter News

Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 7

Miscellany

Welcome to the second newsletter of ISACA Muscat Chapter for 2012.

So far this year the chapter has done very well in arranging 10 Pro-

grams (9 CPE and one family get together function). Also for the first

time the chapter had organized a full day event on 12th Jun 2012. This

event was a grand success. Almost 80 members and guests had partici-

pated the CPE event. The program was sponsored by M/s Muscat Phar-

macy LLC. Seeing the response and your support we the Board of

ISACA chapter shall try to arrange a similar program before the end of

the year.

CISA / CISM / CGEIT and CRISC examination just got over and there was good number of

candidates appeared for the examination. I wish all the candidates good luck and come out

successful in flying colors.

Generally July and August months, many of our members take annual vacation. The chapter

board members are planning to have at least 2 CPE events during these two months. Mem-

bers present during this period ensure to attend the session and mark it grand success.

I take this opportunity to wish happy holidays and safe return to Oman, for members travel-

ling to their native country on vacation.

Through this news letter I urge all the members to contribute article to the news letter.

For Dec 2012 examination, the chapter will have the open session in first week of August

2012. Please inform your colleagues, friends etc. who would like to hear on various certifi-

cations offered by ISACA and they may decide to join ISACA to shape up their career much

better.

Our special thanks and gratitude go to each one of you for your devotion and dedication.

-Regards, Badri N Subudhi, President, ISACA Muscat Chapter

President speaks

Welcome to the

summer edition

of year 2012.

It is summer

time am sure

most of you are

on plan to visit

your home country. The

session on the 12th was very

informative and hope that the

chapter organize such semi-

nars in future as well. Wish-

ing all the best to certification

aspirants and wish you a

happy summer vacation

- subbarao

Editor’s corner

Do you Know?

More than 90,000

CISA certifications

have been awarded

since the

credential’s

inception in 1978

In January 2012, 550 CISA,

287 Certified Information

Security Manager (CISM), 20

Certified in the Governance of

Enterprise IT (CGEIT), and

42 Certified in Risk and

Information Systems Control

(CRISC) candidates were

awarded certification.

CPE Table—Year 2012

Date Venue & Topic Hrs.

29/01/12 Oman Medical College—PCI—DSS 2

06/02/12 PDO Exhibition Centre - Open Session 2

07/02/12 CBFS - Annual General Meeting 2

06/03/12 CBFS - IT Audit of Critical Systems 2

16/04/12 E & Y Knowledge Series 2

13/05/12 Managing Complexities of IT Audit 2

29/05/12 Wireless Security 2

06/05/12 PCI Risk Assessment 2

12/06/12 Full Day Seminar 6

Members can use this table to reconcile their CPE Credits.

However members should note the CPE hours are granted

based on the attendance only.

ISACA Muscat chapter has

won Silver -level award for

2011 for their website. The

award was issued by ISACA

international chapter. This

award is given for the best

design, content and manage-

C h a pt e r C o n t a c t s Name Position Mobile e-mail

Mr. Badri Narayan Subudhi President 99 812 050 badriisaca@gmail.com

Mr. Venu Gopal Hari Vice President 99 215 701 punyakoty@hotmail.com

Mr. Jitendra Singhvi Secretary 97 847 777 jsinghvi@gmail.com

Mr. Biswajit Das Treasurer 24 525 031 ab1103@gmail.com

Mr. Vijendra Mohonot Director - Membership 99 889 462 vijendra_mohnot@rediffmail.com

Mr. Dilip Warkad Additional Director- Membership 99 041 893 duwarkad@yahoo.com

Mr. J. Srinagesh Program Chairperson 99 235 063 jsrinagesh@hotmail.com

Mr. Aji Bhaskar Additional Director- Programs 99 473 259 ajibhaskar@gmail.com

Mr. O.G. Ravishankar Additional Director- Programs 99 341 856 ogravishankar@onicholding.com

Mr. Jose Chacko Education Chairperson 99 215 691 josechackomail@gmail.com

Mr. Mohamed Nayaz Director - Marketing 99 429 679 mohamed.Nayaz@om.ey.com

Mr. Gokul Krishnan Director- Communications 99 339 637 gokul@gokuls.net

Mr. Chetan Jamandas Shah CGEIT Coordinator 99 314 358 cjshah35@gmail.com

Mr. Biju Padanilam Director - CISA Coordination 99 670 613 bjpadanilam@yahoo.com

Mr. Rajkumar Patra Additional Director- CISA coordination 99 321 540 patras2012@gmail.com

Mr. Promod Sujgure Additional Director- CISA coordination 95 526 436 pramod.sujgure@gmail.com

Mr. D. Bala Subramaniam Director - CISM Coordination 95 234 135 indbalan@yahoo.co.in

Mr. Hilal Nasser al Habsi Additional Director- CISM coordination 99 356 617 hilal.alhabsy@orpc.co.om

Mr. Subbarao V Bollapalli Additional Director - News Letter 99 216 802 subbarao@bahwanit.com

Mr. Zacharias Chacko Director- Research liaison 99 443 491 zacharias07@gmail.com

Mr. Venkatesan Muralidhar Immediate Past President 99 425 427 vmurali999@yahoo.com

About us..

Muscat chapter is one among more than 190 chapters of ISACA established in 95 countries worldwide. ISACA, as an inter-

national body has been in existence since 1969. ISACA with a worldwide membership of over 95,000 members is character-

ized by its striking diversity. Members live and work in more than 160 countries. They work in nearly all industries includ-

ing financial and banking, audit and consultancy firms, government bodies and educational institutions. This rich diversity

enables members to interact with each other. One of the strongest strengths of ISACA is the enormous resources it pro-

vides to its members through its website, regular regional and international conferences, free delivery of its technical journal

-the Information Systems Control Journal, free access to K-NET an internet based compendium of reference materials and

a bookstore covering the latest developments in the fields of IS assurance, control, security and governance.

Muscat chapter was established in 2000 under the sponsorship of the College of Banking and Financial Studies (CBFS)

which is affiliated to the Central Bank of Oman. The chapter has a membership of 302 members. The chapter membership

also mirrors the diversity of its parent body. The chapter’s mission is to promote education for the CISA and CISM certifica-

tions, spread awareness of IS audit and controls, provide a framework for regular meetings and interaction amongst local IS

audit and control professionals, thereby helping in raising standards and promoting best practices to manage Information

technology effectively in their organizations.

a globally respected designation for experienced IS audit, control and security professionals.

More than 80,000 have earned the CISA designation since its inception in 1978.

a groundbreaking designation for leaders who manage an organization’s information security.

More than 15,500 have earned the CISM designation since it was established in 2002.

for professionals who manage, provide advisory and/or assurance services, and/or who otherwise

support the governance of an enterprise’s IT. More than 4,500 professionals have earned the

CGEIT designation since it was established in 2007.

for IT professionals who have experience with risk identification, assessment and evaluation;

risk response; risk monitoring; IS control design and implementation; and IS control monitoring

and maintenance. More than 5,700 professionals have been certified since inception in 2010.

Certification Centre