E-Newsletter - Information Assurance | ISACA · E-Newsletter Quarterly Newsletter from the Muscat...
Transcript of E-Newsletter - Information Assurance | ISACA · E-Newsletter Quarterly Newsletter from the Muscat...
E-Newsletter
Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Vol 02
Seminar on Data Security Inside this issue:
Data Security 1
Risk Management 2
Chapter News 3
Chapter News 4
Full Day Seminar 5
Full Day Seminar 6
President speaks 7
Editor’s Corner 7
About us 8
Chapter Contacts 8
This Newsletter is
sponsored by
5 t imes Winner of K. Wayne Snipes Award
Sponsored by the CBFS
Contact us
P.O Box No: 397,
Medinat Sultan Qaboos,
PC –115,
Sultanate of Oman,
Chapter Statistics
Members 272
CISA 122
CISM 37
CGEIT 8
CRISC 28
Turn to page 5 for details
ISACA Muscat chapter, in an effort to bring in knowledge sessions to the chapter mem-
bers, has arranged a full day seminar on 12th June 2012 at Hotel Muscat Holiday. The
session was sponsored by Muscat Pharmacy. Speakers from various domains presented
on data security related topics. Mr. Alex deGraph from McAfee presented on data loss
prevention and educated the audience on the importance of data, risks involved in data
leaks and discussed various ways to prevent the same. Mr. Mohammed Nayaz, very
well known speaker and very active member of ISACA Muscat chapter discussed about
COBIT 4.1. Mr. Ali Lawati presented about wireless security. overall the session was
well received among the ISACA member community and it is important to note that a
good number of student community was present in the session. Mr. Badri , President,
ISCA Muscat Chapter opened session with a welcome note and mentioned that ISACA
Muscat is committed to bring CPE session to its member community.
Note: This newsletter is intended purely as an informational service to the members of ISACA Muscat Chapter. The contents are those of the authors
as named and from material made available to the newsletter editor and are not necessarily those of ISACA or ISACA Muscat . Neither ISACA nor its
sponsor in Oman may be held liable for the use of the information contained in this newsletter.
Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 2
Risk Management - continued...
Chapter News
Having understood the Risk Management fundamentals with several illustrations, it is the time to move forward onto Infor-
mation Security Risk Management. First, let us see the Definitions of Information and Information Security.
What is Information?
Data* that (1) has been verified to be accurate and timely, (2) is specific and organised for a purpose, (3) is presented within
a context that gives it meaning and relevance, and (4) that can lead to an increase in understanding and decrease in uncer-
tainty.
The value of information lies solely in its ability to affect a behaviour, decision, or outcome.
* The term ‘Data’ is not restricted to Information Technology or electronic form, but also refers to various other forms of
medium, such as paper, audio, visual, etc. Even furniture can be considered as ‘information’, provided that the furniture is
the custodian of certain form of data, either electronic or conventional.
For example, if Office Box Files, CD-ROMs and Backup Tapes are stored in a Fire-proof cup-board, then the cup-board is
also considered as ‘Information’. We will further justify, in later part of our article, on why the ‘cup-board’ needs to be con-
sidered as ‘information’.
What is Information Security?
Information Security is the preservation of confidentiality, integrity and availability of information; in addition, other prop-
erties such as authenticity, accountability, non-repudiation and reliability can also be involved as part of Information Secu-
rity.
In other words, Information security means protecting information and information systems from unauthorised access, use,
disclosure, disruption, modification, perusal, inspection, recording or destruction.
The terms information security, computer security and information assurance are frequently used interchangeably. These
are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information;
however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the
methodologies used, and the areas of concentration.
Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data
may take (as we discussed before): electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct operation of a computer system without concern for
the information stored or processed by the computer. Information assurance focuses on the reasons for assurance that infor-
mation is protected, and is thus reasoning about information security.
Should confidential information about a business' customers or finances or new product line fall into the hands of a compet-
itor, such a breach of security could lead to negative consequences. Protecting confidential information is a business re-
quirement, and in many cases also an ethical and legal requirement. For the individual, information security has a signifi-
cant effect on privacy, which is viewed very differently in different cultures.
In the coming articles, we will be discussing more on Information Security Event/Incident, Information Security Risk As-
sessment and so on.
About the Author:
Mr. CRV Ganesh is a Senior Auditor – Audit & Risk Assurance Department of Abu Dhabi Company for Onshore Oil Oper-
ations (ADCO). He is a very active member of ISACA and holder of CISA, CISM, CRISC and CobiT-F Certifications. He
can be reached at his Email: [email protected]
Quarterly Newsletter from the Muscat Chapter of ISACA
CPE Session on 13/05/2012
Chapter News
June 2012 Page: 3
Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 4
Chapter News
CPE Session on
29/05/2012
www.isacamuscat .org
Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 5
Chapter News
Full Day Seminar on 12th June
What would you like to read in the Newsletter? Do you have some suggestions? Would you like to send a short article— anything which you
feel members would be interested in..
Would you like to share your experience in preparing for the CISA, CISM exam… You need not be a topper to give ideas… If you have an-
swered “Yes” to any of these questions...then share with others…
please send the material or suggestions to
[email protected] or call 9921 6802.
Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 6
Chapter News
Quarterly Newsletter from the Muscat Chapter of ISACA June 2012 Page: 7
Miscellany
Welcome to the second newsletter of ISACA Muscat Chapter for 2012.
So far this year the chapter has done very well in arranging 10 Pro-
grams (9 CPE and one family get together function). Also for the first
time the chapter had organized a full day event on 12th Jun 2012. This
event was a grand success. Almost 80 members and guests had partici-
pated the CPE event. The program was sponsored by M/s Muscat Phar-
macy LLC. Seeing the response and your support we the Board of
ISACA chapter shall try to arrange a similar program before the end of
the year.
CISA / CISM / CGEIT and CRISC examination just got over and there was good number of
candidates appeared for the examination. I wish all the candidates good luck and come out
successful in flying colors.
Generally July and August months, many of our members take annual vacation. The chapter
board members are planning to have at least 2 CPE events during these two months. Mem-
bers present during this period ensure to attend the session and mark it grand success.
I take this opportunity to wish happy holidays and safe return to Oman, for members travel-
ling to their native country on vacation.
Through this news letter I urge all the members to contribute article to the news letter.
For Dec 2012 examination, the chapter will have the open session in first week of August
2012. Please inform your colleagues, friends etc. who would like to hear on various certifi-
cations offered by ISACA and they may decide to join ISACA to shape up their career much
better.
Our special thanks and gratitude go to each one of you for your devotion and dedication.
-Regards, Badri N Subudhi, President, ISACA Muscat Chapter
President speaks
Welcome to the
summer edition
of year 2012.
It is summer
time am sure
most of you are
on plan to visit
your home country. The
session on the 12th was very
informative and hope that the
chapter organize such semi-
nars in future as well. Wish-
ing all the best to certification
aspirants and wish you a
happy summer vacation
- subbarao
Editor’s corner
Do you Know?
More than 90,000
CISA certifications
have been awarded
since the
credential’s
inception in 1978
In January 2012, 550 CISA,
287 Certified Information
Security Manager (CISM), 20
Certified in the Governance of
Enterprise IT (CGEIT), and
42 Certified in Risk and
Information Systems Control
(CRISC) candidates were
awarded certification.
CPE Table—Year 2012
Date Venue & Topic Hrs.
29/01/12 Oman Medical College—PCI—DSS 2
06/02/12 PDO Exhibition Centre - Open Session 2
07/02/12 CBFS - Annual General Meeting 2
06/03/12 CBFS - IT Audit of Critical Systems 2
16/04/12 E & Y Knowledge Series 2
13/05/12 Managing Complexities of IT Audit 2
29/05/12 Wireless Security 2
06/05/12 PCI Risk Assessment 2
12/06/12 Full Day Seminar 6
Members can use this table to reconcile their CPE Credits.
However members should note the CPE hours are granted
based on the attendance only.
ISACA Muscat chapter has
won Silver -level award for
2011 for their website. The
award was issued by ISACA
international chapter. This
award is given for the best
design, content and manage-
C h a pt e r C o n t a c t s Name Position Mobile e-mail
Mr. Badri Narayan Subudhi President 99 812 050 [email protected]
Mr. Venu Gopal Hari Vice President 99 215 701 [email protected]
Mr. Jitendra Singhvi Secretary 97 847 777 [email protected]
Mr. Biswajit Das Treasurer 24 525 031 [email protected]
Mr. Vijendra Mohonot Director - Membership 99 889 462 [email protected]
Mr. Dilip Warkad Additional Director- Membership 99 041 893 [email protected]
Mr. J. Srinagesh Program Chairperson 99 235 063 [email protected]
Mr. Aji Bhaskar Additional Director- Programs 99 473 259 [email protected]
Mr. O.G. Ravishankar Additional Director- Programs 99 341 856 [email protected]
Mr. Jose Chacko Education Chairperson 99 215 691 [email protected]
Mr. Mohamed Nayaz Director - Marketing 99 429 679 [email protected]
Mr. Gokul Krishnan Director- Communications 99 339 637 [email protected]
Mr. Chetan Jamandas Shah CGEIT Coordinator 99 314 358 [email protected]
Mr. Biju Padanilam Director - CISA Coordination 99 670 613 [email protected]
Mr. Rajkumar Patra Additional Director- CISA coordination 99 321 540 [email protected]
Mr. Promod Sujgure Additional Director- CISA coordination 95 526 436 [email protected]
Mr. D. Bala Subramaniam Director - CISM Coordination 95 234 135 [email protected]
Mr. Hilal Nasser al Habsi Additional Director- CISM coordination 99 356 617 [email protected]
Mr. Subbarao V Bollapalli Additional Director - News Letter 99 216 802 [email protected]
Mr. Zacharias Chacko Director- Research liaison 99 443 491 [email protected]
Mr. Venkatesan Muralidhar Immediate Past President 99 425 427 [email protected]
About us..
Muscat chapter is one among more than 190 chapters of ISACA established in 95 countries worldwide. ISACA, as an inter-
national body has been in existence since 1969. ISACA with a worldwide membership of over 95,000 members is character-
ized by its striking diversity. Members live and work in more than 160 countries. They work in nearly all industries includ-
ing financial and banking, audit and consultancy firms, government bodies and educational institutions. This rich diversity
enables members to interact with each other. One of the strongest strengths of ISACA is the enormous resources it pro-
vides to its members through its website, regular regional and international conferences, free delivery of its technical journal
-the Information Systems Control Journal, free access to K-NET an internet based compendium of reference materials and
a bookstore covering the latest developments in the fields of IS assurance, control, security and governance.
Muscat chapter was established in 2000 under the sponsorship of the College of Banking and Financial Studies (CBFS)
which is affiliated to the Central Bank of Oman. The chapter has a membership of 302 members. The chapter membership
also mirrors the diversity of its parent body. The chapter’s mission is to promote education for the CISA and CISM certifica-
tions, spread awareness of IS audit and controls, provide a framework for regular meetings and interaction amongst local IS
audit and control professionals, thereby helping in raising standards and promoting best practices to manage Information
technology effectively in their organizations.
a globally respected designation for experienced IS audit, control and security professionals.
More than 80,000 have earned the CISA designation since its inception in 1978.
a groundbreaking designation for leaders who manage an organization’s information security.
More than 15,500 have earned the CISM designation since it was established in 2002.
for professionals who manage, provide advisory and/or assurance services, and/or who otherwise
support the governance of an enterprise’s IT. More than 4,500 professionals have earned the
CGEIT designation since it was established in 2007.
for IT professionals who have experience with risk identification, assessment and evaluation;
risk response; risk monitoring; IS control design and implementation; and IS control monitoring
and maintenance. More than 5,700 professionals have been certified since inception in 2010.
Certification Centre