Your SlideShare is downloading. ×
February - Chapter Meeting.doc
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

February - Chapter Meeting.doc


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. The Audit Findings December 2005 A Monthly Newsletter for Members of the Omaha Chapter of the Information Systems Audit and Control Association Message from the President As many of you might know Commercial Federal will be Bank of the West starting Monday, December 2. As a result of these changes our current President Dennis Pickard has accepted a position with DST Systems in Kansas City. This should be a great opportunity for Dennis and we thank him for his time and effort with the chapter and wish him the best of luck! To fill this vacancy, I will be stepping into the Presidnet role to finish out the remainder of the 2005-2006 ISACA year. Donna White (Mutual of Omaha) and Barb Keuchel (FNBO) have graciously stepped forward to help out in the Vice President and Newsletter Editor duties. I would also like to note that we are looking for volunteers, if anyone is interested in volunteering for either the Web Site Content or Newsletter positions please contact one of the chapter officers. A quick reminder, the next meeting will be January 24th featuring Tony Grey of Imperva. He will be speaking on web applications and database level security. Registration information is available on the website. Have a happy holidays and see you at the January ISACA meeting! Sincerely, Jason Upcoming Chapter Events!!! January – Chapter Meeting February - Chapter Meeting Date – January 24, 2006 Date – February 28, 2006 Place – Scott Conference Center Place – Scott Conference Center Time – Lunch: 11:30 AM-12:00 PM Time – Lunch: 11:30 AM-12:00 PM Presentation: 12:00 PM - 1:00 PM Presentation: 12:00 PM - 1:00 PM Cost - ISACA Members $15 and Non-members $20 Cost - ISACA Members $15 and Non-members $20 RSVP – January 10, 2006 RSVP – February 7, 2006 Topic – Web Application & Database Level Security Topic – Host Virtualization (& paravirtualization) Xen, Speaker – Tony Grey, Imperva SuSE 9.3 pro, Magic & Mystery. Speaker: Mike Hoesing, First National Bank 1
  • 2. CISA and CISM Exam Highlights The December exam administration closed with more than 13,500 CISA and 1,300 CISM registrants. For those taking the CISA exam, this is the last exam that will use the current CISA job practice areas and the 2005 CISA study materials. Please visit detailed information. The study materials for the June 2006 CISA exam are now available. Chapters with the resources to provide preparation training are encouraged to do so and should use the materials already provided by ISACA. Registration for the June 2006 CISA and CISM exams began the week of 24 October. To view additional details and a series of frequently asked questions, please visit Additionally, candidates may view or print a copy of the CISA or CISM Bulletin of Information for the June 2006 exams at Since the June 2005 exam results were released at the end of July, thousands of new CISAs have been certified. Exam passers have five years to apply for certification. For those who passed the exam in 2000, the deadline to apply for certification is 31 December 2005. Those who passed the exam in 2001 will receive reminders of their 31 December 2006 deadline. 2006 CISA Study Materials The 2006 CISA study materials are based on the new 2006 CISA job practice analysis and have been significantly enhanced with current IS audit practitioner issues. The new CISA job practice analysis areas include: • The IS audit process • IT governance • Systems and infrastructure life cycle management • IT delivery and support Online CISA Examination Review Course at Creighton University • Protection of information assets • Business continuity and disaster recovery The studymay know, Creighton University launched anCISA Questions, Answers & Explanations Manual 2006; CISA Questions, a As you materials include the CISA Review Manual 2006; online CISA examination review course in Spring 2005. We had modest success in attracting candidates from overseas and also from several other states in the USA. An improved Answers & Explanations Manual 2006 Supplement; and the CISA Questions, Answers & Explanations CD-ROM 2006. These publications are availableis now available for registration. Since this is a self-paced course, there is no registration deadline, version of the course at although sooner you enroll, more time you have to prepare for the examination. The course information is available at When you go to the site, please select CISA. This is a COBIT 4.0 and Val IT FAQs Available self-paced course, so you decide your pace in completing the course. You may visit any parts of the site as®many times as ISACA has recently posted on its web attempts to the diagnostic tests and post-tests. you wish and you can make multiple site frequently asked questions (FAQs) pertaining to the new COBIT 4.0 and Val IT™ publications. The FAQs are a quick and easy way to get some basic information about these important new documents from the ITcourse formatInstitute® (ITGI). The follow are available in full at If you wish to see the Governance and structure, please FAQs these steps: Some excerpts follow. 1. Go to 2. Type in you NetID as CISA001 3. Enter your password as creighton (all lower case). Once you get to the site, be sure to look at Chapter One. This is a very limited view of the course. Nevertheless it will provide you some insight as to how the course is structured. It will also show if the technology you are using permits you to easily access the course content. ISACA Contacts 2005 President – Jason Coyle, ConAgra Foods, Once you Vice President –guest site, please feel free to register at Select CISA as your course. have viewed the Donna White/Barb Keuchel, Mutual of Omaha/FNBO, Sec/Treasurer – Doug Wendt, OCC, I should note three other points. - Stephen Aikins, Commercial Federal Bank, Test and Post Test. One Chapter AuditorFirst, the course currently includes Diagnostic auditor@isaca-omaha.orgmore test will be added in each chapter, calledContent – Jason Coyle, ConAgra Foods,understanding of a term, an object, or a concept. Web Site Definitional Test, which will test your Second, beginning this year, I have beenJerry Sterkel, Americanof the Quality screen and Membership Coordinator – working as a member Agrisurance, Assurance Team of ISACA, to select from proposed multiple-choice itemsDr. Vasant Raval, Creighton University, exercise that CISA/CISM Coordinator – for inclusion in the CISA Review Manual. This is an extensive gives me the insights to make Editor – Donnaeven more effective for your success in the CISA examinations. Third, for Newsletter the course site White, Mutual of Omaha, the Omaha-based participants, I do conduct face-to-face meetings (usually two) closer to the examination date. If you have any questions, or need additional information, please email me at 2 Thank you for interest in the CISA online course. Vasant Raval
  • 3. Career Opportunities Just a reminder that local Audit and I/T opportunities can be found at careerlink. Navigate to, For Job Seekers, Find Jobs in Omaha by Career Field, Finance/Accounting, Audit. Infotec – Midwest Information Technology Expo and Conference Date: April 3 – 5, 2006 Location: Qwest Center, Omaha For more information, contact Infotec at Infotec 2005 Conference April 5 to 7, 2005 Omaha Nebraska 3
  • 4. ISACA Training Update ISACA Training Week 5-9 December 2005 Scottsdale, Arizona, USA 27 February-3 March 2006 Anaheim, California, USA (tentative) COBIT User Convention 1-2 December 2005 3-7 April 2006 Orlando, Florida, USA Zurich, Switzerland This two-day event is designed for users of COBIT and will feature case studies and 5-9 June 2006 facilitated discussion groups. COBIT users, joined by Erik Guldentops, chair of the ITGI Philadelphia, Pennsylvania, USA COBIT Steering Committee, and Gary Hardy, a member of the COBIT Steering (tentative) Committee, will present implementation strategies, lead discussions, answer questions and provide COBIT updates. The event is structured to provide case study presentations on day one, and problem solving, question and answer opportunities, user feedback, and future ISACA Training Week events solutions on day two. A preconference workshop, Implementing COBIT for IT Management provide in-depth coverage of the and Governance, will also be offered, and is limited to the first 20 registrants. For more latest strategies and practices for information, please visit business, managerial, operational, auditing and security challenges associated with information technology and information systems. A great networking opportunity, North America CACS these events offer important industry 7-11 May 2006 topics led by world-renowned Orlando, Florida, USA presenters, and continuing North America CACS is well known for addressing the complex issues facing professionals professional education hours. responsible for information assurance, security and governance. Industry experts from around the world will be on hand to provide solutions and practical approaches to enable and equip attendees to meet the challenges ahead. For more information, please visit Topics for upcoming events include Fundamentals for IT Auditing, IT Audit Practices, and Information Security Management. For more 2006 ISACA Conferences information and additional dates and • 30 July-2 August 2006—International Conference, Adelaide, South Australia locations as they become available, • 28 August-1 September 2006—ISACA Training Week, Ottawa, Ontario, Canada please visit • 9-13 October 2006—ISACA Training Week, Budapest, Hungary (tentative) trainingweek. • 6-10 November 2006—ISACA Training Week, Dallas, Texas, USA • 4-8 December 2006—ISACA Training Week, Orlando, Florida, USA 2005-2006 Conference/Training Week Calendar COBIT® User ISACA Information ISACA EuroCACSSM ISACA North America ISACA Convention Training Security Training Training CACSSM Training Week Conference Week Week Week 1-2 5-9 20-21 27 February- 19-22 3-7 7-11 5-9 Dates December December February 3 March March April May June 2005 2005 2006 2006 2006 2006 2006 2006 Orlando, Scottsdale, Panama City, Anaheim, London, Zurich, Orlando, Philadelphia, Florida, Arizona, Panama California, England, Switzerland Florida, Pennsylvania, Location USA USA USA USA USA (tentative) UK (tentative) CPE 13 38 14 38 41 38 TBD 38 Hours 4
  • 5. ISACA Research Update Aligning COBIT, ITIL and ISO 17799 for Business Benefit This management briefing is the result of a joint study initiated by ITGI and the UK Office of Government Commerce (OGC), in response to the growing significance of best practices to the IT industry and the need for senior business and IT managers to better understand the value of IT best practices and how to implement them. COBIT can be used at the highest level, providing an overall control framework based on an IT process model that generically suits every organization. There is also a need for detailed standardized practitioner processes. The COBIT framework can be mapped to specific practices and standards, such as ITIL and ISO 17799, which cover specific areas and thus provide a hierarchy of guidance materials. The publication is a complimentary download, available at Security Audit and Control Features SAP® R/3® , 2nd Edition Current best practices and future trends in ERP issues have been updated from the first edition published in 2002. This practical how-to technical and risk management reference guide enables auditors and risk professionals (IT and non-IT) to evaluate risks and controls in existing ERP implementations and facilitates the design and building of better practice controls into system upgrades and enhancements. The series of technical and risk management reference guides deals with the world’s three major ERP systems: SAP R/3 Audit, Oracle® Applications and PeopleSoft®. The publication will be available in the ISACA Bookstore by the end of the year. The remaining two in the series will be updated in 2006. Information Security Governance, 2nd Edition With increased networking and a growing realization of the value of information assets, information security is recognized as one of the most important issues to address for all IT users. This updated publication helps explain information security in business terms and comes complete with tools and techniques to help boards and executive managers uncover security-related problems. It will be available in print and as an e-book in the ISACA Bookstore by the end of the year. Val IT Enterprise Value: Governance of IT Investments Series Val IT is a governance framework that includes generally accepted guiding principles and supporting processes related to the evaluation and selection of IT-enabled business investments. It also provides benchmarking capability and allows enterprises to exchange experiences on best practices for value management. The Val IT framework is based on the COBIT framework. To obtain a return on investment, the Val IT principles are applied to management processes, including value governance, portfolio management and investment management. The Val IT framework will be supported by publications and operational tools. The first series, Enterprise Value: Governance of IT Investments, is scheduled for release by the end of 2005 and will contain three publications: • Val IT Framework • Val IT Business Case • Val IT ING Case Study For more information, please visit 5