Welcome to the SC Midlands Chapter of ISACA Site!
Your participation in our officer elections is vital for the continued growth of our chapter. The notice will be sent out soon and we request your timely reply.
Here is a way to get involved with ISACA that requires time but not a long-term commitment. Getting involved with a project could be a great way to get your feet wet and expand your horizons.
Current Subject Matter Expert (SME) needs for Research Projects:
- Privacy Framework – ISACA Privacy Principles (Looking for SMEs – 3rd quarter 2015)
- DevOps (Looking for SMEs – 3rd quarter 2015)
- Quick Start Guide to Audit/Assurance Programs (Looking for SMEs – 3rd quarter 2015)
- Audit/Assurance Programs (Continuous need)
If you know of someone in your chapter suitable for any of the above projects, or if you yourself are interested, please contact Nancy Cohen at firstname.lastname@example.org.
Breaking Cybersecurity News
The U.S. House recently passed two cybersecurity information sharing bills, the Protecting Cyber Networks Act and The National Cybersecurity Protection Advancement Act of 2015. As part of our Cybersecurity Nexus™ (CSX) program, ISACA is committed to providing you with the knowledge, guidance and tools you need to be effective. Visit our Cybersecurity Legislation Watch center today to read our exclusive CSX Special Report—including explanations, business impacts and expert commentary on both bills!
You should be receiving individual emails now regarding registration for our upcoming classes. Here is what is planned for the next few months:
June 10 - 12 – we are having a 3 Day Security/Audit conference with Ken Cutler. Your Choice of ½ day sessions on Day 1, or attend Day 1, Day 2 & 3, or all 3 days. Topics are:
Winning the Great Shell Game: Auditing the Many Faces of Chg Cntl – ½ Day (4 CPEs)
Dancing With Penguins: Linux as an Audit Target and IT Audit Tool – ½ Day (4 CPEs)
Auditing in CyberSpace: Locating and Reducing Risks in Web Apps – 2 Days (16 CPEs)
July 22 – We will have Stu Henderson return for Security and Audit of TCP/IP on the Mainframe or on any Computer! 8 CPEs
TCP/IP (Transmission Control Protocol/Internet Protocol) is the most common method for two computers to exchange information. It started with the UNIX operating system, spread to the Internet, and is now supported by IBM computers, Novell computers, and Windows computers as well. As the computers in our organizations become connected into "one big intranet", TCP/IP is the means to link them together. In this class you will learn in clear, straight-forward terms: what TCP/IP is, how it works, and the security issues it raises. You will learn the different types of security risk for TCP/IP, and the available, practical measures to control them.
Register here: http://www.cvent.com/d/trqwjk
August 19 – ETL: Security and Auditing Across the Entire Data Flow, presented by Brian Kelley, 6 CPE'S
The vast majority of organizations have Extract, Transform, and Load (ETL) cycles which move data between systems. Typically these are known batch or nightly cycles, but whatever they are called, their purpose is to make sure the right information gets into the right systems. In the first part of this session we'll look at how the data flows from sources to destination. We'll talk about the sources, the staging points, and the destinations for that data, looking at the advantages and disadvantages of each from a data flow perspective. It's important to get this perspective before considering security. Then we'll talk about the security implications of each choice at a high level, looking at the relative strengths and weaknesses, and discussing how an attacker might look at compromising each type of resource. In the second part of the session we'll discuss and see real examples of how we might put in place greater security and auditing for each type of source, destination, and staging point along the way. We'll talk about the pros and cons of each option, in order to understand what each gives us and what it costs, not only in dollars, but in performance and functionality as well.
To learn more and register, go to http://www.cvent.com/d/9rqd6h
September 21 & 22 – Risk Management with Leighton Johnson
Please note that the South Carolina State Audit Conference will be held on November 4 – 6 in Columbia, SC.
Cybersecurity Fundamentals Certificate Exam Now Being Offered
ISACA’s Cybersecurity Nexus (CSX) offers myriad resources to help you and your chapter members learn more about cybersecurity. ISACA can help you and your fellow members emerge as cybersecurity leaders with the offering of the Cybersecurity Fundamentals Certificate.
The Cybersecurity Fundamentals Certificate exam, which is geared toward anyone interested in pursuing a career in cybersecurity, can be taken online. The certificate aligns with the US National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) and the Skills Framework for the Information Age (SFIA). To earn the certificate, you must pass the exam and agree to adhere to ISACA’s Code of Professional Ethics. ISACA has created the Cybersecurity Fundamentals Study Guide to help learners prepare for the exam.
For more information on the Cybersecurity Fundamentals Certificate, visit the Cybersecurity Nexus page of the ISACA web site.
2014 – 2015 President