Taken from Blog 

Free Event on 7 December Brings Experts to Your Desktop 

Rolling Meadows, IL, USA (30 November 2011)—Global IT association ISACA will showcase emerging issues in cloud computing for 2012 at its free virtual seminar on 7 December. IT professionals will hear from industry leaders and network with peers from around the world, all without leaving their desks, at the event titled Making the Case for the Cloud: The Next Steps, on Wednesday, 7 December 2011, from 6:00 a.m.–3:30 p.m. CST (UTC-5).

 “Cloud computing is continuing to gain acceptance, so it is critical for the risk and governance issues to be clearly understood and managed,” said Ken Vander Wal, CISA, CPA, international president of ISACA. “ISACA’s virtual conference will arm attendees with the knowledge needed to make informed business decisions related to cloud computing and help them add value through their cloud initiatives.”

 Presented from a holistic business perspective, the five sessions will address benefits and risk, security preparation, incident response, legal aspects and software as a service (SaaS). The sessions will help attendees:

• Explain the business value of cloud computing
• Prepare their enterprises’ network for the cloud
• Plan for and manage security breaches and compliance concerns
• Anticipate legal considerations before signing a contract
• Get the most out of cloud SaaS services

During live Q&A sessions, attendees can interact directly with the session presenters, including:

• Urs Fischer, CISA, CRISC, independent IT GRC consultant, presenting "Cloud Computing:  Business Benefits and Risk, Security and Audit/Assurance Perspectives"
• Dave Shackleford, senior vice president of research and chief technology officer at IANS, presenting "Prepare Your Network for the Cloud"
• Kevin Beaver, information security consultant, seminar leader and keynote speaker for Principle Logic LLC, presenting "Incident Response in Cloud Computing"
• Andrew Baer, intellectual property lawyer and partner with Baer Crossey LLC, presenting "Cloud Engagements:  A Legal Perspective"
• Diana Kelley, founder of SecurityCurve, presenting "Choosing SaaS Security"

During the virtual seminar, participants can attend sessions, connect with other attendees and “visit” exhibitor booths. Attendees can earn up to five free continuing professional education (CPE) hours. To learn more about ISACA’s global events, visit www.isaca.org/conferences. 

ISACA provides a variety of ways for IT and business professionals to learn about, and demonstrate proficiency in, ensuring trust and value from cloud computing activities. Resources about cloud computing are available at www.isaca.org/cloud. 

Taken from Blog

Rolling Meadows, IL, USA (29 November 2011)

With the increased use of mobile devices to pay for goods and services, traditional wallets with cash and credit cards could one day be obsolete. A new ISACA white paper, “Mobile Payments: Risk, Security and Assurance Issues,” examines this growing trend and offers guidance on managing risk and increasing security.

A study from Juniper Research found that the value of mobile payments for digital and physical goods, money transfers and other transactions will reach almost US $630 billion by 2014. The Mobile Payments white paper, available as a free download from ISACA, a nonprofit global association of IT professionals, identifies consumer benefits, including the speed and convenience of not carrying cash and credit cards, the consolidation of many cards, and an enhanced layer of security. Enterprises benefit by reaching more consumers, reducing the amount of stored data needed to meet compliance requirements, improving transaction security and fraud detection, and engaging in location-based marketing (geo-marketing).

“Mobile payments offer many benefits, but we also need proactive planning and measures to manage risk, which can include anything from theft of identities and services; loss of revenue, brand reputation and customer information; and money laundering and terrorist funding,” said Nikolaos Zacharopoulos, CISA, CISSP, IT auditor for Geniki Bank, Greece, and chair of ISACA’s project development team for the white paper. “This guidance identifies the risk types and the countermeasures that should be in place to mitigate them.”

The Mobile Payments white paper provides practical advice for enterprises so they can:

• Build robust controls into the planning process.
• Ensure that transactions are carried out only by the authorized person.
• Identify the data that are considered personal and sensitive, and ensure that the information is protected.
• Ensure that third parties involved have robust security governance in place.
• Pay specific attention to the originating point of a mobile transaction—the customer device and the user. 

“Security will be a major driver for the adoption of mobile payments, as trust plays a very important role when the customer decides to use a new payment tool,” said Zacharopoulos. “While more regulation in the mobile payment ecosystem is developing, it is important that enterprises proceed with care so they can offer consumers the conveniences of mobile payments as well as the security and privacy necessary.”

For more information on mobile payments, download the free ISACA white paper. Further ISACA guidance on mobile devices is available in the “Securing Mobile Devices” white paper and the Mobile Computing Security Audit Assurance Program.

• Governance of Enterprise IT (new)—This course, aligned with the Certified in the Governance of Enterprise IT (CGEIT) certification, addresses how to develop a governance strategy to achieve value and manage risk within an enterprise, and the value that governance brings to the enterprise.
• IT Risk Management (new)—This course provides an in-depth review of Risk IT, which is based on the COBIT framework and the process model that includes risk governance, risk evaluation and risk response. Attending the IT Risk Management Training Week course can be even more educationally valuable when enterprises send more than one employee. The course includes the opportunity to build a customized risk plan, specific to the attendees’ enterprises. Colleagues can collaborate in the process, and bring a more valuable, relevant plan back to the office.

“ISACA Training Week is an excellent opportunity to gain a solid foundation in information security, IT audit or IT governance,” said Ken Vander Wal, CISA, CPA, international president of ISACA. “The valuable tools presented provide attendees with expertise they need to reduce risk, protect their enterprise and develop strategies for IT governance in this challenging climate.” 

Instructors at the Chicago event include Barry D. Lewis, CISM, CGEIT, CRISC, CISSP, president of Cerberus; and Shawna Flanders, CISA, CISM, a productivity specialist at PSCU Financial Services.

The ISACA Training Week registration fee, which includes course materials, is US $2,295 for ISACA members and US $2,495 for nonmembers. Participants are eligible to earn up to 38 continuing professional education (CPE) hours.

For additional ISACA Training Week information or to register, please visit www.isaca.org/trainingweek.

• Governance of Enterprise IT (new)—This course is aligned with Certified in the Governance of Enterprise IT (CGEIT) certification and addresses how to develop a governance strategy to achieve value and manage risk within an enterprise, and explains the value that governance brings to the enterprise.
• Fundamentals of IT Audit and Assurance—This course is aligned with the Certified Information Systems Auditor (CISA) certification job practice areas, and will discuss controls and control objectives tailored to the evolving role of IT auditors, including an understanding of how to achieve business goals.
• IT Audit and Assurance Practices—This course aligns with the Certified Information Systems Auditor (CISA) certification job practice areas and delves into risk analysis concepts and practices, and guides professionals in developing risk-based audit plans.

“ISACA Training Week is an excellent opportunity to gain a solid foundation in information security, IT audit or IT governance,” said Ken Vander Wal, CISA, CPA, international president of ISACA. “The valuable tools presented provide attendees with expertise they need to reduce risk, protect their enterprise and develop strategies for IT governance in this challenging climate.” 

Instructors at the Scottsdale event include Albert J. Marcella Jr., Ph.D., CISA, CISM, president of Business Automation Consultants LLC; Craig McGuffin, CISA, CISM, CGEIT, CRISC, principal of C.R. McGuffin Consulting Services; and Don Caniglia, CISA, CISM, CGEIT, FLMI, Founder and CEO, ITRisk Management Services, LLC. 

The ISACA Training Week registration fee, which includes course materials, is US $2,295 for ISACA members and US $2,495 for nonmembers. Participants are eligible to earn up to 38 continuing professional education (CPE) hours.

For additional ISACA Training Week information or to register, please visit www.isaca.org/trainingweek.