IIA New Zealand's 2009 National Conference "Smarter Tools for Unprecedented Times" - will be held in Ellerslie Event Centre, Auckland.
When: 16,17th November 2009.
Find out more here http://www.iianz.co.nz/Conference.cfm
This year there is considerable emphasis on practical tips from experienced practioners covering a range of tricky topics faced by internal auditors plus a range of thought proving strategic issues.
This is an expanded, modified version of an 'educational chart' that may be familiar to you.
Hope that you enjoy it!
[Note - the chart is 5 pictures wide by 2 high, for some reason the web display sometimes only shows 4 wide. You can download the .jpg file from the link]
Cheers
Ron
Ron Segal
The National Security Agency (NSA) defines a trusted computer system or component as one "whose failure can break the security policy", and a trustworthy system or component as one "that will not fail". A trusted system therefore is one where 'trust' is used to describe a role, irrespective of whether a system is able to perform adequately in that role, whereas 'trustworthy' is used to describe the adequacy of a system to perform as expected. In both cases 'trust' is effectively used as an acronym for security, although 'trustworthy Computing' according to Microsoft's Bill Gates is broader - 'What I mean by this is that customers will always be able to rely on these systems to be available and to secure their information.'
2008 IIA New Zealand Annual Conference was held on 17-19 November 2008 at Westpac Stadium, Wellington.
The theme of this conference was "Wind of Change" - Over 30 speakers (local and international) and panelist contributors discussed current issues in IT Governance, risk and assurance, etc.
Please visit the IIA NZ's website (http://www.iianz.co.nz/Conference.cfm) for more information about the conference (including presentation materials).
The Computer Security Institute (CSI) Survey for 2008 has been published and can be downloaded from their web site.
There's an excellent series of articles on privacy in the August 2008 edition of Scientific American. How privacy can be threatened by new technology is only one aspect that is explored. The other is a compelling case that the solution to address most of our fears on privacy loss is to let people, through regulatory means, have the power to exercise more control over their own personal information.
We all have to start somewhere. So, if you are interesting in 'having a go' at computer forensics, here's a quick, practical introduction to the mechanics:
http://www.shortinfosec.net/2008/07/tutorial-computer-forensics-process-...
The August, 2008 volume of Control Journal (vol 4) contains an article 'Secure Software Development - The Role of IT Audit' (B L Ciaramitaro and J Livermore). Essentially this article complains about:
All of this seems to be true and as a consequence businesses are spending billions of dollars each year recovering from security breaches due to insecure software.
A challenge to those developing IT audit programmes anywhere where software is being developed, is to proactively address this shortfall by introducing sofware programming security audits. The 'Secure Programming Standards Methodology Manual' (SPSMM at http://www.isecom.info/mirror/spsmm.0.5.1.en.pdf) provides a good insight into the kind of software vulnerabilities that exist and the kind of security techniques needed to deal with them.
As with most IT auditing, which can be conducted at several levels, the key here is to ensure that:
“ISACA Top Business /Technology Issues - Survey Results” report was just released recently. It was conducted globally over three weeks in April and May 2008 with the assistance of audit/assurance, IT and information security managers across the globe.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 |
