Everyone is aware of the need for information security in today's highly networked business environment. Information is arguably among an enterprise's most valuable assets, so its protection from predators from both within and outside has taken center stage as an IT priority.
2008 IIA New Zealand Annual Conference was held on 17-19 November 2008 at Westpac Stadium, Wellington.
The theme of this conference was "Wind of Change" - Over 30 speakers (local and international) and panelist contributors discussed current issues in IT Governance, risk and assurance, etc.
Please visit the IIA NZ's website (http://www.iianz.co.nz/Conference.cfm) for more information about the conference (including presentation materials).
We all have to start somewhere. So, if you are interesting in 'having a go' at computer forensics, here's a quick, practical introduction to the mechanics:
http://www.shortinfosec.net/2008/07/tutorial-computer-forensics-process-...
The August, 2008 volume of Control Journal (vol 4) contains an article 'Secure Software Development - The Role of IT Audit' (B L Ciaramitaro and J Livermore). Essentially this article complains about:
All of this seems to be true and as a consequence businesses are spending billions of dollars each year recovering from security breaches due to insecure software.
A challenge to those developing IT audit programmes anywhere where software is being developed, is to proactively address this shortfall by introducing sofware programming security audits. The 'Secure Programming Standards Methodology Manual' (SPSMM at http://www.isecom.info/mirror/spsmm.0.5.1.en.pdf) provides a good insight into the kind of software vulnerabilities that exist and the kind of security techniques needed to deal with them.
As with most IT auditing, which can be conducted at several levels, the key here is to ensure that:
