@ISACA Volume 17: 14 August 2013 

@ISACA Relevant, Timely News

New Exam Resources Launched

The Knowledge Center has 4 new communities—one for each of ISACA’s certifications—to aid your exam preparation. Each community is led by that certification’s top exam scorer of 2012. The community is limited to current exam registrants, community leaders and chapter certification coordinators. The exam study communities focus on study methods and sharing information on available resources. If you are not sure what to expect on exam day, ask a community leader.

To protect the integrity of the exam, specific exam questions will not be addressed in the communities and each community will be unavailable during the exam administrations.

Have you registered for an upcoming exam? If yes, join the CISA, CISM, CGEIT or CRISC community. ISACA members not registered for an ISACA exam are welcome to join other Knowledge Center topics.


ENISA and ISACA Address Cybersecurity Challenges

In June, ISACA and ENISA hosted a joint workshop at ISACA’s World Congress: INSIGHTS, in Berlin, Germany, to address cybersecurity challenges for national regulators, telecom operators, Internet service providers (ISPs) and auditors. More than 25 organizations from 15 countries attended the event. As a follow-up to the workshop, ENISA and ISACA will issue a joint white paper providing guidance on this matter.

Themed “Auditing Security Measures in the Electronic Communications Sector,” the workshop covered Article 13a from the European Union Framework Directive of Telecom Reform. Article 13a requires electronic communications providers to assess risk, take appropriate security measures to prevent security incidents and report on security incidents to their national regulator.

Led by a panel featuring a national regulator, a telecom operator and an auditor, the open discussion brought forward thought-provoking insights regarding the following questions:

  • How can providers show their respective national regulators (in a cost-effective way) that appropriate security measures are in place?
  • How can providers reuse existing governance frameworks and tools?
  • How can government authorities supervise and ensure that appropriate security measures are being taken across a sector?
  • What is the role of auditing and certification? Who should bear the auditing costs and receive the detailed audit reports?

“ISACA’s knowledge, COBIT framework and certifications are based on international research and cooperation, which in turn helps professionals and their enterprises innovate,” said Christos Dimitriadis, director of ISACA and head of security at INTRALOT Group. “Hosting a workshop jointly with ENISA, a key European organization in network and information security, was of great value for ISACA members and the security community as a whole.”


Participate in Study on Cloud Computing Market Maturity and Business Value

To follow up on the initial 2012 Cloud Computing Market Maturity Study, the Cloud Security Alliance (CSA) and ISACA are conducting a second study. The 2012 study identified that organizations were looking to cloud service providers to establish innovative solutions that would benefit user organizations.

A year has passed and the cloud market has changed significantly—at least in terms of adoption and use. A question remains, however, regarding who is innovating and is this innovation bringing real value to organizations that deploy cloud infrastructures or solutions? In addition, CSA and ISACA have found that there are fundamental issues that need to be resolved before cloud computing can be trusted for mission-critical processes.

The second study will address these questions and determine the current state of cloud computing market maturity. To contribute your insight, participate in the Cloud Computing Market Maturity Survey by 31 August. All responses are confidential. Study results will be released later this year.


Certification Exam Registration

Registration for the December Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) exams is open. The early registration deadline for the December administration is 21 August 2013; register early and receive a US $50 discount off the registration fee.

CISA and CISM exam results from the September administration will be released in time for individuals to test again in December, if needed. Registration for the 7 September 2013 CISA and CISM exams is now closed. Candidates who have fully paid their exam fees can download their admission ticket online at the My ISACA page of the web site. Please direct any questions on admission tickets to exam@isaca.org.

For more information, visit the Exam Registration page of the ISACA web site.


Capturing Forensics Data
By Leighton Johnson, CISA, CISM, CIFI, CISSP

When a forensics team deploys to a scene, its members require many tools to capture all of the data potentially needed for further investigation during the case. The basic steps of a forensics analyst during this process are:

  1. While the computer or other computing device is still on and before turning it off, initially determine priorities during “live” capture of the system’s volatile files and processes. This is where the volatile memory, temporary files and system processes active on the device are retrieved.
  2. Retrieve suspect data and place onto external storage media. This is the point at which the hardware write blocker is installed on the capture device to prevent tampering with data as they are retrieved.
  3. Conduct the bit-stream image copy of suspect data. This is the actual data copy of the device data. The bit-stream image copy is a bit-by-bit complete copy of the full memory device or area.
  4. Conduct the hash encryption action upon the captured data. This step is needed to provide a scientifically proven method of ensuring the copies are identical to the original. These copies are what is examined during analysis.
  5. Record the evidence during capture onto chain-of-custody forms. Recording of the evidence particulars and surrounding data is critical to chain-of-custody and documentation requirements. It is performed to ensure that there is no external access to data to induce reasonable doubt about the validity of the captured evidence.
  6. Determine the method of storage for transfer of the various captured media, devices and technical components seized during the event. The basic requirement for storage is in an electromagnetic-safe container within an environmentally controlled area.
  7. Follow a logical process flow during the capture activities to ensure inclusion of all areas and components of potential evidence. Always ensure that all potential evidence is captured during the initial event. It can cost extra money and time if the capture activities have to be conducted more than once at a particular location.

These steps provide an understanding of what to expect during or subsequent to a forensics or incident response event in the organization.

Leighton Johnson, CISA, CISM, CIFI, CISSP, is a senior security consultant for the Information Security & Forensics Management Team of Bath, South Carolina, USA.


Learn About the Latest Industry Trends and Network With Peers

The Latin America Computer Audit, Control and Security (CACS) and Information Security and Risk Management (ISRM) Conference 2013 in Medellin, Colombia, will include a panel discussion of experts in audit, governance, risk and security to answer questions about the democratization of technology. The panel will offer insights from each of the 4 perspectives and will be moderated by Osvaldo Lau, CISA, CRISC, director at BDO Consulting. Among the numerous sessions—titles include COBIT 5 for Risk, Risks and Threats of Social Media in Business, and Achieve Objectives by Promoting a Culture of Control, among others—you can learn about designing IT processes from Milagros Cedeno, CRISC, past president of the ISACA Panama Chapter and assistant vice president of technology and processes at Bladex.

In addition to the many sessions at the 30 September-1 October event, you will enjoy many opportunities to network with peers. The closing networking event will immediately follow the closing keynote speaker on 1 October. Networking provides you an opportunity to advance personally and professionally. Join your colleagues, Latin America CACS/ISRM speakers and panelists for live music and refreshments as the event closes.

Learn more and register on the Latin America CACS/ISRM page of the ISACA web site. Register by 14 August and save US $100.


Read More Articles in Our Archives