@ISACA Volume 18: 31 August 2011 

@ISACA Relevant, Timely News

Call for Topic Leaders
Share Your Expertise With Other Members

Volunteers looking to get more involved with others in a specialty area are encouraged to serve as topic leaders. The Knowledge Center is a meeting place for IT professionals who share common interests to network and collaborate—using tools and features such as discussions and uploading documents, adding links, and contributing to wikis. Community members agree that these discussions are valuable, and according to one industry consultant, “ISACA® is the most reliable and authentic source of information, and I am very grateful for that.”

Topic leaders facilitate this activity by ensuring the topic remains active, which involves starting conversations and responding with advice and expertise. Topic leaders spend an average of 2 hours per week on their topic and can earn up to 10 continuing professional education (CPE) hours per year.

If you are interested in becoming a topic leader, please review the list of responsibilities on the Become a Topic Leader page of the ISACA web site. You will then need to complete the application and send it, along with your résumé, to leaderhelp@isaca.org. We have openings in several communities including the following:

  • Business continuity/disaster planning
  • Cloud computing
  • Audit tools and techniques
  • SAP
  • Information security policies and procedures
  • Information security management

If you are interested in becoming a topic leader, but your interests are not included in the topics previously mentioned, browse all of our topics in the Knowledge Center. For more information on becoming a topic leader, please visit the Become a Topic Leader page.


Steps for Implementing ISO 27001

In providing guidance on the planning and decision-making processes associated with ISO 27001 implementation, ISACA® Journal volume 4 author Charu Pelnekar, CISA, CISM, ACA, AICWA, BCOM, CISSP, CPA, MCSE, QSA, offered the following steps to implement ISO/IEC 27001:2005 Information technology—Security techniques—Information security management systems—Requirements:

  1. Identify business objectives.
  2. Obtain management support.
  3. Select the proper scope of implementation.
  4. Define a method of risk assessment.
  5. Prepare an inventory of information assets to protect, and rank assets according to risk classification based on the risk assessment.
  6. Manage the risk, and create a risk treatment plan.
  7. Set up policies and procedures to control risk.
  8. Allocate resources, and train the staff.
  9. Monitor the implementation of the information security management system.
  10. Prepare for the certification audit.
  11. Conduct periodic reassessment audits.

Read Pelnekar’s full article, “Planning for and Implementing ISO 27001,” in the current issue of the ISACA Journal, in which you will also find additional coverage of timely and relevant issues affecting the ISACA® professional communities.


Certifications Validate and Enhance Professional Experience
Juan Luis Carselle, CISA, CGEIT, CRISC, PMG NetAnalyst, Shares His Experiences With ISACA Certifications

Juan Luis CarselleJuan Luis Carselle, assistant director of IT infrastructure, information systems division, of Walmart Mexico, was looking for a credential that would validate his experience as an information systems auditor. After researching different certifications, he found that the ISACA® Certified Information Systems Auditor® (CISA®) certification best demonstrated his knowledge and experience in the field.

After becoming certified as a CISA, Carselle went on to earn the Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) certifications. He explained, “Each certification is different based on the area of expertise; however, all achieve a similar goal: an independent confirmation of my experience in a specific field.”

In addition, his three ISACA certifications have allowed him to be a part of a community of colleagues and have facilitated networking opportunities—many through his service as an ISACA volunteer. He earns most of his continuing professional education hours by taking advantage of the numerous volunteer activities that ISACA offers its members. Currently, he is a member of the ISACA Credentialing Board and is a Spanish translation reviewer of CISA materials. Previously, he spent 8 years on the CISA Certification Board, serving as chairperson for 2 of those years. He has also been involved with the CRISC Certification Committee; CISA job practice analysis; and CISA Questions, Answers & Explanations Task Force.

From his own experience, he offered the following advice to students looking to work in the IT arena after graduation: “The complexity of technological solutions constantly evolves. The knowledge of audit/security/governance/risk/control is the foundation that needs to be supported with experience in different fields depending on the area of specialization. Both need to be developed and maintained to be successful.”

To continually develop and maintain his own knowledge, Carselle keeps up to date on the issues related to his field by reading articles and books and attending events and conferences—sound advice for both those starting out in IT and seasoned professionals.


ISACA Member Recognized for Industry Achievements

ISACA Member Recognized for Industry AchievementsAnjay Agarwal, CISA, CGEIT, CRISC, ABCI, ACS, BCMS LI, BS 7799 LI, CA, CFE, CIA, DIRM, FCA, ISA, ISO 27001 LA, ISO 27001 Certified LI, PGDFRM, received the Indian Achievers Award for Industrial Excellence by the Indian Economic Development & Research Association. This award recognizes individuals for their outstanding contributions and achievements within their respective fields.

On 6 August 2011, Agarwal also received the Indian Leadership Award for Information Technology from the All India Achievers Foundation. The object of the foundation is to promote the economic welfare of India, and its awards recognize individuals who, and enterprises that, contribute to the nation’s economic development.

ISACA Member Recognized for Industry AchievementsIn addition, AAA Technologies, of which Agarwal is the chairman and managing director, was chosen as Best Cyber Security Organisation by Newsmakers Broadcasting Corp. Previously, AAA Technologies was recognized by the Maharashtra State Government (India) for its overall performance in the field of security when the enterprise received the Maharashtra Information Technology Award.

ISACA® congratulates Agarwal on his and his organization’s achievements.



Read More Articles in Our Archives