@ISACA Volume 23: 6 November 2013 

@ISACA Relevant, Timely News

Participate as a 2014-2015 ISACA Volunteer

Apply to become an ISACA volunteer—contribute to your profession and earn continuing professional education (CPE) hours at no cost to you. ISACA’s annual invitation to participate is now open.

Volunteers are critical to the success of ISACA, and we are continually looking for individuals willing to share their time and talent. Members interested in serving on an ISACA volunteer body at the international level can find additional information on the Join an ISACA Volunteer Body page of the ISACA web site. The link to the invitation to participate is posted there as are details about the boards, committees and subcommittees that support the association.

Once you have reviewed the information and found an appropriate volunteer body, complete the online application. Volunteer applications for the 2014-15 administrative term are due by 13 February 2014.

In addition to the annual volunteer body appointments, there are a number of additional volunteer opportunities available throughout the year. For more information visit the Additional Volunteer Opportunities page of the ISACA web site.


ISACA Acting CEO to Receive NACD Directorship 100 Award

Ron HaleIn December, the National Association of Corporate Directors (NACD) will recognize the 100 most influential people in the boardroom in 2013. Among those to be recognized is ISACA’s own Ron Hale, Ph.D., CISM, acting chief executive officer (CEO) and corporate secretary of ISACA and the IT Governance Institute (ITGI). In addition to serving as the associations’ acting CEO, Hale is ISACA’s chief knowledge officer (CKO) and leads the association’s research and knowledge development efforts related to governance, assurance, security and risk management, including the COBIT framework.

The NACD Directorship 100 award recognizes those who participate in board work and those who influence how that work is done. This year’s group of recipients includes directors, corporate governance experts, journalists, regulators and advisors.

Nominees are solicited from NACD’s constituents, including the NACD board of directors, previous honorees, chapter leaders, advisors and NACD’s general membership. The Directorship 100 are selected based on the following criteria:

  • Integrity
  • Mature confidence
  • Informed judgment
  • High performance standards

To view the list of the 2013 honorees, visit the NACD Directorship 100 Gala web site.


7 Areas for Oversight During Forensics Events
By Leighton Johnson, CISA, CISM, CIFI, CISSP

During an investigative event, there are 7 areas in which security managers should provide oversight and guidance to the forensics capture analyst:

  1. The initial process to determine which actions are priorities during live capture of system-volatile files while the machine is still on, before turning the machine off. The security manager should observe the capture activity to ensure that the process and documented steps are aligned and being used to complete the processes, provide support data for the capture, and make sure the documentation of the volatile memory capture event steps taken are written down correctly and sequentially.
  2. The capture analyst process for retrieving suspect data initially onto the external storage media. While the actual data are identified for capture, the security manager should ensure that the analyst has detailed notes of the reasons for the areas of data capture and explanations of the process used to identify from which devices and storage locations data were retrieved and why these as opposed to others.
  3. The analyst process for conducting the bit-stream image copy of suspect data. Depending upon which operating system is being used and which image capture tool is being utilized, the security manager should monitor the analyst bit-stream image activity to ensure that it is conducted securely and safely.
  4. The analyst process for conducting the hash encryption action upon the captured data. Once the data are copied into the retention media, they need to be cryptographically hashed to provide proof of integrity for future uses.
  5. The analyst process for recording the evidence during the capture into the chain of custody forms. The security manager should make sure the analyst documents each and every step correctly into the case log and onto the evidence forms as they are acquired and reviewed. This process is vital to the chain-of-custody requirements that appear later during the case activities.
  6. The method of storage for transfer of the various captured media, machines and technical components seized during the event. The security manager should monitor the capture analyst/technician during the movement of the seized data and equipment and oversee the activities to ensure that all takes place in an acceptable fashion.
  7. The logical process flow the analyst follows during the capture activities to watch for inclusion of all areas and components of potential evidence. The security manager should follow the capture and seizure activities to watch for missed steps and possible data capture missteps during the process. The security manager’s role here is to make sure the logical sequence used to retrieve and capture the data is defendable and repeatable. The security manager should then review each of these activities and conduct an after-action review with the analyst to improve the actions for the next event and provide guidance to better conduct forensics actions.

Leighton Johnson, CISA, CISM, CIFI, CISSP, is a senior security consultant for the Information Security & Forensics Management Team of Bath, South Carolina, USA.


Reach for Your Professional and Personal Goals
Bernd Juergen Schutter, CISA, CISM, CRISC, member of the Austria Chapter, Shares His Experience as a CISA

Bernd Juergen SchutterBernd Juergen Schutter believes in establishing and then fulfilling the best possible goals in his work life and for his family. “My professional and personal goals have always been the same: Do a good job for the company and for my family.”

In 1999, the Austria Chapter set out to establish a Certified Information Systems Auditor (CISA) exam administration location. “Unfortunately, it appeared we would miss our goal by one person, so the chapter board asked me to fill that seat and take the CISA exam.”

“Not only had the chapter reached its goal, I had set a new one: Pass the CISA exam,” Schutter explained. “Not only did I take the exam, I passed it on my first attempt.”

While working and volunteering with his chapter, Schutter has found it critical to balance these activities—setting goals for his personal life as well. ”As a member of the chapter board, I am the deputy treasurer and responsible for membership relations. While I spend quite a bit of time working with my chapter, I also remember and value the time spent with my 9-year-old daughter and my wife. My favorite things to do during my free time are travelling around the world with my family and attending seminars and presentations related to my profession.”

Schutter applies what he’s learned as a CISA to everyday challenges. “Attaining the CISA certification gives you a great compliance overview of IT audit and IT risk management. The CISA certification has helped me to be in line with legal and internal regulations.”

To learn more about CISA and other ISACA certifications, visit the Certification page of the ISACA web site.


Access Your Career Path Enhancements—Renew Your Membership Today

No matter where you are on your career path, ISACA equips you with the resources, training and education you need to expand your professional development opportunities. Many professionals worldwide consider their membership with ISACA essential to their ongoing education, career progression and value delivered to their enterprises.

As a renewing ISACA member, you have continued access to:

  • Free continuing professional education (CPE) hours—More than 70 free CPEs per year
  • ISACA eLibrary—A comprehensive collection of more than 525 ISACA/ITGI-published books and third-party titles
  • Career Centre—Recent enhancements include access to a Career Learning Center, plus more jobs, including those posted on other job boards, a search-by-country feature and a free job board for freelancers
  • ISACA Journal—The bimonthly technical journal, an additional source of free CPE hours, includes online access to members exclusively.
  • COBIT 5 downloads—Members receive free PDF downloads of COBIT 5, COBIT 5: Enabling Processes and COBIT 5: Implementation, as well as significant savings on hard-copy purchases of these and other ISACA-published material.

Log on to the ISACA web site and renew your membership by clicking the “Renew” button.


Meet a Training Week Instructor: COBIT and ITIL Expert Mark Thomas

Mark ThomasMark Thomas is a nationally known ITIL and COBIT expert with more than 20 years of professional experience and leadership roles ranging from chief information officer (CIO) to IT consultant. Thomas has led large teams in outsourced IT arrangements, conducted project management office (PMO) services and governance activities for major project teams, managed enterprise applications implementations, and implemented governance processes across multiple industries. Thomas will lead the Governance of Enterprise IT and the COBIT: Strategies for Implementing IT Governance courses during ISACA’s upcoming Training Week on 9-12 December in Las Vegas, Nevada, USA.

Question What makes your governance of enterprise IT (GEIT) course unique?

Answer The GEIT course is different from other courses I teach. The concepts are taught at a different level; there is no ubiquitous set of ingredients and directions on implementing GEIT. Attendees will hear real-world examples of how to analyze needs and how to support and adopt positive change when considering GEIT at different types and sizes of organizations. Varying viewpoints from attendees are also expected and this offers a view of GEIT from multiple perspectives, as well.

Question What is unique to your COBIT training approach?

Answer My unique approach includes a holistic methodology toward integrating COBIT with other frameworks. Adopting a GEIT approach must include many models, frameworks and standards, most of which can be integrated with COBIT® 5. I have been in leadership roles in several organizations that have implemented COBIT and accompanying frameworks and I feel that the experiences I share are valuable to attendees. Attendees will be led through practical discussions on how to integrate various frameworks with COBIT 5.

Question How will attendees benefit from attending your courses?

Answer Attendees will walk away with real techniques that they can take to work tomorrow. Many courses simply cover slides, conduct a few case study exercises and send attendees on their way. I believe that the real value comes from learning practical applications in these sessions and giving attendees concrete examples of how to leverage the course in real life. In addition to my experiences, many attendees have unique experiences that can be highlighted during the courses. I find that meaningful discussions using real-life scenarios are the key to truly getting value from these courses.

Learn more about all of the courses being offered at the 9-12 December Las Vegas Training Week or visit the Training Week page of the ISACA web site to learn about Training Weeks planned near you in 2014.


Book Review: Cyber Forensics: From Data to Digital Evidence
Reviewed by Ibe Kalu Etea, CISA, CRISC, ACA, CFE, CRMA, ISO 9001:2008 QMS

Cyber Forensics: From Data to Digital Evidence provides an exposition on the methodology and tenets of modern cyberforensics. With the dynamics of cybercrimes and the corresponding digital investigations to unravel stealth computer and network attacks, this book provides a reference to support the how, what, why, when and where checklist that encompasses the field of digital forensics.

Cyber Forensics: From Data to Digital Evidence outlines the forensic procedures, data filing, investigative techniques and evidence handling steps that lead to effective results in tracking and identifying elements of computer crimes. The book serves as a veritable reference for professionals, students and information security experts.

The book takes the reader, in a stepwise fashion, through 13 chapters describing the cyberforensic investigator’s world and is filled with scientific terminology that is explained at the most basic level and with sufficient information relevant to experts in the field. There is an abundance of tables, illustrations, diagrams and print-screen images, to synchronize theory with reality, as well as succinct summaries and notes for further review at the end of each chapter. A thorough glossary at the end of the book highlights key words and terminology.

A fictional case with imaginary actors is presented throughout the book, and the progress of the case helps readers relate to the learning points. Noteworthy topics include a distinction between volume and partition, forensic relevance of file systems (e.g., FAT 12/16, NTFS) and alternative filing systems, including B-Tree, Binary Tree, hierarchical, UNIX EXT2 and EXT 3. Also noteworthy is the treatise on time concepts including time stamps, the Network Time Protocol (NTP) and time determination. There is also good coverage of data essentials including bit, bytes, hexadecimal characters and booting process.

The level of depth and detail that the book portrays is balanced by the simplicity of presentation—the end result is solid information that addresses the modern practice of cyberforensics as a body of knowledge.

Ibe Kalu Etea, CISA, CRISC, ACA, CFE, CRMA, ISO 9001:2008 QMS, is a corporate governance, internal controls, fraud and enterprise risk assurance professional. He also serves as a member on the advisory council of the Association of Certified Fraud Examiners (ACFE).


2013 IT Risk/Reward Barometer Results Now Available

ISACA’s annual IT Risk/Reward Barometer survey results are now available and contain interesting findings on industry trends, including the Internet of Things, big data and bring your own device (BYOD). The survey consists of two components: a global survey of 2,013 ISACA members and a survey of more than 4,000 consumers from four countries.

More than half of ISACA members (51 percent) report that their enterprises have plans to capitalize on the Internet of Things. Their goals are to achieve greater efficiency (53 percent), increase customer satisfaction (53 percent) and improve services (51 percent). However, despite the benefits, 99 percent still see governance issues with the trend, including security threats and data privacy issues.

For related infographics and full results of the surveys, visit the 2013 IT Risk/Reward Barometer page of the ISACA web site.


Read More Articles in Our Archives