@ISACA Volume 5: 27 February 2013 

@ISACA Relevant, Timely News

Thriving Discussions Drive Young Professionals Topic to 1,000 Members

The Young Professionals Knowledge Center topic reached a milestone this month as it welcomed its 1,000th member. This community was developed for ISACA members in their 20s or 30s, and members are encouraged to share practical career advice on professional and personal development. Topics are led by Jason Yakencheck of the National Capital Area Chapter and Isa Ojeda of the Manila Chapter, and are supported by the Young Professionals Subcommittee, an ISACA volunteer body.

Resources within the topic community include wikis, user contributed links, topical documents and ISACA Journal articles. The highlight of the community is the thriving discussions by members including office politics, soft skills development and certification exam preparation tips. In addition, ISACA is conducting a soft skills webinar series for young professionals. The next webinar is on social media conduct and will take place on 5 March. Watch for updates on how to register for this upcoming webinar or to view past webinars by visiting the Young Professionals topic.

We encourage you to join the Young Professionals topic or look for and join the Knowledge Center topic(s) most appropriate for you.


Documenting and Reporting Tips for Forensic Investigators and Examiners
By Leighton Johnson, CISA, CISM, CIFI, CISSP

During the course of forensics activities, investigators and examiners are required to document and report every event as it is performed. This process is often extremely critical to the outcome of the investigation and the potential litigation of the case. Following are tips for proper documentation and reporting of forensics activities:

  • Ensure that the documentation and reports reflect the objective of the investigation, the time frame, outside parameters for the investigation and the results. Always confirm the parameters of the investigation—this is important to the analysis and results as well as the interpretation of the evidence in the report and documentation.
  • Ensure that the investigators and analysts define and document the technical and operational procedures used during the investigation. This is required to show repeatability, objectivity and the validity of the investigative process.
  • When providing the results during the reporting process, ensure that the amount of time documented is reasonable and actual.
  • When items are assigned to the case, ensure that each item is documented as to its significance to the case and that the items are analyzed for value and inclusion. Keep all evidence documents together for full analysis of relevant items.
  • During the review of these documents and reports, check for completeness of the process and evidence review, outline the examination process and the procedures used, and look for evidence that has not been reviewed and reported.
  • Always include the facts of the case in the report and documentation. When conducting the investigative actions, leave the interpretation of the facts to the legal professionals and only provide the facts as discovered.

Leighton Johnson, CISA, CISM, CIFI, CISSP, is a senior security consultant for the Information Security & Forensics Management Team of Bath, South Carolina, USA.


Share With and Learn From Your Peers
Register for North America CACS Now and Save

This year’s North America Computer Audit Control and Security Conference (North America CACS), 15-17 April in Dallas, Texas, USA, identifies four relevant content tracks covering topics such as consumerization, technology, information and delivery. Each track includes educational sessions that provide risk, security and assurance perspectives, and include hot topics such as big data, business continuity and bring your own device (BYOD).

This year’s conference includes the Forum track, which is a series of roundtable discussions in which leading industry practitioners share their valuable experiences. The Forum track provides an excellent opportunity for the exchange of ideas and for conversation.

Register on the North America CACS page of the ISACA web site before 4 March and save US $200.


Implementing COBIT 5 at INTRALOT

INTRALOT, a leading international supplier of integrated gaming and transaction processing systems, with a presence in more than 50 countries, is implementing COBIT 5. The organization recognized a need to manage its use of multiple frameworks from several fields, such as quality assurance, security and service management, that would make its operations simple and more effective. By adopting COBIT 5, INTRALOT will reduce complexity, ensure information quality toward decision making, increase the value gained from technology and enable innovation.

The initial target was the enterprise’s Software Quality Assurance and Control Department, which is responsible for assuring a high level of quality through technology solution testing and for supporting clients over multiple jurisdictions in meeting their needs. This department ensures that INTRALOT products are tested and improved, taking into account security requirements (ISO 27001 and World Lottery Association Security Control Standard), control frameworks provided by clients (e.g., ISAE 3402-based frameworks), ISO 9001 requirements and requirements derived from contractual obligations in 50 countries.

Read the full case study on INTRALOT’s implementation of COBIT 5 in the latest issue of COBIT Focus volume 1, in which you will also find additional COBIT case studies and the latest news on COBIT 5.


Governance Applies to Work and Life
Cecilia Colasanti, CGEIT, Rome (Italy) Chapter, Shares Her Experience as a CGEIT

Cecilia ColasantiCecilia Colasanti attributes her clearer understanding of how to make decisions at the strategic level to her Certified in the Governance of Enterprise IT (CGEIT) certification. In her current position at the Italian National Institute of Statistics (Istat), she is involved in a change management process and she says the CGEIT certification gave her “the keys to better manage the process.”

Colasanti finds that the information she has gained through the CGEIT certification and her knowledge of ICT help her to manage her life personally as well as professionally. “In our time, it is impossible to imagine life without ICT. After taking the CGEIT exam, I now use all ICT tools, hardware and software, with more awareness. This may appear a bit odd, but I think that to understand governance problems is to understand life.”

“To be a CGEIT is to be a part of a select high-level community. Prior to Istat, I worked for 15 years in the private sector and then for a government organization. During that time, I held a variety of jobs and I always had to improve my skills and my competencies to align with the ICT market. So, I had to apply a form of continuous improvement to myself.”

To further hone and develop your governance of enterprise IT skills, Colasanti recommends attaining CGEIT and pursuing it with passion. “Governance is a fascinating subject to me and studying for the CGEIT certification was a great challenge. I faced it with the awareness that studying is not enough. You need experience with governance problems in order to pass the exam.”

To learn more about CGEIT and other ISACA certifications, visit the Certification page of the ISACA web site.


Read More Articles in Our Archives