I interested in learning what other companies do during an implementation of the Oracle EBS R12 to ensure that the implementation team uses Oracle and Industry best practices to configure the Oracle Financials.
|
I'm interested in knowing how other organizations are handling the increase in mobile devices and mobile application controls. With the increasing number of Apple, Android and Microsoft devices -- and the business applications that run on them -- are you...
|
There are business apps running on iOS for Apple devices, others running on Android, Windows Phone 8 or Windows Mobile, and now we're going to start seeing more from the Blackberry QNX operating system and later this year we might even see apps running on...
|
Hi every one,
I'm working in set up an Governance modelo for application controls (GMAC), and one of the biggest challengers it's to build an actual AC inventory. When you need to identify the relevant AC in a process, ¿what it's your approach?
|
I'm sure that there are a number of training sessions one might find that deal with application controls. The IT Audit & Controls Conference (ITAC 2011) is one good example. From October 3-October 7 in Atlanta, you'll have plenty of current topics to le...
|
I had an interesting discussion with a friend of mine who's a financial auditor. He wanted to know how long it would take him to learn how to learn how to test application controls. I told him I could teach him the basics in an hour or so. Then he aske...
|
A very good overview published in ISACA's Journal back in 2002, and still relevent today.
|
Books
Implement a systematic approach to security in mobile application development with help from this practical guide that also features case studies, code examples and best practices.
Posted by ISACA 719 days ago
|
The IIA has a series of documents called Global Technology Audit Guides ("GTAG"). Although ISACA and the IIA are related organizations, some documents are still for members only. I hope I can still share this overview, however.
|
|
|
Downloads
Posted by ISACA 1098 days ago
|
Downloads
Posted by ISACA 1098 days ago
|
16 Sep 2013
ISACA International Event
London, England
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM 2013 in Berlin—the leading European conference for IT audit, assurance, security and risk professionals. Save over US $200 when you register by 22 July!
|
30 Sep 2013
ISACA International Event
Medellín, Colombia
La Conferencia Latinoamericana CACS/ISRM 2013 en Medellín, Colombia es la conferencia principal latinoamericana para los profesionales de auditoría, riesgo y seguridad de la información. Ahorre más de EE.UU. $ 100 si se inscribe antes del 7 de agosto!
|
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM is a multidimensional event featuring security and risk content, and the security programs, tools and the resources you need to be responsive to industry changes.
|
Volume 3, 2013
by Tommie Singleton, CISA, CGEIT, CPA
Every time an IT auditor engages in an IT audit/assurance project, at least one person reviews the work.
|
Volume 3, 2013
by Dan Bogdanov, Ph.D., and Aivo Kalu, Ph.D., CISA
A cloud is a remote-access platform; thus, technical controls that remotely enforce a particular security policy are especially efficient.
|
Volume 1, 2013
by Pascal A. Bizarro, Ph.D., CISA, Andy Garcia, Ph.D., CPA and Jacob Nix
Risk exists with the implementation of personal mobile devices in business, but with risk comes reward.
|
Volume 5, 2011
by Emanuele Palmas, CISA
Implementing in-house ITGC/ITAC is a great opportunity for auditors to improve their knowledge of the company, and for the company, it is a chance to build IT governance that strengthens corporate governance.
|
Volume 2, 2011
by Loic Jegousse, CISA, CISM, CGEIT, CRISC
The proposed approach in this article will assist in reducing reliance on IT automated controls (ITAC) when it makes business sense to do so.
|
Volume 6, 2009
by Joseph Natovich, Ph.D., CPA
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
Software engineers shall commit themselves to making the analysis, specification, design, development, testing and maintenance of software a beneficial and respected profession. In accordance with their commitment to the health, safety and welfare of the public, software engineers shall adhere to the following 8 Principles:
1. PUBLIC - Software engineers shall act consistently with the public interest.
2. CLIENT AND EMPLOYER - Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.
3. PRODUCT - Software engineers shall ensure that their products and related modifications meet the highest professional standards possible.
4. JUDGMENT - Software engineers shall maintain integrity and independence in their professional judgment.
5. MANAGEMENT - Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance.
6. PROFESSION - Software engineers shall advance the integrity and reputation of the profession consistent with the public interest.
7. COLLEAGUES - Software engineers shall be fair to and supportive of their colleagues.
8. SELF - Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.
|
Computer technology continues to advance toward a tiered decentralized world of distributed platforms for entering, processing, and retrieving information. Technological implementations are diverse and complex; however, all IT deployments should be protected from unauthorized usage utilizing suitable information asset access controls. Given IT interconnectivity, entities should also protect information assets from unauthorized manipulation to safeguard investments from risks associated with resource misuse. Consequently, information assets access control is typically viewed from two abstraction perspectives: physical and logical security.
|
subtle details of the C programming language that could adversely affect an application's security and robustness
Contributed by ISACA on 29 May 2010
|
The Object Management Group (OMG) adopted UML as a standard for software modeling in late 1997. UML is now the defacto standard for software modeling.
Contributed by ISACA on 29 May 2010
|
an approach to application security prescribes how to involve the security professionals in the development process so that the resultant applications behaves predictably and with no surprises
Contributed by ISACA on 29 May 2010
|
"The key anti-cybercrime provisions that are included in this legislation will close existing gaps in our criminal law to keep up with the cunning and ingenuity of today's identity thieves,"
Contributed by ISACA on 29 May 2010
|
|
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments.
What po...
Posted By : Paulina.PNI | 1 comments
|
Grupos de Estudio para Acreditaciones de JUNIO, SEPTIEMBRE Y DICIEMBRE 2013.
Para los que esten interesados en la presentación del exámen de certificación CISA y CISM o para cualquiera que desee comenzar a prepararse para estas o las próximas pruebas, pu...
Posted By : Alexander Osorio | 0 comments
|
|
Typically application access to a SQL Server database is via one of two methods.
Either all users access the same database using a single (proxy) user which is defined in an initialisation (.INI) file, registry etc.
Or the users access the database ...
Posted By : Ian Cooke | 2 comments
|
As your Application Controls Group Moderator, I wanted to take some time and start a blog. Not that I have anything stellar to pass along, at least not today, but the tool is here so I thought I'd do something with it.
And I have. But just so you know,...
Posted By : Richard Fowler | 1 comments
|
|
On March 1st, I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center.
Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 1 comments
|
Security is one of the major concerns which hold enterprises from embracing the cloud. But some think that this is manageable and as such have started adopting cloud based SaaS applications. Cloud based Enterprise solutions like Sales Force, Service Now, ...
Posted By : Kannan | 0 comments
|
|
|