Books
Posted by ISACA 11 days ago
|
Books
Posted by ISACA 34 days ago
|
Books
Posted by ISACA 83 days ago
|
PEW survey from Feb 2012 on privacy mgt by social media sites: most users choose restricted privacy settings while profile “pruning” and unfriending people is on the rise.
|
Excellent summary document with the focus on the main changes proposed by the EU on the data privacy. Worthwhile to read for anyone interested in the data privacy evolutions in the EU.
|
Books
Posted by ISACA 110 days ago
|
7 May 2012
ISACA International Event
Orlando, Florida, USA
Get the knowledge you need to stay one step ahead of the competition and keep up with changing professional trends at ISACA’s North America CACS Conference.
|
|
|
12 Jun 2012
ISACA International Event
Dallas, Texas, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
16 Jul 2012
ISACA International Event
Atlanta, GA, USA
|
7 Aug 2012
ISACA International Event
Chicago, Illinois, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
11 Sep 2012
ISACA International Event
San Francisco, California, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
Volume 3, 2012
by Kai-Uwe Ruhse, CISA, PCI QSA, and Maria Baturova
This article describes real cloud computing project case studies, which show that moving to the cloud is an important strategic decision for IT managers.
|
Volume 1, 2012
by Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
This article offers some basic guidance to IT auditors in evaluating the access controls over relevant data files.
|
Volume 1, 2012
by Ali Navid Akhtar, OCP, Jeff Buchholtz, Michael Ryan, CIA, CPA, and Kumar Setty, CISA
This article covers the topics related to data loss and the types of database backup and recovery available.
|
Volume 1, 2012
by Thomas J. Shaw Esq. | Reviewed by Horst Karin, Ph.d., CISA, CRISC, CISSP
It is critical for businesses to understand legal implications and compliance and to have appropriate safeguards and risk management efforts in place to protect the information and private data of customers and the organization.
|
Volume 6, 2011
by Ed Gelbstein, Ph.D.
Information security has become a visible issue in business, on the move and at home.
|
Volume 6, 2011
by Dirk Lehmann, CISA, GCIA, and Frank van Vonderen, CISA, CGEIT, MSIT
In today’s society, the concern about the protection of personal data is steadily increasing.
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
Joe Anthony, director of security, risk and compliance product management at IBM, has slammed the latest reforms to EU's data protection laws, claiming that 24 hours isn't long enough for companies to make meaningful notifications to authorities.
|
On the scale of all the bad things that could happen to our privacy, where does Google's change in approach rank? Have we crossed a Rubicon toward the obliteration of personal privacy, or is a new day dawning for more control over our personal data?
There really isn't any universally accepted way to answer this question. Not all privacy issues are created equal. Some rank only a 1 on the privacy Richter scale -- an unnoticeable tremor that does no damage -- while others rank an unqualified 10 that merit a widespread emergency response. Knowing the difference can help you sort through all the hype and know which privacy news to pay attention to.
|
Google's new privacy policy may violate the European Union's data protection laws, according to the French data regulator. Google has said it is improving user experience and making its policies simpler and easier to understand.
|
Social network users are becoming more active in pruning and managing their accounts. Women and younger users tend to unfriend more than others.
About 2/3 of internet users use social networking sites and all the major metrics for profile management are up, compared to 2009: 63% of them have deleted people from their “friends” lists, up from 56% in 2009; 44% have deleted comments made by others on their profile; and 37% have removed their names from photos that were tagged to identify them.
Some 67% of women who maintain a profile say they have deleted people from their network, compared with 58% of men. Likewise, young adults are more active unfrienders when compared with older users.
|
In an article published by CNN, Vice-President Viviane Reding, EU Justice Commissioner, said "Today, we live in a world of breathtaking possibilities. We can send instant messages to our loved ones on the other side of the world at the tap of a finger. We can share vacation photos with friends in real time. We can entrust our private data to a cloud service provider without having to worry about storage space."
|
Excellent document with summary on EU privacy changes from Allen & Overy
|
|
The main idea I am trying to advocate with these posts is a simple one.
Compare a database you are auditing against a database that you know already meets the standards required by the organisation you are auditing.
This is achieved by creating “CSV ty...
Posted By : Ian Cooke | 1 comments
|
We have covered most of the core items that should be consider when performing an Oracle database audit in previous posts, however there a number of other items that I would typically look into.
Database Links
A database link is an object in one database...
Posted By : Ian Cooke | 0 comments
|
|
The company you are auditing should have a policy on what is being audited within your Oracle database. The level of auditing will almost certainly be affected by the sensitivity of the data. Good examples and bench marks for auditing may be seen in the...
Posted By : Ian Cooke | 0 comments
|
Typically application access to an Oracle database is via one of two methods.
Either all users access the same database using a single (proxy) user which is defined in an initialisation (.INI) file, registry etc.
Or the users access the database individ...
Posted By : Ian Cooke | 1 comments
|
|
Before we get into auditing Oracle privileges a reminder of a few definitions might be helpful.
A user privilege is the right to run a particular type of SQL statement, or the right to access an object belonging to another user, run a PL/SQL package, and...
Posted By : Ian Cooke | 1 comments
|
On March 1st, I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center.
Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 0 comments
|
|
|