Original PDF Flash format table-of-contents-volunteer-opportunities-president/'s-message-...  


Table Of Contents Volunteer Opportunities President/'s Message ...


CHAPTER N EWSLETTER

March 2009
Volume 3






TABLE OF CONTENTS
PRESIDENT’S MESSAGE
SEMINAR SCHEDULE
VOLUNTEER OPPORTUNITES
1
Dear Colleagues,
2008-2009
PRESIDENT’S MESSAGE
1
I hope that you’ll be able to attend our
REGISTER at www.isaca-ri.o rg

SEMINAR SCHEDULE
1
next training session. On April 8, a

CERTIFICATION CORNER
2
daylong seminar on 2 highly pertinent
April 8, 2009

Article: CHANGE MANAGMENT
3
topics—Risk Assessment of Data
Four Points by Sheraton Norwood

Privacy and Certifying Information
Hotel & Conference Center

Security (see Seminar Schedule
Norwood, Massachusetts

sidebar)—is being presented jointly by

Ful day seminar 6 CEUs
ISACA-RI and ISACA-NE. Register

$100 members
VOLUNTEER OPPORTUNITIES
at www.isaca-ri.org.
$125 non-members

Co-hosted with ISACA-NE
Earn up to 10 ceu’s annual y by
Additional reasonably priced, high
8:30 - 9 am registration
volunteering to serve your chapter, and
value seminars are planned for May
RISK ASSESSMENT OF DATA PRIVACY
benefit from the many opportunities for
9 am – noon
leadership growth and professional
and June 2009, the latter being the
Will Nowik & Matt Putvinksi,
development that volunteerism offers.
ISACA-RI Chapter’s Annual Meeting
Wolf and Company
Send an email to info@isaca-ri.org if
and Awards Luncheon. We’ll advise
CERTIFYING INFORMATION SECURITY
you are interested in serving on any of
you of upcoming seminars details as
1 -3:30 pm
the fol owing capacities:
they evolve, to encourage you to save
Don Borsay, FM Global

the dates and register to attend.
Breakfast, lunch, and breaks included in
Communications (newsletter)

registration fee
Membership (e-bul etins)
As a reminder—if you haven’t already

Certification (liaison)
done so, be sure to renew your


membership with ISACA International.
May 2009




Topic & Location TBD

Regretfully, ISACA-RI was unable to
½ day seminar

administer local CISA training due to
Co-hosted with IIA Ocean State Chapter

insufficient interest. Subsequently,
Steve J. Ursil o, Jr.
Brookedge
Technologies
has
Sparrow, Johnson, & Ursil o, Inc.
partnered with ISACA-RI to provide a

special rate to our members for CISA

and CISM training that will be held in
June 2009

Rocky Hill, CT on three Saturdays in
ANNUAL BUSINESS MEETING & SEMINAR
May. See “Certification Corner” for
RECOGNITION OF RECENT CERTIFICATIONS
details.
Ful day seminar

Topic, speaker, & location TBD
Lastly, Will Nowik of Wolf and
Company has generously provided
the chapter with a timely article:
“Don’t
Let
Your
Information
Technology Be A Game of Chance –
Is your change management up to the
test?” (See page 3).

Best regards to you during the spring
season.

Camille R. Rigney, CISA
ISACA-RI President, 2007-2009

March 2009 ISACA-RI CHAPTER NEWSLETTER Volume 3, page 2




CERTIFICATION CORNER





CISA, CISM and CGEIT Certification
Certification training and reference
CISM Certification

material
provided
by
ISACA

CISM® Review Manual 2009
This spring, the ISACA-RI Chapter
International at www.isaca.org:
(available in English, Japanese
planned to sponsor a Certified

and Spanish)
Information Systems Auditor™
CISA Certification

CISM® Review Questions,
(CISA®)
Examination
Study
CISA® Review Manual 2009
Answers & Explanations
Course in preparation for the June
(available in English, French,
Manual 2009 (450 questions;
13, 2009 examination.
Italian, Japanese and Spanish)
available in English, Japanese

CISA® Review Questions,
and Spanish)
However,
due
to
minimum
Answers & Explanations Manual

CISM® Review Questions,
enrol ment numbers not being met
2009 Supplement (100 questions;
Answers & Explanations
(8 persons); we were not able to
available in English, French,
Manual 2009 Supplement (100
hold the Study Course. We plan to
Italian, Japanese and Spanish)
questions; available in English,
re-evaluate this again in the fal in
CISA® Review Questions,
Japanese and Spanish)
preparation of the December 2009
Answers & Explanations Manual

CISM® Practice Question
CISA examination.
2008 (600 questions; available in
Database v9 (550 questions—
English, Italian, Japanese and
CD-ROM or web download;
Knowing
the
importance
of
Spanish)
available in English only)
preparing for these examinations;
CISA® Review Questions,

and our commitment to adding
Answers & Explanations Manual

value to existing and prospective
2008 Supplement (100 questions;
CGEIT
members; we are pleased to
available in English, French,
Reference material for the 2009
announce that ISACA-RI and
Italian, Japanese and Spanish)
CGEIT Exam may be obtained at
BROOKEDGE Technologies have
• CISA® Practice Question
www.isaca.org/cgeitbooks
and
jointly organized CISA, CISM and
Database v9 (800 questions—CD-
www.isaca.org/cgeitreferences.
CGEIT review courses. These
ROM or web download; available

classes wil help students prepare
in English and Spanish)

for ISACA’s CISA, CISM and

CGEIT exams respectively. The

CISA and CISM courses wil be


held on three Saturdays (May 9,

16, 30) in the greater Hartford area

just south of the city at the Hartford

Marriott Rocky Hil hotel.


The CGEIT course wil be held on

Monday and Tuesday (Jun 1 and

2) in the Boston metro area just

west of the city at The Westin

Waltham-Boston
hotel.
Each

course starts at 8:30am and ends
For questions concerning any of
at 5:00pm with a 45 minutes to 1-
ISACA’s certifications, feel free to
hour lunch break and networking
contact:
session.


Wil iam C. Soares, CISA, PMP
Please
check
our
ISACA-RI
ISACA-RI Certification Director
website for further information
bil .soares@cox.net
beginning in April 2009.
.




March 2009 ISACA-RI CHAPTER NEWSLETTER Volume 3, page 3





Don’t Let Your Information Technology be a
How are you doing?
Game of Chance - Is your change
Proactive assessment of your change management
management up to the test?
process can increase its effectiveness and give the
organization faith that it is doing everything it can do to

maintain a secure, compliant, and operational IT
By Wil Nowik, CISA, CISSP
environment. Start with defining your key performance

indicators (KPI), otherwise known as what the

organization considers success. When determining the

KPI’s important to your organization ensure that each is
At its core, a change management program serves to
SMART: Specific, Measurable, Achievable, Relevant,
minimize disruption of your business. It includes
and Time-bound. Placing these limits around each KPI
assessing the impact of the change on connected
wil help to break the issues into workable projects rather
systems, testing of the change before rolling it out
than one large problem that can seem overwhelming. A
enterprise-wide and obtaining authorization and approval
few examples of KPI’s the SMART way:
from management. Even if there are procedures

governing how IT changes are made, more often than
KPI:
not, critical systems and application outages are caused
Review the number of authorized changes versus
by unauthorized changes. Whether these unauthorized
unauthorized changes
changes are business requirements, a quick patch to a

problem, or poor internal practices, they make your
SMART KPI:
organization vulnerable to:
Review al changes having taken place in the past 12

months. Goal is to have 95% being authorized changes.

Operational Issues - Unplanned downtime of the

organization’s most critical systems and costs
KPI:
responding to errors rather than being utilized to
Measure the number of disruptions of service caused by
improve business processes.
unauthorized data.



Information Security Issues - Non-public data left
SMART KPI:
unprotected and vulnerable to theft.
Measure the number of disruptions in the past month,

noting the amount of downtime per each disruption.

Regulatory Compliance Issues - Noncompliance

with the requirements dictated by the Gramm-
Consistency is key.
Leach-Bliley, Sarbanes-Oxley, and HIPAA acts,
Al of the planning in the world won’t be worth anything if
as wel as industry requirements such as the
you’re not going back and reviewing the results. Once
Payment Card Industry Data Security Standards
you have defined your KPI’s, you should track the
(PCI DSS);
progress toward your goal. Analyzing the goals to actual

outcomes wil clarify where opportunities for

Financial Reporting Issues - Increased
improvement exist. The indicators important to each
opportunity that independent auditors wil cite
organization wil vary but this consistent measuring wil
the organization for inadequacies in change
provide insight into areas that require enhancement and
management practices increasing board and
make sure that disruption is always trending downward.
regulatory scrutiny.
By performing such an activity, limited IT resources can
be used proactively rather than reacting to a “fire-dril ”
situation.