Welcome
to the third edition of
CSI
Philadelphia!
This publication provides our chapter
members with important ISACA International
and chapter-related announcements and events as well as
current audit and security topics.
As of May, 2007 the newsletter team
has been formalized to include the following
members:
|
Write an Article for the Newsletter!
We are always looking to add new and interesting
content to the newsletter. As such, we are accepting article
submissions from our members for consideration!
To be considered for publication, articles must
meet the following criteria:
-
Less
than 350 words.
-
Word Document format.
-
Relevant to ISACA, IT Governance, IT
Audit, Security, etc.)
-
References to all applicable
sources.
-
Include the title,
author, and date written.
|
|
Interested in
Volunteering?
If you are interested in
volunteering for any of the following events:
-
College
Night
-
Training
Events
-
Social
Events
-
Web
site
|
|
Security: "Not To Do"
List
Here's a list of some of the most dangerous
information security risks to avoid in
2007.
-
Clicking on email attachments from
unknown senders. Are there any users left who don't
know they aren't supposed to open e-mail attachments from
strangers? Sigh. Yes.
-
Installing unauthorized
applications. Instant messaging is rapidly becoming a
standard corporate tool, even as the number of IM exploits
rises. Like any other peer-to-peer application,
instant messaging comes with serious risks.
|
Interesting
Training Topics
Based on survey results
from our members, the following areas were identified as
topics of interest. We will actively pursue training
sessions to fulfill these identified interests.
-
Training courses focused
on major ERP applications, such as SAP, Oracle, and
PeopleSoft
-
Auditing Firewalls
-
UNIX Security
-
Windows Security
-
Oracle Database
-
Mainframe auditing
-
Regulatory auditing for
topics such as GLBA, HIPAA, FDA Validation, SOX, etc
-
Effective Communication
of IT issues to business process management
-
TCP/IP
-
Attack and Penetration
Classes | |
|
President's Message
Dear
Chapter Members,
The
Philadelphia Chapter had a very successful 2006-07
chapter year.
Thank you to all of the Board members and
volunteers who assisted with providing quality programs
and events.
I look forward to working with everyone this
coming chapter year as the new Chapter President. Our chapter has
a dedicated group of volunteers and we are encouraged by
those who have come forward to assist in expanding our
offerings for the upcoming chapter year. We have many
exciting initiatives and the addition of new volunteers
is always welcome.
Click here for the President's
Message... |
2007-08 ISACA Philadelphia
Board of Directors
Congratulations
to all of the individuals elected to the
2007-08 ISACA Philadelphia Chapter Board of Directors.
These individuals were formally elected
and introduced at the ISACA Philadelphia Annual
Membership Meeting on May 15, 2007.
|
|
Annual Membership Meeting
Recap
On May 15, our chapter celebrated
another successful year at our annual
membership meeting at the Downtown Club. Some key
highlights from the meeting include:
-
-
Introduction of our chapter's new
president, Peter Duranti
-
-
|
|
College Night is
Back!!
The
Philadelphia Information Systems Audit and Control
Association (ISACAŽ) and Institute of Internal Auditors
(IIAŽ) Chapters are hosting a joint event to promote
awareness of the career opportunities in the Information
Systems Auditing, Security, and Internal Auditing fields
this Fall.
This is a
free event to all college students in audit, accounting,
and Information Technology related majors. The goal of this
event is to increase awareness of ISACA and the IIA to
college students and career opportunities in the
profession of internal audit, information systems audit,
controls, and security. Professionals in
these fields continue to be in high demand as a result
of increasing controls and privacy legislation such as
the Sarbanes-Oxley Act of 2002, the Health Insurance and
Accountability Act (HIPAA), and the Gramm-Leach-Bliley
Act (GBLA).
College
Night was a tremendous success last year and we are
looking forward to an even bigger and better event this
year! This
year highlights include guest speakers and opportunities
for discussions about the types of careers that are
available in the audit and security professions and
potential job employment opportunities in the
Philadelphia
area.
Click here for more information about this
event...
|
|
Welcome to our New Web Site!
A special thanks
to Litzi Umana of PricewaterhouseCoopers for her efforts
in redesigning our chapter's web site!
The new web site includes several new
features related to ISACA International and the
Philadelphia chapter!
Newsletters are also available via the
Newsletters
link.
Please send any comments or suggestions
to webmaster@phillyisaca.org.
|
Are you interested in COBIT or Computer Forensics
Training?
In order to
better serve our members, the ISACA Philadelphia Chapter
is eager to know your interest level in attending any of
the following training
courses:
-
Course 1 - Foundation Course:
Implementing COBIT™
-
Course 2 - Implementing COBIT™ for IT
Management and Governance
-
Course 3 - Fundamental Forensics for
Auditors and Info Security
Professionals
If there are enough members interested in attending
these training courses on October 1-5, 2007, then the
chapter will confirm the training schedule with
these World-Class presenters.
Can
you please review these training courses and notify us
via email if you are interested in attending?
Simply notify us via email at professionaleducation@phillyisaca.org by Friday, July
20th and indicate in the email which
course(s) you are interested in attending: Course 1,
2, or 3, or any combination.
|
Hackers Turn Focus to On-lin e
Brokers
Identity
thieves have shifted much of their attention from banks
to online brokerages, according to fraud experts.
And their attacks are more sophisticated, and
persuasive, than ever.
Hackers
have been breaking into customer accounts at large
online brokerages in the U.S. and making unauthorized
trades worth millions of dollars. It's all part of
a fast-growing new form of online fraud under
investigation by federal
authorities.
Click here for the full
article... |
Improving Risk
Management Efficiency and Effectiveness
The current risk and
regulatory environment, rapid pace of technology
advances and constrained investments are challenging
traditional IT risk management processes. A centralized
IT Risk Office (ITRO) and new approaches such as a Risk
Catalog, Risk/Cost prioritization models and operations
oriented risk processes provide effective solutions to
improve the efficiency and reduce the costs of risk
management.
| |
|
Top
Ten IT Security Threats
CIO Report
Ranking
In the CIO Report on Global
State of Information Security as of September 2006, the
following top 10 priorities were reported:
- Data Backup
- Network Firewalls
- Application Firewalls
- Disaster Recovery / Business
Continuity
- User passwords
- Monitor security reports
- Periodic security audits
- Secure remote access
- Spyware/adware/spam detection
tools
- Monitor
compliance with security policy & Employee
awareness programs.
HP's list of top 10 security threats for small
business
include:
-
Identity theft
-
Spyware/Trojan
horses
-
Viruses
-
Adware
-
Web Surfing
-
Hacking
-
Wireless
attack
-
Phishing
-
Spam
mail
Top
Security Threats to our Members
- Viruses and
Worms
- Outside Hacking
or Cracking
- Identity Theft
and Phishing
- Spyware
- Denial of
Service
- Spam
- Wireless and
Mobile Device Viruses
- Insider
Threats
- Zero Day
Threats
- Social
Engineering
- Cyber-Terrorism
The above information
was obtained based on a survey from our
members.
|
News from ISACA
International
ISACA
Training Week 
The Training Week courses use a
combination of lecture, case study, class discussion and
group exercises to explore all the nuances and
subtleties of the named topics. Training Week
participants will learn about proven strategies and
techniques based upon best practices and lessons learned
from the ISACA community.
Training Week courses will provide participants
with:
- Interactive
format;
- Full range of technical programs;
- World-class presenters;
- Networking opportunities; and
- Valuable continuing professional
education (CPE) credits.
2007
Training Week Schedule
|
Date |
Location |
|
October 15 - October 19,
2007 |
Montreal, Quebec,
Canada |
|
November 5 - November 9,
2007 |
San Antonio, Texas,
USA |
|
December 3 - December 7,
2007 |
Scottsdale, Arizona,
USA |
For more
information on Training Week events and to register,
please visit www.isaca.org/trainingweek. | |
| |
