Internationaal

Tips from a CRISC exam passer

op .

Jeff Aguilar recently passed ISACA’s CRISC exam and added that distinction to his CISM certification. We asked him to provide his perspective on the exam-taking process.

Exam Preparation: I went with the standard exam-prep strategy. I obtained ISACA’s official review manual and practice-exam questions. As I studied, I realized that experience alone would not be enough to successfully pass this exam. I also leveraged ISACA’s LinkedIn CRISC group, which was helpful in discussing various questions and exam subjects. I ended up dedicating about 15 hours a week to my preparation.

Read more about: Tips from a CRISC exam passer >
Source: Isaca.org

IFIP World Computer Congress 2012

op .

 

Towards an innovative, secure and sustainable information society

We invite you to an extremely exciting event in Amsterdam.

IFIP, the International Federation for Information Processing, was founded in 1960 and now represents 1 million members. It is holding its 22nd congress. The IFIP World Computer Congress 2012 will address an issue that is of interest to all of you and of great importance to our society.
Don’t miss this event!

ISACA Survey: IT Professionals in Canada Expect Employees’ Online Shopping to Increase Risk This Holiday Season

op .

Taken from BlogRolling Meadows, IL, USA (1 November 2011)—With the skyrocketing use of smartphones, the number of consumers shopping online has increased dramatically in recent years. According to the 2011 Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, conducted by the nonprofit global IT association ISACA, more than half of the 240 IT professionals surveyed in Canada believe that employees will spend at least 3 hours shopping online with a work device and at least 3 hours with a personal device they also use for work.

More than 4,700 ISACA members in Africa, Asia, Europe, Latin America, North America and Oceania participated in the 2011 Shopping on the Job survey. The results identify attitudes and behaviors related to the risk and benefits associated with online shopping and the blurring use of personal and work devices. 

Nearly half (48%) of respondents from Canada believe that the risk from using personal mobile devices for work—a growing trend known as “bring your own device” (BYOD) —still outweighs the benefits. 

“As enterprises increasingly allow employees to use personal devices for work, it is important to embrace the benefits of the technology while educating employees on minimizing risk,” said Ken Vander Wal, CISA, CPA, ISACA international president.

 

ISACA offers tips for employees with personal devices also used for work:

  • Understand policies you agree to for connecting to corporate networks.
  • Understand what happens if your organization considers your device a security risk.
  • Follow ISACA’s 5-step “ROUTE” for geolocation.
  • Enable security features, including encryption and passcodes.
  • Ensure you have current operating systems and updates. 

IT professionals in Canada consider using a work-supplied device to click on an e-mail link to a shopping site (53%), access a social networking site (40%), use mobile shopping applications (38%), and download personal files or music (57%) to be high-risk activities. While 35% say their enterprises restrict employees’ use of IT assets for personal purposes due to security concerns, more (48%) still allow the use of work-supplied devices for personal use to promote work-life balance. However, many enterprises (64%) limit or prohibit social networking or daily deal sites from a work-supplied device.  

While the use of applications with geolocation is increasing, 56% of Canadian respondents say their enterprises don’t provide security guidance on it. Geolocation services can be valuable, but employees need education on when to enable and disable them.

 

“In Canada, and globally, lines between work and personal mobile devices are blurring. Along with this risky overlap are the added elements of geolocation and increased use of electronic payment,” said Brian Barnier, CGEIT, CRISC,member of ISACA’s Risk IT development team. “Enterprises must understand technology-related risk. For example, mobile money transfers can benefit rural areas, but open a door to fraud.”

 

View full survey results. Guidance on securing mobile devices is available at www.isaca.org/mobile-devices.

 

CISA 

ISACA geeft examentrainingen om de titel CISA te mogen voeren. CISA is een wereldwijd erkend certificaat voor IS audit control. Het toont aan dat u de benodigde ervaring, skills en kennis heeft om veiligheidsrisico's te detecteren en betrouwbare audits uit te voeren.

Lees meer over de CISA-training

CISM

Als CISM bent u in staat om zelfstandig informatieveiligheid te analyseren. ISACA verzorgt een examentraining voor CISM, die zowel ruimte biedt voor het bijspijkeren van kennis als concrete oefeningen voor het examen.

Lees meer over de CISM examentraining