Nieuwsarchief

Round Table Vianen, 1 oktober

ENGLISH SPOKEN

In this talk, Melanie Rieback will introduce the basics of Pentesting ChatOps, and will discuss the processes and open-source tools needed to enable Pentesting ChatOps within your own organization.

ChatOps, a concept originating from Github, is chatroom-driven DevOps for distributed teams, using chatbots (like Hubot) to execute custom scripts and plugins. We have applied the concept of ChatOps to the penetration testing workflow, and found that it fits outstandingly – for everything from routine scanning to spearphishing to pentest gamification.

This talk discusses the tools that we use (RocketChat, Hubot, Gitlab, pentesting tools), and provides battle stories of using Pentesting ChatOps in practice.  Read more

 

ISACA: Remembering Robert Stroud

Last weekend, ISACA lost a dedicated leader, an engaged board member, a passionate colleague and, most notably, a dear friend. Robert E Stroud, CGEIT, CRISC, 2014-2015 ISACA Board Chair, and Board Director 2015-2018, will be deeply missed.

Only 55 years old, Rob passed away Monday, 3 September 2018, after being struck by a vehicle while jogging on Long Island, New York, USA.

You can read Board Chair Rob Clyde’s blog post honoring Rob Stroud here. You can also post comments on the related posts on any one of ISACA’s many social media channels.

If you had the pleasure of knowing Rob, he had a zest for life and passion for ISACA that was unparalleled. He was committed to visiting as many chapters as he could, and rarely turned down an invitation to speak at a chapter event. Personally, it is hard for me to imagine an ISACA world without Rob in it. He will be deeply missed and never replaced.

Most Sincerely,
Megan Moritz
Senior Manager, Chapter Relations

PECB trainingen, uitbreiding trainingsaanbod

Vanaf het najaar 2018 breidt ISACA NL, in samenwerking met PECB, het trainingsaanbod uit. U kunt zich aanmelden voor de onderstaande trainingen via https://isaca.nl/nl/trainingen

ISO22301 Business Continuity Management Foundation
ISO27001 Information security ISMS Foundation
ISO27005 Information security Risk Foundation 
ISO27032 Lead cybersecurity manager 

De onderstaande trainingen worden georganiseerd o.b.v. een aanmeldlijst via Dit e-mailadres wordt beveiligd tegen spambots. JavaScript dient ingeschakeld te zijn om het te bekijken.

ISO13458 medical devices QMS
ISO17799 Informatiebeveiliging
ISO20000 IT Service Management
ISO27001 Information security ISMS Implementation
ISO27001 Information security ISMS Lead Auditor
ISO38500 Governance

Heeft u interesse en/of vragen: mailen kan altijd naar Dit e-mailadres wordt beveiligd tegen spambots. JavaScript dient ingeschakeld te zijn om het te bekijken.

C-trainingen najaar 2018, data zijn bekend:

CRISC: 6 x woensdagavond: 26-09-2018, 03-10-2018, 10-10-2018, 17-10-2018, 31-10-2018 en 07-11-2018

CISM: 5 x woensdagavond: 03-10-2018, 10-10-2018, 17-10-2018, 24-10-2018 en 07-11-2018 iom trainer en deelnemers wordt nieuwe datum ingepland. 

Ga voor meer informatie en inschrijven naar de website: https://isaca.nl/nl/trainingen

Voor het volgen van een C-training is het niet noodzakelijk lid te zijn van ISACA. Mocht een relatie in uw werkomgeving geïnteresseerd zijn in het volgen van een C-training, dan is dat uiteraard mogelijk.
Voor het stellen van eventuele vragen over de C-trainingen, het verzorgen van in-company trainingen, COBIT of CSX Foundation, kunt u een mail sturen Dit e-mailadres wordt beveiligd tegen spambots. JavaScript dient ingeschakeld te zijn om het te bekijken.

PECB; GDPR Foundation namiddag/avond of avond Training

Per 20 augustus is besloten om beide geplande GDPR foundation trainingen te annuleren, er blijkt momenteel geen interesse te bestaan. Daardoor zijn de onderstaande trainingen zijn gecanceld.

- Één training als "file-vermijders", 3 namiddagen van 16.00-20.00 uur.

- Één training op 3 avonden van 18.00-22.00 uur. Het examen is op een aparte middag/avond.

The General Data Protection Regulation (GDPR) is a regulation that will enforce a stronger data protection regime for organizations that operate in the European Union (EU) and handle EU citizens’ data. GDPR constitutes the protection of personal data of employees, customers and others. In case organizations fail to comply with this regulation, they will be subject to heavy fines and damaged reputation. Considering that personal data represents critical and sensitive information that all organizations should protect, such a regulation will help put in place appropriate procedures and controls to prevent Information Security breaches. By May 2018, all organizations that operate in the EU should comply with this regulation.

Why is the General Data Protection Regulation important for you?

Considering that data breaches have become highly sophisticated in the recent years, the need for data protection has increased as well.

Information Security is crucial to the success of any organization since it deals with the protection of sensitive data from unauthorized access, use, replication and destruction. As such, organizations should put in place measures and controls to manage and diminish Information Security risks and comply with GDPR requirements. In case organizations fail to comply with the GDPR requirements, the penalties can reach up to 2% of an organization’s annual turnover. Also, in case of more serious infringements, the penalties can amount to 4% of an organization’s annual revenue. The implementation of a Privacy Framework, on the other hand, will allow professionals to develop and implement reliable controls that are generally accepted.

Becoming a Certified Data Protection Officer will enable you to acquire the necessary expertise to understand the risks that could have a negative impact on your organization and implement the required strategic responses based on the GDPR best practices, requirements and principles.

Kijk voor meer informatie hier.

Data
Middag/avond training op maandag 27, dinsdag 28 en woensdag 29 augstus 2018. De middagen starten om 16.00 uur en duren tot 20.00 uur. De zaal is open vanaf 15:30 uur.--> Training is gecanceld doordat er geen interesse is getoond.
Avond training op woensdag 5, 12 en 19 september 2018. De avonden starten om 18.30 uur en duren tot 22.00 uur. De zaal is open vanaf 18.00 uur. Training is gecanceld doordat er geen interesse is getoond.
Voor een broodje en een drankje wordt gezorgd.

LocatieHotel Breukelen, Stationsweg 91 3621 LK Breukelen (op loopafstand van het station en direct aan de snelweg A2, afslag Breukelen).

Trainer: Krijn Kalma.

Kosten: € 1.250,- voor leden, € 1.450,- voor niet-leden bij inschrijving tot 15 augustus, daarna € 1.450,- voor leden en € 1.650,- voor niet-leden.

Aanmelden: U kunt zich inschrijven voor de training via:  www.isaca.nl/trainingen.

PECB; ISO 31000 Risk Management Foundation

De eerstvolgende training staat op dinsdagavond 25 september en 2 en 9 oktober 2018.

ISO 31000 specifies principles and guidelines for risk management for identifying, assessing and mitigating risks faced by organizations. It recommends organizations to develop, implement and continuously improve a framework that aims to integrate risk management processes into the organization’s overall governance, strategy, and planning, management, reporting processes, policies, values and culture. This framework can be used regardless of the type of risk and organization on deck; it will help organizations to protect their financial stability and reputation. 

Why Risk Management is important for you: 

ISO 31000 will guide you toward identifying potential risks that could endanger the achievement of crucial objectives; it will help you to determine which risks are essential to take in order to achieve primary objectives before they affect the business, while effectively keeping all other risks under control.

Furthermore, becoming ISO 31000 certified proves that you have undergone the proper professional training; further advancing your risk management and risk identification skills. Nonetheless, helping you to formulate and correctly implement strategies and solutions to improve and protect the needs of the organization. Attending our training courses will be beneficial for you because it makes you more marketable to employers, as nowadays professional certifications are crucial.

Benefits of ISO 31000 Risk Management: 

PECB Certified ISO 31000 individuals involved in risk management process of an organization will enable the organization to:

  • Gain competitive advantage – enhanced risk management will support achieving goals and objectives
  • Reduce costs through proper risk management
  • Respond to change effectively  and find viable solutions
  • Create and protect value
  • Increase the likelihood of achieving objectives
  • Productively  identify the opportunities and threats
  • Identify and mitigate the risk throughout the organization
  • Gain stakeholder confidence and trust
  • Create a consistent basis for decision making and planning
Kijk voor meer informatie hier.

Data: Dinsdag 25 september, 2 en 9 oktober plus een extra avond voor het examen. De avonden starten om 18.30 uur en duren tot 22.00 uur. De zaal is open vanaf 18.00 uur en voor een broodje en een drankje wordt gezorgd.

LocatieHotel Breukelen, Stationsweg 91 3621 LK Breukelen (op loopafstand van het station en direct aan de snelweg A2, afslag Breukelen).

Trainer: Arno Kapteijn.

Kosten: € 1.250,-  voor leden, € 1.450,- voor niet-leden, bij inschrijving tot 15 augustus, daarna € 1.450,- voor leden en € 1.650,- voor niet-leden.

Aanmelden: U kunt zich inschrijven voor de training via:  www.isaca.nl/trainingen.

PECB; ISO 27032 Lead cybersecurity manager

De eerstvolgende trainingen zijn gepland op dinsdagavond 2, 9, 16 en 23 oktober en 6, 13, 20 en 27 november 2018. (8x avondtraining en één examenavond)

The term ISO/IEC 27032 refers to ‘Cybersecurity’ or ‘Cyberspace security,’ which is defined as the protection of privacy, integrity, and accessibility of data information in the Cyberspace. Therefore, Cyberspace is acknowledged as an interaction of persons, software and worldwide technological services.

The international standard ISO/IEC 27032 is intended to emphasize the role of different securities in the Cyberspace, regarding information security, network and internet security, and critical information infrastructure protection (CIIP). ISO/IEC 27032 as an international standard provides a policy framework to address the establishment of trustworthiness, collaboration, exchange of information, and technical guidance for system integration between stakeholders in the cyberspace.

Why is ISO/IEC 27032 Lead Cybersecurity Manager important for You?: 

The ISO/IEC 27032 standard is essential for all businesses to utilize. The risk of security threats is increasing on a daily basis as we rely more on the cyberspace. However, the ISO/IEC 27032 standard provides guidelines regarding the protection and long-term sustainability of business processes.  In addition, it equips individuals with the ability to develop a policy framework on which identifies the processes that are the most vulnerable to cyber-attacks; and that must be considered in order to ensure that business and clients will not be at risk.

ISO/IEC 27032 Lead Cybersecurity training provides a real-world solution to individuals in protecting their privacy and organization data from phishing scams, cyber-attacks, hacking, data breaches, spyware, espionage, sabotage and other cyber threats. Being certified with ISO/IEC 27032 will demonstrate to your clients and stakeholders that you can manage and provide solutions to their cyber security issues. 

Benefits of PECB Certified ISO/IEC 27032 Lead Cybersecurity Manager

Becoming a Certified ISO/IEC 27032 Lead Cybersecurity Manager enables you to:

  • Protect the organization’s data and privacy from cyber threats
  • Strengthen your skills in the establishment and maintenance of a Cybersecurity program
  • Develop best practices to managing cybersecurity policies
  • Improve the security system of organization and its business continuity
  • Build confidence to stakeholders for your security measures. 
  • Respond and recover faster in the event of an incident.
  • Kijk voor meer informatie hier.

Data: dinsdagavond 2, 9, 16 en 23 oktober en 6, 13, 20 en 27 november 2018. De avonden starten om 18.30 uur en duren tot 22.00 uur. De zaal is open vanaf 18.00 uur en voor een broodje en een drankje wordt gezorgd.

Locatie: Hotel Breukelen, Stationsweg 91 3621 LK Breukelen (op loopafstand van het station en direct aan de snelweg A2, afslag Breukelen).

Trainers: Kees Roodnat.

Kosten: € 3.000,- voor leden, € 3.300,- voor niet-leden bij inschrijving tot 15 augustus, daarna € 3.200,- voor leden en € 3.500,- voor niet-leden.

Aanmelden: U kunt zich inschrijven voor de training via:  www.isaca.nl/trainingen.

PECB; ISO 27005 Foundation training

De eerstvolgende training staat gepland op maandagavond 8, 15 en 22 oktober 2018.

ISO/IEC 27005 provides guidelines for the establishment of a systematic approach to Information Security risk management which is necessary to identify organizational needs regarding information security requirements and to create an effective information security management system. Moreover, this international standard supports ISO/IEC 27001 concepts and is designed to assist an efficient implementation of information security based on a risk management approach. 

Why is ISO/IEC 27005 essential for you: 

ISO/IEC 27005 enables you to acquire the necessary skills and knowledge to initiate the implementation of an information security risk management process. Therefore, it proves that you are able to identify, assess, analyze, evaluate and treat various information security risks faced by organizations. Moreover, it enables you to support organizations prioritize risks and undertake appropriate actions to reduce and mitigate them.

The training provided by PECB will help you to properly align organizations Information Security Management system with Information Security Risk Management process. Also, when obtaining the PECB Certified ISO/IEC 27005 Credentials you will be able to help organizations to continually improve an information security risk management process which leads the organization towards achieving its objectives.
 
Benefits of ISO/IEC 27005 Information Security Risk Management: 

PECB ISO/IEC 27005 Certificate will prove that you have:

  • Gained the necessary skills to support an effective implementation of an information security risk management process in an organization.
  • Acquired the expertise to responsibly manage an information security risk management process and ensure conformity with legal and regulatory requirements.
  • The ability to manage an information security and risk management team.
  • The ability to support an organization to align their ISMS objectives with ISRM process objectives.
Kijk voor meer informatie hier.

Data: Maandag 8, 15 en 22 oktober. De avonden starten om 18.30 uur en duren tot 22.00 uur. De zaal is open vanaf 18.00 uur en voor een broodje en een drankje wordt gezorgd.

LocatieHotel Breukelen, Stationsweg 91 3621 LK Breukelen (op loopafstand van het station en direct aan de snelweg A2, afslag Breukelen).

Trainer: Fook Hwa Tan.

Kosten: € 1.250,- voor leden, € 1.450,- voor niet-leden bij inschrijving tot 15 augustus, daarna € 1.450,- voor leden en € 1.650,- voor niet-leden.

                                                      

Aanmelden: U kunt zich inschrijven voor de training via:  www.isaca.nl/trainingen.

PECB; ISO 22301 Foundation Training

De eerstvolgende training staat gepland op maandagavonden 5, 12 en 19 november 2018.

As an international standard for Business Continuity Management System, the ISO 22301 is designed to protect, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. With a Business Continuity Management System, your organization is prepared to detect and prevent threats. ISO 22301 enables you to respond effectively and promptly based on the procedures that apply before, during and after the event. Implementing a Business Continuity plan within your organization means that you are prepared for the unexpected. Business Continuity Plan assures you that your organization will continue to operate without any major impacts and losses. 

Why is Business Continuity important for you?: 

Being certified against ISO 22301 gives you the power of providing a premium level of services to your shareholders no matter the circumstances. ISO 22301 acknowledges you the ability to secure data backups, minimize major losses and maximize the recovery time of critical functions. With ISO 22301, you will enhance your knowledge and skills and you will be able to advise your organization on best practices in the management of business continuity. Given that, you will improve your ability to analyze and make decisions in the context of business continuity management.

Benefits of ISO 22301 Business Continuity Management

An ISO 22301 certification brings many benefits, such as:            

  • Expand your knowledge on how a Business Continuity Management System will help you to meet business objectives
  • Gain the necessary knowledge to manage a team in the implementation of ISO 22301
  • Strengthen your reputation management
  • Increase your customer reliability
  • Identify risks and minimize the impact of incidents
  • Improve the recovery time
  • Achieve international recognition
Kijk voor meer informatie hier.

Data: Maandag 5, 12, 19 november 2018. De avonden starten om 18.30 uur en duren tot 22.00 uur. De zaal is open vanaf 18.00 uur en voor een broodje en een drankje wordt gezorgd.

Locatie: Van der Valk hotel in Zwolle. Nieuwleusenerdijk 1, 8028 PH Zwolle (aan de noordkant van Zwolle, langs de A28, afslag 21 of via buslijn 29).

TrainerArthur Donkers.

Kosten: € 1.250,- voor leden, € 1.450,- voor niet-leden bij inschrijving tot 15 augustus, daarna € 1.450,- voor leden en € 1.650,- voor niet-leden.

Aanmelden: U kunt zich inschrijven voor de training via:  www.isaca.nl/trainingen.

PECB; ISO 27001 Foundation informatie

De eerstvolgende training staat gepland op woensdagavond; 10, 24 en 31 oktober 2018.

ISO/IEC 27001 Information Security Management Systems standard ensures that your organization keeps information assets safe and secure, by building an information security infrastructure against the risks of loss, damage or any other threat.

Companies that obtain ISO/IEC 27001 certification validate that the security of financial information, intellectual property, employee details, assets or information entrusted from third parties is being successfully managed and continually improved according to best practice approaches and frameworks.
 
Benefits of ISO/IEC 27001 certification to your organization: 
  • Provides physical and environmental security across all management processes
  • Provides you with a competitive advantage
  • Reduces costs due to incident and threat minimization
  • Demonstrates compliance with customer, regulatory and/or other requirements
  • Sets out areas of responsibility across the organization
  • Communicates a positive message to staff, customers, suppliers and stakeholders
  • Integration between business operations and information security
  • Alignment of information security with the organization’s objectives
  • Puts forward true value through enhancement of marketing opportunities

Benefits of ISO/IEC 27001 certification to your customers: 

  • Keeps customers intellectual property and valuable information secure
  • Provides customers and stakeholders with confidence in how you manage risk
  • Secures exchange of information
  • Ensures customers that you are meeting your legal obligations
  • Enhances satisfaction of the delivery of your service or prod

ISO/IEC 27001 certification (also known as “registration”) is a third-party audit performed by a certification body such as PECB who, upon verification that an organization is in compliance with the requirements of ISO/IEC 27001, will issue an ISO/IEC 27001 certificate. This certification is then maintained through regularly scheduled annual surveillance audits by the registrar, with re-certification of the Information Security Management System performed on a triennial basis.

Kijk voor meer informatie hier.

Data: Woensdag 10, 24 en 31 oktober 2018. De avonden starten om 18.30 uur en duren tot 22.00 uur. De zaal is open vanaf 18.00 uur en voor een broodje en een drankje wordt gezorgd.

LocatieHotel Breukelen, Stationsweg 91 3621 LK Breukelen (op loopafstand van het station en direct aan de snelweg A2, afslag Breukelen).

Trainer: Jos Maas.

Kosten: € 1.250,- voor leden, € 1.450,- voor niet-leden bij inschrijving tot 15 augustus, daarna € 1.450,- voor leden en € 1.650,- voor niet-leden.

Aanmelden: U kunt zich inschrijven voor de training via:  www.isaca.nl/trainingen.

CISA 

ISACA geeft examentrainingen om de titel CISA te mogen voeren. CISA is een wereldwijd erkend certificaat voor IS audit control. Het toont aan dat u de benodigde ervaring, skills en kennis heeft om veiligheidsrisico's te detecteren en betrouwbare audits uit te voeren.

Lees meer over de CISA-training

CISM

Als CISM bent u in staat om zelfstandig informatieveiligheid te analyseren. ISACA verzorgt een examentraining voor CISM, die zowel ruimte biedt voor het bijspijkeren van kennis als concrete oefeningen voor het examen.

Lees meer over de CISM examentraining