Archiv für die Kategorie „Projektmanagement“

CISA Booster Course – Free of charge

“Where Theory is put into Practice.” Series

16th of October 2014

The CISA Booster Course:

“Where Theory is put into Practice.” Series

Who? Being a CISA means you cover various socio-technical domains. You manage organization’s internal or external Audit efficiently, effectively and aligned with business objectives or at least work together with the Audit Teams … at least in theory.

What? Indeed, these outcomes are hard to realize, when you are suddenly faced with a real project. Practical problems[1] already arise at the very beginning of Audit Scope or Project Scope development. However, satisfactory solutions cannot be found in CISA theory nor are described in existing literature.

Why? The project success or failure is based on Senior Management Commitment same for a successful Audit and to get this is based on your experience, but we know, these are hard to get.
As we are aware of these issues, we can help you to advance.

How? We will put the theory into the practice on the example of a real life project – from project scope development till project Audit. A unique opportunity to learn (only this time, ***FREE OF CHARGE***)

[1]How to begin? How to develop and manage information security program in a real environment?



Questions? Please drop us an email – or

The Good, The Bad and the Ugly in the e-healthcare Shutdown – The importance of formal project management in the e – health environment

Seite 13 und Folgende


Mag. Jutta Edith Staudach, CISA, CISM
– Consultant & Project Manager
Mag. Iztok Starc, Teaching Assistant University of Ljubljana, Security Expert
Dr. med. Univ. Udo Zilian, Internist
Lectureship: Sue Hung, PMO Consultant

CISM Booster Course – Live from Innsbruck & Ljubljana

Live from Innsbruck & Ljubljana

2nd of October 2012 4:30 pm. till 8:30 p.m.

The CISM Booster Course:

“Where Theory is put into the Practice.”

Who? Being a CISM means you cover various socio-technical domains. You manage organization’s information security efficiently, effectively and aligned with business objectives … at least in theory.

What? Indeed, these outcomes are hard to realize, when you are suddenly faced with a real project. Practical problems[1] already arise at the very beginning of InfoSec program development. However, satisfactory solutions cannot be found in CISM theory nor are described in existing literature.

Why? The project success or failure is based on Senior Management Commitment and to get this is based on your experience, but we know, these are hard to get.
As we are aware of these issues, we can help you to advance.


How? We will put the theory into the practice on the example of an identity management system[2] rollout case. A unique opportunity to learn (only this time, ***FREE OF CHARGE***):

CISM Aligned Real-Life Case.

Based on Identity Management System Rollout.

Complete: From Mandate Acquired to Lessons Learned.

Don’t Reinvent the Wheel: Do’s, Don’ts, Caveats and Pitfalls.

Best Practices to Save Money and Time.

Study Support for CISM Final Exam (aligned with CISA, CRISC & CGEIT).

Register –



Theory 1h: Security Program Development & Management

Jutta Staudach, CISA, CISM, Mag. – Consultant

Practice 3h: Identity Management SSO Rollout Case

Iztok Starc,  Mag. – Teaching Assistant University of Ljubljana


Jutta Staudach, CISA, CISM, Mag. – Consultant

4 CPE as per rule

[1] How to begin? How to develop and manage information security program in a real environment?

[2] Identity management /w Single Sign-On, see

A Case Study or a Project from Hell

Once upon a time, somewhere on earth, there was a Bank doing good business and this Bank was called Good Bank.

But – hey, Good Bank is losing a lot of customers and all of them are now customers of Universal banking Institute Bad Bank.

CEO Alfred NoClue doesn’t have any clue, WHY? Just gotten the actual Quarter Report and figured out that in the area of Private Banking & Consumer Banking he has lost about 30% of his customers.


Immediately he picks up the phone and calls his Business Change Manager Fredi CleverCute and asks him to help in emergency.

Now Fredi CleverCute has a problem – he, himself is already a customer of Universal banking Institute Bad Bank.

Alfred NoClue nearly lost all his patience and wanted to fire Fredi CleverCute without further notice.


Fredi Clever Cute is normally a very loyal guy and usually he brings Initiatives after they have been initiated per Top Down Approach, per Bottom up method perfectly “under” all Stakeholders.

That the reason why CEO Alfred NoClue asks Fredi LeverCute, why he raised a Consumer Account at Bad Bank.

Fredi CleverCute thinks about how to declare it for a few moments and afterwards he says “As soon as I raise my account there I can have everything all at once – like Amazon – oneClick – Corporate Banking included everything all at once and the Best not Like Good Bank with old fashioned TAN List if you do not fall asleep before the Website is loaded – BadBank offers ONE TIME Password per Security Token and even the better their Portal System is totally fast! And they offer me that all for free – I haven’t paid a single Cent for it. Of course I have to pay for the transactions, but that’s it! And I have gotten a free Debit Card as a goodie on top – quite favorable for Internet Shopping and for using it at any ATM world wide – I never pay for getting cash – GREAT!”

CEO NoClue has the more, no clue – how they can give their assets away for free?! We don’t have anything to provide our customers for free; we deliver proper customer support and care about our customers!

Fredi CleverCute argued – hence, there are many customers like me – they don’t need support.

And with a big smile Fredi CleverCute tells CEO NoClue Universal banking Institute Bad Bank doesn’t provide anything real for free – with their new fast Online Portal not only Fredi CleverCute is able to order this new superb stocks from Asian Market – for customers with no/less experience in Corporate Banking / Wealth Management they have a lot of ads on their portal for several funds like GrandMa’s Bond Based funds in cooperation with Insurance NeverPay.

CEO NoClue shake his head – “we don’t offer nor Corporate Banking neither Wealth Management, we are a co-operative Bank, but we are able to offer Bond Based Funds through our Partner Insurance SuperSave. Regarding Grandma’s Bond Based funds Universal Banking Institute Bad Bank offers together with Insurance NeverPay – is real somebody buying it? Never minded!”

Fredi CleverCute loud laugh – “now we need a Partner for Corporate Banking and Wealth Management, and we should extend the partnership with Insurance SuperSave; And we build our own brand new shiny Internet Portal. First it costs money, sure, but it will bring us good income afterwards. for the Portal – the 2 Partners should invest in it too, we integrate their IT Systems in ours and the day after tomorrow we are a lot better than Universal Banking Institute Bad Bank IS nowadays. At our place customers can come in as well, or online – everything oneClick at all.

We optimize our Business Processes, because now round about 50% of our customers will do all their stuff from home and we can close about 1/3 of our Branches and make about 30% of our staff redundant. – Super! – what do you guess?”

CEO NoClue likes the idea and he immediately starts the Programme “New Good All Inclusive Bank”

Freddi CleverCute would not be that clever, if he would not have had a superb idea same second – CEO NoClue is only the Programme Executive Sponsor – he needs a Programme Manager immediately, as CleverCute is the Business Change Manager there and he starts same time brining all this good news to all stakeholder involved – well, he forgets the Workers Council – who cares? What is 30% of the staff? Nothing …. More the later 😉

Doesn’t matter CleverCutes best friend Hansi Perfidious knows the former programme manager of Bad Bank Ursel Uppish, he has run the Programme New Portal there and have everything in his pockets – historical files, historical data, lessons learned and everything you need to keep in your mind regarding security matters and data privacy have been within his Projects beyond the Programme – perfect!

End of this story – Ursel Uppish is named via Hansi Perfidious in the name of CEO NoClue Programme Manager of Good Bank and therefore responsible for the daily business and deputy of God (CEO) on earth.

Short after Uppish has gotten the Mandate for Initiating the Programme New good all inclusive Bank from the whole Board. And as the goal, the vision and therefore the objectives are almost clear he starts working same time.

As insurance SuperSave is not running their business in the same country Good Bank resides Uppish initiates a project for Compliance topics, especially cross boarder topics, he gets his friend Ernst DataPrivacy on board. Ernst DataPrivacy worked before a a Data Privacy officer and has a lot of experience there – but to be honest he has no clue about Cross Boarder topics and Compliance.

Anyway he gets a mandate from CEO NoClue as well and starts to build up a project team; therefore his first step is getting the stakeholder identified.

As now the preparation phase of the programme is running, Ursel Uppish needs the Budget approved quite quickly.

Even he should know it the better and only get the budget for the first stage approved, as he has many unknown issues in his basket he in his overestimation in his own capabilities he talked upfront the board with all his power of persuasion to avail. AND? Yeah he gets the whole Budget of 30 Mio € free for usage. Even the bank regulation authorities approve it as all, his PAPERWORK is superb and compliant in place (that he used everything Fritzi CleanEffectiveEthical has written before for Universal Bank Bad Bank – WHO CARES?!)

The more meanwhile Ernst DataPrivacy has serious problems to get access to the customer data in country SunShine approved – Programme Manager Uppish ignore it all at once.

He starts several IT projects all together, as main goal and objective for him is that nerving consumer customers should do everything from home in near future and stop troubling the staff in the branch.

Serveral IT Tecchies are found quickly and inaugurated being Project Managers from now.

That’s the main reason behind not a single one of them not even thinking about involving the user’s means having a senior user within the Project Board and/or Project Team. User? That are this idiots, too stupid, to double click the red button within the branches – puuuhhhhhhhh.

CEO and Programme Executive Sponsor NoClue is totally happy if he gets a weekly report in a Single Side Powerpoint format where all signal lights are green.

Programme Manager Uppish knows this fact and all reports he gets with yellow signal lights he colorize green – he have done this already within Bad Bank and its worked there perfectly!

Meanwhile the projects “New infrastructure Service” and “Portal Development Offshore” are running in parallel.

Sorry to mention – Programme Managemer Uppish has forgotten to tell Project Manager Willi Offshore that Technical Infrastructure Project Manager Bonnie Tecchie exists.

On the other side Bonnie Tecchie wants to save the bucks and won’t like to hear Willi Offshores requirements – her opinion is

– Too much metal is not sane for the intelligence of the programming staff.

Unfortunate, as Freddie CleverCute talks with everybody Willi Offshore gains knowledge about what Bonnie Tecchie plans – the same second he is totally sure this girl is totally MAD. If she is or not Willi Offshore cant verify as Bonnie Tecchie is simple not talking to him – she refuses every communication.

On top it comes Willi Offshore who is project manager of both development projects the frontend system and the backend systems (for the branch) and he is still not thinking about asking the users of they need a pullover or trousers. CEO NoClue his level of incompetence is that high, that he ignores the necessarily to show up commitment in case of Strategic directives internal and external that he assumes – I have shown up the directive – that’s almost enough!

Meanwhile the staff in the branches already have asked the Workers Council – as even 1/3 reduction of branches and 30% of staff is in the PID means the more within the Business Case and main argument of CEO NoClue and Programme Manager Uppish – no one of both thought about this could be a part of interest for the Unions – NOW believe me IT IS J

By the way at least Uppish found a new datacenter – well known datacenter SuperFast and they are fast ineed – all SLA’s (Service Level Agreements) are already defined signed and in place.

Datacenter Director already sent Uppish and his CEO NoClue his SAS 70 report, which proves in this case Compliance and Project Manager Willi Offshore signed an agreement with Good Bank about Software in Escrow.

CEO NoClue is absolutely impressed by his Programme Manager Uppish – so fast so many things done – excellent!

Gosh a bit stupid – except Business Change Manager Freddie CleverCute still nobody speaks to the staff – especially the employees within the branches. And CleverCute – he talks with all his power of persuasion and tells them the new piece of software – you only need to wink with your eyes – OK if you are still allowed to wink in-house and not asking for social security 😉

The more CleverCute explains – no more customers that nervs all the day round – maybe an old grandma once a week … everything else will be done within the new SuperSave Portal.

Project Manager Willi Offshore now uses the requirements list and the work packages which where written within the contract specification Programme Manager Uppish used at Bad Bank

That a Co-operative Bank is not the same than a Universal Bank with Consumer/Corporate and Wealth Management included – hence – BANK IS BANK and I am getting paid to deliver what’s written here and not what users talk about – finite.

And Bonnie Tecchie still has the opinion more metal is something for cowards – who cares about?

He Willi Offshore gets paid for software delivery after successful running through SIT and UAT tests according to the contract – his SDLC is clean till Production (and that it will never ever once in his life running on this production systems Bonnie Tecchie planned – is this real his problem? NO!)
or better software in escrow – perfect!

Bonnie Tecchies opinion is the more she saves on the budget side the better it is for her career

CEO NoClue is so incompetent that he does not even recognize that somebody’s savings drive his bank into bankruptcy.

CIO Harry Value is quite happy that CISO Freddie Save does not bother him, what he does all at once as Harry Values process are totally compliant the more he has to argue at Ernst DataPrivacy Side, as the Cross Boarder Topics with Insurance Co-operation Partner in the Country of SunShine are not clarified or better miles away from being clarified right now.

If he should tell, something about this fact CEO NoClue? Neeee not disturbing him …. Better J

As usual Programme Manager Uppish re-colorize all red traffic lights he gets from Ernst DataPrivacy – all green not necessary, but RED – no never ever – and afterwards he sends it to CEO NoClue.

As CISO save is not reporting to the CEO as it’s best practice he reports to the CTO means the technology officer – hence you cannot do everything best practice – and the more why to bother the CEO with little bit security stuff – not necessary at all!

Project Manager Willi Offshore has already run successful threw Whitebox, Blackbox Testing (OK at the UAT the user haven0t been real amused as the main functions are somewhere in Nirwana – but they are there and working like described in the contract specifications – good enough), functional and regression testing is done and Willi offshore is proud about his clean Software Development Process – CEO NoClue as well – as he has NO CLUE that this piece of software won’t work never even once in his life on the production systems.

Programme Manager Ursel Uppish knows this fact but his self-esteem is not made for Programme or Project failure – he already has bought for tomorrow for himself a flight ticket to the island of alternative lifestyle and plan to stay there till nobody on the whole continent remembers anymore that former times a Co-operative Bank Good Bank exists.

Business Change Manager Fredi CleverCute have had recognized weeks ago that Bad Bank sold their Consumer Business – maybe there was too less demand for GrandMa’s Bond Based funds in cooperation with Insurance NeverPay – means the ROI was not sufficient enough.

Project Manager Bonnie Tecchie has all here paperwork in place, Change Request for the Go-Life and the Changeover, all changes are as well within the CMDB, all licences are bought, the software code is placed in escrow, CEO NoClue is a ALL SMILE – all governance and compliance frameworks are in place, as well with Datacenter SuperFast all SLA’s are in place, pico bello defined, the audit of the state supervision for banking is done – everything at its best J

(well, there is the customer data access in Country SunShine – hence that’s country SunShine – no worry)

DataCenter SuperFast is known for its great service, and they implemented the ITIL framework very efficient AND effective manner, their staff in the Service Desk, in Incident, Problem, Change & Release management is superb and known for high quality – there can’t go anything wrong – can’t?

Tomorrow the New Good All Inclusive Bank will be up and running.

This CEO NoClue is thinking – you most likely know paper never complaints – and Tools/Frameworks are enabler – not replacement for common sense.

Business Change Manager Fredi CleverCute lanced a great champagne via an well-known PR Agency telling everybody that tomorrow the new good all inclusive bank including super-fast portal will be life and already 50% more customers – calculated from the day of Project Mandate.

Problem is Bonnie Tecchie calculated with 60% only from the customers of the day of project mandate – this means a gap of 90% load on the portal ….

And the end of the story?

As after day 21 of the Go-life still nothing is working not even within the branches neither the portal – the branches – no one thought the employees how to handle the new software and they can’t find core functions anymore

Image and reputation of Good Bank is completely ruined and even worse Country of SunShine intervened at the government of country of Good Bank and as a fact afterwards the state supervision of banking wants to close Good Bank.

Beside all of this even the Business Continuity Tests or better disaster recovery tests worked in the theory – high available are Bonnie Tecchies systems – indeed …

Menawhile Bad Bank figured out that they need the consumer Business to have them being customer for coporate and Wealth Management, as well – AND?

They buy Good Bank

The New Bank is called WHITE BANK

CEO NoClue and his Team are meanwhile on the island of alternative lifestyle, too and they are crying bitterly tears

We have had all processes, frameworks, compliance and governance in place – WHY?

Remark: this is a pure fictive story – if it remembers somebody – it’s not wanted.

Best Jutta Staudach


And, if you pay peanuts, you will get monkeys

Summary of questions and important things to be mention from the IS Audit Webinar 26th of February 2012

Difference between Responsibility and Accountability:
Responsibility-someone takes care for,
Accountability – someone’s head is under the guillotine, if something goes wrong.

Audit a continuous process?

An (external) Audit is a project, as it has start date and end date.
Nevertheless there can be a Continuous Audit Initiative, raised by the internal audit department (Anm. interne Revision/Innenrevision)

Continuous Auditing Does Not Equal Continuous Monitoring
This difference has been identified and emphasized by the ISACA Standards Board.6 CA and CM may be defined as:
•    CA—A methodology used by auditors, typically assisted by technology, to perform audit procedures and issue assurance on a continuous basis (e.g., weekly, monthly)
•    CM—A process put in place by management, usually automated, to determine on a recurring and repetitive basis (e.g., weekly, monthly) if activities are in compliance with policies and procedures implemented by management
Why COBIT is not an Audit Methodology itself, but where it might be helpful – and for all ISACA Exams a brief overview of COBIT is necessary upfront Courses/Classes and for sure the EXAM itself.
Same for PMBOK – but brief overview is good enough – no deep knowledge is necessary and CMM(I) is thought throughout the courses/classes – at a level necessary for the exam, of course.

COBIT might be real helpful for assessment programme (eg. CSA/RCSA)
The COBIT Assessment Programme is a COBIT-based approach that enables the evaluation of selected IT processes. The assessment results provide a determination of process capability and can be used for process improvement, delivering value to the business, measuring the achievement of current or projected business goals, benchmarking, consistent reporting and organizational compliance.
The process capability is expressed in terms of attributes grouped into capability levels and the achievement of specific process attributes as defined in ISO/IEC 15504-2. Processes can be assessed individually or alternatively in logical groups. As such, scoping areas have been defined based on previously developed mappings, published by ISACA, which will allow for focused assessments. These scoping areas include:
•    Capability of IT processes to support cloud services
•    Capability of IT processes to support achievement of IT and business goals
•    Capability of IT processes to support SOX compliance
•    Capability of IT processes to support the enterprise governance of IT **
Assessment reports will include the level of capability achieved, the processes needing improvement and recommendations for improvement.
COBIT Practitioner Classes can be taken eg. at ISACA Germany Chapter e.V.

** if you are interested in Enterprise Governance of IT go for CGEIT Exam.
SO what’s the difference between an ongoing audit process and “controlling”?
An Audit can be about auditing Controls – either the right in place, if they are working etc.

An example you find on ISACA Website about Audit Application Security Controls
Prerequisites for Auditing Application Security
Application Security Layers
1.    Operational layer—This is the core of application security and is generally controlled through the security module of the application.
2.    Tactical layer—This is the next management layer above the operational layer. This includes supporting functions such as security administration, IT risk management and patch management.
3.    Strategic layer—This layer includes the overall information security governance, security awareness, supporting information security policies and standards, and the overarching IT risk management framework.
Operational Layer includes eg.
User accounts and access rights
Passsword Controls
Real important! Segregation of duties (SoD)
Segregation of duties is defined as:
A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals responsibility for initiating and recording transactions and custody of assets to separate individuals.1

Risks Associated With Failure/Weak Application Security Controls
Standards and Guidance
Some of the standards and guidance that are available on application security are:
•    Control objectives for application security are more specifically defined in COBIT® 4.1, including DS5.3 Identity management, DS5.4 User account management and DS5.5 Security testing, surveillance and monitoring.3
•    ITAF™: A Professional Practices Framework for IT Assurance4 provides more guidance (including value drivers and risk drivers) on how to use COBIT to support the IT assurance/audit activities relevant to managing security.
•    ISACA® has published IT Audit and Assurance Guideline G38, Access Controls,5 which is as a valuable reference for auditing application security.
•    The Payment Card Industry (PCI) Data Security Standard (DSS)6 has prescribed two security compliance requirements that are specifically relevant to application security: Security Principle 6, ‘Develop and maintain secure systems and applications’ and Security Principle 8, ‘Assign a unique ID to each person with computer access’.
•    The ISO/IEC NP 27034 ‘Guidelines for application security’ was under development at the time of this writing.

Objectives and benefits of audits?
Objectives, Scope and Authority of IT Audit and Assurance Standards
Can be downloaded here (2.5 Meg)
A practical example is about objectives of Exchange 2010 Audit:
Table of Contents

I.     Introduction    4
II.     Using This Document    5
III.     Assurance and Control Framework    8
IV.     Executive Summary of Audit/Assurance Focus    9
V.     Audit/Assurance Program    14
1. Planning and Scoping the Audit    14
2. Preparatory Steps    16
3. Governance    18
4. Server Configuration    25
5. Network    34
6. Contingency Planning    34
VI.     Maturity Assessment    38
VII.     Maturity Assessment vs. Target Assessment    43
Appendix I. Exchange Server 2010—Server Roles    44
Appendix II. Exchange Server 2010 Transport Pipeline—Schematic    45
Appendix III. Specimen Exchange Server Management Role Hierarchy    46
More about and the possibility to download (members) or purchasing the book you can find here

a example about audit benefit is not directly the audit itself but like described here a assurance programme about using Social Media
Objective—The objective of the social media audit/assurance review is to provide management with an independent assessment relating to the effectiveness of controls over the enterprise’s social media policies and processes.
Scope—The review will focus on governance, policies, procedures, training and awareness functions related to social media. Specifically, it will address:
•    Strategy and governance—policies and frameworks
•    People—training and awareness
•    Processes
•    Technology

Table of Contents

I.     Introduction    5
II.    Using This Document    6
III.   Controls Maturity Analysis    9
IV.   Assurance and Control Framework    10
V.     Executive Summary of Audit/Assurance Focus    11
VI.     Audit/Assurance Program    14
1. Planning and Scoping the Audit    14
2. Strategy and Governance    15
3. People    19
4. Processes    22
5. Technology    24
VII.     Maturity Assessment    26
VIII.     Assessment Maturity vs. Target Maturity    30

it can be downloaded here (Member)
or purchased at ISACA
Any more questions?
Or leave a comment here – any valuable input is appreciated.
We will come back to you as soon as possible!


PMP & CAPM Free Online Webinar

Dear Guests,

On February 2nd we will offer you a 2 hours free online webinar. After this you will have a brief overview about following topics:

The five process groups:

  1. Initiating
  2. Planning
  3. Executing
  4. Monitoring and Controlling
  5. Closing

And 9 Knowledge Areas:

  1. Project Integration Management
  2. Project Scope Management
  3. Project Time Management
  4. Project Cost Management
  5. Project Quality Management
  6. Project Human Resource Management
  7. Project Communications Management
  8. Project Risk Management
  9. Project Procurement Management

Which are decribed in the PMBOK® Guide by PMI® and used for passing the PMP® Exam.

Register here –

Best Regards,

Jutta Staudach.

Finding the Truth – Neuer Service der GeProS

13.01.2012 GeProS German Project Solutions bietet neuen Service PDU Cracker Barrell für Ihre Kunden
GeProS German Project Solutions bietet neuen Service PDU(R) Cracker Barrell für Ihre Kunden

Unter dem Namen PDU Cracker Barrel startet die German Project Solutions GmbH per 26. Januar 2012, eine jeweils am letzten Donnerstag des Monats stattfindende Veranstaltungsreihe, welche angehenden und bereits zertifizierten PMP®s (Project Management Professional des amerikanischen Projekt Management Institutes, PMI® ) beim Erhalt des PMP-Zertifikats unterstützt.

Das PDU Cracker Barrel hat das innovative Format: 90 Minuten interaktives Web-Meeting, 30 Minuten Diskussion und anschließend eine Lernzielkontrolle in dem GeProS Learning Management System. „Uns ist es wichtig, dass unsere Teilnehmer einen direkten Nutzen für ihre Arbeit mitnehmen“, sagt Ralf Friedrich, geschäftsführender Gesellschafter der GeProS, „gleichzeitig führt eine regelmäßige Teilnahme an den PDU Cracker Barrels zum Erhalt des PMP-Zertifikats“. Zum Erhalt des PMP müssen innerhalb von 3 Jahren 60 sogenannte PDU’s – Professional Development Units gesammelt werden. Die Teilnahme an einem PDU Cracker Barrel bringt 3 PDU’s.

Einige Themen werden auch für angehende CISAs (CISA(R) Certified Information Systems Auditor) als auch CRISC(R) (Certified in Risk and Information Systems Control) interessant sein. Beide Zertifikate werden durch die ISACA – Information Systems Audit Certification Association) vergeben.

Als weiteren Anreiz zur beruflichen Weiterbildung wird den 3 besten Teilnehmern des im Anschluss stattfindenden Quizzes ein einstündiges kostenfreies Mentoring im Bereich der von ISACA abgedeckten international anerkannten Zertifizierungsthemen angeboten. Die Sieger werden natürlich auch im Internet verkündet. Bei gleicher Punktezahl entscheidet genauso wie bei „Wer wird Millionär“ die Zeit: wer schneller ist, der hat die Nase vorn.

Interessant ist diese Seminarreihe auch für Personen die sich im Bereich Projektmanagement, Audit, Risk oder Sicherheitsmanagement weiterbilden wollen.

Die GeProS startet am 26.01.2012 mit dem Thema IS Audit mit Fokus auf Audit von Information Systems Themen basierenden Projekten. Das Besondere: Es wird das Thema aus der Sicht der Auditoren für Projektmanager vorgestellt.

Im Februar geht die Reihe mit dem Thema Control Self Assessment weiter.

Die Gebühr liegt bei EUR69,- plus Mwst. pro Teilnehmer. Wegen der internationalen Teilnahme wird der PDU Cracker Barrel in englischer Sprache durchgeführt.

Der PDU Cracker Barrel wird am 26.01.2012 durch Jutta Staudach, CISA, CISM moderiert. Frau Staudach ist Mitglied der ISACA seit 2009 und unter anderem erfolgreicher Teilnehmer der ISACA CISA und CISM Exam Item Writer Campaign 2009 und 2010 (Autor Prüfungsfragen).
Als Co-Moderator wird Herr Ralf Friedrich, PMP, ACC, BCC, CPCC, geschäftsführender Gesellschafter der GeProS und Mitglied der PMI seit 1999 sein.
Die GeProS freut sich über rege Teilnahme und sollten Sie noch Fragen haben, Frau Sandra Müller steht Ihnen gerne jederzeit unter folgender Adresse zur Verfügung –
Kontakt Media Relations/Pressedienst –
® PMI, PMP sind eingetragene Marken des amerikanischen Project Management Institutes
® CISA, CISM und CRISC sind eingetragene Marken der ISACA – Information Systems Audit and Control Association

GeProS – German Project Solutions GmbH
Sandra Müller
Dessauer Str. 79a
64807 Dieburg
+49 (0) 60 71 . 21 06 85

Die GeProS besteht aus einem internationale Team, welches sich aus erfahren(d)en Experten zusammen setzt. Dieses Team bietet eine einzigartige Kombination aus Methoden, Fähigkeiten und Wissen.

Die Lösungen haben ihre Wurzeln in verschiedenen Kommunikationsschulen, im Accelerated Learning (auch bekannt unter Suggestopädie oder Superlearning), dem Coaching nach den Grundsätzen der International Coach Federation (ICF) und den Standards des Project Management Institutes (PMI), der weltweit führenden Organisation im Bereich der Standardisierung im Projektmanagement.

Alle Teammitglieder sind in Berufsverbänden engagiert und gestalten aktiv deren Entwicklung und die Entwicklung neuer Wege im Projektmanagement . Wie zum Beispiel Ralf Friedrich, Geschäftsführer, als Program-Manager der ersten Version des OPM3®-Standards des PMI®, oder als Forschender im Bereich Virtuelle Arbeitswelten.

Die Kunden und deren Wachstum stehen im Mittelpunkt des Schaffens. Noch mehr: Erfolg ist das Ergebnis unserer Zusammenarbeit: Die Kunden werden stärker und handeln zielorientierter am Markt.


Sandra Müller
Dessauer Str. 79a
64807 Dieburg
+49 (0) 60 71 . 21 06 85


PMP’s gain PDU’s – PDU Cracker-Barrel

hier anmelden – Finding the Truth – How to audit a project according to the Information Systems Audit Standards

Your benefits:

1. Understand the objectives of an IS-audit

2. State the internal mindset of an IS-auditor

3. State the elements and the content of an engagement letter

4. Differentiate between an engagement letter and a audit charter and a project charter

5. Establishing and approving an audit charter

6. State the role of the audit committee

7. Define the relationship between the auditor, audit committee and the project manager

The structure of the PDU Cracker-Barrel

First there will be an interactive 90 minutes presentation about the 7 points above. Then there will be an informal 30 minutes exchange among the participants. Finally there will be a 40 question multiple choice test. Then you will receive the PDU-code and can claim 3 PDU’s

About the facilitator of the PDU Cracker Barrel

Jutta Staudach CISA certified (Information Systems Auditor – ISACA) since 2009 and CISM certified (Information Security Manager – ISACA) since 2010.

Jutta has a sound experience in project management and project portfolio management for over 10 years. She managed projects of a business value of over 20 Mio USD.

Jutta is a highly skilled innovative out of the box thinker, who enjoys challenging assignments. She has a strong ability to build up a good team spirit in multicultural environments by establishing mutual trust with due regard for diligence and care.

PDU’s will be provided by GeProS –


PMP Vorbereitungskurs

Werte Kunden, Die Onlineuniversity24 freut sich hier in Kooperation mit Ralf Friedrich, GeProS – German Project Solutions GmbH, Online PMP und CAPM Zertifikatskurse / Vorbereitungskurse anbieten zu können.

Termine / Inhalte –

Ist PMI – PMP/CAPM die richtige Zertifizierung für mich? –

Heute 29.12.2011 16:00 Webinar zum Thema –

Prince2 und MSP Kurse in Vorbereitung.

Anmeldeformulare können hier herunter geladen werden –



Beste Grüsse, Ihre Jutta Staudach

Projektmanagement Düsseldorf

Erhöhung des Marktwertes durch Qualifizierung zum Projektmanager

Zertifizierungen und Weiterbildungen im Bereich Projektmanagement als Mittel zur Mitarbeitermotivation

Das Jahr geht dem Ende zu und die Mitarbeitergespräche sind geführt, nun gilt es die Zielvereinbarungen für das Jahr 2012 zu treffen.
Der Eine oder andere Mitarbeiter würde sich sicherlich gerne im Bereich des Programme und Projektmanagements weiter entwickeln.
Hierbei gibt es 3 international anerkannte Organisationen und deren verschiedene Zertifizierungen.
Welche die passende ist, richtet sich auch stark nach der Ausrichtung (Internationalisierung) des Unternehmens.
Welcher Level angestrebt werden soll/kann – eher nach den persönlichen Erwartungen des Mitarbeiters
IPMA Level A-D (wobei der PMP als Level C anerkannt wird)
OGC(APMG) Prince2 Foundation & Practitioner & MSP Foundation & Practicioner
Nutzen für Ihren Mitarbeiter?
• international anerkannter Kompetenznachweis
• neutrale und objektive Bestätigung der Projektmanagement – Kompetenz
• Steigerung des beruflichen Marktwertes
• Zeigt Willen und die Fähigkeit sich permanent weiterzuentwickeln
Nutzen für das Unternehmen:
• höhere Mitarbeitermotivation & Mitarbeiterbindung
• Vorteile gegenüber Markteilnehmern bei der Akquise von Projekten
• Einheitliche Standards und Sprache
• Verbesserung des Images und der Reputation des Unternehmens
Näher eingegangen wird auf MSP, Prince2 und die Integration der PMI/PMBOK in die selbige – denn wieder vorherrschender Meinung Prince2 und PMBOK schließen sich absolut nicht aus – neugierig geworden?

Ich freue mich auf rege Teilnahme! Anmelden – bitte hier – klicken oder via Xing –

Beste Grüße,
Jutta Staudach.

Internet Blog Verzeichnis TopOfBlogs Blogverzeichnis blogoscoop Blog Top Liste - by Blogverzeichnis - Blog Verzeichnis Blogverzeichnis IT-Beratung

XML Sitemap | Copyright © 2010 Jutta Staudach. All Rights Reserved. | Konzeption & Gestaltung crsMedia Ltd.