Artikel-Schlagworte: „webinar“

Schedules 2013

CISA After Work Webinar 7 consecutive Thursdays 6 p.m. till 9 pm.

04.04., 11.04., 18.04., 25.04., 02.05., 09.05. & 16.05.2013.

CISA Refresher Webinar 23.05., 30.05. & 31.05.2013 6 p.m. till 9 p.m.

All times are local time (Amsterdam, Berlin, Vienna …)

Anmeldung/Register CISA und CISM Seminare / CISA & CISM Classes onsite and online (Webinar)

ISACA NY Metro Chapter Spring 2013 – CGEIT Exam Preparation Global Webinar (Live only)

ISACA NY Metro Chapter Spring 2013 – CISM Exam Preparation Global Webinar (Live only)

“Where Theory is put into Practice.” Series

How Single Sign On is Changing Healthcare
08/04/2013 & 10/04/2013

Change Management as an integral part of Project Portfolio Management
(Programme Management – UK Terminology)
06/05/2013 & 08/05/2013

Mag. Jutta Edith Staudach
Brunecker Strasse 2e – Europahaus
A-6020 Innsbruck

Landline: +43.512.562055-22

Cell: +43.699.18297207

Free Overview about CISA, CISM, CRISC, and CGEIT Exam & Certification.

Who is it for, how to prepare, when to register, and career opportunities it brings. March 19 from 12 to 1 PM NYT (6 to 7PM Berlin Time).

It’s  free and here is the link for registration –

Please come back at least 2 Weeks prior to the event.

Moderator: Jay Ranade

Co-Moderator: Jutta Staudach.
Best, Jutta.

About Jay – feel free to have a look on his vita here at page number 6 –

Not limited to but he is teaching CRISC at New York Metropolitan Chapter in Spring 2012

Summary of questions and important things to be mention from the IS Audit Webinar 26th of February 2012

Difference between Responsibility and Accountability:
Responsibility-someone takes care for,
Accountability – someone’s head is under the guillotine, if something goes wrong.

Audit a continuous process?

An (external) Audit is a project, as it has start date and end date.
Nevertheless there can be a Continuous Audit Initiative, raised by the internal audit department (Anm. interne Revision/Innenrevision)

Continuous Auditing Does Not Equal Continuous Monitoring
This difference has been identified and emphasized by the ISACA Standards Board.6 CA and CM may be defined as:
•    CA—A methodology used by auditors, typically assisted by technology, to perform audit procedures and issue assurance on a continuous basis (e.g., weekly, monthly)
•    CM—A process put in place by management, usually automated, to determine on a recurring and repetitive basis (e.g., weekly, monthly) if activities are in compliance with policies and procedures implemented by management
Why COBIT is not an Audit Methodology itself, but where it might be helpful – and for all ISACA Exams a brief overview of COBIT is necessary upfront Courses/Classes and for sure the EXAM itself.
Same for PMBOK – but brief overview is good enough – no deep knowledge is necessary and CMM(I) is thought throughout the courses/classes – at a level necessary for the exam, of course.

COBIT might be real helpful for assessment programme (eg. CSA/RCSA)
The COBIT Assessment Programme is a COBIT-based approach that enables the evaluation of selected IT processes. The assessment results provide a determination of process capability and can be used for process improvement, delivering value to the business, measuring the achievement of current or projected business goals, benchmarking, consistent reporting and organizational compliance.
The process capability is expressed in terms of attributes grouped into capability levels and the achievement of specific process attributes as defined in ISO/IEC 15504-2. Processes can be assessed individually or alternatively in logical groups. As such, scoping areas have been defined based on previously developed mappings, published by ISACA, which will allow for focused assessments. These scoping areas include:
•    Capability of IT processes to support cloud services
•    Capability of IT processes to support achievement of IT and business goals
•    Capability of IT processes to support SOX compliance
•    Capability of IT processes to support the enterprise governance of IT **
Assessment reports will include the level of capability achieved, the processes needing improvement and recommendations for improvement.
COBIT Practitioner Classes can be taken eg. at ISACA Germany Chapter e.V.

** if you are interested in Enterprise Governance of IT go for CGEIT Exam.
SO what’s the difference between an ongoing audit process and “controlling”?
An Audit can be about auditing Controls – either the right in place, if they are working etc.

An example you find on ISACA Website about Audit Application Security Controls
Prerequisites for Auditing Application Security
Application Security Layers
1.    Operational layer—This is the core of application security and is generally controlled through the security module of the application.
2.    Tactical layer—This is the next management layer above the operational layer. This includes supporting functions such as security administration, IT risk management and patch management.
3.    Strategic layer—This layer includes the overall information security governance, security awareness, supporting information security policies and standards, and the overarching IT risk management framework.
Operational Layer includes eg.
User accounts and access rights
Passsword Controls
Real important! Segregation of duties (SoD)
Segregation of duties is defined as:
A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals responsibility for initiating and recording transactions and custody of assets to separate individuals.1

Risks Associated With Failure/Weak Application Security Controls
Standards and Guidance
Some of the standards and guidance that are available on application security are:
•    Control objectives for application security are more specifically defined in COBIT® 4.1, including DS5.3 Identity management, DS5.4 User account management and DS5.5 Security testing, surveillance and monitoring.3
•    ITAF™: A Professional Practices Framework for IT Assurance4 provides more guidance (including value drivers and risk drivers) on how to use COBIT to support the IT assurance/audit activities relevant to managing security.
•    ISACA® has published IT Audit and Assurance Guideline G38, Access Controls,5 which is as a valuable reference for auditing application security.
•    The Payment Card Industry (PCI) Data Security Standard (DSS)6 has prescribed two security compliance requirements that are specifically relevant to application security: Security Principle 6, ‘Develop and maintain secure systems and applications’ and Security Principle 8, ‘Assign a unique ID to each person with computer access’.
•    The ISO/IEC NP 27034 ‘Guidelines for application security’ was under development at the time of this writing.

Objectives and benefits of audits?
Objectives, Scope and Authority of IT Audit and Assurance Standards
Can be downloaded here (2.5 Meg)
A practical example is about objectives of Exchange 2010 Audit:
Table of Contents

I.     Introduction    4
II.     Using This Document    5
III.     Assurance and Control Framework    8
IV.     Executive Summary of Audit/Assurance Focus    9
V.     Audit/Assurance Program    14
1. Planning and Scoping the Audit    14
2. Preparatory Steps    16
3. Governance    18
4. Server Configuration    25
5. Network    34
6. Contingency Planning    34
VI.     Maturity Assessment    38
VII.     Maturity Assessment vs. Target Assessment    43
Appendix I. Exchange Server 2010—Server Roles    44
Appendix II. Exchange Server 2010 Transport Pipeline—Schematic    45
Appendix III. Specimen Exchange Server Management Role Hierarchy    46
More about and the possibility to download (members) or purchasing the book you can find here

a example about audit benefit is not directly the audit itself but like described here a assurance programme about using Social Media
Objective—The objective of the social media audit/assurance review is to provide management with an independent assessment relating to the effectiveness of controls over the enterprise’s social media policies and processes.
Scope—The review will focus on governance, policies, procedures, training and awareness functions related to social media. Specifically, it will address:
•    Strategy and governance—policies and frameworks
•    People—training and awareness
•    Processes
•    Technology

Table of Contents

I.     Introduction    5
II.    Using This Document    6
III.   Controls Maturity Analysis    9
IV.   Assurance and Control Framework    10
V.     Executive Summary of Audit/Assurance Focus    11
VI.     Audit/Assurance Program    14
1. Planning and Scoping the Audit    14
2. Strategy and Governance    15
3. People    19
4. Processes    22
5. Technology    24
VII.     Maturity Assessment    26
VIII.     Assessment Maturity vs. Target Maturity    30

it can be downloaded here (Member)
or purchased at ISACA
Any more questions?
Or leave a comment here – any valuable input is appreciated.
We will come back to you as soon as possible!



New ISACA Certifcation Online classes for CRISC® will be held on (five Tuesdays in May/June) May 8,15,22,29 and June 5
all times are 6 PM to 10 PM German Time

CRISC Exam Training Course

Training Duration: 5 live webinar sessions of 4 hours each
(CRISC® Online Class will be conducted (five Tuesdays in May/June) May 8, 15, 22, 29 and June 5 all times 6 PM to 10 PM German Time)

Training Delivery Method: On-site, instructor-led course; or online, instructor-led course or hybrid

Instructor: Jay Ranade

Here are pictures from the Live On-site classes Fall 2011

Experienced IT control or audit or security or risk management professionals.  There is no prerequisite to take the exam; however, in order to apply for certification you must meet the necessary experience requirements as determined by ISACA.

What Problem Does This Training Help Solve?
Provides training to help candidates prepare for ISACA’s CRISC exam and learn IT Risk Management

Who Should Attend?
IT professionals interested in earning CRISC certification and learning IT Risk Management

Course Material:
Customized content-rich course handouts from ISACA/Jay Ranade and 300 Jay Ranade CRISC Axioms
Note: Ranade CRISC Axioms are 300 one line statements which summarize the essence of the profession of IT Risk Management. Just reading those 300 statements greatly enhances your chances of passing CRISC exam and deeply understanding the subject of IT Risk Management.

Course Syllabus:
This training course is for individuals preparing to take the Certified in Risk and Information Systems Control (CRISC) Exam.

In this course, professionals will learn the 5 job practice areas as determined by ISACA:

1.    Risk Identification, Assessment, and Evaluation (31%)
2.    Risk Response (17%)
3.    Risk Monitoring (17%)
4.    Information Systems Controls Design and Implementation (17%)
5.    Information Systems Control Monitoring and Maintenance (18%)
There is no prerequisite to take the exam; however, in order to apply for the certification you must meet the necessary experience requirements.

Exam Support:  Jay will answer any written questions up until the evening before the day of the exam. Please note that although questions will be sent by individuals, answers will be emailed to all attendees registered for the webinar. Identity of the question sender will not be disclosed. Jay will reserve the right to paraphrase the questions to enhance understanding.

Pricing 790 EUR incl. VAT

For ISACA Member price is CISA 520 EUR and CISM, CRISC 650 EUR incl VAT (if applicable)

Students and Military get a special price – please send us something that prove your state per email and we will tell you the pricing.

Price Paid: € 790
If Cancelled By
€ 790.00
Wednesday, April 27th, 2012
€ 395
Wednesday, May 2, 2012

*Regardless of the refund amount listed, the amount refunded will never exceed the amount paid.

If there are not enough participants we reserve the right to cancel the eSeminar 14 days prior to the event and refund the full amount paid.

Want to know more about Jay –

Here you can find our other classes, as well.

Beschreibung in deutscher Sprache –

21 CPE (as per rule)

Backend System for Students –

Best, Jutta Staudach.


Best Regards / Mit freundlichen Grüssen / Salutation cordiales
Jutta Edith Staudach

Risk Management Professionals International, German Division
Director of Global Certification seminars

Holsteiner Str. 4
D-40667 Meerbusch

Phone: +49.2132.6792142
Priv.: +49.2132.979199
Cell: +49.171.3833409

Risk Management Professionals International, Austrian Division
Director of Global Certification seminars

Vöslauerstrasse 46, A-2500 Baden bei Wien

Deutschland steht ungefähr auf Platz 17 im internationalen Vergleich bei der Einbeziehung digitaler Medien im gesamten Bildungsprozess.

Sagt zu mindestens der Herausgeber des „eLearning Journals“ – gesamten Artikel finden Sie hier

Ja, aber es sind nicht nur die digitalen Tafeln, Online Austausch von Lerninhalten, digitale Medien im Bildungsprozess beinhaltet viel mehr.

Und wie auch im Artikel erwähnt – es ist nicht nur, aber auch, Geldmangel.

Die Möglichkeit z.B. die Teilnahme an ganzen Unterrichtseinheiten per Webinar Schülern und Studenten zu ermöglichen welche aus unterschiedlichsten Gründen nicht vor Ort teilnehmen koennen, bleibt unerwähnt.

Auch das diese aufgenommen werden können und zum späteren Zeitpunkt nochmals angesehen werden können – würde eine gute Möglichkeit bieten, Schülern die vielleicht etwas langsamer in der Aufnahmefähigkeit sind, den Vortrag nochmals zu zu hören. Oder wenn die Erkrankung nicht einmal die Teilnahme vom Krankenbett aus zulässt den Stoff später 1:1 zu studieren und somit den Vorteil, den die nicht erkrankten Kameraden/Kommilitonen hatten wieder wett zu machen.

Wo ich übereinstimme – hierzu gehört ein Konzept, welches alle Aspekte mit einschließt.

Die Pädagogik, die technischen Möglichkeiten und die Gegebenheiten Vor Ort – z.B. für eine Schule mit Integrationsklassen benötige ich ein völlig anderes Konzept, als für eine Schule die sich mit Hochbegabtenförderung beschäftigt – oder eine die beides verbinden will – uvm.

Mit der berühmten Gießkanne ist hier nichts zu erreichen.

Ich freue mich auf Ihr Feedback –

Jutta Staudach
Projekt Management Düsseldorf

Alfresco Webinars


Alfresco Web Quickstart aus technischer Perspektive Teil II
Wann: 27. Januar 2011
Wo: Online webinar: 15:00 CET
Der zweite Teil unserer Webinarserie „Alfresco Web Quickstart aus technischer Perspektive“ richtet sich an Entwickler und demonstriert wie Sie Ihre eigene, contentzentrische Webapplikation mit Hilfe der Alfresco Web Quickstart aufbauen können.

Neue Möglichkeiten mit der Alfresco Enterprise Edition 3.4
Wann: 09. Februar 2011
Wo: Online webinar: 15:00 CET
In diesem Webinar geben wir Ihnen eine Übersicht zu den neunen Funktionen der Alfresco Enterprise Edition 3.4.
Sie erfahren welche neuen Einsatzmöglichkeiten Alfresco in der aktuellen Version bietet und wie Sie diese in Ihrem Unternehmen nutzen können.

Benutzerfreundliche ECM Lösungen mit CMIS und Alfresco
Wann: 17. Februar 2011
Wo: Online webinar: 16:00 CET
Erfahren Sie in diesem Webinar, wie Sie große Einsparungen erzielen können, indem Sie Das WeWebU Angebot an Open Source Produkten, den neuen Industrie-Standard Content Management Interoperability Services (CMIS) und Alfresco zu Ihrem Vorteil nutzen.


Enterprise Open Source Day 2011
Wann: February 01 2011
Wo: Nürnberg, Deutschland
Alfresco ist mit einem Stand und zwei Vorträgen auf dem Enterprise Open Source Day 2011 vertreten.

CeBit 2011
Wann:  01.-05. März 2011
Wo: Hannover, Deutschland
Halle 2, Block D44, Stand 131
Alfresco wird auch dieses Jahr wieder auf der CeBit vertreten sein. Sie finden uns dort auf unserem Stand im Rahmen des Open Source Parks. Es stehen Alfresco Produkt Spezialisten für Sie zur Verfügung, um Ihnen die neuesten Funktionen und Features der Alfresco Enterprise Version 3.4 zu demonstrieren. Das Alfresco Team steht Ihnen für Gespräche rund um die Einsatzmöglichkeiten von Alfresco in Ihrem Unternehmen zur Verfügung. Wir freuen uns auf Ihren Besuch! Hier registrieren


In dieser Mail finden Sie die Details zu den, in den nächsten Monaten, in Deutschland stattfindenden Alfresco-Schulungen. Diese Kurse werden von unserem zertifizierten Alfresco-Schulungspartner, der Averi GmbH durchgeführt.

31. Jan – 01.Feb – Fundamentals – Stuttgart, Germany
07. Feb – 11.Feb – Technical Bootcamp – Stuttgart, Germany
21. Feb – 25. Feb – Intensive Development – Stuttgart, Germany
21. Feb – 22. Mär – Fundamentals – Stuttgart, Germany

Internet Blog Verzeichnis TopOfBlogs Blogverzeichnis blogoscoop Blog Top Liste - by Blogverzeichnis - Blog Verzeichnis Blogverzeichnis IT-Beratung

XML Sitemap | Copyright © 2010 Jutta Staudach. All Rights Reserved. | Konzeption & Gestaltung crsMedia Ltd.