Artikel-Schlagworte: „webinar“
Schedules 2013
CISA After Work Webinar 7 consecutive Thursdays 6 p.m. till 9 pm.
04.04., 11.04., 18.04., 25.04., 02.05., 09.05. & 16.05.2013.
http://blog.rmpi-germany.de/?event=cisa-after-work-webinar-7-consecutive-thursdays-6-p-m-till-9-pm
CISA Refresher Webinar 23.05., 30.05. & 31.05.2013 6 p.m. till 9 p.m.
http://blog.rmpi-germany.de/?event=cisa-online-refresher-class
All times are local time (Amsterdam, Berlin, Vienna …)
Anmeldung/Register CISA und CISM Seminare / CISA & CISM Classes onsite and online (Webinar)
http://rmpi-austria.co.at/CISA_und_CISM_Seminare_2013.pdf
ISACA NY Metro Chapter Spring 2013 – CGEIT Exam Preparation Global Webinar (Live only)
ISACA NY Metro Chapter Spring 2013 – CISM Exam Preparation Global Webinar (Live only)
“Where Theory is put into Practice.” Series
How Single Sign On is Changing Healthcare
08/04/2013 & 10/04/2013
http://blog.rmpi-germany.de/?event=how-single-sign-on-is-changing-healthcare
Change Management as an integral part of Project Portfolio Management
(Programme Management – UK Terminology)
06/05/2013 & 08/05/2013
http://blog.rmpi-germany.de/?event=change-management-as-an-integral-part-of-project-portfolio-management
Mag. Jutta Edith Staudach
Brunecker Strasse 2e – Europahaus
A-6020 Innsbruck
Landline: +43.512.562055-22
Cell: +43.699.18297207
Free Overview about CISA, CISM, CRISC, and CGEIT Exam & Certification.
Who is it for, how to prepare, when to register, and career opportunities it brings. March 19 from 12 to 1 PM NYT (6 to 7PM Berlin Time).
It’s free and here is the link for registration – http://www.anymeeting.com/AccountManager/RegEv.aspx?PIID=EC53DD868548
Please come back at least 2 Weeks prior to the event.
Moderator: Jay Ranade
Co-Moderator: Jutta Staudach.
Best, Jutta.
About Jay – feel free to have a look on his vita here at page number 6 –
http://pr.jutta-staudach.de/CISA_CISM_CRISC.pdf
Not limited to but he is teaching CRISC at New York Metropolitan Chapter in Spring 2012
Summary of questions and important things to be mention from the IS Audit Webinar 26th of February 2012
Difference between Responsibility and Accountability:
Responsibility-someone takes care for,
Accountability – someone’s head is under the guillotine, if something goes wrong.
Audit a continuous process?
An (external) Audit is a project, as it has start date and end date.
Nevertheless there can be a Continuous Audit Initiative, raised by the internal audit department (Anm. interne Revision/Innenrevision)
Continuous Auditing Does Not Equal Continuous Monitoring
This difference has been identified and emphasized by the ISACA Standards Board.6 CA and CM may be defined as:
• CA—A methodology used by auditors, typically assisted by technology, to perform audit procedures and issue assurance on a continuous basis (e.g., weekly, monthly)
• CM—A process put in place by management, usually automated, to determine on a recurring and repetitive basis (e.g., weekly, monthly) if activities are in compliance with policies and procedures implemented by management
http://www.isaca.org/Journal/Past-Issues/2008/Volume-3/Pages/Auditor-Ethics-for-Continuous-Auditing-and-Continuous-Monitoring1.aspx
Why COBIT is not an Audit Methodology itself, but where it might be helpful – and for all ISACA Exams a brief overview of COBIT is necessary upfront Courses/Classes and for sure the EXAM itself.
Same for PMBOK – but brief overview is good enough – no deep knowledge is necessary and CMM(I) is thought throughout the courses/classes – at a level necessary for the exam, of course.
COBIT might be real helpful for assessment programme (eg. CSA/RCSA)
The COBIT Assessment Programme is a COBIT-based approach that enables the evaluation of selected IT processes. The assessment results provide a determination of process capability and can be used for process improvement, delivering value to the business, measuring the achievement of current or projected business goals, benchmarking, consistent reporting and organizational compliance.
The process capability is expressed in terms of attributes grouped into capability levels and the achievement of specific process attributes as defined in ISO/IEC 15504-2. Processes can be assessed individually or alternatively in logical groups. As such, scoping areas have been defined based on previously developed mappings, published by ISACA, which will allow for focused assessments. These scoping areas include:
• Capability of IT processes to support cloud services
• Capability of IT processes to support achievement of IT and business goals
• Capability of IT processes to support SOX compliance
• Capability of IT processes to support the enterprise governance of IT **
Assessment reports will include the level of capability achieved, the processes needing improvement and recommendations for improvement.
http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-Assessment-Programme.aspx
COBIT Practitioner Classes can be taken eg. at ISACA Germany Chapter e.V.
http://www.isaca.de/index.php?option=com_content&view=article&id=53&Itemid=76
** if you are interested in Enterprise Governance of IT go for CGEIT Exam.
SO what’s the difference between an ongoing audit process and “controlling”?
An Audit can be about auditing Controls – either the right in place, if they are working etc.
An example you find on ISACA Website about Audit Application Security Controls
http://www.isaca.org/Journal/Past-Issues/2009/Volume-6/Pages/Application-Security-Controls-An-Audit-Perspective-JOnline-1.aspx
Prerequisites for Auditing Application Security
Application Security Layers
1. Operational layer—This is the core of application security and is generally controlled through the security module of the application.
2. Tactical layer—This is the next management layer above the operational layer. This includes supporting functions such as security administration, IT risk management and patch management.
3. Strategic layer—This layer includes the overall information security governance, security awareness, supporting information security policies and standards, and the overarching IT risk management framework.
Operational Layer includes eg.
User accounts and access rights
Passsword Controls
Real important! Segregation of duties (SoD)
Segregation of duties is defined as:
A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals responsibility for initiating and recording transactions and custody of assets to separate individuals.1
Risks Associated With Failure/Weak Application Security Controls
Standards and Guidance
Some of the standards and guidance that are available on application security are:
• Control objectives for application security are more specifically defined in COBIT® 4.1, including DS5.3 Identity management, DS5.4 User account management and DS5.5 Security testing, surveillance and monitoring.3
• ITAF™: A Professional Practices Framework for IT Assurance4 provides more guidance (including value drivers and risk drivers) on how to use COBIT to support the IT assurance/audit activities relevant to managing security.
• ISACA® has published IT Audit and Assurance Guideline G38, Access Controls,5 which is as a valuable reference for auditing application security.
• The Payment Card Industry (PCI) Data Security Standard (DSS)6 has prescribed two security compliance requirements that are specifically relevant to application security: Security Principle 6, ‘Develop and maintain secure systems and applications’ and Security Principle 8, ‘Assign a unique ID to each person with computer access’.
• The ISO/IEC NP 27034 ‘Guidelines for application security’ was under development at the time of this writing.
Objectives and benefits of audits?
Objectives, Scope and Authority of IT Audit and Assurance Standards
Can be downloaded here (2.5 Meg) http://www.isaca.org/Knowledge-Center/Standards/Documents/ALL-IT-Standards-Guidelines-and-Tools.pdf
A practical example is about objectives of Exchange 2010 Audit:
Table of Contents
I. Introduction 4
II. Using This Document 5
III. Assurance and Control Framework 8
IV. Executive Summary of Audit/Assurance Focus 9
V. Audit/Assurance Program 14
1. Planning and Scoping the Audit 14
2. Preparatory Steps 16
3. Governance 18
4. Server Configuration 25
5. Network 34
6. Contingency Planning 34
VI. Maturity Assessment 38
VII. Maturity Assessment vs. Target Assessment 43
Appendix I. Exchange Server 2010—Server Roles 44
Appendix II. Exchange Server 2010 Transport Pipeline—Schematic 45
Appendix III. Specimen Exchange Server Management Role Hierarchy 46
More about and the possibility to download (members) or purchasing the book you can find here
http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Microsoft-Exchange-Server-2010-Audit-Assurance-Program.aspx
a example about audit benefit is not directly the audit itself but like described here a assurance programme about using Social Media
http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Social-Media-Audit-Assurance-Program.aspx
Objective—The objective of the social media audit/assurance review is to provide management with an independent assessment relating to the effectiveness of controls over the enterprise’s social media policies and processes.
Scope—The review will focus on governance, policies, procedures, training and awareness functions related to social media. Specifically, it will address:
• Strategy and governance—policies and frameworks
• People—training and awareness
• Processes
• Technology
Table of Contents
I. Introduction 5
II. Using This Document 6
III. Controls Maturity Analysis 9
IV. Assurance and Control Framework 10
V. Executive Summary of Audit/Assurance Focus 11
VI. Audit/Assurance Program 14
1. Planning and Scoping the Audit 14
2. Strategy and Governance 15
3. People 19
4. Processes 22
5. Technology 24
VII. Maturity Assessment 26
VIII. Assessment Maturity vs. Target Maturity 30
it can be downloaded here (Member) http://www.isaca.org/Knowledge-Center/ITAF-IT-Assurance-Audit-/Audit-Programs/Documents/WAPSM-Social-Media-Research-1Feb2011.doc
or purchased at ISACA
http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Social-Media-Audit-Assurance-Program.aspx
Any more questions? email:jutta@jutta-staudach.de
Or leave a comment here – http://pm-webinare.com/?p=145 any valuable input is appreciated.
We will come back to you as soon as possible!
Best,
Jutta.
New ISACA Certifcation Online classes for CRISC® will be held on (five Tuesdays in May/June) May 8,15,22,29 and June 5
all times are 6 PM to 10 PM German Time
CRISC Exam Training Course
Training Duration: 5 live webinar sessions of 4 hours each
(CRISC® Online Class will be conducted (five Tuesdays in May/June) May 8, 15, 22, 29 and June 5 all times 6 PM to 10 PM German Time)
Training Delivery Method: On-site, instructor-led course; or online, instructor-led course or hybrid
Instructor: Jay Ranade
https://www.xing.com/profile/Jay_Ranade
Here are pictures from the Live On-site classes Fall 2011
http://www.isaca.org/chapters2/New-York-Metropolitan/certification/Pages/page10.aspx
Prerequisites:
Experienced IT control or audit or security or risk management professionals. There is no prerequisite to take the exam; however, in order to apply for certification you must meet the necessary experience requirements as determined by ISACA.
What Problem Does This Training Help Solve?
Provides training to help candidates prepare for ISACA’s CRISC exam and learn IT Risk Management
Who Should Attend?
IT professionals interested in earning CRISC certification and learning IT Risk Management
Course Material:
Customized content-rich course handouts from ISACA/Jay Ranade and 300 Jay Ranade CRISC Axioms
Note: Ranade CRISC Axioms are 300 one line statements which summarize the essence of the profession of IT Risk Management. Just reading those 300 statements greatly enhances your chances of passing CRISC exam and deeply understanding the subject of IT Risk Management.
Course Syllabus:
This training course is for individuals preparing to take the Certified in Risk and Information Systems Control (CRISC) Exam.
In this course, professionals will learn the 5 job practice areas as determined by ISACA:
1. Risk Identification, Assessment, and Evaluation (31%)
2. Risk Response (17%)
3. Risk Monitoring (17%)
4. Information Systems Controls Design and Implementation (17%)
5. Information Systems Control Monitoring and Maintenance (18%)
There is no prerequisite to take the exam; however, in order to apply for the certification you must meet the necessary experience requirements.
Exam Support: Jay will answer any written questions up until the evening before the day of the exam. Please note that although questions will be sent by individuals, answers will be emailed to all attendees registered for the webinar. Identity of the question sender will not be disclosed. Jay will reserve the right to paraphrase the questions to enhance understanding.
Pricing 790 EUR incl. VAT
For ISACA Member price is CISA 520 EUR and CISM, CRISC 650 EUR incl VAT (if applicable)
Students and Military get a special price – please send us something that prove your state per email and we will tell you the pricing.
*Regardless of the refund amount listed, the amount refunded will never exceed the amount paid.
If there are not enough participants we reserve the right to cancel the eSeminar 14 days prior to the event and refund the full amount paid.
Want to know more about Jay – http://elearnings.jutta-staudach.de/index.php/team
Here you can find our other classes, as well.
Beschreibung in deutscher Sprache –
http://elearnings.jutta-staudach.de/KursbeschreibungenCISA-CISM-CRISC.pdf
21 CPE (as per rule)
Backend System for Students – http://elearnings.jutta-staudach.de/
Best, Jutta Staudach.
CISA, CISM
http://www.anymeeting.com/PIID=EC55DF89804F
-- Best Regards / Mit freundlichen Grüssen / Salutation cordiales Jutta Edith Staudach CISA, CISM Risk Management Professionals International, German Division Director of Global Certification seminars Holsteiner Str. 4 D-40667 Meerbusch http://rmpi-germany.de/ jutta.staudach@rmpi-germany.de Phone: +49.2132.6792142 Priv.: +49.2132.979199 Cell: +49.171.3833409 Risk Management Professionals International, Austrian Division Director of Global Certification seminars Vöslauerstrasse 46, A-2500 Baden bei Wien http://rmpi-austria.co.at/ jutta.staudach@rmpi-austria.co.at
Deutschland steht ungefähr auf Platz 17 im internationalen Vergleich bei der Einbeziehung digitaler Medien im gesamten Bildungsprozess.
Sagt zu mindestens der Herausgeber des „eLearning Journals“ – gesamten Artikel finden Sie hier
http://www.welt.de/wirtschaft/webwelt/article12606381/Deutsche-Schulen-liegen-bei-Digitalisierung-zurueck.html
Ja, aber es sind nicht nur die digitalen Tafeln, Online Austausch von Lerninhalten, digitale Medien im Bildungsprozess beinhaltet viel mehr.
Und wie auch im Artikel erwähnt – es ist nicht nur, aber auch, Geldmangel.
Die Möglichkeit z.B. die Teilnahme an ganzen Unterrichtseinheiten per Webinar Schülern und Studenten zu ermöglichen welche aus unterschiedlichsten Gründen nicht vor Ort teilnehmen koennen, bleibt unerwähnt.
Auch das diese aufgenommen werden können und zum späteren Zeitpunkt nochmals angesehen werden können – würde eine gute Möglichkeit bieten, Schülern die vielleicht etwas langsamer in der Aufnahmefähigkeit sind, den Vortrag nochmals zu zu hören. Oder wenn die Erkrankung nicht einmal die Teilnahme vom Krankenbett aus zulässt den Stoff später 1:1 zu studieren und somit den Vorteil, den die nicht erkrankten Kameraden/Kommilitonen hatten wieder wett zu machen.
Wo ich übereinstimme – hierzu gehört ein Konzept, welches alle Aspekte mit einschließt.
Die Pädagogik, die technischen Möglichkeiten und die Gegebenheiten Vor Ort – z.B. für eine Schule mit Integrationsklassen benötige ich ein völlig anderes Konzept, als für eine Schule die sich mit Hochbegabtenförderung beschäftigt – oder eine die beides verbinden will – uvm.
Mit der berühmten Gießkanne ist hier nichts zu erreichen.
Ich freue mich auf Ihr Feedback – info@jutta-staudach.de
Ihre
Jutta Staudach
Projekt Management Düsseldorf
Alfresco Webinars
http://www.alfresco.com/de/about/events/
Webinars
Alfresco Web Quickstart aus technischer Perspektive Teil II
Wann: 27. Januar 2011
Wo: Online webinar: 15:00 CET
Der zweite Teil unserer Webinarserie „Alfresco Web Quickstart aus technischer Perspektive“ richtet sich an Entwickler und demonstriert wie Sie Ihre eigene, contentzentrische Webapplikation mit Hilfe der Alfresco Web Quickstart aufbauen können.
Neue Möglichkeiten mit der Alfresco Enterprise Edition 3.4
Wann: 09. Februar 2011
Wo: Online webinar: 15:00 CET
In diesem Webinar geben wir Ihnen eine Übersicht zu den neunen Funktionen der Alfresco Enterprise Edition 3.4.
Sie erfahren welche neuen Einsatzmöglichkeiten Alfresco in der aktuellen Version bietet und wie Sie diese in Ihrem Unternehmen nutzen können.
Benutzerfreundliche ECM Lösungen mit CMIS und Alfresco
Wann: 17. Februar 2011
Wo: Online webinar: 16:00 CET
Erfahren Sie in diesem Webinar, wie Sie große Einsparungen erzielen können, indem Sie Das WeWebU Angebot an Open Source Produkten, den neuen Industrie-Standard Content Management Interoperability Services (CMIS) und Alfresco zu Ihrem Vorteil nutzen.
Events
Enterprise Open Source Day 2011
Wann: February 01 2011
Wo: Nürnberg, Deutschland
Alfresco ist mit einem Stand und zwei Vorträgen auf dem Enterprise Open Source Day 2011 vertreten.
CeBit 2011
Wann: 01.-05. März 2011
Wo: Hannover, Deutschland
Halle 2, Block D44, Stand 131
Alfresco wird auch dieses Jahr wieder auf der CeBit vertreten sein. Sie finden uns dort auf unserem Stand im Rahmen des Open Source Parks. Es stehen Alfresco Produkt Spezialisten für Sie zur Verfügung, um Ihnen die neuesten Funktionen und Features der Alfresco Enterprise Version 3.4 zu demonstrieren. Das Alfresco Team steht Ihnen für Gespräche rund um die Einsatzmöglichkeiten von Alfresco in Ihrem Unternehmen zur Verfügung. Wir freuen uns auf Ihren Besuch! Hier registrieren
Training
In dieser Mail finden Sie die Details zu den, in den nächsten Monaten, in Deutschland stattfindenden Alfresco-Schulungen. Diese Kurse werden von unserem zertifizierten Alfresco-Schulungspartner, der Averi GmbH durchgeführt.
31. Jan – 01.Feb – Fundamentals – Stuttgart, Germany
07. Feb – 11.Feb – Technical Bootcamp – Stuttgart, Germany
21. Feb – 25. Feb – Intensive Development – Stuttgart, Germany
21. Feb – 22. Mär – Fundamentals – Stuttgart, Germany