President's Letter
|
|
Elections
Your participation in our officer elections is vital for the continued growth of our chapter. The notice has been sent out and we request your timely reply.
ISACA Research
Here is a way to get involved with ISACA that requires time but not a long-term commitment. Getting involved with a project could be a great way to get your feet wet and expand your horizons.
Current Subject Matter Expert (SME) needs for Research Projects:
- Privacy Framework – ISACA Privacy Principles (Looking for SMEs – 3rd quarter 2015)
- DevOps (Looking for SMEs – 3rd quarter 2015)
- Quick Start Guide to Audit/Assurance Programs (Looking for SMEs – 3rd quarter 2015)
- Audit/Assurance Programs (Continuous need)
If you know of someone in your chapter suitable for any of the above projects, or if you yourself are interested, please contact Nancy Cohen at ncohen@isaca.org.
|
Tom Hart
2014 – 2015 PresidentP
|
|
|
- Upcoming Chapter Training
- ISACA Calendar of Events & Deadlines
- Job Opportunities
- Techno Security Conference News
- Helpful Articles
- CSRA IIA Chapter Training
- Social Media
|
The Chapter is 239 members STRONG! |
|
|
|
|
Upcoming Chapter Training
|
|
You should be receiving individual emails now regarding registration for our upcoming classes. Here is what is planned for the next few months:
July 22 – We will have Stu Henderson return for a 1 day course on How to Audit Mainframe Security TCP/IP. 8 cpes, Register here: http://www.cvent.com/d/trqwjk
August 19 – our own member, Brian Kelley will present a class on ETL: Security & Auditing Across the Entire Data Flow. 6 cpes, To learn more and register, go to http://www.cvent.com/d/9rqd6h
September 21 & 22 – Risk Management with Leighton Johnson
November 4 - 6 - South Carolina State Audit Conference will be held in Columbia, SC.
Job Opportunities
|
|
AMSEC is hiring - Computer System Security Analysts in Charleston, SC. – Multiple positions available!
Computer System Security Analyst 4 - requisition ID # 10172BR
Required experience:
- Candidates must have a minimum of eight (8) years of IT experience with Information Assurance (IA) and or Cyber Security. Demonstrated experience working with Junos, VMWare and Juniper Networks NetScreen Series Security Systems is required.
- Must be able to travel domestically and internationally as well as meet Department of Defense requirements for travel to Bahrain and Italy within 45 days of hire – valid passport a must.
- Must possess a TOP SECRET security clearance or be able to obtain an interim TOP SECRET security clearance within 45 days of hire.
For more information please visit our website at: www.AMSEC.com or follow the link below to search for position number 10172BR.
http://www.amsec.com/AMSEC_Web/Careers/Careers.html
SIGN ON BONUS AVAILABLE
AMSEC is a subsidiary of Huntington Ingalls Industries (HII). Huntington Ingalls Industries (HII) designs, builds and maintains nuclear and non-nuclear ships for the U.S. Navy and Coast Guard and provides after-market services for military ships around the globe. For more than a century, HII has built more ships in more ship classes than any other U.S. naval shipbuilder at its Newport News Shipbuilding and Ingalls Shipbuilding divisions. Employing more than 38,000 in Virginia, Mississippi, Louisiana and California, HII also provides a wide variety of products and services to the commercial energy industry and other government customers, including the Department of Energy.
Equal Opportunity Employer - Veterans/Disabled Welcome. U.S. citizenship required for most positions.
|
|
|
SC Midlands ISACA Booth at
Techno Security Conference 2015
|
|
|
|
|
|
|
|
ISACA Calendar of Events & Deadlines
|
|
June
|
11 June
|
ISACA Training Week, Chicago, Illinois, USA, early registration deadline
|
11 June
|
Full Circle Threat Management With SIEM, webinar
|
17 June
|
September CISA and CISM exams early registration deadline
|
23-24 June
|
Certification chapter leader quarterly update call
|
July
|
2 July
|
Training Week: Social Media in Your Enterprise: Mitigating the Risk and Reaping the Benefits, Seattle, Washington, USA, early registration deadline
|
20-23 July
|
Training Week: Healthcare Information Technology, Dallas, Texas, USA
|
24 July
|
September CISA and CISM exams final registration deadline
|
30 July
|
Training Week: Information Security Essentials for IT Auditors, Miami, Florida, USA, early registration deadline
|
31 July
|
Half-year registration opportunity for new members ends
|
August
|
1 August
|
Advanced-year membership registration begins
|
4-7 August
|
ISACA Training Week, Chicago, Illinois, USA
|
13 August
|
Training Week: An Introduction to Privacy and Data Protection, Atlanta, Georgia, USA, early registration deadline
|
17-19 August
|
Governance, Risk and Control Conference, Phoenix, Arizona, USA
|
19 August
|
December CISA, CISM, CGEIT and CRISC certification exams early registration deadline
|
24-27 August
|
Training Week: Social Media in Your Enterprise: Mitigating the Risk and Reaping the Benefits, Seattle, Washington, USA
|
26 August
|
CSX 2015 North America, Washington DC, USA, early registration deadline
|
27 August
|
Training Week: Taking the Next Step: Advancing Your IT Auditing Skills, Boston, Massachusetts, USA, early registration deadline
|
|
|
|
|
|
Techno Security Conference News
|
|
Audit and Security was well represented this year at the Techno Security Conference! The individual classes were great, and these folks did a great job with an Audit Panel led by Sue Rusher. The audience was lively and the topics flowed. Many thanks to our volunteers who made this happen:
Introduction to the NIST Framework for Improving Critical Infrastructure Cybersecurity
|
|
Mark Graves
Security Architect
Agfa HealthCare Corporation
|
|
Going on an Electronic Treasure Hunt: Auditing BYOD and Beyond
|
|
Hope to see you all there next year!
|
|
|
SC Midlands ISACA Booth at
Techno Security Conference 2015
|
|
|
CSRA IIA Chapter Training
|
|
Don’t miss your lunch and learn opportunity!
The World of BIG DATA presented by Leighton Johnson, Data Security and Digital Expert
With no less than 10 certifications in IT Audit, Security, Software Development, Anti-Terrorism, Digital Forensics and Cloud Security, Leighton is a must see to learn about the Topic that is the #1 highest growth area of innovation, talent demand and Fortune 500 area to watch!
Agenda: June 30, 2015
Registration ............................................................11:30 AM
Welcome ................................................................ 11:45 AM
We will recognize members and their achievements this year at the beginning of this meeting.
Lunch ............................................................... 12:00 PM
Enjoy from the "Soul Good" recipes from the Generations of the Ursy's down home cooking! In recognition of our third anniversary as a chapter, buffet lunch is on us!
Country Fried Chicken, Fat Man's Famous Macaroni & Cheese,
Green Beans, Tossed Salad, Rolls, Tea or Water
Presentation ......................................................... 12:10 PM
BIG DATA- Implications for Governance, Risk Management and Compliance 12:00 Noon - 1:00 PM
One hour CPE event, followed by questions and answer session.
Members $25 Non-members $30
Early Bird Discount $5 off enter coupon “BIRD” if you register by June 12th
Register Now
|
|
|
“Follow” ISACA's Cybersecurity Nexus page to stay up to date on all things cybersecurity: https://www.linkedin.com/company/cybersecurity-nexus |
|
|
Helpful Articles
|
|
Practical Suggestions for Passing Certification Exams
By Kathleen Stetz, CISA, CISM, CRISC, PMP
As a teacher and mentor for exam preparation classes, I am often asked “What kind of questions will be asked and what do I need to know in order to pass the exam?” The individuals posing this question are excited to get started on the right path, and many of them purchase all available exam preparation books. Basically, they want to know how questions will be extracted from each domain within the body of knowledge.
Based on my experience helping people to prepare for these exams and my own success passing these professional certification exams on the first try, I suggest the following study approaches:
- First and foremost, get into the mind-set of the professional organization that administers the test. Exam takers must put aside their preconceived ideas and methods, either based on their prior experience or those that may be suggested by their employers, for them to understand the standards and best practices offered by the profession. Taking exam preparation classes can certainly help to get you in the right frame of mind.
- Get a holistic understanding of the body of knowledge. Having a high-level view of the material can help you identify the key deliverables for the major aspects that will be tested. Seeing the big picture can help test takers understand the main areas of focus. Additionally, the candidate can see how all of the functions and related processes fit together.
- Take an operational risk view of the material. That is, understand the roles of people, processes, technologies and infrastructure of the body of knowledge as well as the adverse effects that can result if controls are not working effectively and determine the best course of action to take.
- People—Gain knowledge of the roles and responsibilities of the key stakeholders involved with the processes throughout the body of knowledge within the discipline. This should also be extended to committees, officers, managers and quality assurance.
- Process—Understand the key methods used within the body of knowledge. Having an end-to-end perspective of the input, transforming steps and the output for each domain helps with any sequencing questions.
- Technology—Obtain an understanding of the types of technology used within each domain. Each technology that houses information must be protected according to the data classification to ensure data integrity, availability and confidentially—the security attributes. The candidate must gain knowledge of the purpose of the technology before understanding the threats that can be imposed upon it and the potential consequences.
- Infrastructure—Understand the organizational policies, principles, methods, approaches, governance and forms followed in the organizational context.
- Practice by taking mock tests and sample questions. I tell my students to get their hands on as many sample questions as possible. Those materials offered by the certifying body are the best source, since questions are formatted similarly to the actual exam. I also warn students to be careful using some outside sources, since many questions are not constructed in the same manner as the certification test, which can lead test takers a bit astray and set some false expectations. Additionally, some certifications require an understanding of the calculations to derive the correct answer, while other examinations are only looking for a candidate to have a general understanding from more of a working application perspective. If possible, partner with others who are in the same situation and/or have already taken the exam. Everyone has their area of expertise and studying with subject matter experts (SMEs) can really help someone who may be less familiar with a particular topic. Since teaching others is one of the best methods for reinforcing your learning, this method helps both parties.
- Most important, do everything possible to establish clarity of thought. That is, remain emotionally calm before the test is distributed. Remember that having a frustrating experience right before the exam can hinder your thought process. It is equally important to develop a positive mental attitude for getting the needed confidence to put yourself in the right mind-set. Upon entering the testing room, envisioning that you already passed the test will help you to cultivate positive energy and thoughts. Being kind to yourself and others can help to relieve stress, so talk to people while waiting (if they are open to it) and be friendly.
Someone once told me that a definition of good luck is simply having opportunities that meet with your preparation, so study hard, believe in yourself, and go forth and conquer. And, do not forget to celebrate your success once you find out that you have passed.
|
|
|
|
|
|
|
|
|
|
|
We look forward to seeing you at our next event!
|
|
|
|
|
|