IT governance is the most critical component of corporate governance. IT governance comprises the leadership, internal and external relationships, processes and monitoring that ensure IT sustains and extends the enterprise's strategies and objectives while managing any associated risk. This stream presents key topics, processes and the latest frameworks designed to provide a perspective on information systems and technology issues starting at the strategic level. This will enable well-informed planning and resource decisions, transparency in actions and the delivery of stakeholders’ expectations.

111—Val IT 2.0: A New Dawn M L

Anil Jogani, CISA, CGEIT
Director
Milan Solutions Ltd.
UK

• Discuss how enterprises realise optimal value from IT-enabled investments
• List the domains, processes and practices to assist management in understanding and carrying out their roles in IT-enabled investments
• Use business cases as a management tool to realise value from programmes
• Employ the Val IT value/results chain, analytical model and maturity models to ensure optimum value delivery
• Describe the six steps to get started on value management

121—Listening to the Board and Having the Board Listen to IT Governance S M L

Charan Kumar, CISA, CGEIT
Principal
Fernhill Associates Inc.
Canada

• Determine how engaged the board is when making IT decisions
• Identify any correlation between the board’s IT knowledge and its involvement in IT decision making
• Describe what engages the board with respect to IT
• Measure the level of awareness of IT governance by the board
• Explain how the board’s awareness level of IT governance affects the job of information systems auditors

131—Governance of your Operational Environment Using COBIT and ITIL M L

Robert Stroud, CGEIT
Vice President
Evangelist, Service Management and Governance
CA Inc.
USA

• Examine the common intersection points of the COBIT and ITIL frameworks
• Identify how to use COBIT and ITIL together to establish operational metrics
• Leverage the COBIT process maturity model to assess process maturity
• Align ITIL service manager roles to governance metrics
• Justify the success of service management implementation to management

211—Demonstrating the Value of COBIT and Val IT Governance Practices M L

Paul Williams
IT Governance Advisor
Protiviti
UK

• Implement the good practices from COBIT and Val IT to help create enterprise value
• Build an internal business case for the adoption of COBIT and Val IT
• Apply the experience of others in how to preserve and create enterprise value
• Communicate and work in partnership with audit, IT and the business to achieve enterprise objectives

221—Roles and Responsibilities for Top Executives and Board Members M L

Roger Southgate, CISA, CISM
IT Governance Consultant
UK

• Demonstrate the links between corporate, enterprise and IT governance
• Identify the appropriate IT governance mechanisms
• Select and utilise the latest ISACA publications to support IT governance activities
• Assess and evaluate the current status of IT governance through the governance mechanisms
• Evaluate and recommend focused improvement activities

231—Providing Governance in a Rapidly Changing World S M L

Robert Stroud, CGEIT
Vice President
Evangelist, Service Management and Governance
CA Inc.
USA

• Examine the changing landscape of IT technology
• Leverage the COBIT process maturity model to assess process maturity
• Summarise the importance of the business/IT relationship and how to leverage this to drive sustainable governance processes
• Appraise IT-enabled business change and impact on governance

311—The Great Governance Divide: IT GRC vs Enterprise GRC S M

Julian Waits
Vice President of Business Development
Archer Technologies
USA

• Manage the lifecycle of corporate and IT policies
• Overcome hurdles to achieve effective governance throughout the enterprise
• Consolidate business intelligence for efficient management of regulatory requirements across business units
• Evaluate technical requirements needed for a best-in-class IT- and enterprise GRC programmes
• Reduce costs with effective GRC technologies

321—IT Governance: Starting the Journey S M L

Charles Mansour, CISA
Principal
Charles Mansour Audit & Risk Services
UK

• Acquire a knowledge of IT governance concepts and fundamentals
• Take the first steps to implement IT governance utilising COBIT
• Apply COBIT and Val IT as tools for IT governance
• Select and use IT governance related metrics
• Make sense of IT governance and related standards, such as ISO38500, ITIL and COSO
• Engage with and facilitate senior management to establish an understanding of the concept of IT governance as a tool for corporate governance

331—Implementing an Effective Internal Controls System: A Case Study S M L

Urs Fischer, CISA
Vice President
Head IT Governance and Risk Management
Swiss Life
Switzerland

• Discuss an internal control system, business controls and IT general controls
• Build an IT general control framework
• Identify relevant IT components for an efficient and effective internal control system
• Create checklists and questionnaires for an efficient and effective control self assessment
• Organise the maintenance of the internal control system

341—Destroy for Victory: Proper Planning and Execution in the Disposal of Sensitive Information Assets M L

Matthew Pemble
Technical Director
Idrach Ltd.
UK

• Discuss the importance of planning for end-of-life issues
• Evaluate projects and locations for critical end-of-life management problems
• Indentify legal and regulatory risks regarding end-of-life archiving and disposal
• Construct auditable plans for end-of-life management of contracts, projects and locations

Keeping abreast of key issues and the latest best practices is essential for all IT assurance professionals. This stream will help you gain a better understanding and become aware of how others have solved what are considered very tough issues and technologies. It will present new resources, processes and tools for IT assurance including frameworks, processes, terminology, concepts approaches, tools, emerging issues and technologies. Finally, the stream will offer the latest thinking on assuring existing technologies. Auditors need to look ahead and be ready for new ways to do things. The stream will give you some ideas to where to look.

112— COBIT and Application Audits: Is the "Magic Bullet" Still in the Shrink Wrap? P S M

Charles Mansour, CISA
Principal
Charles Mansour Audit & Risk Services
UK

• Adopt a more structured approach to application auditing
• Apply the COBIT and COSO frameworks to assess the level of internal controls in an application
• Perform more effective and efficient auditing or assurance engagements by utilising the COBIT family of products
• Employ the various COBIT products in the course of audit planning, risk assessment and fieldwork to produce a better audit deliverable

122—Value Management Guidance for Assurance Professionals S M

Paul Williams
IT Governance Adviser
Protiviti
UK

• Implement good value management practices to contribute to enterprise value
• Describe how the assurance function can use Val IT to help in the audit of IT investment and portfolio management processes
• Apply the Val IT Assurance Guide in the development of audit activities and management reporting
• Communicate and work in partnership with financial and operational audit, IT and the business to better achieve enterprise objectives

132—Risk-based Audit Planning Based on IT Process Maturity Assessment S M L

Peter R. Bitterli, CISA, CISM, CGEIT
IT Security Consultant/Auditor
Bitterli Consulting AG
Switzerland

• Discuss why a financial auditor should perform an IT process maturity assessment as part of strategic planning for individual audits
• Identify the dependencies of the internal control system on IT
• Objectively and efficiently perform an IT process maturity assessment
• Use the assessment outcome to adapt your planned audit procedures
• Adapt the assessment approach to use it during the annual audit-planning process

212—Making IT Audit More Relevant S M L

Charan Kumar, CISA, CGEIT
Principal
Fernhill Associates Inc.
Canada

• Identify various business and regulatory expectations of the executive leadership of an enterprise
• Analyse the tasks involved in accomplishing these expectations
• Examine the critical tasks to identify common deliverables
• Create a strategy on how to engage IT audit in a role broader than IT audit

222—Controlling End-user Computing: Putting the Genie Back in the Bottle P S M

Ray Butler, CISA
Head of Information Policy and Security
Highways Agency
UK

• Describe the most common end-user applications and the risks involved in their uncontrolled use
• Use a standard scale of impacts to determine the worst case impact of material error in the ise of end-user applications in your enterprise
• Use a COBIT-based maturity model to measure the likelihood of material error from use of end-user applications in your enterprise
• Identify some good and not-so-good practices in the use of end-user applications
• Describe some options for improving control of end-user applications

232—Beyond Continuous Auditing to Continuous Risk and Control Assurance S M L

Norman Marks
Vice President, GRC
SAP
USA

• Argue why leading internal audit functions are moving from a traditional focus on controls to a risk-centric approach
• Describe the value of providing assurance to key stakeholders that risk management practices are effective and the controls required to manage those risks are healthy
• Apply an operating model for internal audit that delivers continuous risk and control assurance, leverage risk monitoring, controls and data auditing, and reference the work of other assurance providers
• Implement continuous risk and control assurance (CRCA), including continuous fraud detection
• Intelligently select enabling technology

312—Better Value from IT Auditors: Aligning IT Audit with Corporate Strategic Objectives M L

Dan Cimpean, CISA, CGEIT
Partner
Deloitte
Belgium

Cosmin Croitor, CISA, CGEIT
Senior Manager
Deloitte
Belgium

• Identify strategic objectives impacting the IT audit activity
• Deploy IT audit efforts on areas of strategic importance for the enterprise
• Provide IT audit recommendations with relevant impact on the enterprise
• Actively coach management to implement action plans following IT audit recommendations
• Answer to specific challenges, questions and concerns raised by stakeholders

322—Centralised Log Collection and Assessment: The Power Of “Logness” P S

Erika Hágen
Executive Manager
PR-AUDIT Kft.
Hungary

• Describe the importance of log assessment
• Identify the connection of log assessment and control objectives
• Implement solutions successfully for corporate log assessment challenges
• Identify log assessment relevant vulnerabilities of an IT system

332—Auditing the Mainframe that Refuses to Die S M

Peter Thingsted, CISA
Technical Manager
Deloitte
Denmark

• Describe what sets the IBM z/Server technology apart from other types of servers
• Identify the areas of risk within the z/OS – MVS environment
• Prioritise audit-activities within a general review program for z/OS
• Use generally available tools to extract key-information from the z/Server
• Interpret key findings in business-relevant terms

342—Auditing in the Virtual World: The New Era of Cloud Computing, Social Networking and an Interconnected Globe P S M

Rolf von Roessing, CISA, CISM, CGEIT
Executive Advisor
KPMG
Germany

• Identify key technical and organisational challenges associated with cloud computing
• Describe the key risks and issues associated with social networking in the workplace
• Implement strategies for risk assessing cloud-delivered applications and services
• Embrace an approach for managing social networking in the workplace
• Utilise an approach for assessing security and compliance of cloud service providers
• Employ practical guidance for implementing an effective approach to auditing in the new virtual world

Understanding the concepts and new trends of information security and its management is essential for IT assurance professionals to provide valueadding services. This stream presents the key elements of information security, in relation to the threats of confidentiality, integrity and the availability of information and systems. It explores the relevant management issues of the day to better equip security managers to meet the challenges and to provide IT audit professionals an insightful perspective on their responsibilities. The stream will offer examples of assurance steps needed to evaluate the enterprise’s overall security management programme and ways to counter the threats.

113—Being Smarter in Security: How to Deploy ISACA’s Business Model for Information Security S M

Vernon Poole, CISM, CGEIT
Head of Business Consultancy
Sapphire
UK

• Describe how ISACA’s business model for information security (BMIS) assists senior management’s commitment to information security initiatives
• Argue how BMIS can focus the manager on the need for IT governance and alignment of information security with the enterprise’s objectives
• Sell the benefits of BMIS to senior management
• Realise the business benefits of reporting in an BMIS balanced way
• Explain why BMIS is the missing integration link between business and information security
• Identify why BMIS will establish an agreed basis for continuous monitoring and constant vigilance

123—Security in the Cloud S M L

Mike Small
Information Security Management Advisor
UK

• Define and recognise what is meant by cloud computing
• Describe how cloud computing and virtual computing are related
• Specify the particular security challenges posed by cloud computing
• Recognise how ISO 27001 controls relate to cloud computing
• Identify approaches to mitigate these security challenges

133—Modern Cyber Threats and How to Combat Them S

Leighton R. Johnson III, CISA, CISM
Chief Operations Officer, Senior Security Engineer
Information Security & Forensics Management Team
USA

• Identify what threats are out there in the “wild”
• Summarise the key steps to an incident identification
• Utilise the tools, techniques and tactics to combat threats
• Determine what is really vulnerable in your network

213—Data Breaches: Can Something Good Come from Something Bad? S M L

Matt van der Wel, CISA
Managing Principal Forensics EMEA
Verizon Business
The Netherlands

• Recognise today’s top threats in data breaches
• Create a strategy to reduce the risk of a data breach
• Retell some war stories of what enterprises did wrong and how they got hacked
• Realise the value of and how to better prepare for an IT security incident
• Explain why IT audits and completeness of information are crucial when handling an incident

223—Software Development Security in Complex IT Environments S M

Csaba Krasznay, CISA, CISM
IT Security Consultant
Hewlett-Packard Hungary Ltd.
Hungary

• Use secure development standards such as Common Criteria
• Design secure, interconnected systems
• Support application development from the security side
• Select programmatic countermeasures based on real-life risks
• Evaluate the overall security level of new applications

233—Establishing the Information Security Culture S M

Vernon Poole, CISM, CGEIT
Head of Business Consultancy
Sapphire
UK

• Discuss the new, dynamic Business Model for Information Security (BMIS)
• Set up an effective BMIS to suit your enterprise’s culture environment
• Create an ‘intentional culture’ within BMIS
• Discuss examples of good and bad culture that have influenced enterprises

313—Managing Incident Response Teams and Events M

Leighton R. Johnson III, CISA, CISM
Chief Operations Officer & Senior Security Engineer
Information Security & Forensics Management Team
USA

• Manage an incident response team
• Delineate the key steps to a computer incident investigation
• Identify the requirements for a good incident response team member
• Implement best practices for incident investigations

323—Effective Data Protection: More than Legal Compliance M L

Andreas Knaebchen, CISA, CGEIT
Partner
Deloitte & Touche Wirtschaftsprüfungsgesellschaft GmbH
Germany

• Discuss the current developments of European Data Privacy legislation
• Apply synergies between data security and data privacy
• Integrate data protection and privacy controls into your ERM
• Apply risk management techniques to select appropriate, effective and efficient data protection and privacy controls
• Build your data protection and privacy programme into a competitive advantage for your whole enterprise

333—Fridges to the Eskimos: Selling Information Security to Your Marketing Department S M L

Wendy Goucher
Security Empowerment Consultant
Idrach Ltd.
UK

• Identify the potential points of conflict between the marketing and information security departments
• Exercise insight into the reasons behind the differing perspectives
• Devise strategies for winning the battle against marketing
• Evaluate strategies to avoid the battle in the first place
• Harness the power of marketing for better information security

343—Developing Metrics and Measures for Information Security Governance S M L

John Pironti, CISA, CISM, CGEIT
Chief Information Risk Strategist
Archer Technologies LLC
USA

• Describe the concept of enterprise security metrics and measures
• Discuss the concepts and topics that must be considered when developing, implementing, and monitoring metrics and measures
• Identify measurable points and activities
• Develop meaningful metrics and measures
• Embrace monitoring concepts and reporting strategies

Compliance policies, procedures and activities are continuing to burden enterprises. Enterprises need to not only develop and implement effective solutions, but these solutions need to be able to meet all compliance requirements that govern an enterprise. This stream presents the concepts of risk management and will showcase how to apply risk management concepts and solutions to the benefit of the enterprise and its stakeholders. It explores a variety of specific regulations and compliance requirements. The stream also presents methods to test and assure compliance with these requirements from risk management, compliance and IT audit perspectives.

114—ERM and IT: Principles, Issues and How ISACA's Risk IT Framework Helps P S L

Urs Fischer, CISA
Vice President
Head IT Governance and Risk Management
Swiss Life
Switzerland

• Explain why IT risk management is important
• Describe what the new Risk IT framework covers
• Benefits and outcomes of using Risk IT
• Identify how the framework relates to COBIT
• Realise how the Risk IT framework can help to achieve best practices in IT risk management

124—GRC, ERM and the Way Forward with Technology S M

Rosemary M. Amato, CISA
Director
Deloitte Accountants B.V.
The Netherlands

• Describe the risk intelligence maturity model
• Explain how technology can assist with GRC and ERM processes in the enterprise
• Sustain compliance with continuous monitoring tools incorporated into ERM processes
• Identify how IT can actually enable all types of compliance within an enterprise and not just IT compliance

134— Compliance Means Never Having to Say You’re Sorry S M

Marne E. Gordan
Regulatory Analyst, Corporate Security Strategy
IBM
USA

• Explore the commonalities between the data protection requirements of the most prevalent information security regulations and standards
• Suggest strategies for implementing enterprisewide control measures to satisfy them
• Determine how much is enough in terms of processes, policies and controls
• Identify what auditors, examiners and regulators look for in an affected enterprise’s corporate computing environment
• Implement a simple strategy for demonstrating recovery from a breach to the point of being made whole
• Formulate data breach containment strategies that allow the enterprise to preserve its compliance posture
• Discuss current trends in post-breach notification and recovery

214—Scenario-based IT Risk Assessment and Management S M L

Peter R. Bitterli, CISA, CISM, CGEIT
IT Security Consultant/Auditor
Bitterli Consulting AG
Switzerland

• List the advantages and disadvantages of scenario-based IT risk assessment
• Tailor a scenario-based approach to the specific needs of any company using a step-by-step process explained during the session
• Consistently and efficiently perform scenario-based risk assessments
• Link IT risk scenarios to ISO27001/2 for effective integration into an information security management system
• Combine this type of risk assessment with an overall IT risk management process

224—Inverting the Risk Paradigm S M

Hugh Penri-Williams, CISA, CISM, CGEIT
Owner
Glaniad 1865 E.U.R.L
France

• Describe what risk really is and its numerous components
• Explain approaches, traditional and novel, that can be taken in assessing risk
• List the methodologies available to perform risk analysis
• Demonstrate how to present results and conclusions according to specifically targeted audiences
• Discuss what can be improved in conducting the process

234—Automating IT Risk and Compliance: A Case Study S M

Anil Jogani, CISA, CGEIT
Director
Milan Solutions Ltd.
UK

• Educate management on the advantages of automating risk and compliance processes
• Appreciate how to achieve rapid ROI and cost savings
• Determine how to reduce time in compliance efforts
• Increase visibility of risk and compliance efforts across the enterprise

314—Applying ISO/IEC 15504 for Assessing IT Control Systems P S

János Ivanyos
Partner
Memolux Ltd.
Hungary

• Interpret IT governance and internal control frameworks (COBIT and COSO) in a common measurement model
• Adopt ISO/IEC 15504 (SPICE) process capability and organisational maturity measurement concepts for IT and other internal control processes
• Use performance measurement to assess control risk areas
• Analyse the effectiveness of internal controls based on control risk assessment
• Combine COBIT maturity model with other governance models

324—The Compliant Cloud S M

Marne E. Gordan
Regulatory Analyst, Corporate Security Strategy
IBM
USA

• Identify the three major types of cloud deployments, and the pros and cons of each
• Describe security and compliance risks associated with the three major types of cloud deployments
• Adapt PCI, BASEL II, SOX (and its international variants) requirements to address cloud computing
• Implement the top five measures each enterprise must take in order to appropriately address cloud security for a positive compliance outcome

334—IT Risk Metrics Are Broken!: How to Measure Cyber Risk Correctly P S M

Edward Schwartz, CISA, CISM
Chief Security Officer
NetWitness Corp.
USA

• Explore current qualitative and quantitative risk management models, reviewing fundamental strengths and weaknesses relative to organisational risk management, security and audit objectives
• Describe the relative value of metrics obtained from various assessment technologies typically deployed in enterprises today
• Postulate the ideal characteristics and direct business benefits to public and private enterprises of an approach aligned with quantitative risk discovery and assessment
• Review specifically two case studies: a large US auto manufacturer and two large universities where this quantitative risk model has been implemented and is proving to be effective in managing operational risk levels
• Discuss the technology components required to measure cyber risk correctly in many public and private enterprises

344—Using COBIT as an IT Risk Management Barometer S M L

Roger Southgate, CISA, CISM
IT Governance Consultant
UK

• Discover the information services that underpin the key activities of the enterprise and their underlying drivers
• Use scenarios to show the linkage between enterprise risk and IT risk
• Demonstrate the impact of IT risks to the enterprise
• Enable an informed dialogue between the organisation and IT addressing risk identification and appropriate treatment

WS1—Implementing IT Governance Using COBIT^® and Val IT™ S M L (two-day)

Implementing IT governance can be a difficult task, which is why ISACA created official guidance on how to implement IT governance using COBIT and Val IT. This guidebook helps enterprises assess and implement IT governance using maturity models, performance measurement frameworks, control objectives and control practices, and will be provided to all participants as part of the workshop material.

Roger Southgate, CISA, CISM
IT Governance Consultant
UK

Implementing IT governance can be a difficult task, which is why ISACA created official guidance on how to implement IT governance using COBIT and Val IT. This guidebook helps enterprises assess and implement IT governance using maturity models, performance measurement frameworks, control objectives and control practices, and will be provided to all participants as part of the workshop material. This two-day workshop:

• Is based on the implementation guide and its road map for IT governance implementation activities
• Offers lectures, case studies and group exercises to explore the concepts of IT governance and highlight best practices and critical success factors for the project
• Includes references to ITGI’s Val IT initiative to optimise the realisation of value from IT investments
• Concludes with the new Implementing IT Governance Using COBIT and Val IT exam (optional) for anyone wishing to earn the Implementing IT Governance Using COBIT and Val IT certificate. For more information, please visit the web site.

• Understanding of the COBIT framework
• Completion of the COBIT Foundation Course™ or prove equivalent knowledge by passing the COBIT® Foundation Course Exam.

WS2—Using COBIT in IT Audit and Assurance P S M (two-day)

Charan Kumar, CISA, CGEIT
Principal
Fernhill Associates Inc.
Canada

Based on ISACA’s IT Assurance Guide: Using COBIT^®, the workshop examines how to use the COBIT framework to help conduct IT assurance engagements. It discusses how COBIT supports a variety of assurance activities including planning, scoping and assessing risks. Participants will receive a copy of the IT Assurance Guide as part of the reference material. This two-day workshop:

• Demonstrates how to perform an assurance review of the COBIT processes
• Provides an understanding of the core concepts of control, IT assurance and IT governance
• Explains how to assess the effectiveness of controls
• Explores how to document and communicate the business impact of control weaknesses

WS3—Auditing Spreadsheet Risk and Quality P S (one-day)

Patrick O'Beirne
Managing Director
Systems Modelling Ltd.
Ireland

Ray Butler, CISA
Head of Information Policy and Security
Highways Agency
UK

Spreadsheet models are widely used to inform vital business decisions and processes, and are known to be about the most error-prone and high-risk applications in any business. Testing can be tricky and time consuming for the auditor or reviewer, and if it is contracted out to any of the specialist service companies in the field, expensive. This one-day workshop:

• Examines the causes of spreadsheet errors and mistakes
• Details the risk environment and management processes around spreadsheet use
• Explains techniques for inspecting a spreadsheet for errors and bad constructs
• Explains techniques to reduce the incidence of errors in spreadsheets
• Suggests what to look for in spreadsheet audit software tools
• Discusses how a company can create an inventory of its critical spreadsheets, assess them for risk, and prioritise scarce resources
• Introduces little-known secrets of Excel's built-in auditing features

Close Pre-conference Workshops

WS4—IT Risk Management S M L (one-day)

Urs Fischer, CISA
Vice President
Head IT Governance and Risk Management
Swiss Life
Switzerland

Effective management of business risk has become an essential component of IT governance. Leading the drive to help enterprises mitigate risks, ISACA has developed the Risk IT framework. This one-day workshop:

• Explores the elements of IT risk management—the principles, who is responsible for IT risk, how to build awareness, and how to communicate risk scenarios, the business impact and key risk indicators
• Introduces the Risk IT framework and the process model that includes risk governance, risk evaluation and risk response
• Explains how the framework relates to COBIT and how it can help to achieve best practices in IT risk management
• Examines the implementation and operational issues of the framework
• Explores how to integrate IT risk management into ERM, establish and maintain a common risk view and make risk-aware business decisions
• Elaborates on how to maintain an operational risk profile, assess and respond to risk, as well as how to collect event data, monitor risk and report exposures and opportunities

WS5—Developing an Information Security Programme S M (one-day)

John Pironti, CISA, CISM, CGEIT
Chief Information Risk Strategist
Archer Technologies LLC
USA

In order to effectively maintain the integrity and security of an enterprise’s information infrastructure, an organised information security programme must be put into place. This one-day workshop:

• Introduces the concept of an information security programme within an enterprise
• Explores the key functional areas and organisational structure that should be included in order to implement and maintain an effective programme
• Discusses key functional areas to highlight their importance to the programme, activities they will perform and their key performance indicators
• Addresses dependencies within and outside of the programme, key competencies and staffing models required to implement and operate an effective programme
• Explores individual functions in detail such as threat and vulnerability assessment, and vulnerability management concepts, as well as the development of metrics for effective information security governance
• Uses case studies and global industry insight to help participants understand how information programmes using these concepts have been successfully implemented and operate today

WS6—Cyber Forensic Investigation: Concepts for IT Auditors P S M (one-day)

Al Marcella, CISA
Principle/CEO
Business Automation Consultants LLC
USA

IT audit professionals have to develop new tools for collecting, examining and evaluating data in an effort to establish intent, culpability, motive, means, methods and loss resulting from e-crimes. This one-day workshop:

• Introduces the broad field of cyber forensics and presents various tools and techniques designed to maintain control over organisational assets, digital or otherwise
• Addresses computer forensics theory and methodology
• Examines how to identify, establish and maintain a physical chain of custody
• Explores how to determine incident responses and priorities in a cyber forensic investigation
• Discusses policies for the preservation of computer evidence
• Explores how to coordinate forensic pre-incident preparation and the procedures necessary for gathering of all pertinent live information
• Explains how to identify volatile data, photos, physical media and log files, and the procedures necessary to conduct sound forensic analysis of the collected information
• Examines various forensic toolkits and associated methodologies

WS7—CGEIT Examination Preparation Workshop (two-day)

Sushil Chatterji, CGEIT
Partner
ICT Control SA
Singapore

ISACA recently introduced its newest designation program: Certified in the Governance of Enterprise IT (CGEIT), the definitive certification credential for IT governance professionals, and it is rapidly gaining popularity worldwide. If you plan to take the CGEIT exam, then you will benefit greatly from this two-day workshop as it will:

• Cover the knowledge statements defined in the CGEIT job practice
• Provide attendees a clear understanding of key concepts, terminology and methodology
• Include sample questions to help prepare for the examination
• Explain and discuss the answers to sample questions to reinforce the information contained in the six domain areas: IT governance framework; strategic alignment; value delivery; risk management; resource management; and performance measurement

Attendees will receive the CGEIT Review Manual 2010 as part of workshop fees.

Close Post-conference Workshops