Upload
duongnhu
View
236
Download
0
Embed Size (px)
Citation preview
CISA® Prep Course, 19-21/3/2012
CISM® Prep Course, 22-24/3/2012
What you will learn:
• Introduction to the CISA & CISM Exam
• Overview of the content areas as determined by ISACA
• Determine the level of knowledge required for the content areas to meet the examination’s expectations
• Particular topics which are popular exam questions
• Analyze the “philosophy” of the examinations’ questions
• What the testing conditions will be, after having discussed “model” answers to sample questions
• Reference tools
Course Leader: Dr. Derek Oliver, CISA, CISM, CRISC, CFE, FBCS, FIAP
The CISA Examination
The exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.
You are given four hours to complete a 200 multiple-choice question exam that cover the following areas:
1. The Process of Auditing Information Systems (14%)
2. Governance and Management of IT (14%)
3. Information Systems Acquisition, Development and Implementation (19%)
4. Information Systems Operations, Maintenance and Support (23%)
5. Protection of Information Assets (30%)
The CISM Examination
The exams consist of tasks that are routinely performed by an Information Security Manager and the required knowledge to perform these tasks. A
candidate is given four hours to complete a 200 multiple-choice question exam that covers the following areas:
1. Information Security Governance (24%)
2. Risk Management and Compliance (33%)
3. Information Security Program Development and Management (25%)
4. Information Security Incident Management (18%)
You can register on-line at www.isaca.org, provided you meet above eligibility requirements for each certificate.
The exams are hosted at the Hellenic American Union’s Conference Center. For more information on ISACA, you may also contact the ISACA
Athens Chapter, Mr. Anestis Demopoulos, Tel: 210-2886041 or visit www.isaca.gr.
Course LeaderDr Derek J. Oliver, CISA, CISM, CRISC, CFE, FBCS, FIAP an Information Audit & Security specialist with over 25 years experience. He is a Chartered Fellow of the
British Computer Society, a Fellow of the Institute of IT Service Management and a Fellow of the Institute of Analysts & Programmers. In 1996 he was made a Freeman of the City of London. An MSc in information technology was followed by a PhD in Information Security Management and a DBA in Risk & Security Management. He is internationally regarded as an expert in Information Security and ISO27001 and has spoken at international conferences and seminars from Oslo to Cape Town by way of Orlando and Canberra on various information security and audit topics. He is past President of the Information Systems Audit & Control Association in London (ISACA), current member of CISA Test Enhancement committee and a member of the Institute of Internal Auditors and the Information Systems Security Association. Having been a member of the ISACA Credentialing Task Force that created the CISM designation, he was appointed the founding Chair of the CISM Examination Enhancement Committee in 2004 and currently chairs the Working Party developing an international Business Model for Information Security (BMIS); in addition to this and his appointment as co-chair of the CobiT5 Task Force he is a member of ISACA’s Future Framework Committee. As a member of the CISA Certification Board he was jointly responsible for setting the annual, international CISA examination. Following his early years in the “Travel Trade” with Thos. Cooks and Trans World Airlines, 15 years’ service with H.M. Customs &
Excise, Mr. Oliver became head of the UK internal audit team of First Data Corporation, the world’s largest third-party processor of credit and debit transactions.
Since 1985 he has conducted both high level and in-depth audit and security reviews across the information processing spectrum, including :
- ISO17799 “Information Security Guidelines” Compliance auditing & consultancy
- All aspects of LAN and WAN security from strategies through access control to infrastructure
- Physical security & risk analysis
- General Controls Reviews, including information security strategies & policies
- Physical and logical security penetration/invasion testing
- Disaster Recovery and Business Continuity, both auditing and plan development
- Various aspects of PC security including the use of illegal/pirate software
- PICK systems security, AS400 security
- IBM Mainframe security, specific application security and access control, including financial, stock control etc.
As a member of the BS7799 working group in 1995/96, Derek was partly responsible for the development of the BS7799 “Code of Practice for the Management of
Information Security”; he has since given advice on implementing the Standards to banking and government organisations in Hungary, Slovakia and Slovenia. He
also worked on the revised version, issued April, 1999, and was a member of the c:cure (BS7799 compliance certification scheme) steering group, which was directed
by the department of Trade and Industry. He has written several articles for various national and international magazines, including auditing software piracy,
BS7799 and the c:cure scheme and physical security.
CISA & CISMExaminations 2012
Exam Date Early Registration Date Final Registration Date
9 June 2012 8 December 2012
8 February 201215 August 2012
4 April 20123 October 2012
REGISTRATION FORM
In order to guarantee a place in the event, participants are kindly requested to register the latest by by 15 working days prior the course(s) start. Fees include all seminar material,
hands-on tools, coffee and lunch breaks. No extra tax charges.
Contact details:
Ms Eleni Tsirigoti, Tel: 210-3680907, Fax: 210-3633174, e-mail: [email protected]
Ms Vasiliki Zafiri: Tel: 210-3680927, www.hau.gr/management
Delegate’s Personal Details (please print clearly)
First Name Family Name
Company Position/Title
Address City/Postal Code
Tel Fax. e-mail
Invoice DetailsCompany Name
Area of Business
Address City/Postal code
Tel Fax.
Tax Id. Nr . Tax Registration Office
I/We understand and accept the registration and cancellation policies and procedures, and the protection of personal and credit card data policy.
Signature/Company seal Date
Payment DetailsPayments are made to the Hellenic American Union. For bank deposit/transfer information please contact the Hellenic American Union. Please always quote your company’s name or the delegate’s name in the transfer instructions.Please invoice my company Cheque Bank Deposit/Transfer Please charge my credit card: Visa Mastercard Diners
Cancellation PolicyPayment is due upon registration. Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given. A replacement is always welcome.Disclaimer: Hellenic American Union reserves the right to change or cancel any part of its published programme due to unforeseen circumstances.Confidentiality: Confidentiality: The information you provide will be safeguarded by the Hellenic American Union, who may use it to keep you informed of relevant products and services. If you do not wish to receive this information from the Hellenic American Union by telephone fax e-mail or mail .Please check the appropriate box and send this form to the Hellenic American Union, fax nr: 210-3633174 or notify us at tel: 210-3680927, or notify the person in charge of sending this information. We will ensure that you do not receive any further information, unless you instruct us otherwise.
Course Title Standard Delegate Fee Company discount (3+persons) ISACA (ISC)2 Member
CISA 2012 Prep Course19-21/3/2012
€850 €800 each €800
CISM 2012 Prep Course22-24/3/2012
€850 €800 each €800
Complete and send this registration form to HAU Office, fax: 210-3633174, the LATEST by 15 working days prior the course(s) start.
I wish to register for the following course(s):
Certified Information Systems Auditor - CISA® Earning the CISA designation helps assure a positive reputation as a
qualified IS audit, control and/or security professional.
Today, CISA is a powerful career tool for more than 90,000 designated
professionals, and has been globally recognized as a symbol of
achievement.
CISA Certification Requirements
The CISA designation is awarded to those individuals with an interest in
Information Systems auditing, control, and security who have met and
continue to meet the following requirements regarding:
• Successful completion of the CISA® examination on the 5 content
areas which represent the tasks and knowledge required of today’s and
tomorrow’s information systems audit professional:
1. IS Audit Process
2. Governance and Management of IT
3. Information systems aquisition, development and Implementation
4. Information Operations, Maintenance and Support
5. Protection of Information Assets
• At least 5 years of IS auditing, control or security experience
• Adherence to the Code of Professional Ethics
• Compliance with the CISA Continuing Professional Education Policy
CISA Prep Course – 24 hours
Our three-day seminar focuses on the essential areas covered in the new
CISA exam, as designed and developed by the ISACA Certification Board.
CISA is an exam that tests experience and experience cannot be taught.
However this course, which is based upon ISACA’s research project as
evidence by the CISA Syllabus, will give you specific guidelines in your
study by providing an overview of the core knowledge bases included in
the examination ‘Common Body of Knowledge’. Following each section,
you will work through a series of sample questions to give you a “feel”
for the format and the types of questions you will encounter.
Who should attend: Information Security Auditors, IT Administrators,
Chief Information Security Officers, Risk managers and compliance
personnel; Executive and Operational Managers seeking an overall
understanding of essential IT Audit management, risks and controls.
Certified Information Security Manager - CISM®
CISM is a unique certification focusing on candidate’s information
security management experience rather than his/her technical knowledge
or platform, or product-specific knowledge.
More than 18000 professionals worldwide have earned the CISM with the
first two years since its initiation.
CISM Certification requirements
The CISM designation is awarded to those individuals with an interest in
Information security management, and who have met and continue to
meet the following requirements regarding:
• Successful completion of the CISM® examination on the 4 content
areas which represent the tasks and knowledge required of today’s and
tomorrow’s information systems audit professional:
1. Information Security Governance
2. Risk Management and Compliance
3. Information Security Program Development and Management
4. Information Security Incident Management
• At least 5 years of information security experiences , with a
minimum of three years of information security management work
experience in three or more of the job practice analysis areas
• Adherence to the Code of Professional Ethics
• Compliance with CISM Continuing Professional Education Policy
CISM Prep Course – 24 hours
Our three day preparation seminar covers the core knowledge areas
included in the examination “Common Body of Knowledge”.
The course will help you discover possible areas of weaknesses in the
subjects covered in the test and also enable you to become familiar with
the testing conditions and question’s philosophy.
Who should attend: Information Security Managers and Administrators,
Chief Information Security Officers, Risk Managers and compliance
personnel; Executive and Operational Managers seeking an overall
understanding of essential security management, risks and controls.
Why pursue an ISACA designationYou can use ISACA credentials worldwide, you can improve your career opportunities, and you can have a significant advantage in the selection process when personnel are being evaluated for information security and audit positions or promotions.
Employers who hire CISAs and CISMs gain a competitive advantage in implementing IT Governance, through properly and consistently trained IT Audit and Security personnel according to internationally accepted standards.
CISA and CISM are offered in more than 50 countries and have been awarded accreditation by The American National Standards Institute (ANSI) under ISO/IEC 17024, September 2005. ISACA (www.isaca.org), with more than 95,000 members worldwide, is a globally recognized leader in information governance, control, security and audit. ISACA strongly promotes the profession through research, standards, education and certification.
Day 1Introduction to CISA: Approaching the CISA Examination• Percentage of test questions and survey results• Definition of content, tasks questions, model answers
Domain 1: The Process of Auditing Information Systems—Provide audit services in accordance with IT audit standards to assist the organization with protecting and controlling information systems.• Develop and implement a risk-based IT audit strategy in compliance with
IT audit standards to ensure that key areas are included.• Plan specific audits to determine whether information systems are
protected, controlled and provide value to the organization.• Conduct audits in accordance with IT audit standards to achieve planned
audit objectives.• Report audit findings and make recommendations to key stakeholders to
communicate results and effect change when necessary.• Conduct follow-ups or prepare status reports to ensure that appropriate
actions have been taken by management in a timely manner.
Domain 2: Governance and Management of IT—Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization’s strategy.• Evaluate the effectiveness of the IT governance structure to determine
whether IT decisions, directions and performance support the organization’s strategies and objectives.
• Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives.
• Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development, approval, implementation and maintenance for alignment with the organization’s strategies and objectives.
• Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements.
• Evaluate IT management and monitoring of controls (e.g., continuous monitoring, quality assurance [QA]) for compliance with the organization’s policies, standards and procedures.
• Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization’s strategies and objectives.
• Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization’s strategies and objectives.
• Evaluate risk management practices to determine whether the organization’s IT-related risks are properly managed.
• Evaluate monitoring and assurance practices to determine whether the board and executive management receive sufficient and timely information about IT performance.
• Evaluate the organization’s business continuity plan to determine the organization’s ability to continue essential business operations during the period of an IT disruption.
Day 2 Domain 3: Information Systems Acquisition, Development and Implementation—Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.• Evaluate the business case for proposed investments in information
systems acquisition, development, maintenance and subsequent retirement to determine whether it meets business objectives.
• Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization.
• Conduct reviews to determine whether a project is progressing in
CISA Prep CourseAGENDA
accordance with project plans, is adequately supported by documentation and status reporting is accurate.
• Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the organization’s policies, standards, procedures and applicable external requirements.
• Evaluate the readiness of information systems for implementation and migration into production to determine whether project deliverables controls and the organization’s requirements are met.
• Conduct post-implementation reviews of systems to determine whether project deliverables, controls and the organization’s requirements are met.
Domain 4: Information Systems Operations, Maintenance and Support—Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.• Conduct periodic reviews of information systems to determine whether
they continue to meet the organization’s objectives.• Evaluate service level management practices to determine whether the
level of service from internal and external service providers is defined and managed.
• Evaluate third-party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider.
• Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion.
• Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives.
• Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner.
• Evaluate change, configuration and release management practices to determine whether scheduled and nonscheduled changes made to the organization’s production environment are adequately controlled and documented.
• Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing.
• Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster.
Day 3 Domain 5: Protection of Information Assets—Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.• Evaluate the information security policies, standards and procedures for
completeness and alignment with generally accepted practices.• Evaluate the design, implementation and monitoring of system and logical
security controls to verify the confidentiality, integrity and availability of information.
• Evaluate the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and applicable external requirements.
• Evaluate the design, implementation and monitoring of physical access and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate the processes and procedures used to store, retrieve, transport and dispose of information assets (e.g., backup media, offsite storage, hard copy/print data and softcopy media) to determine whether information assets are adequately safeguarded.
The Anatomy of a CISA Question• How CISA questions are written• The process of writing the examination• Question writer rules• The best approach to the CISA exam
CISM Prep CourseAGENDA
Day 1
Information Security Governance• Develop the information security strategy in support of business strategy
and direction.• Obtain senior management commitment and support for information
security throughout the enterprise.• Ensure that definitions of roles and responsibilities throughout the
enterprise include information security governance activities.• Establish reporting and communication channels that support information
security governance activities• Identify current and potential legal and regulatory issues affecting
information security and access their impact on the enterprise.• Establish and maintain information security policies that support business
goals and objectives.• Ensure the development of procedures and guidelines that support
information security policies.• Develop business case and enterprise value analysis that support
information security program(me) investments.
Risk Management and Compliance• Develop a systematic, analytical, and continuous risk management
process.• Ensure that risk identification, analysis, and mitigation activities are
integrated into life cycle processes. • Apply risk identification and analysis methods.• Define strategies and prioritize options to mitigate risk to levels
acceptable to the enterprise.• Report significant changes in risk to appropriate levels of management on
both a periodic and event-driven basis.
Day 2
Information Security Program Management• Create and maintain plans to implement the information security
governance framework.• Develop information security baseline(s). • Develop procedures and guidelines to ensure business processes address
information security risk.• Develop procedures and guidelines for IT infrastructure activities to ensure
compliance with information security policies. • Integrate information security program requirements into the
organization’s life cycle activities.• Develop methods of meeting information security policy requirements that
recognize impact on end-users.• Promote accountability by business process owners and other stakeholders
in managing information security risks. • Establish metrics to manage the information security governance
framework.• Ensure that internal and external resources for information security are
identified, appropriated and managed.
Information Security Management• Ensure that the rules of use for information systems comply with the
enterprise’s information security policies. • Ensure that the administrative procedures for information systems comply
with the enterprise’s information security policies. • Ensure that services provided by other enterprises including outsourced
providers are consistent with established information security policies.• Use metrics to measure, monitor, and report on the effectiveness
and efficiency of information security controls and compliance with information security policies.
• Ensure that information security is not compromised throughout the change management process.
• Ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls.
• Ensure that non-compliance issues and other variances are resolved in a timely manner.
• Ensure the development and delivery of the activities that can influence culture and behaviour of staff including information security education and awareness.
Day 3
Information Security Incident Management• Develop and implement processes for detecting, identifying and analyzing
security related events.• Develop response and recovery plans including organizing, training, and
equipping the teams. • Ensure periodic testing of the response and recovery plans where
appropriate. • Ensure the execution of response and recovery plans as required.• Establish procedures for documenting an event as a basis for subsequent
action including forensics when necessary.• Manage post event reviews to identify causes and corrective actions
The Anatomy of a CISM Question• How CISM questions are written & evaluated• The process of compiling the examination• Question writer style “rules”• The best approach to the CISM exam.
Certified Information Systems Auditor - CISA® Earning the CISA designation helps assure a positive reputation as a
qualified IS audit, control and/or security professional.
Today, CISA is a powerful career tool for more than 90,000 designated
professionals, and has been globally recognized as a symbol of
achievement.
CISA Certification Requirements
The CISA designation is awarded to those individuals with an interest in
Information Systems auditing, control, and security who have met and
continue to meet the following requirements regarding:
• Successful completion of the CISA® examination on the 5 content
areas which represent the tasks and knowledge required of today’s and
tomorrow’s information systems audit professional:
1. IS Audit Process
2. Governance and Management of IT
3. Information systems aquisition, development and Implementation
4. Information Operations, Maintenance and Support
5. Protection of Information Assets
• At least 5 years of IS auditing, control or security experience
• Adherence to the Code of Professional Ethics
• Compliance with the CISA Continuing Professional Education Policy
CISA Prep Course – 24 hours
Our three-day seminar focuses on the essential areas covered in the new
CISA exam, as designed and developed by the ISACA Certification Board.
CISA is an exam that tests experience and experience cannot be taught.
However this course, which is based upon ISACA’s research project as
evidence by the CISA Syllabus, will give you specific guidelines in your
study by providing an overview of the core knowledge bases included in
the examination ‘Common Body of Knowledge’. Following each section,
you will work through a series of sample questions to give you a “feel”
for the format and the types of questions you will encounter.
Who should attend: Information Security Auditors, IT Administrators,
Chief Information Security Officers, Risk managers and compliance
personnel; Executive and Operational Managers seeking an overall
understanding of essential IT Audit management, risks and controls.
Certified Information Security Manager - CISM®
CISM is a unique certification focusing on candidate’s information
security management experience rather than his/her technical knowledge
or platform, or product-specific knowledge.
More than 18000 professionals worldwide have earned the CISM with the
first two years since its initiation.
CISM Certification requirements
The CISM designation is awarded to those individuals with an interest in
Information security management, and who have met and continue to
meet the following requirements regarding:
• Successful completion of the CISM® examination on the 4 content
areas which represent the tasks and knowledge required of today’s and
tomorrow’s information systems audit professional:
1. Information Security Governance
2. Risk Management and Compliance
3. Information Security Program Development and Management
4. Information Security Incident Management
• At least 5 years of information security experiences , with a
minimum of three years of information security management work
experience in three or more of the job practice analysis areas
• Adherence to the Code of Professional Ethics
• Compliance with CISM Continuing Professional Education Policy
CISM Prep Course – 24 hours
Our three day preparation seminar covers the core knowledge areas
included in the examination “Common Body of Knowledge”.
The course will help you discover possible areas of weaknesses in the
subjects covered in the test and also enable you to become familiar with
the testing conditions and question’s philosophy.
Who should attend: Information Security Managers and Administrators,
Chief Information Security Officers, Risk Managers and compliance
personnel; Executive and Operational Managers seeking an overall
understanding of essential security management, risks and controls.
Why pursue an ISACA designationYou can use ISACA credentials worldwide, you can improve your career opportunities, and you can have a significant advantage in the selection process when personnel are being evaluated for information security and audit positions or promotions.
Employers who hire CISAs and CISMs gain a competitive advantage in implementing IT Governance, through properly and consistently trained IT Audit and Security personnel according to internationally accepted standards.
CISA and CISM are offered in more than 50 countries and have been awarded accreditation by The American National Standards Institute (ANSI) under ISO/IEC 17024, September 2005. ISACA (www.isaca.org), with more than 95,000 members worldwide, is a globally recognized leader in information governance, control, security and audit. ISACA strongly promotes the profession through research, standards, education and certification.
Day 1Introduction to CISA: Approaching the CISA Examination• Percentage of test questions and survey results• Definition of content, tasks questions, model answers
Domain 1: The Process of Auditing Information Systems—Provide audit services in accordance with IT audit standards to assist the organization with protecting and controlling information systems.• Develop and implement a risk-based IT audit strategy in compliance with
IT audit standards to ensure that key areas are included.• Plan specific audits to determine whether information systems are
protected, controlled and provide value to the organization.• Conduct audits in accordance with IT audit standards to achieve planned
audit objectives.• Report audit findings and make recommendations to key stakeholders to
communicate results and effect change when necessary.• Conduct follow-ups or prepare status reports to ensure that appropriate
actions have been taken by management in a timely manner.
Domain 2: Governance and Management of IT—Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization’s strategy.• Evaluate the effectiveness of the IT governance structure to determine
whether IT decisions, directions and performance support the organization’s strategies and objectives.
• Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives.
• Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development, approval, implementation and maintenance for alignment with the organization’s strategies and objectives.
• Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements.
• Evaluate IT management and monitoring of controls (e.g., continuous monitoring, quality assurance [QA]) for compliance with the organization’s policies, standards and procedures.
• Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization’s strategies and objectives.
• Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization’s strategies and objectives.
• Evaluate risk management practices to determine whether the organization’s IT-related risks are properly managed.
• Evaluate monitoring and assurance practices to determine whether the board and executive management receive sufficient and timely information about IT performance.
• Evaluate the organization’s business continuity plan to determine the organization’s ability to continue essential business operations during the period of an IT disruption.
Day 2 Domain 3: Information Systems Acquisition, Development and Implementation—Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.• Evaluate the business case for proposed investments in information
systems acquisition, development, maintenance and subsequent retirement to determine whether it meets business objectives.
• Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization.
• Conduct reviews to determine whether a project is progressing in
CISA Prep CourseAGENDA
accordance with project plans, is adequately supported by documentation and status reporting is accurate.
• Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the organization’s policies, standards, procedures and applicable external requirements.
• Evaluate the readiness of information systems for implementation and migration into production to determine whether project deliverables controls and the organization’s requirements are met.
• Conduct post-implementation reviews of systems to determine whether project deliverables, controls and the organization’s requirements are met.
Domain 4: Information Systems Operations, Maintenance and Support—Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.• Conduct periodic reviews of information systems to determine whether
they continue to meet the organization’s objectives.• Evaluate service level management practices to determine whether the
level of service from internal and external service providers is defined and managed.
• Evaluate third-party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider.
• Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion.
• Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives.
• Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner.
• Evaluate change, configuration and release management practices to determine whether scheduled and nonscheduled changes made to the organization’s production environment are adequately controlled and documented.
• Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing.
• Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster.
Day 3 Domain 5: Protection of Information Assets—Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.• Evaluate the information security policies, standards and procedures for
completeness and alignment with generally accepted practices.• Evaluate the design, implementation and monitoring of system and logical
security controls to verify the confidentiality, integrity and availability of information.
• Evaluate the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and applicable external requirements.
• Evaluate the design, implementation and monitoring of physical access and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate the processes and procedures used to store, retrieve, transport and dispose of information assets (e.g., backup media, offsite storage, hard copy/print data and softcopy media) to determine whether information assets are adequately safeguarded.
The Anatomy of a CISA Question• How CISA questions are written• The process of writing the examination• Question writer rules• The best approach to the CISA exam
CISM Prep CourseAGENDA
Day 1
Information Security Governance• Develop the information security strategy in support of business strategy
and direction.• Obtain senior management commitment and support for information
security throughout the enterprise.• Ensure that definitions of roles and responsibilities throughout the
enterprise include information security governance activities.• Establish reporting and communication channels that support information
security governance activities• Identify current and potential legal and regulatory issues affecting
information security and access their impact on the enterprise.• Establish and maintain information security policies that support business
goals and objectives.• Ensure the development of procedures and guidelines that support
information security policies.• Develop business case and enterprise value analysis that support
information security program(me) investments.
Risk Management and Compliance• Develop a systematic, analytical, and continuous risk management
process.• Ensure that risk identification, analysis, and mitigation activities are
integrated into life cycle processes. • Apply risk identification and analysis methods.• Define strategies and prioritize options to mitigate risk to levels
acceptable to the enterprise.• Report significant changes in risk to appropriate levels of management on
both a periodic and event-driven basis.
Day 2
Information Security Program Management• Create and maintain plans to implement the information security
governance framework.• Develop information security baseline(s). • Develop procedures and guidelines to ensure business processes address
information security risk.• Develop procedures and guidelines for IT infrastructure activities to ensure
compliance with information security policies. • Integrate information security program requirements into the
organization’s life cycle activities.• Develop methods of meeting information security policy requirements that
recognize impact on end-users.• Promote accountability by business process owners and other stakeholders
in managing information security risks. • Establish metrics to manage the information security governance
framework.• Ensure that internal and external resources for information security are
identified, appropriated and managed.
Information Security Management• Ensure that the rules of use for information systems comply with the
enterprise’s information security policies. • Ensure that the administrative procedures for information systems comply
with the enterprise’s information security policies. • Ensure that services provided by other enterprises including outsourced
providers are consistent with established information security policies.• Use metrics to measure, monitor, and report on the effectiveness
and efficiency of information security controls and compliance with information security policies.
• Ensure that information security is not compromised throughout the change management process.
• Ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls.
• Ensure that non-compliance issues and other variances are resolved in a timely manner.
• Ensure the development and delivery of the activities that can influence culture and behaviour of staff including information security education and awareness.
Day 3
Information Security Incident Management• Develop and implement processes for detecting, identifying and analyzing
security related events.• Develop response and recovery plans including organizing, training, and
equipping the teams. • Ensure periodic testing of the response and recovery plans where
appropriate. • Ensure the execution of response and recovery plans as required.• Establish procedures for documenting an event as a basis for subsequent
action including forensics when necessary.• Manage post event reviews to identify causes and corrective actions
The Anatomy of a CISM Question• How CISM questions are written & evaluated• The process of compiling the examination• Question writer style “rules”• The best approach to the CISM exam.
Certified Information Systems Auditor - CISA® Earning the CISA designation helps assure a positive reputation as a
qualified IS audit, control and/or security professional.
Today, CISA is a powerful career tool for more than 90,000 designated
professionals, and has been globally recognized as a symbol of
achievement.
CISA Certification Requirements
The CISA designation is awarded to those individuals with an interest in
Information Systems auditing, control, and security who have met and
continue to meet the following requirements regarding:
• Successful completion of the CISA® examination on the 5 content
areas which represent the tasks and knowledge required of today’s and
tomorrow’s information systems audit professional:
1. IS Audit Process
2. Governance and Management of IT
3. Information systems aquisition, development and Implementation
4. Information Operations, Maintenance and Support
5. Protection of Information Assets
• At least 5 years of IS auditing, control or security experience
• Adherence to the Code of Professional Ethics
• Compliance with the CISA Continuing Professional Education Policy
CISA Prep Course – 24 hours
Our three-day seminar focuses on the essential areas covered in the new
CISA exam, as designed and developed by the ISACA Certification Board.
CISA is an exam that tests experience and experience cannot be taught.
However this course, which is based upon ISACA’s research project as
evidence by the CISA Syllabus, will give you specific guidelines in your
study by providing an overview of the core knowledge bases included in
the examination ‘Common Body of Knowledge’. Following each section,
you will work through a series of sample questions to give you a “feel”
for the format and the types of questions you will encounter.
Who should attend: Information Security Auditors, IT Administrators,
Chief Information Security Officers, Risk managers and compliance
personnel; Executive and Operational Managers seeking an overall
understanding of essential IT Audit management, risks and controls.
Certified Information Security Manager - CISM®
CISM is a unique certification focusing on candidate’s information
security management experience rather than his/her technical knowledge
or platform, or product-specific knowledge.
More than 18000 professionals worldwide have earned the CISM with the
first two years since its initiation.
CISM Certification requirements
The CISM designation is awarded to those individuals with an interest in
Information security management, and who have met and continue to
meet the following requirements regarding:
• Successful completion of the CISM® examination on the 4 content
areas which represent the tasks and knowledge required of today’s and
tomorrow’s information systems audit professional:
1. Information Security Governance
2. Risk Management and Compliance
3. Information Security Program Development and Management
4. Information Security Incident Management
• At least 5 years of information security experiences , with a
minimum of three years of information security management work
experience in three or more of the job practice analysis areas
• Adherence to the Code of Professional Ethics
• Compliance with CISM Continuing Professional Education Policy
CISM Prep Course – 24 hours
Our three day preparation seminar covers the core knowledge areas
included in the examination “Common Body of Knowledge”.
The course will help you discover possible areas of weaknesses in the
subjects covered in the test and also enable you to become familiar with
the testing conditions and question’s philosophy.
Who should attend: Information Security Managers and Administrators,
Chief Information Security Officers, Risk Managers and compliance
personnel; Executive and Operational Managers seeking an overall
understanding of essential security management, risks and controls.
Why pursue an ISACA designationYou can use ISACA credentials worldwide, you can improve your career opportunities, and you can have a significant advantage in the selection process when personnel are being evaluated for information security and audit positions or promotions.
Employers who hire CISAs and CISMs gain a competitive advantage in implementing IT Governance, through properly and consistently trained IT Audit and Security personnel according to internationally accepted standards.
CISA and CISM are offered in more than 50 countries and have been awarded accreditation by The American National Standards Institute (ANSI) under ISO/IEC 17024, September 2005. ISACA (www.isaca.org), with more than 95,000 members worldwide, is a globally recognized leader in information governance, control, security and audit. ISACA strongly promotes the profession through research, standards, education and certification.
Day 1Introduction to CISA: Approaching the CISA Examination• Percentage of test questions and survey results• Definition of content, tasks questions, model answers
Domain 1: The Process of Auditing Information Systems—Provide audit services in accordance with IT audit standards to assist the organization with protecting and controlling information systems.• Develop and implement a risk-based IT audit strategy in compliance with
IT audit standards to ensure that key areas are included.• Plan specific audits to determine whether information systems are
protected, controlled and provide value to the organization.• Conduct audits in accordance with IT audit standards to achieve planned
audit objectives.• Report audit findings and make recommendations to key stakeholders to
communicate results and effect change when necessary.• Conduct follow-ups or prepare status reports to ensure that appropriate
actions have been taken by management in a timely manner.
Domain 2: Governance and Management of IT—Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization’s strategy.• Evaluate the effectiveness of the IT governance structure to determine
whether IT decisions, directions and performance support the organization’s strategies and objectives.
• Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives.
• Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development, approval, implementation and maintenance for alignment with the organization’s strategies and objectives.
• Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements.
• Evaluate IT management and monitoring of controls (e.g., continuous monitoring, quality assurance [QA]) for compliance with the organization’s policies, standards and procedures.
• Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization’s strategies and objectives.
• Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization’s strategies and objectives.
• Evaluate risk management practices to determine whether the organization’s IT-related risks are properly managed.
• Evaluate monitoring and assurance practices to determine whether the board and executive management receive sufficient and timely information about IT performance.
• Evaluate the organization’s business continuity plan to determine the organization’s ability to continue essential business operations during the period of an IT disruption.
Day 2 Domain 3: Information Systems Acquisition, Development and Implementation—Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.• Evaluate the business case for proposed investments in information
systems acquisition, development, maintenance and subsequent retirement to determine whether it meets business objectives.
• Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization.
• Conduct reviews to determine whether a project is progressing in
CISA Prep CourseAGENDA
accordance with project plans, is adequately supported by documentation and status reporting is accurate.
• Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the organization’s policies, standards, procedures and applicable external requirements.
• Evaluate the readiness of information systems for implementation and migration into production to determine whether project deliverables controls and the organization’s requirements are met.
• Conduct post-implementation reviews of systems to determine whether project deliverables, controls and the organization’s requirements are met.
Domain 4: Information Systems Operations, Maintenance and Support—Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.• Conduct periodic reviews of information systems to determine whether
they continue to meet the organization’s objectives.• Evaluate service level management practices to determine whether the
level of service from internal and external service providers is defined and managed.
• Evaluate third-party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider.
• Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion.
• Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives.
• Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner.
• Evaluate change, configuration and release management practices to determine whether scheduled and nonscheduled changes made to the organization’s production environment are adequately controlled and documented.
• Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing.
• Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster.
Day 3 Domain 5: Protection of Information Assets—Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.• Evaluate the information security policies, standards and procedures for
completeness and alignment with generally accepted practices.• Evaluate the design, implementation and monitoring of system and logical
security controls to verify the confidentiality, integrity and availability of information.
• Evaluate the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and applicable external requirements.
• Evaluate the design, implementation and monitoring of physical access and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate the processes and procedures used to store, retrieve, transport and dispose of information assets (e.g., backup media, offsite storage, hard copy/print data and softcopy media) to determine whether information assets are adequately safeguarded.
The Anatomy of a CISA Question• How CISA questions are written• The process of writing the examination• Question writer rules• The best approach to the CISA exam
CISM Prep CourseAGENDA
Day 1
Information Security Governance• Develop the information security strategy in support of business strategy
and direction.• Obtain senior management commitment and support for information
security throughout the enterprise.• Ensure that definitions of roles and responsibilities throughout the
enterprise include information security governance activities.• Establish reporting and communication channels that support information
security governance activities• Identify current and potential legal and regulatory issues affecting
information security and access their impact on the enterprise.• Establish and maintain information security policies that support business
goals and objectives.• Ensure the development of procedures and guidelines that support
information security policies.• Develop business case and enterprise value analysis that support
information security program(me) investments.
Risk Management and Compliance• Develop a systematic, analytical, and continuous risk management
process.• Ensure that risk identification, analysis, and mitigation activities are
integrated into life cycle processes. • Apply risk identification and analysis methods.• Define strategies and prioritize options to mitigate risk to levels
acceptable to the enterprise.• Report significant changes in risk to appropriate levels of management on
both a periodic and event-driven basis.
Day 2
Information Security Program Management• Create and maintain plans to implement the information security
governance framework.• Develop information security baseline(s). • Develop procedures and guidelines to ensure business processes address
information security risk.• Develop procedures and guidelines for IT infrastructure activities to ensure
compliance with information security policies. • Integrate information security program requirements into the
organization’s life cycle activities.• Develop methods of meeting information security policy requirements that
recognize impact on end-users.• Promote accountability by business process owners and other stakeholders
in managing information security risks. • Establish metrics to manage the information security governance
framework.• Ensure that internal and external resources for information security are
identified, appropriated and managed.
Information Security Management• Ensure that the rules of use for information systems comply with the
enterprise’s information security policies. • Ensure that the administrative procedures for information systems comply
with the enterprise’s information security policies. • Ensure that services provided by other enterprises including outsourced
providers are consistent with established information security policies.• Use metrics to measure, monitor, and report on the effectiveness
and efficiency of information security controls and compliance with information security policies.
• Ensure that information security is not compromised throughout the change management process.
• Ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls.
• Ensure that non-compliance issues and other variances are resolved in a timely manner.
• Ensure the development and delivery of the activities that can influence culture and behaviour of staff including information security education and awareness.
Day 3
Information Security Incident Management• Develop and implement processes for detecting, identifying and analyzing
security related events.• Develop response and recovery plans including organizing, training, and
equipping the teams. • Ensure periodic testing of the response and recovery plans where
appropriate. • Ensure the execution of response and recovery plans as required.• Establish procedures for documenting an event as a basis for subsequent
action including forensics when necessary.• Manage post event reviews to identify causes and corrective actions
The Anatomy of a CISM Question• How CISM questions are written & evaluated• The process of compiling the examination• Question writer style “rules”• The best approach to the CISM exam.
CISA® Prep Course, 19-21/3/2012
CISM® Prep Course, 22-24/3/2012
What you will learn:
• Introduction to the CISA & CISM Exam
• Overview of the content areas as determined by ISACA
• Determine the level of knowledge required for the content areas to meet the examination’s expectations
• Particular topics which are popular exam questions
• Analyze the “philosophy” of the examinations’ questions
• What the testing conditions will be, after having discussed “model” answers to sample questions
• Reference tools
Course Leader: Dr. Derek Oliver, CISA, CISM, CRISC, CFE, FBCS, FIAP
The CISA Examination
The exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.
You are given four hours to complete a 200 multiple-choice question exam that cover the following areas:
1. The Process of Auditing Information Systems (14%)
2. Governance and Management of IT (14%)
3. Information Systems Acquisition, Development and Implementation (19%)
4. Information Systems Operations, Maintenance and Support (23%)
5. Protection of Information Assets (30%)
The CISM Examination
The exams consist of tasks that are routinely performed by an Information Security Manager and the required knowledge to perform these tasks. A
candidate is given four hours to complete a 200 multiple-choice question exam that covers the following areas:
1. Information Security Governance (24%)
2. Risk Management and Compliance (33%)
3. Information Security Program Development and Management (25%)
4. Information Security Incident Management (18%)
You can register on-line at www.isaca.org, provided you meet above eligibility requirements for each certificate.
The exams are hosted at the Hellenic American Union’s Conference Center. For more information on ISACA, you may also contact the ISACA
Athens Chapter, Mr. Anestis Demopoulos, Tel: 210-2886041 or visit www.isaca.gr.
Course LeaderDr Derek J. Oliver, CISA, CISM, CRISC, CFE, FBCS, FIAP an Information Audit & Security specialist with over 25 years experience. He is a Chartered Fellow of the
British Computer Society, a Fellow of the Institute of IT Service Management and a Fellow of the Institute of Analysts & Programmers. In 1996 he was made a Freeman of the City of London. An MSc in information technology was followed by a PhD in Information Security Management and a DBA in Risk & Security Management. He is internationally regarded as an expert in Information Security and ISO27001 and has spoken at international conferences and seminars from Oslo to Cape Town by way of Orlando and Canberra on various information security and audit topics. He is past President of the Information Systems Audit & Control Association in London (ISACA), current member of CISA Test Enhancement committee and a member of the Institute of Internal Auditors and the Information Systems Security Association. Having been a member of the ISACA Credentialing Task Force that created the CISM designation, he was appointed the founding Chair of the CISM Examination Enhancement Committee in 2004 and currently chairs the Working Party developing an international Business Model for Information Security (BMIS); in addition to this and his appointment as co-chair of the CobiT5 Task Force he is a member of ISACA’s Future Framework Committee. As a member of the CISA Certification Board he was jointly responsible for setting the annual, international CISA examination. Following his early years in the “Travel Trade” with Thos. Cooks and Trans World Airlines, 15 years’ service with H.M. Customs &
Excise, Mr. Oliver became head of the UK internal audit team of First Data Corporation, the world’s largest third-party processor of credit and debit transactions.
Since 1985 he has conducted both high level and in-depth audit and security reviews across the information processing spectrum, including :
- ISO17799 “Information Security Guidelines” Compliance auditing & consultancy
- All aspects of LAN and WAN security from strategies through access control to infrastructure
- Physical security & risk analysis
- General Controls Reviews, including information security strategies & policies
- Physical and logical security penetration/invasion testing
- Disaster Recovery and Business Continuity, both auditing and plan development
- Various aspects of PC security including the use of illegal/pirate software
- PICK systems security, AS400 security
- IBM Mainframe security, specific application security and access control, including financial, stock control etc.
As a member of the BS7799 working group in 1995/96, Derek was partly responsible for the development of the BS7799 “Code of Practice for the Management of
Information Security”; he has since given advice on implementing the Standards to banking and government organisations in Hungary, Slovakia and Slovenia. He
also worked on the revised version, issued April, 1999, and was a member of the c:cure (BS7799 compliance certification scheme) steering group, which was directed
by the department of Trade and Industry. He has written several articles for various national and international magazines, including auditing software piracy,
BS7799 and the c:cure scheme and physical security.
CISA & CISMExaminations 2012
Exam Date Early Registration Date Final Registration Date
9 June 2012 8 December 2012
8 February 201215 August 2012
4 April 20123 October 2012
REGISTRATION FORM
In order to guarantee a place in the event, participants are kindly requested to register the latest by by 15 working days prior the course(s) start. Fees include all seminar material,
hands-on tools, coffee and lunch breaks. No extra tax charges.
Contact details:
Ms Eleni Tsirigoti, Tel: 210-3680907, Fax: 210-3633174, e-mail: [email protected]
Ms Vasiliki Zafiri: Tel: 210-3680927, www.hau.gr/management
Delegate’s Personal Details (please print clearly)
First Name Family Name
Company Position/Title
Address City/Postal Code
Tel Fax. e-mail
Invoice DetailsCompany Name
Area of Business
Address City/Postal code
Tel Fax.
Tax Id. Nr . Tax Registration Office
I/We understand and accept the registration and cancellation policies and procedures, and the protection of personal and credit card data policy.
Signature/Company seal Date
Payment DetailsPayments are made to the Hellenic American Union. For bank deposit/transfer information please contact the Hellenic American Union. Please always quote your company’s name or the delegate’s name in the transfer instructions.Please invoice my company Cheque Bank Deposit/Transfer Please charge my credit card: Visa Mastercard Diners
Cancellation PolicyPayment is due upon registration. Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given. A replacement is always welcome.Disclaimer: Hellenic American Union reserves the right to change or cancel any part of its published programme due to unforeseen circumstances.Confidentiality: Confidentiality: The information you provide will be safeguarded by the Hellenic American Union, who may use it to keep you informed of relevant products and services. If you do not wish to receive this information from the Hellenic American Union by telephone fax e-mail or mail .Please check the appropriate box and send this form to the Hellenic American Union, fax nr: 210-3633174 or notify us at tel: 210-3680927, or notify the person in charge of sending this information. We will ensure that you do not receive any further information, unless you instruct us otherwise.
Course Title Standard Delegate Fee Company discount (3+persons) ISACA (ISC)2 Member
CISA 2012 Prep Course19-21/3/2012
€850 €800 each €800
CISM 2012 Prep Course22-24/3/2012
€850 €800 each €800
Complete and send this registration form to HAU Office, fax: 210-3633174, the LATEST by 15 working days prior the course(s) start.
I wish to register for the following course(s):
CISA® Prep Course, 19-21/3/2012
CISM® Prep Course, 22-24/3/2012
What you will learn:
• Introduction to the CISA & CISM Exam
• Overview of the content areas as determined by ISACA
• Determine the level of knowledge required for the content areas to meet the examination’s expectations
• Particular topics which are popular exam questions
• Analyze the “philosophy” of the examinations’ questions
• What the testing conditions will be, after having discussed “model” answers to sample questions
• Reference tools
Course Leader: Dr. Derek Oliver, CISA, CISM, CRISC, CFE, FBCS, FIAP
The CISA Examination
The exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.
You are given four hours to complete a 200 multiple-choice question exam that cover the following areas:
1. The Process of Auditing Information Systems (14%)
2. Governance and Management of IT (14%)
3. Information Systems Acquisition, Development and Implementation (19%)
4. Information Systems Operations, Maintenance and Support (23%)
5. Protection of Information Assets (30%)
The CISM Examination
The exams consist of tasks that are routinely performed by an Information Security Manager and the required knowledge to perform these tasks. A
candidate is given four hours to complete a 200 multiple-choice question exam that covers the following areas:
1. Information Security Governance (24%)
2. Risk Management and Compliance (33%)
3. Information Security Program Development and Management (25%)
4. Information Security Incident Management (18%)
You can register on-line at www.isaca.org, provided you meet above eligibility requirements for each certificate.
The exams are hosted at the Hellenic American Union’s Conference Center. For more information on ISACA, you may also contact the ISACA
Athens Chapter, Mr. Anestis Demopoulos, Tel: 210-2886041 or visit www.isaca.gr.
Course LeaderDr Derek J. Oliver, CISA, CISM, CRISC, CFE, FBCS, FIAP an Information Audit & Security specialist with over 25 years experience. He is a Chartered Fellow of the
British Computer Society, a Fellow of the Institute of IT Service Management and a Fellow of the Institute of Analysts & Programmers. In 1996 he was made a Freeman of the City of London. An MSc in information technology was followed by a PhD in Information Security Management and a DBA in Risk & Security Management. He is internationally regarded as an expert in Information Security and ISO27001 and has spoken at international conferences and seminars from Oslo to Cape Town by way of Orlando and Canberra on various information security and audit topics. He is past President of the Information Systems Audit & Control Association in London (ISACA), current member of CISA Test Enhancement committee and a member of the Institute of Internal Auditors and the Information Systems Security Association. Having been a member of the ISACA Credentialing Task Force that created the CISM designation, he was appointed the founding Chair of the CISM Examination Enhancement Committee in 2004 and currently chairs the Working Party developing an international Business Model for Information Security (BMIS); in addition to this and his appointment as co-chair of the CobiT5 Task Force he is a member of ISACA’s Future Framework Committee. As a member of the CISA Certification Board he was jointly responsible for setting the annual, international CISA examination. Following his early years in the “Travel Trade” with Thos. Cooks and Trans World Airlines, 15 years’ service with H.M. Customs &
Excise, Mr. Oliver became head of the UK internal audit team of First Data Corporation, the world’s largest third-party processor of credit and debit transactions.
Since 1985 he has conducted both high level and in-depth audit and security reviews across the information processing spectrum, including :
- ISO17799 “Information Security Guidelines” Compliance auditing & consultancy
- All aspects of LAN and WAN security from strategies through access control to infrastructure
- Physical security & risk analysis
- General Controls Reviews, including information security strategies & policies
- Physical and logical security penetration/invasion testing
- Disaster Recovery and Business Continuity, both auditing and plan development
- Various aspects of PC security including the use of illegal/pirate software
- PICK systems security, AS400 security
- IBM Mainframe security, specific application security and access control, including financial, stock control etc.
As a member of the BS7799 working group in 1995/96, Derek was partly responsible for the development of the BS7799 “Code of Practice for the Management of
Information Security”; he has since given advice on implementing the Standards to banking and government organisations in Hungary, Slovakia and Slovenia. He
also worked on the revised version, issued April, 1999, and was a member of the c:cure (BS7799 compliance certification scheme) steering group, which was directed
by the department of Trade and Industry. He has written several articles for various national and international magazines, including auditing software piracy,
BS7799 and the c:cure scheme and physical security.
CISA & CISMExaminations 2012
Exam Date Early Registration Date Final Registration Date
9 June 2012 8 December 2012
8 February 201215 August 2012
4 April 20123 October 2012
REGISTRATION FORM
In order to guarantee a place in the event, participants are kindly requested to register the latest by by 15 working days prior the course(s) start. Fees include all seminar material,
hands-on tools, coffee and lunch breaks. No extra tax charges.
Contact details:
Ms Eleni Tsirigoti, Tel: 210-3680907, Fax: 210-3633174, e-mail: [email protected]
Ms Vasiliki Zafiri: Tel: 210-3680927, www.hau.gr/management
Delegate’s Personal Details (please print clearly)
First Name Family Name
Company Position/Title
Address City/Postal Code
Tel Fax. e-mail
Invoice DetailsCompany Name
Area of Business
Address City/Postal code
Tel Fax.
Tax Id. Nr . Tax Registration Office
I/We understand and accept the registration and cancellation policies and procedures, and the protection of personal and credit card data policy.
Signature/Company seal Date
Payment DetailsPayments are made to the Hellenic American Union. For bank deposit/transfer information please contact the Hellenic American Union. Please always quote your company’s name or the delegate’s name in the transfer instructions.Please invoice my company Cheque Bank Deposit/Transfer Please charge my credit card: Visa Mastercard Diners
Cancellation PolicyPayment is due upon registration. Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given. A replacement is always welcome.Disclaimer: Hellenic American Union reserves the right to change or cancel any part of its published programme due to unforeseen circumstances.Confidentiality: Confidentiality: The information you provide will be safeguarded by the Hellenic American Union, who may use it to keep you informed of relevant products and services. If you do not wish to receive this information from the Hellenic American Union by telephone fax e-mail or mail .Please check the appropriate box and send this form to the Hellenic American Union, fax nr: 210-3633174 or notify us at tel: 210-3680927, or notify the person in charge of sending this information. We will ensure that you do not receive any further information, unless you instruct us otherwise.
Course Title Standard Delegate Fee Company discount (3+persons) ISACA (ISC)2 Member
CISA 2012 Prep Course19-21/3/2012
€850 €800 each €800
CISM 2012 Prep Course22-24/3/2012
€850 €800 each €800
Complete and send this registration form to HAU Office, fax: 210-3633174, the LATEST by 15 working days prior the course(s) start.
I wish to register for the following course(s):