Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Canadian IT Audit Standard set to change

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Canadian IT Audit Standard set to change
Date: Fri, 25 Mar 2005 03:35:34 -0600 (CST) 
Forwarded from: Mark Bernard <Mark.Bernard@TechSecure.ca>

Dear Associates,

Here in Canada the Chartered Accountants of Canada are in the process
of making amendments to our Canadian IT Audit standards, CICA 5025,
5310 & 5900. These amendments will bring our Canadian Financial
Management controls into compliance with the United States SOX and SAS
70 standards. There will also be a new Canadian standard titled CICA
70 created to address everything that the previous amendments won't.
As you may already be aware SAS 70 and SOX standards have been
identified as a potential solution to the protection of private
information. If nothing else the heightened awareness of information
security will benefit the protection of private information.

In addition, we are anticipating newly crafted Financial Securities
legislation this year currently under review in Ontario known as Bill
198. It's very likely that each of the Canadian provinces will adopt
Bill 198 provisions within current provincial legislation for
securities trading and management.

The current target release date for CICA amendments is mid April 2005
while SAS 70 and SOX deadline has been extended to mid November 2005.
Compliance with CICA standards is scheduled for November, just in time
for 2006 IT Audits.

The answer to complying with all of this new legislation is to
implement a best practice framework such as ISO 17799 or ISACA's
COBiT. I would personally recommend ISACA's COBiT because its a world
wide standard that IT Auditors and Financial professionals recognize.
A hybrid strategy using both ISO 17799 and COBiT is really that much
better since both IT professionals and Financial Professionals can
relate to each standard. Since it's very likely that your annual
audits will be conducted by IT Auditors with Financial backgrounds it
truly is the only logical solution.

Why should IT be concerned about the Finance Department?

Well, if you're an IT Professional who's worked long enough in the
corporate world than you already know how important it is to work
closely with the Finance Department in your organization. Its
imperative that projects like this and capital expenditures are
clearly understood, so that they get approved for the annual budget
and not get cut during the annual rollback on capital expenses. After
all this project will be mutually beneficial to both groups.

Here's a link for more information about CICA 5900;  
http://www.cica.ca/index.cfm/ci_id/19365/la_id/1.htm

Here's a link for COBiT;  
http://www.isaca.org/Template.cfm?Section=COBIT_Online&Template=/ContentManagement/ContentDisplay.cfm&ContentID=15633

Best regards,
Mark.


Mark E. S. Bernard, CISM, CISSP, PM,
Principal, Risk Management Services,

e-mail: Mark.Bernard@TechSecure.ca
Web: http://www.TechSecure.ca
Phone: (506) 325-0444


Leadership Quotes by John Quincy Adams: "If your actions inspire
others to dream more, learn more, do more and become more, you are a
leader."



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Canadian IT Audit Standard set to change, InfoSec News <=
Previous by Date:  [ISN] Microsoft-sponsored report slams Linux security, InfoSec News
Next by Date:  [ISN] Secunia Weekly Summary - Issue: 2005-12, InfoSec News
Previous by Thread:  [ISN] Microsoft-sponsored report slams Linux security, InfoSec News
Next by Thread:  [ISN] Secunia Weekly Summary - Issue: 2005-12, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]