News

Delivering Security Architecture in DevOps Environments

DevOps, the tighter coupling of software development (dev) and IT operations (ops) capabilities in an organisation, is getting more traction these days. DevOps is driven by cloud infrastructures that can be stood up within minutes rather than month and the desire of organisations to react faster to changing market conditions often accompanied by the introduction of Agile Software delivery processes. While this allows organisations to also grow more rapidly it can create new operational security risks that need to be addressed.

The ISACA Melbourne Chapter July Security Architecture Working Group Meeting will focus on developing security architecture solutions in a DevOps environment. We hope you can bring along and share your experiences of how DevOps has impacted the way you define and deliver security architecture solutions.

Special Lunch Event – Commissioner Data Privacy and Data Protection Briefing

Privacy and cyber security are a key issue in Parliament…

Cyber attacks across the globe are increasing at an alarming rate and no organisation is immune. Since 2013, over 7 billion data records have been lost or stolen and only 4% were encrypted. In Australia, on average, a cyber attack costs an organisation $5.4 million1 per incident. However this cost increases significantly when factoring in flow-on effects such as business disruption, information loss or theft, revenue loss, or the impact on brand and reputation or regulatory sanction.

According to the recent ASX 100 Cyber Health Check Report, while only 8% of directors say they have a clear understanding of the key controls in the company’s cyber resilience framework, a further 64% have a reasonable understanding. There are opportunities for further improvement. Is Victorian government similar?

1 – 2016 Cost of Cyber Crime Study & the Risk of Business Innovation

 

In this event, the Victorian Commissioner of Data Privacy and Data Protection David Watts will provide insights around the role of the board in protecting and strengthening their business. David is also Adjunct Professor of Law at LaTrobe University, Task Force leader on Big Data and Open Data for the UN Special Rapporteur on the Right to Privacy, a member of the Privacy Advisory Group to UN Global Pulse and a Key Researcher at the Data to Decisions Cooperative Research Centre.  His background is as a private and public sector lawyer.

The Office of the Commissioner for Privacy and Data Protection was established by the Privacy and Data Protection Act 2014 (Vic) in September 2014. The Act is designed to protect all information held by the Victorian public sector, including the personal information of individuals. The Office of the Commissioner for Privacy and Data Protection’s mission is to safeguard Victorians’ information and support information innovation.

Key areas to be addressed:

  • The rising threat landscape and what it means for Victoria
  • The ASX Cyber Health Check Report – implications and actions in Victorian government
  • The Australian Privacy Act of 1988 and Notifiable Data Breaches scheme, understanding obligations and compliance
  • The role of Victorian governing boards in addressing cyber security and privacy
  • Integrating appropriate governance and risk measures into the public sector organisation for resilience
  • Amendment of Victorian Privacy and Data Protection Act 2014 – what does it mean?
  • And your questions!

Event Sponsor

 

Internet of Things Festival | 3rd-6th June 2017

 

The IoT Festival 2017 will showcase the dramatic transformations and new world of opportunities made possible by the Internet of Things. With more than 20 Billion devices connected to the internet by 2020, IoT is an industrial revolution for the 21st Century. Discover the latest developments defining the future of food & agriculture, healthcare, smart cities & campuses, manufacturing, retail, energy & mining across Australia and Asia-Pacific.

 

The IoT Festival 2017 runs across four days in Melbourne, Australia and includes the IoTCup Hackathon Competition, the IoT Conference and Interactive Field Trips & Tours to experience IoT in action.

 

20% discount off Early Bird ($375 to $300) and 30% off Full Price ($500 to $350). Have interested members use the Discount Code ISACA17 when registering via the website.

Register for the May/June Certification Exam Testing

ISACA News

ISACA’s certifications combine the achievement of passing an exam with proven work experience, giving you the credibility you need to move ahead in your career. Certification proves to employers that you have what it takes to add value to their enterprise. In fact, many organizations and governmental agencies around the world recognize or require ISACA’s certifications.

Starting in 2017, the Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) and Certified in the Governance of Enterprise IT (CGEIT) certification exams will be administered via computer-based testing (CBT) during 3 testing windows that will each be 8 weeks in length. CBT will provide new benefits to candidates taking the exams, including greater flexibility in taking the exam and faster exam results.

Registration is now open for the May/June 2017 exam. You can save US $50 by registering by the early registration deadline of 28 February.

The 2017 exams will be available during the following windows:

  • 1 May–30 June
  • 1 August–30 September
  • 1 November–31 December

Learn more about the 2017 exams including registration dates and deadlines, available language offerings, and important exam day information on the Exam Candidate Information Guide page of the ISACA website.

ISACA Melbourne Chapter Certification Study Sessions – April 2017

The Melbourne Chapter will be running study support sessions for members interested in, or undertaking the ISACA Certification Exams in 2017. There is no cost for attending.

 

CISA Study Sessions

Venue: ANZ Centre, Upper Ground Floor Core C Conference Suites, 833 Collins Street, Docklands

Time: 5:15pm to 7:00pm

  • The study sessions are designed to support your individual exam preparation and will be run at as follows:
  • Week 1.       Thursday 6th April – Domain 1 & 2 (John O’Driscoll & Joseph Spiteri)
  • Week 2.       Thursday 13th April – Domain 3 & 4 (Peter Ware & John O’Driscoll)
  • Week 3.       Thursday 20th April – Domain 5 (Ronnie Islam)
  • Week 4.       Thursday 27th April – Practice Exam (John O’Driscoll)

For further information contact John O’Driscoll (john.odriscoll@isaca-melbourne.org.au)

 

CRISC Study Sessions

Venue: ANZ Centre, Upper Ground Floor Core C Conference Suites, 833 Collins Street, Docklands

Time: 5:15pm to 7:00pm

  • The study sessions are designed to support your individual exam preparation and will be run at as follows:
  • Week 1.       Thursday 6th April – Domain 1 (Zahir Ali Quettawalla)
  • Week 2.       Thursday 13th April – Domain 2 (Zahir Ali Quettawalla)
  • Week 3.       Thursday 20th April – Domain 3 (Zahir Ali Quettawalla)
  • Week 4.       Thursday 27th April – Domain 4 & Practice Exam (Zahir Ali Quettawalla)

For further information contact Zahir Ali Quettawalla (zzaaqq@gmail.com)

CGEIT Exam Preparation Q&A Session

Venue: ANZ Centre, Upper Ground Floor Core C Conference Suites, 833 Collins Street, Docklands

Date: Wed 19th April

Time: 5:15pm to 7:00pm

This is an opportunity to get some tips on how to prepare for the CGEIT exam, and ask questions on content areas.

Facilitators: 3 x ISACA Melbourne Chapter members who have achieved recent ISACA CGEIT Excellence Awards:

  • Russell Baker (June 2015 – highest score in world)
  • Ross Peachy (December 2016 – highest score in Oceania)
  • John O’Driscoll (December 2015 – highest score in Oceania)

For further information contact John O’Driscoll (john.odriscoll@isaca-melbourne.org.au)

 

Big Data/Machine Learning in Risk Management and Audit

Mario Bojilov, Chief Data Strategist, Meta Business Systems

Thursday, 20 April 2017 at 8:45 am Friday, 21 April 2017 at 5:30 pm (AEST)

Overview

This course is designed to provide participants, with no prior exposure to Big Data (BD), with the knowledge and practical skills to start using Big Data in their organisations. Initially the course covers four (4) of the most popular tools for processing Big Data – Apache Hadoop, Apache Spark, Apache Hive and MongoDB.  It then progresses to the topic of Machine Learning (ML) and provides practical exercises demonstrating how ML is used.

A distinguishing feature of the course is its practical aspect. At the end of each module there is a practical exercise designed to reinforce the concepts of the module and to give participants a chance to “get their hands dirty”.

At the start of the course, each participant will receive a USB with a fully configured Virtual Machine (VM) that will be used for the practical work throughout the course. Students will be allowed to keep the VMs after the course, so that they refer to the exercises in their day-to-day work and, when they feel more confident, to modify and enhance them to be used in their audit engagements.

  • Date: 20-21 April 2017
  • Information and registration link – https://goo.gl/SXb3EL
  • Early Bird close – 15 March 2017 ($100 discount off the reduced member price)
  • Price (incl. of GST and after $500 discount for ISACA members)
    • Standard – $1,150
    • Early Bird – $1,050
  • Duration2 days/15 hours
  • Catering: Lunch, morning and afternoon tea included

What you will learn

Click on the image below to access a larger vesion of the full course program. (Opens in new window).

 

Applied IS Audit – Introduction (VIC)

Mario Bojilov, Chief Data Strategist, Meta Business Systems

Monday, 15 May 2017 at 8:45 am Tuesday, 16 May 2017 at 5:30 pm (AEST)

Overview

This course is designed to provide an initial understanding of the IS Auditing process, how it fits within the overall environment of an organisation and cover some of the common tasks that an IS auditor will face in their work. It also includes an overview of a series of new technologies, including some of the current risks, associated with them.

A distinguishing feature of the course is its practical aspect. At the end of each module there is a practical exercise designed to reinforce the concepts of the module and to give participants a chance to “get their hands dirty”.

At the start of the course, each participant will receive a USB with a fully configured Virtual Machine (VM) that will be used for the practical work throughout the course. Students will be allowed to keep the VMs after the course, so that they refer to the exercises in their day-to-day work and, when they feel more confident, to modify and enhance them to be used in their audit engagements.

Additionally, each student will receive a full set of course slides and the complete descriptions, including answers and results, of all scenarios and exercises.

  • Applied IS Audit – Introduction
    • Date: 18-19 April 2017
    • Information and registration link – https://goo.gl/G3t4wo
    • Early Bird close – 15 March 2017 ($100 discount off the reduced member price)
    • Price (incl. of GST and after $400 discount for ISACA members)
      • Standard – $1,050
      • Early Bird – $950
    • Duration2 days/15 hours
    • Catering: Lunch, morning and afternoon tea included

What you will learn

Click on the image below to access a larger vesion of the full course program. (Opens in new window).

 

Changing the Influencer’s Minder

COSAC Security Conference coming to Melbourne

If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, the most participative and productive event of the year comes to Australia for the first time. This event builds on the success of COSAC Europe, which is now in its 9th year, but doesn’t require you to travel all the way from Australia to attend.

COSAC Melbourne (5-7 December 2017) is the 1st SABSA Asia-Pacific Congress providing participants with access to experienced Enterprise Security Architecture professionals, discussing case-studies, new ideas and methods for delivering architecture value in your organisation.

COSAC is unique, because:

  • it is run by experienced volunteers from inside the profession, and not as a commercial conference
  • vendor or sales pitches are strictly prohibited and participants are not required to run the gauntlet of an exhibition hall
  • it provides you with access to very experienced professionals with more than 15 years of experience in the fields of Information Security, Risk Management, IT Management, or Security Architecture

For further details please contact:

Dennis Pigram, Business Development Manager
Dennis.Pigram [AT] davidlynas.com

Cybersecurity Fundamentals Career Starter

csx_fundamentals_career_sta