Dear friends,
this is a special issue of our newsletter: we have decided to print the English version of some of the most significant articles published during the last year, in order to facilitate an international divulgation.

The reprinted articles are:

• Special column on professional certifications which compare “our” CISA and CISM with CISSP, CIA, OPSA, CompTIA Security+, GCFW (July and August);
• Information Security Governance: a call to action (August);
• Interview to Allan Boardman, President of London ISACA Chapter (July);
• Special section on University and Security: interview to Stefano Zanero and Dario Forte (October)
• Special column on ICT Security: interview to Mr. Pirotti Executive Director of ENISA (October) and Mr.Carducci (September).

Overview

The Information Systems Audit and Control Association (ISACA) is the leading association of professionals in information systems (IS) audit, control, security and governance.
Founded in 1969 as the EDP Auditors Association, ISACA is a global leader in IT governance, security, control and assurance. It is the single leading international source for information technology controls.

The ISACA Rome Charter was founded in October 2004.
Actually we count about 100 members.

Board of Directors

The Board of Directors of Rome Charter is as follows:

• Cilli Claudio (President)
• Mariani Francesco (Vice President)
• Bagni Pierluigi (CISA-CISM coordinator)
• Milone Corradino (Chapter Secretary)
• Bertocchi Glauco (Research Coordinator)
• Mistre Marcello (Membership Director)
• Blasimme Ercole
• Pica Francesco Bonaventura (Treasurer)
• Costanzo Romeo (Webmaster)
• Pucciarelli Massimiliano
• De Santis Puzzonia Cesare Maria
• Rubichi Sergio
• Grillo Agatino
• Spaziani Ugo (Education Chair)

Board of Directors members can be reached, by email, at:

On 6th October, Andrea Pirotti was questioned, evaluated and then confirmed by the European Parliament as Executive Director of Enisa, the European Network and Information Security Agency. He is currently the only Italian Director out of the sixteen European agencies

Thank you, Mr Pirotti for allowing us to interview you. First of all, could you tell us what Enisa is?

Giulio, what’s your opinion about the Italian ICT security market?

The ICT Italian market reflects the overhaul weakness of the present economical situation. This trend could be however reversed if users would improve their security awareness. There is still a great market potential in companies, government bodies and private consumers. ICT security awareness in last ten years has been really minimal. Would be of utmost utility, both for private and public bodies, entities to promote in a modern and intelligent way both a security culture an assurance infrastructure  in order to guarantee on the market both security plans and solutions. Such entities would act as national counterparts of Enisa, the recently established UE agency for networks and information protection.

The ISACA London Chapter, http://www.isaca-london.org, was founded in 1981, and now has over 900 members.
The Chapter was awarded the K. Wayne Snipes Chapter Recognition Award for 2003 (Europe/Africa - Very Large Chapter); the Chapter's website, which won the Gold seal for the 3rd consecutive year, provides one of the main forms of communications to members with news and information and attracts over 3,000 visitors per month.

The Corporate Governance Task Force was formed in December 2003 to develop and promote a coherent governance framework to drive implementation of effective information security programs.
Corporate governance consists of the set of policies and internal controls by which organizations, irrespective of size or form, are directed and managed. Information security governance is a subset of organizations’ overall governance program. Risk management, reporting, and accountability are central features of these policies and internal controls.

CISSP

By: Francesco Mariani, CISA, CISM, CISSP
f.mariani (AT) isacaroma.it

Only recently administered in Italy, while widely known and spread all around the world, CISSP (Certified Information Systems Security Professional) designation is the well-deserved standard of vendor-independent infosecurity certifications, so that it was recently granted ISO17024 accreditation.

FOR IMMEDIATE RELEASE

NEWS FROM
IT GOVERNANCE INSTITUTE (ITGI)

IT GOVERNANCE INSTITUTE INTRODUCES NEW COBIT CURRICULUM FOR BUSINESS AND IT INSTRUCTORS

Rolling Meadows, IL, USA (13 January 2005)—The growing complexity of IT environments, increasing pressure to leverage technology value and recent legislation focusing on internal controls are changing the way IT is being taught at the undergraduate and graduate levels. In response, the IT Governance Institute (ITGI) has released COBIT in Academia to provide focused educational material on COBIT, the international IT governance and control framework. The material can be integrated into curricula for courses on information systems management, information security management, information systems auditing and accounting.

An academic competence centre for ICT security. A course designed for computer security incident response team.

Hello Dario, let’s start with your academic experience. How did get started working with the University? What do you teach?