Isacaroma Newsletter - Dicembre 2004

ISACAROMA Newsletter International Issue

Mon, 10 Jan 2005 15:51:35 +0100

0412-cilli Dear friends,
this is a special issue of our newsletter: we have decided to print the English version of some of the most significant articles published during the last year, in order to facilitate an international divulgation.

The reprinted articles are:

Special column on professional certifications which compare “our” CISA and CISM with CISSP, CIA, OPSA, CompTIA Security+, GCFW (July and August);
Information Security Governance: a call to action (August);
Interview to Allan Boardman, President of London ISACA Chapter (July);
Special section on University and Security: interview to Stefano Zanero and Dario Forte (October)
Special column on ICT Security: interview to Mr. Pirotti Executive Director of ENISA (October) and Mr.Carducci (September).

Information Systems Audit and Control Association

Sat, 08 Jan 2005 15:41:29 +0100

0412-isaca

Overview

The Information Systems Audit and Control Association (ISACA) is the leading association of professionals in information systems (IS) audit, control, security and governance.
Founded in 1969 as the EDP Auditors Association, ISACA is a global leader in IT governance, security, control and assurance. It is the single leading international source for information technology controls.

IsacaRoma Chapter

Fri, 07 Jan 2005 15:36:11 +0100

0412-isacaroma The ISACA Rome Charter was founded in October 2004.
Actually we count about 100 members.

Board of Directors

The Board of Directors of Rome Charter is as follows:

Cilli Claudio (President)
Mariani Francesco (Vice President)
Bagni Pierluigi (CISA-CISM coordinator)
Milone Corradino (Chapter Secretary)
Bertocchi Glauco (Research Coordinator)
Mistre Marcello (Membership Director)
Blasimme Ercole
Pica Francesco Bonaventura (Treasurer)
Costanzo Romeo (Webmaster)
Pucciarelli Massimiliano
De Santis Puzzonia Cesare Maria
Rubichi Sergio
Grillo Agatino
Spaziani Ugo (Education Chair)

Board of Directors members can be reached, by email, at:

Interview to Mr Andrea Pirotti, Executive Director of ENISA

Thu, 06 Jan 2005 15:18:25 +0100

0412-gb-pirotti On 6th October, Andrea Pirotti was questioned, evaluated and then confirmed by the European Parliament as Executive Director of Enisa, the European Network and Information Security Agency. He is currently the only Italian Director out of the sixteen European agencies

Thank you, Mr Pirotti for allowing us to interview you. First of all, could you tell us what Enisa is?

Interviewing Giulio Carducci

Tue, 04 Jan 2005 14:50:04 +0100

0412-carducci Giulio, what’s your opinion about the Italian ICT security market?

The ICT Italian market reflects the overhaul weakness of the present economical situation. This trend could be however reversed if users would improve their security awareness. There is still a great market potential in companies, government bodies and private consumers. ICT security awareness in last ten years has been really minimal. Would be of utmost utility, both for private and public bodies, entities to promote in a modern and intelligent way both a security culture an assurance infrastructure in order to guarantee on the market both security plans and solutions. Such entities would act as national counterparts of Enisa, the recently established UE agency for networks and information protection.

Interview with Allan Boardman, ISACA London President

Mon, 03 Jan 2005 14:03:34 +0100

0412-isacalondon
The ISACA London Chapter, http://www.isaca-london.org, was founded in 1981, and now has over 900 members.
The Chapter was awarded the K. Wayne Snipes Chapter Recognition Award for 2003 (Europe/Africa - Very Large Chapter); the Chapter's website, which won the Gold seal for the 3rd consecutive year, provides one of the main forms of communications to members with news and information and attracts over 3,000 visitors per month.

Information Security Governance: a call to action

Sun, 02 Jan 2005 13:52:30 +0100

0412-securitygovernance The Corporate Governance Task Force was formed in December 2003 to develop and promote a coherent governance framework to drive implementation of effective information security programs.
Corporate governance consists of the set of policies and internal controls by which organizations, irrespective of size or form, are directed and managed. Information security governance is a subset of organizations’ overall governance program. Risk management, reporting, and accountability are central features of these policies and internal controls.

Professional Certifications

Sat, 01 Jan 2005 13:48:55 +0100

0412-certifications.html

CISSP

By: Francesco Mariani, CISA, CISM, CISSP
f.mariani (AT) isacaroma.it

Only recently administered in Italy, while widely known and spread all around the world, CISSP (Certified Information Systems Security Professional) designation is the well-deserved standard of vendor-independent infosecurity certifications, so that it was recently granted ISO17024 accreditation.

COBIT in Academia

Fri, 31 Dec 2004 11:30:36 +0100

0412-cobac FOR IMMEDIATE RELEASE

NEWS FROM
IT GOVERNANCE INSTITUTE (ITGI)

IT GOVERNANCE INSTITUTE INTRODUCES NEW COBIT CURRICULUM FOR BUSINESS AND IT INSTRUCTORS

Rolling Meadows, IL, USA (13 January 2005)—The growing complexity of IT environments, increasing pressure to leverage technology value and recent legislation focusing on internal controls are changing the way IT is being taught at the undergraduate and graduate levels. In response, the IT Governance Institute (ITGI) has released COBIT in Academia to provide focused educational material on COBIT, the international IT governance and control framework. The material can be integrated into curricula for courses on information systems management, information security management, information systems auditing and accounting.

Interview with Dario Forte, “Incident Response" teacher

Tue, 26 Oct 2004 10:20:53 +0200

No title

An academic competence centre for ICT security. A course designed for computer security incident response team.

Hello Dario, let’s start with your academic experience. How did get started working with the University? What do you teach?

Interview with Stefano Zanero, Ph.D. student in Security Engineering

Mon, 25 Oct 2004 10:00:11 +0200

No title

He has graduated “cum laude” from the Politecnico of Milano school of engineering; he is currently a Ph.D. student in the Department of Electronics and Information of the same university. Among his current research interests, besides learning IDSs, are the performances of security systems and clustering techniques.