GSN Aug/Sept Digital Edition

More documents

Recommendations

Info

Cybersecurity and ConvergenceNew Guide from ISACA helps organizationsimprove SAP security controlsROLLING MEADOWS, IL, USA(30 July 2015)—To help audit, riskand security professionals evaluaterisk and controls in existing ERPimplementations, global IT associationISACA has issued a significantupdate to Security, Audit and ControlFeatures SAP® ERP.This new edition provides currentbest practices and identifies futuretrends in ERP risk and control. Itenables audit, assurance, risk andsecurity professionals (ITand non-IT) to evaluaterisks and controls in existingERP implementationsand to facilitate thedesign and building ofbetter practice controlsinto system upgradesand enhancements.New features includerisk, controls and assessmenttechniques to audit SAP FI/CO, HCM, BASIS, and SAP Security,an overview of the SAP GRCSuite, updated Sarbanes-Oxley controlobjectives, and a list of sensitivetables and transaction codes.“ERP systems automate and integratemuch of a company’s businessprocesses to create consistency.ISACA released this important updateto bring together informationrelated to SAP ERP-specific risks,controls and testing procedures,”said Ben Fitts of Deloitte Advisory,who worked with ISACA on thefourth edition of the book. “Thiswill be a go-to reference for auditors,not just as a one-time read,but as a book they can dog-ear withsticky notes and return to year afteryear.”ERP software integrates all facetsof an operation, includingproduct planning,development, manufacturing,sales and marketing.The integration ofthese functional capabilitiesinto an online andreal-time applicationsystem designed to supportend-to-end businessprocesses helps enterprisesto plan and optimize theirresources across the enterprise.In addition, a set of audit programsbased on COBIT 5 are available fordownload free to ISACA membersand for US $45 to nonmembers andinclude:1. Revenue Business Cycle Audit/Assurance Program and ICQ2. Expenditure Business CycleAudit/Assurance Program and ICQ3. Inventory Business CycleAudit/Assurance Program and ICQ4. Financial Accounting (FI)Audit/Assurance Program and ICQ5. Managerial Accounting (CO)Audit/Assurance Program and ICQ6. Human Capital ManagementCycle Audit/Assurance Programand ICQ7. BASIS Administration and SecurityAudit/Assurance Programand ICQPrint and digital versions of Security,Audit and Control FeaturesSAP ERP, 4th <strong>Edition</strong>, are availablefor US $60 for ISACA members andUS $80 (print) and US $75 (digital)for nonmembers. To purchase acopy, visit www.isaca.org/sap-erp-4.ISACAISACA® (isaca.org) helps globalprofessionals lead, adapt and assuretrust in an evolving digital world byoffering innovative and world-classknowledge, standards, networking,credentialing and career development.Established in 1969, ISACAis a global nonprofit association of140,000 professionals in 180 countries.ISACA also offers the CybersecurityNexus (CSX), a holisticcybersecurity resource, and CO-BIT®, a business framework to governenterprise technology.24
Dr. Andy Ozment to head DHS National Cybersecurity andCommunications Integration CenterBy Steve BittenbenderFollowing up on statements hemade last month, the Secretary ofthe Department of Homeland Securityannounced earlier this weekthat he has realigned the agency tohave its top cybersecurity officialsreporting incidents directly to him.In making the announcement,Secretary Jeh C. Johnson also announcedthat Dr. Andy Ozment,the department’s assistant secretaryof the Office of Cybersecurityand Communications, will headthe National Cybersecurity andCommunications Integration Center.Ozment’s background includesworking at the White House as theSenior Director for Cybersecurityunder President Obama.The center serves as the backbonefor the government’s ability to respondto cyber threats and incidentsby sharing information with publicand private entities and coordinatingresponse efforts. Since October,the NCCIC has dispatched morethan 6,000 alerts to key stakeholdersand provided on-site assistanceon 32 cybersecurity incidents, Johnsonsaid. The number of incidentsrepresents a more than two-fold increasefrom last year. Most notably,the NCCIC has provided assistanceto the Office of Personnel Managementafter it discovered its systemswere breached earlier this year. Datafrom more than 20 million federalworkers, contractors and applicants we must elevate the NCCIC withinwas comprised in the breaches, officialssaid.an incident reporting line directlyour Department’s structure, withJohnson hinted at these moves to me as Secretary,” said Johnsonwhen he spoke at the Center for in a statement regarding the appointmentsof Ozment and Felkner.Strategic and International Studieslast month in Washington.“Equally as important, I have also“To be frank, our federal cybersecurityis not where it needs to be,” and Programs Directorate (NPPD)directed the National ProtectionJohnson said last month. “But we to develop a reorganization planhave taken, and are taking, acceleratedand aggressive action to get cused on strengthening our opera-that will ensure the NCCIC is fo-there.”tional capabilities for mitigating andJoining Ozment at the NCCIC responding to cyber incidents.”will be John Felkner, who Johnson The assignments and reorganizationplan comes at a time when a cy-said will be responsible for the dailyoperations within the center. A bersecurity bill aimed at increasingCoast Guard veteran, Felkner was information sharing and reducingthe deputy commander of the Coast the response time to threats remainsGuard’s Cyber Command before stalled in the Senate over concernsventuring into the private sector. regarding privacy rights. The Senatewill take up the bill when it re-Most recently, he was the director ofCyber and Intelligence Strategy for convenes next month, bringing upHP Enterprise Services.nearly two dozen amendments to“Given the central importance of the bill, sponsored by Sen. Richardthe NCCIC to the DHS cybersecuritymission, I have determined that More on pageBurr (R-N.C.).2825
Page 1 and 2: Government Security NewsAUGUST/SEPT
Page 3 and 4: NEWS AND FEATURESDriver arrested af
Page 5 and 6: officials, Ricky Shawatza Hall wasd
Page 7 and 8: city reduced the number of complain
Page 9 and 10: our system is secure with CINCH - t
Page 11 and 12: U.S. MARINE CORPS declares theF-35B
Page 13 and 14: complex weapon system in an operati
Page 15 and 16: Here’s how different the immigrat
Page 17 and 18: DHS Science & Technology Directorat
Page 20 and 21: New from Government Security News:P
Page 22 and 23: Cybersecurity and ConvergenceCloud
Page 26 and 27: Cybersecurity and ConvergenceAdvanc
Page 28 and 29: Cybersecurity and Convergencemised.
Page 30 and 31: Cybersecurity and ConvergenceCyber
Page 32 and 33: Cybersecurity and ConvergenceUnited
Page 34 and 35: Cybersecurity and ConvergenceComput
Page 36 and 37: Cybersecurity and ConvergenceFrom a
Page 38 and 39: Disaster Preparedness and Emergency
Page 46 and 47: Business leaders, elected officials
Page 48 and 49: Protecting data in motion:A look at
Page 50 and 51: DHS Science & Technology Directorat
Page 52: Secure accessto cloud, dataand door

GSN Aug/Sept Digital Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?