NCAC May 2008 Monthly Meeting

For those of you in the Washington, DC area:

Don't Miss Out! There are still seats available to the NCAC's NCAC May 2008 Monthly Meeting on Wednesday, May 21, 2008. The topic this month is Federal IT Governance: An Integrated Approach. The agenda for this full-day meeting is:* Update on the current activities of the FISMA Implementation Project at NIST, presented by Dr. Ron Ross, Senior Computer Scientist, NIST* Secure Content Automation Protocol Implementation Project, presented by Alfred Ouyang, Mitre* Incident Response requirements for privacy breaches, presented by Benjamin Bergersen, U.S. NAVY SPAWAR* Security in the Future, Jerry Davis, Deputy CIO, NASA
Note, the agenda has changed slightly, due to changes in speaker schedules. Registration begins at 9:30AM.

This is a great opportunity to earn 6 hours of CPE at a great value. For those who are affected by FISMA, this is a must attend event!

You still have time to register in advance! Advance registration will close at 3PM on Monday, May 19th. If there are spaces available, walk-up registration will be available, though with an additional charge.

For additional information on this meeting, including location and cost, visit http://www.isaca-washdc.org/events/monthly/monthly-May2008.htm.

To register, please click the link below, view the invitation, and click YES to begin the registration process.
http://guest.cvent.com/i.aspx?1Q,P1,4C6C4F8C-F0AF-4D08-B482-06A1992CE1CD

Sincerely,NCAC Monthly Meeting Reservations CommitteeISACA® National Capital Area Chapter

CISA and CISSP Information

Below are some security information that will help you in the CISA and CISSP certifications

Understanding the Threat

• Protecting information assets is a significant challenge for IT Security Professionals

• To protect information assets IT Security Professionals must use:

1. Administrative Controls
2. Physical Controls
3. Technical ControlsReasons for Security Issues

• Technology Weaknesses
o Each network & computing technology has inherent security problems.
• Configuration Weaknesses
o Even the most secure technology can be misconfigured exposing security problems.
• Policy Weaknesses
o A poorly defined, implemented or managed security policy can make the best security infrastructure open for abuse.

Security Definitions
• Threats
o A threat is any potential danger to information or systems

• Vulnerabilities
o A vulnerability is a software, hardware or procedural weakness that may provide an attacker a way to access information or systems.

• Attacks
o An attack is a technique used to exploit a vulnerability.

Become CISA or CISM Certified in 2008

Become CISA or CISM Certified in 2008

ISACA has asked me as a proud ISACA credential holder, to pass along this message. We thought you might be interested in joining the ranks of more than 55,000 audit, control and security professionals who already hold the CISA designation, and more than 8,000 information security management professionals who are CISMs. As I have already experienced, certification increase your standing in your organization and makes you highly desirable to potential employers.


If you are seeking worldwide recognition for your unique IT audit, assurance or security experience and knowledge and want to distinguish yourself from others in your profession, then it is time to pursue a certification from ISACA.

For 30 years, the Certified Information Systems Auditor™ (CISA®) credential has been preferred by individuals and organizations around the world. More than 55,000 audit, control and security professionals have achieved this globally accepted standard since 1978.

Since 2002, the Certified Information Security Manager® (CISM®) has defined the role of professionals who have information security management responsibilities. ISACA has certified more than 8,000 CISMs to date.

Independent surveys by Foote Partners and Certification Magazine have named both CISA and CISM among the highest-paying certifications; each program is also accredited under ISO/IEC 17024 for its credentialing procedures and adherence to rigorous standards of performance.

Register online today at www.isaca.org/examreg. Don’t wait and miss the 9 April deadline!

For those seeking recognition for IT governance related knowledge and experience, ISACA is now accepting applications for our new credential, Certified in the Governance of Enterprise IT™ (CGEIT™). It is designed for professionals who have management, advisory and/or assurance responsibilities relating to the governance of IT. For more information on CGEIT and how to earn certification without taking an exam through the grandfathering provision, please visit www.isaca.org/cgeit.

Note: Because of the extreme popularity of the CISA and CISM credentials the online registration process accepts payments and is the preferred method for submitting exam registrations. Those who wait until the final deadline date may experience heavy registration volume, and we ask for your patience.

Anyone seeking additional information is encouraged to please visit the ISACA web site at www.isaca.org/certification or contact the certification department, call +1.847.660.5660; or e-mail certification@isaca.org.

Thank you,
ISACA Certification Department

About ISACA
With more than 65,000 members in 140 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA administers the CISA, CISM and CGEIT designations; sponsors international conferences; publishes the Information Systems Control Journal; and develops international information systems auditing and control standards.