As the Haitian folks fight for subsistence, the planet is responding with food and medical assistance.

This tragedy wreaked havoc on a victim unsung by the news media - the telecommunications infrastructure.

However, there is a ground-swell in the technical community targeting this need.

George Moraetes is among those who have used their skills to help.

?Monitoring events via Twitter, Skype, and the Internet,? said Moraetes, ?I volunteered and helped a little firm re-establish their communications and what was left of their salvageable computing equipment remotely.?

He observed that Haiti?s ISP Multilink is in dire want of network engineers and that interested people or organizations should forward their resumes.

Given various economic, political, and geographic challenges, Haiti?s Internet is not well developed.

Carnegie Mellon University?s Jon M. Peha wrote an informative paper on the Haitian Internet Infrastructure which I urge you to study if you wish to help.

Moraetes points out that in the method of serving to others, you’re developing your own skills and exposure.

?Those of you in transition may want to supply your talents,? said Moraetes. He cited Crisis in Common as an organization that is leading efforts where IT talent is needed.

The actions of one individual can save the lives of many. It’s through complacency that we surrender our power.

Below is a list of reputable organizations that are on the ground helping those in need.

* International Committee of the Red Cross - http://www.icrc.org/eng
* Yankee Red Cross - http://www.redcross.org/ or text the word HAITI to 90999 for a $10 donation*
* Action Against Hunger- http://actionagainsthunger.org
* ActionAid - http://actionaidusa.org
* Air Serve International - http://www.airserv.org
* Airline Ambassadors - http://www.airlineamb.org
* AmeriCares - http:// www.AmeriCares.org
* The Yankee Society for the Prevention of Cruelty to Animals- http://www.aspca.org
* CARE - http://www.care.org/donatehaiti
* Clinton Foundation - http:// www.clintonfoundation.org or text the word HAITI to 20222 for a $ten donation*
* Doctors While not Borders - http:// doctorswithoutborders.org
* Habitat for Humanity - http:// www.habitat.org
* Humane Society International - http:// www.hsi.org
* Mercy Corps: Haiti Earthquake Fund - http:// www.mercycorps.org
* Oxfam America - http:// OxfamAmerica.org/Haiti
* Partners in Health - http:// www.pih.org
* Save the Youngsters - http://savethechildren.org
* The Salvation Army - http:// salvationarmyusa.org
* UN World Food Programme - http:// www.wfp.org
* UNICEF - http:// www.unicefusa.org/haitiquake
* United Approach International - http:// www.liveunited.org

One amongst the issues that we tend to have been addressing extensively lately is the issue of auditing and automation. This has come most typically been raised when we’ve been discussing how to handle automating control assessments in conjunction with implementing the twenty Crucial Controls. One among the core principles of the twenty Essential Controls is that organizations want to have the flexibility to automate security assessments in order to cut back risk detection times and permit for a additional prompt response to detected threats.

One manner to help with the automation of any given assessment is to script your assessments and automate the scripts you write. This manner your tests will work for you and will automatically respond in some method ought to a specific event be discovered. Rather than making a mechanism to perform detection and alerting from scratch, why not use a mechanism that’s already built into most Microsoft Windows versions you’re already running? The Windows Event Log may be a nice place to start.

1st, you’ll use a command such as EventCreate to get new event log entries as a result of a particular action in your scripts. As an example, if you use nmap with PBNJ to look for brand new hosts on your network (assume vital management #one), then you may use EventCreate to generate an event log entry every time a brand new device is discovered. Or, for example, let’s say you use WMIC to list startup items on a machines (think critical control #a pair of), then you may use EventCreate to come up with an occurrence log entry each time a new startup entry is added. Get the idea? Use engineered in Windows tools to support your automation efforts - and all it costs is a very little sweat equity and trial with built in tools!

For a lot of details on a way to use EventCreate, check out these resources to urge started:

Microsoft TechNet Reference on EventCreate:

http://technet.microsoft.com/en-us/library/bb490899.aspx

Microsoft Support article for making custom event log entries:

http://support.microsoft.com/kb/324145

For details on how to use eventtriggers in more depth, here are a couple resources that can facilitate to induce you started:

Microsoft TechNet Reference on EventTriggers.exe:

http://technet.microsoft.com/en-us/library/bb490901.aspx

Petri.co.il Article on EventTriggers.exe:

http://www.petri.co.il/how-to-use-eventtriggersexe-to-send-e-mail-based-on-event-ids.htm

In addition to automating tasks with the eventtriggers.exe command, you’ll additionally need to consider command line e-mail tools that will be used to generate an e-mail as a result of an action in your command line tool. Two such free command line tools that you may wish to consider are:

Blat (http://www.blat.internet/)

Bmail (http://www.beyondlogic.org/solutions/cmdlinemail/cmdlinemail.htm)

To run either of those tools you’ll need to own access to a vigorous mail server, though thankfully it will not would like to pay attention solely on tcp/twenty five - however you are doing must use the SMTP protocol. Whereas security by obscurity is actually no singular way to protect your system, running administrative mail servers like this on alternate ports will never hurt!

My being changed in Summer 2005. At that time i decided to turn out to be an IT Auditor. It seemed very strange for some of my friends, as my college studies were all regarding encoding expertises. The majority of my institution of higher education friends became programmers - some are working in Web encoding, several develop unique billing systems. And i became an IT Auditor.

As such, the term IT Controls is following me in all places. Subsequently, lets look at what does it mean - control, and mostly - IT Controls.

The majority of our today’s companies are operating different computer systems for their business and financials. These systems produce various supplies, distribute different services, compute salaries, manage our interest rates, send numerous} bills to us, etc. As we can see, there are lots of computer systems which control our daily activities, help us be alive in today’s obsession world. Although who and how keep under control all these systems? How we can be ensured, that our payment were calculated properly, that numerous goods were created as we projected - how to keep under control that all these systems are functioning as we suppose them to work? This is a nice question, isn’t it?

My response to this problem is - we are. We, IT Auditors, keep under control, or sometimes facilitate to manage, all IT systems in the world. Of course, all companies and their IT workers have to controltheir private IT systems by implementing diverse IT Controls. That’s where we come across this phrase first time. IT Controls - it is various actions, which must be taken by some custodian IT workers in order to controland guarantee the usual operations of IT systems. But the earth is continuously a circle, isn’t it? That is why someone have to managethese custodian IT employees to guarantee that their IT Controls are operated as expectedby corporation management. That is where IT Auditor’s operatebegins. To read more about IT Audit visit it audit risk.

So, what we come up with at the moment. Several guys at a specific company have to create a amount of IT Controls, and some guys, IT Auditors like me, have to come and test their IT Controls and prove that these controls functioneffectively. Usually how it works - the IT custodian employees is responsible to run IT Controls on daily basis, and IT Auditor comes yearlyto test the IT Controls and verify that all of them were operated efficiently through the last year. Such tests are recurring each year.
By executing tests of IT Controls on a ordinary basis, we ensure that these distinct IT systems function as they be supposed to work.

There are hundreds and thousands and millions of various businesses globally, there are even more IT workers in all on these companies, and there are thousands of IT Auditors in the World to analyze all the IT Controls in all systems. Of course, not all businesses have the same procedure, there are manycompanies who have not implemented any of IT Controls yet, but they will do this. Otherwise, such companies will discontinue their operations as sometime their IT systems will finish runningaccurately.

That is why i think, that my work as IT Auditor is very important. As any other occupation in the World. By doing our work we constitute our lives enhanced. My function is to analyze IT Controls and guarantee that IT systems function as they be supposed to work. Mankind is creating more and more difficult IT systems nowadays, that is why all IT Auditors global will have more and more work each year.

Lets control all these systems and not let them to control us!

About the Author

Christine O’Kelly is an author for EnableSoft, the makers of a powerful data entry software package called Foxtrot. Over 13 years, they have helped numerous companies become more efficient, including JP Morgan Chase and Fifth Third Bank.

About the Author

IXSIGHT enables global enterprises with end-to-end data cleansing for business intelligence, customer insights, risk, compliance and master data management initiatives.

The original BS7799 was issued as a British Standard which sought to standardize the best practices in 10 core area of information security. The standard provided for standardizing the controls to be used for management of information security. The standard is a set of guidelines and framework of controls which an organizations can use to benchmark their own practices and look forward to the establishment of their own (I)nformation (S)ecurity (M)anagement (S)ystem (ISMS). They can conduct an audit of their ISMS on their own or ask the BSI to conduct such an audit with the ultimate aim of improving IS implementations by ensuring compliance to the standard and ultimately a third party independent audit leading to BS7799 certification.

The BS7799 consists of two parts. Part I consist of the basic framework of guidelines governing the establishment of information security in any organization. The BS7799 in its part I provides as many as 127 security controls with guidelines of how and where to implement them. Not all are applicable to all organizations. Efforts should be made to implement as many of them which are needed by your organization.

Part II of the BS7799 establishes and provides for the specification for implementing ISMS in an organization. The standard provides guidelines with specifications and documentations in order to help you implement the ISMS in your organization. Whether you use Part I for improving security or Part II for establishing ISMS, you are bound to be benefitted in the long run just like the thousands of businesses big or small the world over who have chosen to implement BS7799 into their organizational operations. An organization must look at the security of their information assets not as a burden which is retrofitted on the organization but an essential tool of gaining the stakeholders and customers confidence that the organization cares for the security of sensitive personal data of the customers and the other stakeholders and would take all necessary measures to protect the information.

About the Author

Tim Reed enjoys writing on these and many more topics like What is ERP and What is Change Managment. Visit BS7799 and ISMS.

About the Author

John Mcdonald writes for Tech-Faq on topics like What is BS7799 and What is Service Management. Visit BS7799 Accreditation for Certifying ISMS.

The need for timely and ongoing assurance over the effectiveness of risk management and control systems is critical. Organizations are continually exposed to significant errors,
frauds or inefficiencies that can lead to financial loss and increased levels of risk. An evolving regulatory environment, increased globalization of businesses, market pressure to
improve operations, and rapidly changing business conditions are creating the need for more timely and ongoing assurance that controls are working effectively and risk is being mitigated.
These demands have put increased pressure on chief audit executives (CAEs) and their staff. Internal audit departments have been extensively involved in a wide range of compliance efforts, particularly due to legislation, such as Section 404 of the U.S. Sarbanes-Oxley Act of 2002, raising concerns not only about mounting expectations, but also about internal auditors’ ability to maintain independence and objectivity when evaluating the effectiveness of controls, risk management, and governance processes.
Today, internal auditors face challenges in a range of areas:
Regulatory Compliance and Controls: Evaluation and identification of issues and processes, sustainability, resources, defining materiality, priorities, and financial reporting risks. Internal Audit Value and Independence: the high expectations of internal auditing, growing internal controls issues, confusion around the role of internal auditing liability
and responsibility, and compromised objectivity and independence. Fraud: Detection and control, identity theft, fraud management responsibility, and increased incidence and cost of fraud. Availability of Skilled Resources: Lack of competency and appropriate skill sets, shortage of auditors, retention, and lack of understanding of risks and controls. Technology: appropriate solutions to support compliance, technology business model, information security, competing information technology (IT) priorities, and
outsourcing.
It is evident that a new approach, one that provides a sustainable, productive, and cost-effective means to address these issues, is essential.

Continuous Auditing
Traditionally, internal auditing’s testing of controls has been performed on a retrospective and cyclical basis, often many months after business activities have occurred. The testing procedures have often been based on a sampling approach and included activities such as reviews of policies, procedures, approvals, and reconciliations. Today, however, it is recognized that this approach only affords internal auditors a narrow scope of evaluation, and is often too late to be of real value to business performance or regulatory compliance.
Continuous auditing is a method used to perform control and risk assessments automatically on a more frequent basis. Technology is key to enabling such an approach. Continuous auditing changes the audit paradigm from periodic reviews of a sample of transactions to ongoing audit testing of 100 percent of transactions. It becomes an integral part of modern auditing at many levels. It also should be closely tied to management activities such as performance monitoring, balanced scorecard, and enterprise risk management (ERM).
A continuous audit approach allows internal auditors to fully understand critical control points, rules, and exceptions. With automated, frequent analyses of data, they are able to perform control and risk assessments in real time or near real time. They can analyze key business systems for both anomalies at the transaction level and for data-driven indicators of control deficiencies and emerging risk. Finally, with continuous auditing, the analysis results are integrated into all aspects of the audit process, from the development and maintenance of the enterprise audit plan to the conduct and follow-up of specific audits.

The Need for Continuous Auditing/Continuous
Monitoring: An Integrated Approach
In light of CAEs’ concerns regarding the burden of compliance efforts, the scarcity of resources, and the need to maintain audit independence, a combined strategy of continuous auditing and continuous monitoring is ideal.
Continuous monitoring encompasses the processes that management puts in place to ensure that the policies, procedures, and business processes are operating effectively. It
addresses management’s responsibility to assess the adequacy and effectiveness of controls. This involves identifying the control objectives and assurance assertions and establishing automated tests to highlight activities and transactions that fail to comply. Many of the techniques of continuous monitoring of controls by management are similar to those that may be performed in continuous auditing by internal auditors.
Management’s use of continuous monitoring procedures, in conjunction with continuous auditing performed by internal auditors, will satisfy the demands for assurance that
control procedures are effective and that the information produced for decision-making is both relevant and reliable.
An important additional benefit to the organization is that instances of error and fraud are typically significantly reduced, operational efficiency is increased, and bottom-line
results are improved through a combination of cost savings and a reduction in overpayments and revenue leakage.
Organizations that introduce a continuous auditing and controls monitoring approach often find that they achieve a rapid return on investment.
The business and regulatory environment and emerging audit standards are driving auditors and management to make more effective use of information and data analysis technologies as a fundamental enabler of continuous auditing and continuous monitoring.

The Roles of Internal Auditing and Management
Management has the primary responsibility for assessing risk and for the design, implementation, and ongoing maintenance of controls within an organization. The internal audit activity is responsible for identifying and evaluating the effectiveness of the organization’s risk management system and controls as implemented by management. Auditors conduct the evaluation to provide assurance to the audit committee and senior management as to the state of risk and control systems and, in the case of legislation such as the Sarbanes-Oxley Act, the reliability of management’s representation concerning the state of controls. Ideally, internal auditing is not part of the controls monitoring process and does not design or maintain the controls, thereby retaining its independence.
Although the monitoring of internal controls is a management responsibility, the internal audit activity can use and leverage continuous auditing to strengthen the overall
monitoring and review environment in an organization.
The level of proactive monitoring performed by management will directly affect how auditors approach continuous auditing.
In cases where the continuous monitoring of controls is being performed by management, the same level of detailed transaction testing may not be required under continuous
auditing. Instead, auditors can focus on procedures to determine the effectiveness of management’s monitoring process and, depending on the outcome of such tests, adjust the
scope, number, and frequency of audit testing.

The Power of Continuous Auditing
The power of continuous auditing lies in the intelligent and efficient continuous testing of controls and risks that results in timely notification of gaps and weaknesses to allow immediate follow-up and remediation. By changing their overall approach in this way, auditors will develop a better understanding of the business environment and the risks to the company to support compliance and drive business performance.

Implementation Issues
The CAE must be cognizant of the fact that continuous auditing will change the audit paradigm, including the nature of evidence, timing, procedures, and level of effort required by internal auditors. This will place demands on the audit department.
In particular, it will have to:
• Obtain and nurture audit committee and senior management support for the concept and implementation of continuous auditing.
• Develop and maintain the technical competencies and enabling technology necessary to access, manipulate, and analyze the data contained in disparate information systems.
• Use (or implement) data analysis techniques to support audit projects, including the use of appropriate analytic software tools and development and maintenance of data analysis techniques and expertise within the audit team.

Sponsor, promote, and encourage the adoption and support of continuous monitoring by management.
• Ensure that continuous auditing is adopted as part of an integrated, consistent approach to risk oriented audit planning.
• Manage and respond to the results of continuous auditing, determining appropriate use, follow-up, and reporting mechanisms. The CAE will have to ensure that appropriate action is taken on the audit findings reported to management and that the results of continuous auditing are considered by management when assessing activities, such as the monitoring of controls, performance measurement, and enterprise risk management.
This IIA Global Technology Audit Guide (GTAG) identifies what must be done to make effective use of technology in support of continuous auditing and highlights areas that require further attention. By reading and following the steps described, internal auditors should be in a much better position to use technology and maximize their return on
investment as well as to demonstrate to management the need to make appropriate technology investments — while contributing to compliance with the regulatory requirements impacting their organization and to its overall health and competitiveness.

For more details and to join, visit www.theiia.org

Certified Internal Auditor® (CIA®) Overview

The Certified Internal Auditor^® (CIA^®) designation is the only globally accepted certification for internal auditors and remains the standard by which individuals demonstrate their competency and professionalism in the internal auditing field. Candidates leave the program enriched with educational experience, information, and business tools that can be applied immediately in any organization or business environment.

Computer Based Testing (CBT)
The CIA exam is now available through computer-based testing, allowing you to test year-round at more than 500 locations worldwide. Through the The IIA’s new online Certification Candidate Management System (CCMS), candidates may apply/register for certification programs/exams and access their records online.

Candidates from the following countries must contact their local IIA institute representative for more information about local certification processes and the roll-out of CBT in their area: Argentina, Australia, Austria, Belgium, Brazil, Bulgaria, China, Chinese Taiwan, Czech Republic, France, Germany, Greece, Indonesia, Israel, Italy, Japan, Korea, Malaysia, Mexico, Morocco, The Netherlands, New Zealand, Norway, Philippines, Singapore, South Africa, Spain, Sweden, Switzerland, Thailand, and Turkey.

Certified in the Governance of Enterprise IT^® (CGEIT^®) Overview

Boards and executive management have long understood the need for enterprise and corporate governance. As information technology (IT) has become more important to the achievement of enterprise goals and delivery of benefits, there has been an increasing realization that governance must be extended to IT as well. IT governance is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.

ISACA recognized this shift in emphasis in 1998, and formed the IT Governance Institute (ITGI) to focus on original research, publications, resources and symposia on IT governance and related topics. To support and promote this significant body of work, ISACA and the ITGI are proud to offer a certification program for professionals charged with satisfying the IT governance needs of an enterprise.

Taking a lead role in the establishment and management of information technology infrastructure and processes, individuals playing a role in IT governance provide significant support to the Board of Directors and executive management. The certification program recognizes those who have the necessary level of professional knowledge, personal skills, and business experience to maximize the contribution made by information technology to an enterprise’s success while managing and mitigating risks posed by IT.

This certification will benefit the individual, through recognition of their professional knowledge and competencies; skill-sets; abilities and experiences, and will enhance their professional standing. It will also add value to the enterprises they support through the demonstration of a visible commitment to excellence in IT governance practices.

The certification process has been specifically developed for professionals who have a significant management, advisory, or assurance role relating to the governance of IT. The certification promotes the advancement of professionals who wish to be recognized for their IT governance-related experience and knowledge.

The certification is also intended to:

• support the growing business demands related to IT governance
• increase the awareness and importance of IT governance good practices and issues
• define the roles and responsibilities of the professionals performing IT governance work