|
IT Auditors - IBM Mainframe
Due to cost consideration many organisations would prefer to carry out MVS Integrity or Access Control reviews internally but find that their staff do not have the necessary detail systems or product expertise. The staff who do have the relevant technical skills generally lack the audit experience in analysis of risk and the relationship to the technical aspects.
On site training for carrying out CA-ACF2, RACF and MVS Integrity reviews can be provided. Such seminars can be useful to security staff and systems technicians in addition to the primary target audience of IT auditors.
More information on the MVS Integrity Seminar
Seminar content can be individually tailored for each client according to needs and available facilities. For best results these seminars will often involve practical sessions using the clients own system.
The duration of the MVS Integrity seminar is most typically four days of lecture or five days with hands-on practical sessions. A cost-effective approach may be for two or more organisations in a locality to share a seminar.
The MVS Integrity Seminar is also available via the MIS Training Institute as a private onsite course or from time-to-time as a public scheduled seminar. Currently (Autumn 2009) no public seminars are scheduled.
MIS Europe web-site
MVS/SMF for Audit and Security
SMF (Systems Management Function) has long been the central recording system for system events in MVS. It is a standard (free and obligatory) component of the system. Among the vast quantity of data collected are the audit records of RACF and CA-ACF2, and in most sites also CA-TopSecret. The rapidly increasing legislation regarding financial data often requires a record to be kept of changes, or even access to, much data. In many sites SMF will be a critical part of this legal audit trail.
SMF is therefore of great value and interest (or should be!) to both Security staff and I.T. Audit.
Like most components of MVS, SMF can be well used and badly used. Data can be lost or tampered with, rarely is it properly protected and utilised to best advantage. Cronos Consulting can provide a detailed seminar on SMF, introducing the function of the system it’s strengths and weaknesses, all the controls, how to protect it and examples of how to make use of it. This seminar can be adjusted in length, typically one or two days is sufficient.
A one to two hour introductory extract from the full seminar can be presented as a stand alone session at Security, Audit or mainframe technical conferences etc.
CA-ACF2 Security Administrators
Training of CA-ACF2 administrators can be carried out effectively on site using a combination of lecture and hands-on practical sessions. If required this training can be individually constructed according to the actual implementation and use of CA-ACF2 at the installation. This is sometimes carried out subsequent to attendance at a Computer Associates CA-ACF2 training class as an effective method of consolidating the theoretical, and occasionally confusing, material presented during these standard classes.
A modified version of this is available for auditors (internal or external) and security managers. Instead of looking at administration this concentrates on the identification of weaknesses in the way the product has been setup or security definitions made in it.
IT Auditors - ISACA CISA Exam Preparation
Cronos Consulting provided seminars for the Norwegian and Swedish Chapters of ISACA in preparation for the annual CISA Examination from 1996 through 2005. In 2004 and 2006 this was also carried out for the Danish Chapter in Copenhagen.
We were pleased to again provide this seminar for ISACA in Stockholm from 30th March to 2nd April 2009.
This training, or selected topics, can be provided for other ISACA Chapters or onsite for any company which would find this preferable to sending staff on the public seminars. It might also be cost effective in any locations where ISACA does not offer a seminar series in the locality, particularly if the costs are shared between several organisations in the area.
The seminar can also be presented, in a modified form, for companies wishing to provide a wider IT perspective to Auditors who are not necessarily planning on taking the CISA examination.
More information about ISACA and it’s qualifications
Security Awareness
An introductory Computer Security seminar can be presented for client employees. This may be particularly suitable for managers and auditors with limited information systems exposure or technical knowledge. According to requirements the length and level of technical detail can be adjusted from a short one hour introductory session up to a whole day.
An introduction to the concepts of the European Directive on Privacy (*) can be included if required. This directive provides the basis of local laws such as the UK ‘Data Protection Act’ and the Swedish ‘Personal Upgiftens Lagen’ (P.U.L.). Every European country has such laws, the Directive is the common basis to them all, it’s principles should be understood by I.T. security people working in any organisation which operates across national borders.
* Full official title “Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data”. Full official copy. (this link is to the English version, versions in other languages are available on the same page.)
|
