ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3
ISACA
TRUSTIN,ANDVALUEFROM,INFORMATIONSYSTEMS!
Chapter Presidents Message
In the name of Allah SWT the Beneficent, Chapter has kickedoff the year 2016 in a
theMerciful
AsourProphetSAWSsaid,
Theonewhodoesnotthankpeopledoes A Technical Sessions with support of
notthankAllahSWT.
Firstly thanking Allah SWT for all his
blessingsandmercy.Thankstooursponsors
who have and are supporting the Chapter
activities, the ISACA HQs, the Chapter
members who spare their valuable time to
attend to Chapter events and the Chapter
Leaders who have dedicated their time and
efforts.
BytheGraceofAlmightyAllahSWTtheyear
2015 ended on a high note for Riyadh
Chapter as the Chapter managed to move
forward towards its targeted goals. The
following had been Chapters achievements
duringtheyear2015:
Three Technical Sessions with support
of sponsors namely AlFaisal University
&FireEye
Three Associate Partnerships events in
RiyadhandDubai
CISAExamPreparationWorkshops
Chapter channels on ISACA
International Website, FB, TW &
LinkedIn
Extending helping hand to prospective
employersandaspiringcandidatesover
jobopportunities
Realization of the News Letter (NL)
Initiativeandthisbeingthethirdedition
oftheRiyadhChapterNL
progressive way and the following has been
achievedsofar:
sponsorsnamelyProtivityMiddleEast
FiveAssociatePartnershipsagreements
foreventsinRiyadhandDubai
Arabization project launched for COBIT
5forRisk
Arabization project launched for COBIT
5forSecurity
Revamped Chapter website as per
ISACAstandardsandsynchronizedwith
ISACAwebsite
And as we move into forward in 2016, the
Chapter will continue to work on initiatives
that Chapter has established for itself,
overcome the challenges at hand and
contributemoretotheChaptermembersin
particularandtotheCommunityingeneral.
TheChaptersjourneyisgoingonwithquite
many goals and targets yet to be achieved.
TheChapterintendstocontinuepursuingits
goals countering the challenges at hand by
effectivelyandefficientlyutilizingthelimited
resourcesavailable.
I would like to reiterate the support,
assurances and dedication of all the
sponsors, the ISACA HO, Chapter members
and Chapter Leaders towards the Chapter
activities and Chapter targets. Had your
continued support and resoluteness be not
there, the Chapter would not have seen the
daysinceitwentintothefamoussevenyear
hibernation. The Chapter banks on and look
Riyadh
Chapter
Newsletter
Apr 2016 |
INTHISISSUE
forward to your continued support so as to
cancontinuetheonwardsjourney.
With the first quarter of 2016 over,
companies globally and in the region are
facing challenges and hence Governance,
Security and Controls are getting more
importance than ever for sustaining and
coming out of the crunch times. With the
blessed month of Ramadan approaching let
us sincerely pray to Almighty Allah for His
blessings for muchdue peace and stability
forthe7billion+individualsacrossthevillage
World.
I would close by thanking to Chapter
Members and Chapter Friends who are
already contributing towards this NL. Other
members & friends interested in making
contributions to the NL with their original
work are welcome to send them to the
Chapter Secretary for possible inclusion in
futureNLs.
AliFathiAlShaikh
ChapterPresident
ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|
What does the new
digital frontier
bring for the FSI IT
Risk Professionals?
FSIhasbeenfrequentlyseenasoneof
theearlytechnologyadoptersbenefiting
frominnovation.ATMs,wiretransfers,e
banking,mobilebankingarejustafew
examplesfromalonglistof,once
revolutionary,technologieswhichare
nowpartofourdailyvocabulary.Itisoften
said"thereisnothingpermanentexceptfrom
change".Althoughchangeisconstant,
mostofuswouldagreethepaceof
technologicalinnovationhasdramatically
changedsincethetimeofHeraclitus.Block
chain,Cryptocurrencies,Cognitive
ComputingandCollaborativeEconomyare
allexistingdevelopmentsexpectedto
becomefuture"disruptors"fortheFSI
industry
(http://www2.deloitte.com/us/en/pages/finan
cialservices/articles/bankingtrends.html).
VirtualRealityisalsoanotherfastevolving
trendwhichcouldinfluencethebusiness
channelsfordoingbanking.Thisnewdigital
epochismindboggling,fascinatingand
intimidatingallatthesametime.
Anumberofsurveyssuggestthethreat
environmentwillworsenintheupcoming
yearsalsoasaconsequenceofthis
technologicalinnovationandhighlight
commonthemes.Asanexample,the
InternetofThings(IoT)devices,whichplaya
keypartintheaforementionedtechnologies,
arestillvulnerableandleakinformation.
Also,someofthenewtechnologiesinclude
obscurealgorithmswhicharenotclearly
understoodandmayhideadditionalrisks. greatopportunityforaddingvaluetothe
Combinethesetrendswiththediluted business.Thiswontbepainfree.Asalways
networksecurityperimeter,added requirespreparingandplanningaheadto
complexityandmoreopportunitiesfor securesuccess.Whatfollowsisprobably
unforeseenutilizationofnewtechnologies, easier,buckleupandenjoythejourney.A
eitherduelegitimateuseractivityorhacking,
andyougetareducedabilitytodefendan
welcomemessagefromRiyadhChapter
Presidentreachingouttoallmembersto
organization.Currentriskmanagement
practicesmayalsobecomelessrelevantand
concentrateonthechapterobjectivesand
highlightingtheachievementsandprogress
effectiveastheyvebeendesigned madesofar.
forlessdynamicandinterconnectedrisk
MembersinterestedinmakingcontributiontotheNL
scenarios.
withtheiroriginalworkarewelcometosendthemto
ChapterPresident/ChapterSecretary
ThesetrendsarefarfromFSIspecificand
couldaffectthebroadersocietyasawhole.
However,onecouldarguetheimpactonFSI
couldbemoreprofoundduetoits
dependenceontechnologyandprogressive
stancetowardtechnologicalinnovation.Isit
allgloomanddoomfortheFSIITRisk
NassosOikonomopoulosis
professionals?Probablynot,amorerelevant
basedinSaudiArabiaandassociatedwithDeloitte
metaphorcouldbethisfeelslikea
&Touche(M.E.)asSeniorDirectorinEnterpriseRisk
bittersweetsituation.Yes,thereisaneedfor
Services(ERS)andLeaderforInformation&
indepthfamiliarizationwiththenewtrends,
TechnologyRisk(ITR)services
researchandeducatingtheCsuite.Thiswill
requireeffort,planningandbrushingupyour
lobbyingskills.However,thisisalsoagreat ISACA Technical Session!!
anduniqueopportunitytoaddvaluetothe WebringyoupicturesofthesuccessfulTechnical
businessandstandoutofthecrowds.There sessionheldinFebruary2016!Page4
ismoregoodnews;neverbeforetheboard
hasbeensomuchintunewiththeITRisk
agenda.ThewordsCyberandITRiskare
pronouncedtooofteninexecutivemeetings
mesmerizingtheboard.Thereismore
budgetavailableandevenmorefrequently
theawarenessandsupportfromExecutive
Management.Nobodywouldliketoseetheir
namesnexttoanotherITorCyberfailure
headlineafterall.
Concluding,thisexcitingtimeoftechnological
developmentscouldmarkanewmilestonefor
ITRiskManagers,especiallyinFSI,aswellasa
ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3

About the ISACA

Riyadh Chapter
ExComm
TheISACARiyadhChapterismanagedbyagroupofelectedvolunteers
whoformtheExecutiveCommittee.AsperISACAguidelinesthereare
specificrolesandpositionsassignedineachchapterinorderto
facilitatepropermanagementandgovernancewhilefocusingonallkey
areasrequiredtomakethechapterbeneficialtothemembersandthe
Chapter Leaders Meeting in Riyadh
ITauditcommunity.

ISACARiyadhChapterhasbeenfortunatetohaveonitsExecutive
Communitymembersthathavemanyyearsofexperiencebehindthem
andalsothewilltocontributetothechapteranditsmembers.The
ExCommiselectedbyvotesannuallyandcanmaintaintheirposition
for13yearsafterwhichareshufflingisencouragedtoensureother
membersgetachancetocontributetotheChapteraswell.

ThefollowingarethemembersoftheExComm:

1. President:AliAlFathi,CISA,CISM,CGEIT,CRISC,PMP,ISO
27001:2005LA.
2. VicePresident:AbobakrSalehBaazim,CISA,CISM,CRA,CCO.
3. GeneralSecretary&CRISC,CGEIT,MarketingCoordinator:
HasnainJaffery,CGEIT,CRISC,ITILV3Foundation,COBIT4
Foundation.
4. CISMCoordinator:AlaaEddinNabiehDabbagh,CISM,MBA,
CCNA.
5. ResearchDirector,CISACoordinator:AqelMohammedAqel, Chapter Leaders Meeting in Riyadh
CISA,MBA,COBIT5Trainer.
6. ChapterTreasurer:SyedAbbasReza,CISA,CGEIT,FCCA,CIA,
COBIT5Foundation
7. MembershipDirector:Dr.YousefMohammedAsfour,CGEIT,
CISM.
8. GRACoordinator:NaveedAhmed,CISA,CISM,CGEIT.
9. WebsiteDirector:KamranMushtaqAhmed,CISA,PMP.
10. PRDirector:RezeqAbuKhater
11. Newsletter:MohammedSalimSyed,CISA,CRISC,PMP,CCM.

FORMOREINFORMATION

Visitourwebsitewww.isacariyadh.org

 ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|

Technical Session on 15 February 2016 sponsored by

Protiviti ME

ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|

Managing IT Resources in Data Centers (contd.)

by Aqel M. Aqel

1. Planning
Before hiring, it is rational to conduct an assessment for capabilities needed to operate the datacenter. Several factors
shouldbeconsideredtoarticulatethespecificskillsneededthatwillbeeitherdevelopedwithindatacentersteamorhired
to expand its set of capabilities. Reviewed references and personal experience articulated the follow factors: 1business
requirements,2implementedtechnology,and3availablebudget.

InastudybyGartnerabouthelpdeskratiosfindsimilarresults;endusersupportratioreached87usersperonestaff,the
highestratiowas275usersperonestaff,andthelowestwas12.Thesenumbersdonotindicateanypreferredmetricfor
certainindustry,yetitgivesaclue.Iadvisetobuildacapabilitiesmatrixthatjoinsskillsneededwithexistingprocesses,
tasks, and projects in datacenter. Such tables will help datacenter management understand resource utilization; while
there are many softwaresolutionsthatcangivebettermapping. Another table that matchesresourceswithskill sets is
requiredtoplanforcapabilitybuildingandknowledgetransferwithindatacenter.

2. Hiring
Regardlessifyouarestaffinganewlyestablisheddatacenterorinastageofimplementingyourannualhiringplan,quality
datacentercapacitybuildingstartsbyhiringcompetitivecandidateswhoownsknowledgeandpositiveattitudestowards
themselvesandothersintheworkplace.

Itsbecomingconventionalthatadoptingstreamlinedhiringprocesseswillattractqualifiedresources.Iwouldliketolist
setofbestpracticeswhichare:

Anticipateneedsandcollectsomeresumesbeforeyouareinarushtohire.
Screening, Interviewing, evaluating, and negotiating candidates are essential skills that are to be cultivated in key
workers. Team members should develop some best practices in the mentioned skills, and share knowledge and
experiences.
Hiringentrylevelworkersratherthanexperiencedonesmaylookpracticalforlimitedbudgetdatacenters.
Its a professional practice to allow certain period for the new worker to hand over his current job responsibilities
beforejoiningyourteam.
Conducting a background check for shortlisted candidates is recommended in order to identify any potential bad
attitudesorpreviousfraudbytheworker.
ANondisclosureagreement(NOD)mustbesignedbeforeorparallelwithsigningworkcontract.
Considergivinganycandidateanorientationbeforeinvolvinghiminrealoperations.
Conductadetailedskillassessmentforthenewworkerandlethimgetsometrainingbeforerelyingonhiminmission
criticaltasks.

Onceyou'veidentifiedpromisingemployees,makesuretheyunderstandyouhaveacareerpathinmindforthem.
[TobecontinuedinnextNewsletter]
ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|

Chapter Website Revamped

ChapterExecutiveCommitteetakespleasureinannouncingthattheRiyadhChapterWebsitehasbeenrevampedandalignedwiththeISACAWebsite
design.
ThisalignmentwithISACAwebsitewasoneoftheChaptertargetsandtherevampingofChaptersitewaslongoverdue.
ChapterwouldliketothankISACAInternationalfortheirsupportinmakingthisalignmentpossible.
SpecialthankstoChapterWebmasterMr.KamranMushtaqforallhisvolunteeredeffortsinrealizationofthistask.
Onreachinghttp://www.isacariyadh.org/youwouldberoutedRiyadhChapterpageonISACAwebsite@RiyadhChapter

More Interesting Articles

ReadCybersecurityGuidanceforSmallandMediumsizedEnterprises.
www.isaca.org/cyberguidance

ReadImplementingCybersecurityGuidanceforSmallandMediumsizedEnterprises.
www.isaca.org/implementingcyberguidance

ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|

ImportantChapter Statistics & Updates

FASTFACTS

601 members in Riyadh Chapter

CGEIT:34
CRISC:82
CISM:108
CISA:218

Exam Passers for Sep & Dec 2015 Exams

CISA: CISM:
Mr.MeshalHezamAlzahrani Mr.MostafaAbdulwahabAbukhodair
Mr.MahendraYashwantGawade Mr.YasserN.Alswailem
Mr.BabarMir Mr.SeanM.McPoland
Mr.MohammedA.Almozaiyn Mr.MoeenQaemiMahmoodzadeh
Mr.SamehF.Abulfotooh Mr.MohammedIbrahimDastagir
SheikhMuhammadAmirRauf Mr.MohammedAbdulazizAlmathami
Mr.MathewKevinPollick Mr.MohammedInamHameed
Mr.TarekAlmahmoud Mr.BadrAldayel
Mr.MohamedKatamish Mr.MuhammadMohsin
Mr.AbdulazizAbdullahAlkhodhairy Mr.KhalidAlfaheid
Mr.SyedMurtuza Mr.YasserRashad
Mr.NabilNabulsi Mr.MohammadAbbasAlsaadon
Mr.MohammedAbdullahMengash Mr.MohammedAhmadAlomari
Mr.MohammedWajdiKhashoggi Mr.ZiaulhaqIrfanMohammad
Mr.JassemM.AlAbdulsalam

CGEIT: CRISC:
Mr.MirzaAmirAli Mr.SalimBennis
Mr.ShivakumarManoharKeskar Mr.AbdulHamidMian
Mr.MohammedOmarAbdullahAhmedMohammed Mr.NilesWatterson
Mr.MathewKevinPollick Mr.AdelGaberHigazy
Mr.SaeedAbdullahAlDobas
Mr.OsamaElsayedGaafar
ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|

Important Dates and Events in 2016

NextExamDate:11June2016
COBITConferenceNorthAmerica:30Apr1May2016,NewOrleans,USA
InformationSecurityEssentialsforITAuditors:1821stApril2016,Chicago,USA
NorthAmericaCACS:24thMay2016,NewOrleans,USA
EuroCACS:30May1stJun2016,Dublin,Ireland
CloudComputing:SeeingthroughtheCloudsWhattheITAuditorNeedstoKnow:2225Aug2016,Boston,USA
CSX2016NorthAmerica:1719thOct2016,LasVegas,USA

Important Links:
ISACAExamGuide:http://www.isaca.org/CERTIFICATION/Pages/CandidatesGuideforExams.aspx
ISACAMembershipdetails:http://www.isaca.org/membership/Pages/default.aspx
ISACACPEQuizzes:http://www.isaca.org/Journal/Quizzes/Pages/default.aspx
ISACACyberSecurityNexus:http://www.isaca.org/cyber/Pages/default.aspx
ISACAExamReviewCourses:http://www.isaca.org/Education/Training/examreviewcourses/Pages/default.aspx
ISACAJournal:http://www.isaca.org/Journal/Pages/default.aspxVolume2,2016
COBIT5:http://www.isaca.org/cobit/pages/default.aspx

ISACA
Riyadh
Chapter
Newsletter
Apr 2016 |
Issue # 3

Riyadh,SaudiArabia

Riyadh,KingdomofSaudiArabia