Professional Documents
Culture Documents
ISACA
Riyadh
Chapter
Newsletter
Apr 2016 |
TRUSTIN,ANDVALUEFROM,INFORMATIONSYSTEMS!
INTHISISSUE
digital frontier
networksecurityperimeter,added requirespreparingandplanningaheadto
complexityandmoreopportunitiesfor securesuccess.Whatfollowsisprobably
unforeseenutilizationofnewtechnologies, easier,buckleupandenjoythejourney.A
bring for the FSI IT eitherduelegitimateuseractivityorhacking,
andyougetareducedabilitytodefendan
welcomemessagefromRiyadhChapter
Presidentreachingouttoallmembersto
Risk Professionals? organization.Currentriskmanagement
practicesmayalsobecomelessrelevantand
concentrateonthechapterobjectivesand
highlightingtheachievementsandprogress
FSIhasbeenfrequentlyseenasoneof
effectiveastheyvebeendesigned madesofar.
theearlytechnologyadoptersbenefiting
forlessdynamicandinterconnectedrisk
frominnovation.ATMs,wiretransfers,e MembersinterestedinmakingcontributiontotheNL
scenarios.
banking,mobilebankingarejustafew withtheiroriginalworkarewelcometosendthemto
examplesfromalonglistof,once ChapterPresident/ChapterSecretary
ThesetrendsarefarfromFSIspecificand
revolutionary,technologieswhichare
couldaffectthebroadersocietyasawhole.
nowpartofourdailyvocabulary.Itisoften
However,onecouldarguetheimpactonFSI
said"thereisnothingpermanentexceptfrom
couldbemoreprofoundduetoits
change".Althoughchangeisconstant,
dependenceontechnologyandprogressive
mostofuswouldagreethepaceof
stancetowardtechnologicalinnovation.Isit
technologicalinnovationhasdramatically
allgloomanddoomfortheFSIITRisk
changedsincethetimeofHeraclitus.Block NassosOikonomopoulosis
professionals?Probablynot,amorerelevant
chain,Cryptocurrencies,Cognitive basedinSaudiArabiaandassociatedwithDeloitte
metaphorcouldbethisfeelslikea
ComputingandCollaborativeEconomyare &Touche(M.E.)asSeniorDirectorinEnterpriseRisk
bittersweetsituation.Yes,thereisaneedfor
allexistingdevelopmentsexpectedto Services(ERS)andLeaderforInformation&
indepthfamiliarizationwiththenewtrends,
becomefuture"disruptors"fortheFSI TechnologyRisk(ITR)services
researchandeducatingtheCsuite.Thiswill
industry
requireeffort,planningandbrushingupyour
(http://www2.deloitte.com/us/en/pages/finan
cialservices/articles/bankingtrends.html).
lobbyingskills.However,thisisalsoagreat ISACA Technical Session!!
anduniqueopportunitytoaddvaluetothe WebringyoupicturesofthesuccessfulTechnical
VirtualRealityisalsoanotherfastevolving
businessandstandoutofthecrowds.There sessionheldinFebruary2016!Page4
trendwhichcouldinfluencethebusiness
ismoregoodnews;neverbeforetheboard
channelsfordoingbanking.Thisnewdigital
hasbeensomuchintunewiththeITRisk
epochismindboggling,fascinatingand
agenda.ThewordsCyberandITRiskare
intimidatingallatthesametime.
pronouncedtooofteninexecutivemeetings
mesmerizingtheboard.Thereismore
Anumberofsurveyssuggestthethreat
budgetavailableandevenmorefrequently
environmentwillworsenintheupcoming
theawarenessandsupportfromExecutive
yearsalsoasaconsequenceofthis
Management.Nobodywouldliketoseetheir
technologicalinnovationandhighlight
namesnexttoanotherITorCyberfailure
commonthemes.Asanexample,the
headlineafterall.
InternetofThings(IoT)devices,whichplaya
keypartintheaforementionedtechnologies,
Concluding,thisexcitingtimeoftechnological
arestillvulnerableandleakinformation.
developmentscouldmarkanewmilestonefor
Also,someofthenewtechnologiesinclude
ITRiskManagers,especiallyinFSI,aswellasa
obscurealgorithmswhicharenotclearly
ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3
ISACARiyadhChapterhasbeenfortunatetohaveonitsExecutive
Communitymembersthathavemanyyearsofexperiencebehindthem
andalsothewilltocontributetothechapteranditsmembers.The
ExCommiselectedbyvotesannuallyandcanmaintaintheirposition
for13yearsafterwhichareshufflingisencouragedtoensureother
membersgetachancetocontributetotheChapteraswell.
ThefollowingarethemembersoftheExComm:
1. President:AliAlFathi,CISA,CISM,CGEIT,CRISC,PMP,ISO
27001:2005LA.
2. VicePresident:AbobakrSalehBaazim,CISA,CISM,CRA,CCO.
3. GeneralSecretary&CRISC,CGEIT,MarketingCoordinator:
HasnainJaffery,CGEIT,CRISC,ITILV3Foundation,COBIT4
Foundation.
4. CISMCoordinator:AlaaEddinNabiehDabbagh,CISM,MBA,
CCNA.
5. ResearchDirector,CISACoordinator:AqelMohammedAqel, Chapter Leaders Meeting in Riyadh
CISA,MBA,COBIT5Trainer.
6. ChapterTreasurer:SyedAbbasReza,CISA,CGEIT,FCCA,CIA,
COBIT5Foundation
7. MembershipDirector:Dr.YousefMohammedAsfour,CGEIT,
CISM.
8. GRACoordinator:NaveedAhmed,CISA,CISM,CGEIT.
9. WebsiteDirector:KamranMushtaqAhmed,CISA,PMP.
10. PRDirector:RezeqAbuKhater
11. Newsletter:MohammedSalimSyed,CISA,CRISC,PMP,CCM.
FORMOREINFORMATION
Visitourwebsitewww.isacariyadh.org
ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|
ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|
by Aqel M. Aqel
1. Planning
Before hiring, it is rational to conduct an assessment for capabilities needed to operate the datacenter. Several factors
shouldbeconsideredtoarticulatethespecificskillsneededthatwillbeeitherdevelopedwithindatacentersteamorhired
to expand its set of capabilities. Reviewed references and personal experience articulated the follow factors: 1business
requirements,2implementedtechnology,and3availablebudget.
InastudybyGartnerabouthelpdeskratiosfindsimilarresults;endusersupportratioreached87usersperonestaff,the
highestratiowas275usersperonestaff,andthelowestwas12.Thesenumbersdonotindicateanypreferredmetricfor
certainindustry,yetitgivesaclue.Iadvisetobuildacapabilitiesmatrixthatjoinsskillsneededwithexistingprocesses,
tasks, and projects in datacenter. Such tables will help datacenter management understand resource utilization; while
there are many softwaresolutionsthatcangivebettermapping. Another table that matchesresourceswithskill sets is
requiredtoplanforcapabilitybuildingandknowledgetransferwithindatacenter.
2. Hiring
Regardlessifyouarestaffinganewlyestablisheddatacenterorinastageofimplementingyourannualhiringplan,quality
datacentercapacitybuildingstartsbyhiringcompetitivecandidateswhoownsknowledgeandpositiveattitudestowards
themselvesandothersintheworkplace.
Itsbecomingconventionalthatadoptingstreamlinedhiringprocesseswillattractqualifiedresources.Iwouldliketolist
setofbestpracticeswhichare:
Anticipateneedsandcollectsomeresumesbeforeyouareinarushtohire.
Screening, Interviewing, evaluating, and negotiating candidates are essential skills that are to be cultivated in key
workers. Team members should develop some best practices in the mentioned skills, and share knowledge and
experiences.
Hiringentrylevelworkersratherthanexperiencedonesmaylookpracticalforlimitedbudgetdatacenters.
Its a professional practice to allow certain period for the new worker to hand over his current job responsibilities
beforejoiningyourteam.
Conducting a background check for shortlisted candidates is recommended in order to identify any potential bad
attitudesorpreviousfraudbytheworker.
ANondisclosureagreement(NOD)mustbesignedbeforeorparallelwithsigningworkcontract.
Considergivinganycandidateanorientationbeforeinvolvinghiminrealoperations.
Conductadetailedskillassessmentforthenewworkerandlethimgetsometrainingbeforerelyingonhiminmission
criticaltasks.
Onceyou'veidentifiedpromisingemployees,makesuretheyunderstandyouhaveacareerpathinmindforthem.
[TobecontinuedinnextNewsletter]
ISACARIYADHCHAPTERNEWSLETTERAPR2016|ISSUE#3|
Important Dates and Events in 2016
NextExamDate:11June2016
COBITConferenceNorthAmerica:30Apr1May2016,NewOrleans,USA
InformationSecurityEssentialsforITAuditors:1821stApril2016,Chicago,USA
NorthAmericaCACS:24thMay2016,NewOrleans,USA
EuroCACS:30May1stJun2016,Dublin,Ireland
CloudComputing:SeeingthroughtheCloudsWhattheITAuditorNeedstoKnow:2225Aug2016,Boston,USA
CSX2016NorthAmerica:1719thOct2016,LasVegas,USA
Important Links:
ISACAExamGuide:http://www.isaca.org/CERTIFICATION/Pages/CandidatesGuideforExams.aspx
ISACAMembershipdetails:http://www.isaca.org/membership/Pages/default.aspx
ISACACPEQuizzes:http://www.isaca.org/Journal/Quizzes/Pages/default.aspx
ISACACyberSecurityNexus:http://www.isaca.org/cyber/Pages/default.aspx
ISACAExamReviewCourses:http://www.isaca.org/Education/Training/examreviewcourses/Pages/default.aspx
ISACAJournal:http://www.isaca.org/Journal/Pages/default.aspxVolume2,2016
COBIT5:http://www.isaca.org/cobit/pages/default.aspx
ISACA
Riyadh
Chapter
Newsletter
Apr 2016 |
Issue # 3
Riyadh,SaudiArabia
Riyadh,KingdomofSaudiArabia