Partner Blogs

Surveillance Cameras in Your Neighborhood?

I have been following the recent debate among my neighbors the past several weeks regarding a proposal to install surveillance cameras at strategic intersections throughout the neighborhood.


Given the recent uptick in the increased, individual awareness of exactly how much privacy we (at least we here in the good ol’ US of A) do not have, any movement to further encroach on an individual citizen’s privacy is bound to polarize a populous be it a neighborhood, city, State or nation.


CISA Examination Question Analysis - Encryption

In preparing for the CISA exam, one important area of review, which many auditors and exam takers find challenging is encryption.  While no one knows exactly the concentration nor the number of questions in any exam, which may be dedicated to this subject, one can be very certain that questions on encryption, given the topic’s role in security and internal control, will be on the exam in some form.


I am contemplating pursuing a new profession in management of cyber security

I received the following email recently and the sender asks a very timely and important question, one that may be on the mind of many professionals, both within the audit/IT audit profession and those in tangential yet closely related and aligned professions.

Your thoughts and  comments, and further suggestions to the "sender" are always welcomed.



Dear Al:


I am contemplating pursuing a new profession in management of cyber security. I would like to obtain my CISA designation and shortly thereafter apply for CISSP certification.

CISA / CISM Exam Preparation Tip #4 -- Exam Day Tips

Jennifer Boyce of Deloitte & Touche (Hi Jen!) used to do a great job serving as the Toronto ISACA Chapter’s “Director, Certifications” (a role now very admirably and ably filled by Laureen Ellis).  One of Jennifer’s traditions was to attend the final session of our preparation courses and give her Exam Day Tips.

When she left Toronto, she was kind enough to leave me a copy of the tips (Thanks Jen!).  Here are some important items to keep in mind when you find yourself sitting in that exam room on the big day, along with some of my comments:

CISA / CISM Exam Preparation Tip #3 -- Arguing with the Answers

Many of you writing the CISA or CISM exam may have a great deal of real-world expertise in particular subject areas...securing systems, writing policies, managing projects, responding to incidents.  If that’s the case, you will no doubt find instances where you strongly disagree with an answer to one of the practice questions, based on your own direct experience.

Frustration and the odd profanity typically ensue.  How should you deal with this?

IT Strike Force: Establishing a Cyber Forensic Response Strategy

"Mathias Thurman,” a real security manager, whose name and employer has been disguised for obvious reasons, wrote in the May 21st (2012) edition of Computerworld that an administrator, during a training session with an employee, on how to manage the organization’s antivirus infrastructure, while reviewing the reports of machines with infected files, spotted what appeared to be a very suspicious .mov file.

CISA / CISM Exam Preparation Tip #2 -- Read the Question Carefully


As noted in Tip #1, the wording of exam questions can be challenging in themselves.  Here’s a paraphrase of one of my favourite examples:

Which of the following should be a concern to an IS auditor reviewing a wireless network?

A. Wi-Fi Protected Access (WPA) encryption is enabled.

B. SSID (Service Set IDentifier) broadcasting is enabled.

C. Anti-malware software is running on all wireless clients.

D. MAC (Media Access Control) access control filtering is used on all wireless access points.