Pripravljalna seminarja ISACA® CISA® in CISM® bomo, če bo dovolj pripravljenih, izvedli prek spleta, v angleščini. Oba seminarja bosta 4-dnevna, izvedel ju bo Uroš Žust, cene obeh bodo za člane ISACA in odseka 550 EUR, za nečlane pa 750 EUR, za oba bo mogoče uveljavljati po 32 CPE.

CISM

Seminar CISM® je zaradi dovoljšnega števila prijav, že zagotovljen.

Vljudno vas vabimo, da se udeležite izobraževanja za enega najbolj priznanih certifikatov na področju informacijske varnosti na svetu – CISM (Certified Information Security Manager). Izobraževanje bo potekalo online z akreditiranim trenerjem Urošem Žustom.

Kdaj?

9. do 12. oktobra 2023

Kje?

Online preko MS Teams.

Nekaj podatkov o imetnikih CISM certifikata

Kaj je CISM?

Certifikat ISACA Certified Information Security Manager® (CISM®) nakazuje strokovnost na področju upravljanja informacijske varnosti, razvoja in upravljanja programov, upravljanja incidentov in obvladovanja tveganj. Če ste IT strokovnjak na srednji ravni in si prizadevate za višje vodstvene vloge na področju varnosti in nadzora IT, vam lahko CISM zagotovi prepoznavnost, ki jo potrebujete.

Program

1	Information Security Governance
A	Enterprise Governance
1A1	Organizational Culture
1A2	Legal, Regulatory, and Contractual Requirements
1A3	Organizational Structures, Roles, and Responsibilities
B	Information Security Strategy
1B1	Information Security Strategy Development
1B2	Information Governance Frameworks and Standards
1B3	Strategic Planning (e.g., budgets, resources, business case).
2	Information Security Risk Management
A	Information Security Risk Assessment
2A1	Emerging Risk and Threat Landscape
2A2	Vulnerability and Control Deficiency Analysis
2A3	Risk Assessment and Analysis
B	Information Security Risk Response
2B1	Risk Treatment / Risk Response Options
2B2	Risk and Control Ownership
2B3	Risk Monitoring and Reporting
3	Information Security Program
A	Information Security Program Development
3A1	Information Security Program Resources (e.g., people, tools, technologies)
3A2	Information Asset Identification and Classification
3A3	Industry Standards and Frameworks for Information Security
3A4	Information Security Policies, Procedures, and Guidelines
3A5	Information Security Program Metrics
B	Information Security Program Management
3B1	Information Security Control Design and Selection
3B2	Information Security Control Implementation and Integrations
3B3	Information Security Control Testing and Evaluation
3B4	Information Security Awareness and Training
3B5	Management of External Services (e.g., providers, suppliers, third parties, fourth parties)
3B6	Information Security Program Communications and Reporting
4	Incident Management
A	Incident Management Readiness
4A1	Incident Response Plan
4A2	Business Impact Analysis (BIA)
4A3	Business Continuity Plan (BCP)
4A4	Disaster Recovery Plan (DRP)
4A5	Incident Classification/Categorization
4A6	Incident Management Training, Testing, and Evaluation
B	Incident Management Operations
4B1	Incident Management Tools and Techniques
4B2	Incident Investigation and Evaluation
4B3	Incident Containment Methods
4B4	Incident Response Communications (e.g., reporting, notification, escalation)
4B5	Incident Eradication and Recovery
4B6	Post-incident Review Practices

PRIJAVI SE ŠE DANES in POSTANI CISM

Predavatelj

*Uroš Žust*, *CISA*, *CISM*, *CISSP, PMP*, *PRIS*

Uroš je partner v družbi MAZARS IT d.o.o. in je izkušen strokovnjak z dolgoletnimi izkušnjami na področju revizije informacijskih sistemov, kibernetske varnosti, varnostnih pregledov, upravljanja tveganj, korporativnega upravljanja in zagotavljanja skladnosti. Pet let je preživel v ZDA, kjer se je specializiral za izvajanje IT revizij po SOX standardih ter za zagotavljanje upravljanja (governance) kibernetske varnosti. Ima preko 18 let delovnih izkušenj, tako v vlogi izvajalca kot vodje ekip.

Revizije informacijskih sistemov je v preteklosti izvajal na številnih bankah v Sloveniji. Poleg tega je sodeloval na projektih revizije Sisbon, skrbnih pregledih IT okolja treh slovenskih bank, pri svetovanju glede vpeljave novega bančnega sistema, številnih revizijah kibernetske varnosti, pregledih SWIFT in RTS SCA, ter vodil preglede skladnosti zunanjih izvajalcev, ki delujejo na področjih procesiranja plačilnih instrumentov, razvoja programske opreme za podporo temeljnim bančnim procesom in digitalizacije papirnega poslovanja, s Smernicami EBA o zunanjem izvajanju na področjih delovanja notranjega upravljanja, sistema notranjih kontrol in obvladovanja tveganj.

Je akreditirani trener za certifikata ISACA CISA in CISM, ter izkušen predavatelj, ki je omenjena pripravljalna tečaja v preteklosti že izvajal v Sloveniji, Ameriki, Srbiji in na Češkem.

CENA & PRIJAVA

Redna cena za udeležbo na 5-dnevnem tečaju je 750 EUR. Če ste član Slovenskega odseka ISACA, je vaša cena 550 EUR. Za včlanitev nas kontaktirajte na tajnik (at) isaca.si

Letna članarina ISACA znaša 135 USD, vključevanje novega člana 10 USD, članarina v Slovenskem odseku pa 50 USD. Članarina vam prinaša prihranke pri vseh ISACA materialih, izpitih in konferencah, dostop do brezplačnih materialov in znanja ter povezanost s strokovnjaki s področja revizije in varnosti IS (več informacij najdete na tej povezavi).

Prijava na izobraževanje CISM je na voljo tukaj.

Več informacij je na voljo v zavihku novice oz. tukaj. Seveda pa se lahko obrnete tudi na e-mail tajnik (at) isaca.si in z veseljem vam pomagamo.

CISA

Slovenski odsek ISACA vas vljudno vabi na intenzivno izobraževanje za pridobitev certifikata CISA (Certified Information Systems Auditor), ki je eden od najbolj priznanih certifikatov na področju revidiranja informacijskih sistemov na svetu. Pridobitev CISA je idealen certifikat tudi za vse tiste, ki želite vstopiti na profesionalno pot informacijske varnosti.

Kdaj?

Od vključno 11. do vključno 14. septembra 2023 (vsak dan od 9:00 do 16:00, vključno z odmori).

Kje?

Online preko MS Teams

Samo izobraževanje bo zaradi lažje izvedbe in uporabe terminologije potekalo v angleškem jeziku, vendar lahko predavatelja med odmori za kakšno pojasnilo vprašate tudi v slovenščini.

Predavatelj

Program

Uvod

Predstavitev izpita

Domain 1 – Information System Auditing Process:

Planning
- IS Audit Standards, Guidelines and Codes of Ethics
- Business Processes
- Types of Controls
- Risk-based Audit Planning
- Types of Audits and Assessments
Execution
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of the Audit Process

Domain 2 – Governance and Management of IT

IT Governance and IT Strategy
- IT-related Frameworks
- IT Standards, Policies and Procedures
- Organizational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations and Industry Standards Affecting the Organization
IT Management
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT

Domain 3 – IS Acquisition, Development, and Implementation

Information Systems Acquisition and Development o Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
Information Systems Implementation
- Testing Methodologies
- Configuration and Release Management
- System Migration, Infrastructure Deployment and Data Conversion
- Post-implementation Review

Domain 4 – IS Operations, Maintenance, and Support

Information Systems Operations
- Common Technology Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End-user Computing
- Data Governance
- Systems Performance Management
- Problem and Incident Management
- Change, Configuration, Release and Patch Management
- IT Service Level Management
- Database Management
Business Resilience o Business Impact Analysis
- System Resiliency
- Data Backup, Storage and Restoration
- Business Continuity Plan
- Disaster Recovery Plans

Domain 5 – Protection of Information Assets

Information Asset Security and Control
- Information Asset Security Frameworks, Standards and Guidelines
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and End-point Security
- Data Classification
- Data Encryption and Encryption-related Techniques
- Public Key Infrastructure
- Web-based Communication Technologies
- Virtualized Environments
- Mobile, Wireless and Internet-of-things Devices
Security Event Management
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics

Cena in prijava

Redna cena za udeležbo na 5-dnevnem tečaju je 750 EUR. Če ste član Slovenskega odseka ISACA, je vaša cena 550 EUR.

Prijavite lahko na spodnji povezavi.

Prijava na izobraževanje CISA je na voljo tukaj.

Za več informacij se lahko obrnete tudi na e-mail tajnik (at) isaca.si in z veseljem vam pomagamo.