pi Security Audit

Home About Background News Contact Members

I want to take a practical and active role in minimizing security risks by improving controls and procedures, such as identity and access management. I really enjoy helping people learn to be more productive, as a mentor and leader.

What is an IT Auditor?  A professional who reviews the IT Security controls in place to either assure compliance with regulations, or review effectiveness and efficiency. The controls ensure confidentiality, integrity, availability, and accountability of your data and business processes. Read more about IT Security and IT Audits.

Roles
  • IT Auditor
  • Freelance trainer
  • IT Security consultant
  • Business Analyst
  • College teacher
  • Programmer
Strengths
  • Reports for C-level
  • Addressing recommendations
  • Risk evaluation
  • Governance & Compliance
  • Analyzing controls
  • Planning audits

My business card (see "About") shows my different areas of expertise.

 


© 2018, 2019 -- pi Sec Audit, a division of 964317 Ontario Inc.

My initials are "PI", hence the pi symbol on my business card.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

About - Qualifications

Home About Background News Contact Members

Hover over any area of expertise on the card (below left), and the relevant background is displayed in the box (below right).

Click any area of expertise to see my resume (one page summary), or click full CV to see the details.

CERTS SECURITY AUDIT ERM PKI TRA SOS GOVERN CTRLDESGN PIA CSX PROJMGR COBIT5 COMPANY PI

See < body onLoad >

 


Top  © 2018, 2019 -- pi Sec Audit, a division of 964317 Ontario Inc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Background

Home About Background News Contact Members

For the question "What is an IT Audit?" there are two parts to the answer:
what is IT Security; and
what is an Audit of IT Security.

Here is a one page executive summary of IT Security Audits and my qualifications as an IT Security Auditor.

IT Security

IT Security protects your information:

There are ten domains in IT Security, ranging from personnel and physical security to cryptography. Bearers of the Certified Information Systems Security Professional (CISSP) certificate must have an in-depth knowledge of the ten domains. Each domain has its own set of controls.

There are three frameworks to measure the controls:

There are also industry standards regarding which controls to use:

Audit of IT Security

An IT Security Audit reviews existing business processes and controls, including automated controls, and reports on:

Bearers of the Certified Information Systems Auditor (CISA) certificate must have an in-depth knowledge of conducting audits into IT Security. As with any audit, there are four phases:

Internal Controls over Financial Reporting (ICFR) requires businesses to certify annually that certain "general" IT Security controls have been designed properly and are functioning correctly. The penalties for failure to comply include loss of reputation, and in extreme cases sending the CFO to jail. IT General Controls (ITGC) are a required component of ICFR compliance. ITGC reports are prepared by IT Security Auditors. The Audit Committee on your Board of Directors may ask for other IT Security audits to be performed from time to time.

IT Security versus CyberSecurity

IT Security concerns Confidentiality, Integrity, Availability, and Accountability (non-repudiation of transactions) of data in a system or application. It includes both the client-side and server-side controls, and the communication between the server and the client (thick or thin). Ultimately it is the responsibility of the system (application) owner to ensure InfoSec controls are sufficient to meet the threats and to ensure the actions to prevent breaches or loss of data are implemented on a risk-based approach. (See risk-based approach above.)

CyberSecurity (especially CyberSecurity neXus (CSX)) concerns the totality of all systems working together and extends InfoSec to include IoT (Internet of Things, like Internet-connected fridges), service mid-points (like routers, WiFi hot spots, cell towers), and social media. CSX is focused on privacy of data. Ultimately it is the responsibility of the data owner (i.e. the consumer) to safeguard against loss of privacy; only post information you feel comfortable with your (eventual) grandkids seeing down the road. The problem of course is with big data analytics being able to backwards analyze seemingly innocent data to piece together information that should be private.

 


Top  © 2018, 2019 -- pi Sec Audit, a division of 964317 Ontario Inc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Contact

Home About Background News Contact Members

I am available for full-time or contract work near Ottawa (from Kingston to Cornwall), or for remote work on-line.

Web Portfolio

Please review my Resume - 1 page summary  or C.V. - 6 page detailed curriculum vitae

 


Top  © 2018, 2019 -- pi Sec Audit, a division of 964317 Ontario Inc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Members' Area

Home About Background News Contact Members

Please sign on using one of the accounts and passwords that I have given you.
Password Protected Area

 


Top  © 2018, 2019 -- pi Sec Audit, a division of 964317 Ontario Inc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

News

Home About Background News Contact Members

This page will be linked to my blog...

 


Top  © 2018, 2019 -- pi Sec Audit, a division of 964317 Ontario Inc.