pi Security Audit

Home About Background Blog Faith Contact Members

Let us address your security concerns

  1. Engage us to review the security of your IT environment:
    1. Privacy Impact Assessment to ensure your data is in compliance with privacy standards
    2. Threat Risk Assessment to gain assurance you are providing the best protection of your data
    3. Compliance review against standards such as Internal Controls over Financial Reporting (ICFR), or General Computing Controls (GCC)
    4. Effectiveness review of your current controls and procedures.
  2. Learn about IT security, and also IT in general:
    1. Click Members if you are taking a course that I instruct through The Knowledge Academy
    2. We can develop new courses by arrangement (one on one, or class up to 10 people), such as:
      • Conducting Privacy Impact Assessment (PIA) or Harmonized Threat Risk Assessment (HTRA)
      • Security standards such as ISO27001 ISMS, NIST 800, CIS, CSEC ITSG-33,22,39, COBIT5
      • Programming such as JavaScript, Perl, Visual Basic for Applications (VBA)
      • Relational databases (SQL)
      • Web design using HTML, CSS, XML, XSL
  3. Project Management for development of business applications
  4. Technical Writing to produce user guides, technical manuals, and support scripts
  5. Develop new web sites for you or your company, with on-line forms and backend databases.

My business card (see "About") shows my different areas of expertise.

Last updated: Aug 1, 2019


© 2018-2020 -- pi Sec Audit, a division of 964317 Ontario Inc.

My initials are "PI", hence the pi symbol on my business card.















































































Blog page has moved here.


Top  © 2018-2020 -- pi Sec Audit, a division of 964317 Ontario Inc.










































About - Qualifications

Home About Background Blog Faith Contact Members

Hover over any area of expertise on the card (below left), and the relevant background is displayed in the box (below right).

Click any area of expertise to see my resume (one page summary), or click full CV to see the details.


See < body onLoad >


Top  © 2018-2020 -- pi Sec Audit, a division of 964317 Ontario Inc.















































































Home About Background Blog Faith Contact Members

I want to take a practical and active role in minimizing security risks by improving controls and procedures, such as identity and access management. I really enjoy helping people learn to be more productive, as a leader, mentor and instructor.

What is an IT Auditor?  A professional who reviews the IT Security controls in place to either assure compliance with regulations, or review effectiveness and efficiency. The controls ensure confidentiality, integrity, availability, and accountability of your data and business processes.

  • IT Auditor
  • Freelance trainer
  • IT Security consultant
  • Business Analyst
  • College teacher
  • Programmer
  • Reports for C-level
  • Addressing recommendations
  • Risk evaluation
  • Governance & Compliance
  • Analyzing controls
  • Planning audits

For the question "What is an IT Audit?" there are two parts to the answer:
what is IT Security; and
what is an Audit of IT Security.
Here is a one page executive summary of IT Security Audits and my qualifications as an IT Security Auditor.

IT Security versus CyberSecurity

IT Security concerns Confidentiality, Integrity, Availability, and Accountability (non-repudiation of transactions) of data in a system or application. It includes both the client-side and server-side controls, and the communication between the server and the client (thick or thin). Ultimately it is the responsibility of the system (application) owner to ensure InfoSec controls are sufficient to meet the threats, and to ensure the actions to prevent breaches or loss of data are implemented on a risk-based approach. (See risk-based approach below.)

CyberSecurity (especially CyberSecurity neXus CSX) concerns the totality of all systems working together and extends InfoSec to include Internet of Things IOT, service mid-points (like routers, WiFi hot spots, cell towers), and social media. CSX is focused on privacy of data. Ultimately it is the responsibility of the data owner (i.e. the consumer) to safeguard against loss of privacy; only post information you feel comfortable with your (eventual) grandkids seeing down the road. The problem of course is with big data analytics being able to backwards analyze seemingly innocent data to piece together information that should be private.

IT Security

IT Security protects your information in four dimensions:

(ISC) divides IT Security into eight domains, ranging from personnel and physical security to cryptography. Bearers of the Certified Information Systems Security Professional (CISSP) certificate must have an in-depth knowledge of the eight domains. Each domain has its own set of controls.

There are three frameworks to measure the controls:

There are also industry standards regarding which controls to use:

Audit of IT Security

An IT Security Audit reviews existing business processes and controls, including automated controls, and reports on:

Bearers of the Certified Information Systems Auditor (CISA) certificate must have an in-depth knowledge of conducting audits into IT Security. As with any audit, there are four phases:

Internal Controls over Financial Reporting (ICFR) requires businesses to certify annually that certain "general" IT Security controls have been designed properly and are functioning correctly. The penalties for failure to comply include loss of reputation, and in extreme cases sending the CFO to jail. IT General Controls (ITGC) are a required component of ICFR compliance. ITGC reports are prepared by IT Security Auditors. The Audit Committee on your Board of Directors may ask for other IT Security audits to be performed from time to time.


Top  © 2018-2020 -- pi Sec Audit, a division of 964317 Ontario Inc.















































































Home About Background Blog Faith Contact Members

This area contains tools I find useful for building my faith. If you are offended by evangelical Christianity, please do not read this area.