Continuing Professional Development
InnoICT Competition Review
IS Audit & Security
|Briefing on IS Audit & Security
MANETIC continues to offer a plethora of services and activities in line with improving IS Auditing and Security to the community and professionals of Macau. The ongoing effort produces a focal point for Macau of knowledge, skills and techniques related to IS Audit and Security. In this quest, the provisioning of a Computer Emergency Response Team, complements and reinforces the work performed for IS audit and security at various levels.
MANETIC has fostered professionals of Macau to gather and share experience and knowledge. MANETIC achieves this by supporting professional associations in information system audit and security. This great effort has been recognized internationally by having the Information Systems Audit and Control Association Macao Chapter continually grow at a rapid pace. This growth in ISACA Macao Chapter membership, means that MANETIC has identified and fostered a latent need of Macau for professionals in the field of information systems auditing and security.
MOCERT, the Macau Computer Emergency Response Team and Coordination Centre (MOCERT) is an ongoing service from MANETIC that assists in the event of computer security emergencies of individuals of Macau, be they employed in companies, SME’s, or government departments. MOCERT’s service is in line with a local effort in security from an international network of computer emergency response teams to make the internet and computers safer. This involves adapting and communicating to Macau new techniques in computer security and is inline with the fostering of new technologies in Macau. As well performing work, in Macau and internationally, in keeping the internet a clean and safe environment, MOCERT conducts many user awareness seminars and promoted computer security by instructing in schools, universities, and the industry.
New technologies improve and extend efficiencies of the Macau community. With the new technologies in information systems there will always be a need to ensure that the security is checked and assured. MANETIC throughout the year maintains and enhances the channels by which the Macau community is made aware, and understand how to address, their information system audit and security needs and will continue for the years to come.
The Macau Computer Emergency Response Team – Coordination Centre (MOCERT) has been set up in 2010, by MANETIC, as an outward facing service for the Macau community. Along with the basic service of early warning of computer security issues, as well as incident response, the service has provided an unparalleled number of quality user education seminars aimed at all levels, whether the user is a home user, a person from government or industry. Yearly, the service rolls out “Clean PC Day” where techniques to keep PC from being infected as well cleaning them are taught. This activity is performed in parallel with a seminar track in which the latest computer security issues are addressed, through demonstration or simple instruction. MOCERT also assist university students by rolling out of courses that are centered on computer security. MOCERT, the service from MANETIC, also provide internship to student of high potential in the computer security industry. Schools are also catered .for with an altered version of Clean PC Day that is brought to schools, as well as a computer security course run during the summer in conjunction with DSEJ.
All this activity is performed with the core functionality of alerting the industry in Macau of the latest issues and advisories and responding to Macau’s computer security incidents. Of incident, MOCERT handles a range of emergencies from phishing website take-down requests, to contacting owners of websites should their server be found to have been compromised. MOCERT, has been recognized internationally for its work and holds membership at the Asia Pacific level through APCERT (Asia Pacific Computer Emergency Response Team), as well as globally through FIRST (Forum if Incident Response and Security Teams). Through this recognition, MANETIC has rolled out, and maintains, an international level of service for IS Audit and Security.
The Information Systems Audit and Controls Association (ISACA) currently has a chapter in Macau since 2007. MANETIC, in its endeavor to support professional certifications and education in information system and technology, has sought to leverage the advantages that a local chapter of an internationally renowned association specializing in information system audit and control.Membership
In the past years, it has turned out that a synergy has been found and not only is knowledge about information system audit and security being provided to the community of Macau by fostering this chapter, but the chapter itself has been rewarded by being the fastest growing chapter in Asia, by percentage, for a number of years. This can only have happened if two things were brought together. First there must have been a need for a professional association for information systems audit and control in Macau. The second is that there must have been an agent to enable the change. MANETIC, has toiled over the past few years and the award that ISACA Macau chapter has received validation that the potential in Macau has been awakened.
At the most recent count of members, there are over 100 members that are affiliated with ISACA Macao Chapter. This is a significant increase from the original count of 21 members in 2007. The five fold increase of the chapter’s membership is a sign that the service and benefits provided by ISACA is sought and valued in Macau. The membership is not constant and individuals drop from membership. This fact emphasizes that to have growth in overall membership mean that much more professional are interested in becoming a member.
In the membership, there are two Academic Advocates. These special memberships are offered to tertiary institutions that are offering some type of information systems security or audit curriculum. The two institutions are from Macao’s Polytechnic Institute and The University of Macau. It is with these academic advocate’s access to ISACA’s knowledge material, that curriculum may be shaped to better prepare the Macau students of today become the information systems professionals of tomorrow.
Certification and Exams
Individual that possess a professional certification have been vetted as having the knowledge skills and experience to perform the function described in their certification. Whether the specialization is in audit (CISA), IT governance (CGEIT), security (CISM) or in risk assessment (CRISC), there is a certification from ISACA that validates a professional’s ability in their chosen field of work. The exams for the certification are in June and December of every year. This period of time is often enough for attempts to be made and also leaves enough time where professionals, may prepare for their exam by joining the Macao Chapter’s review course, also held twice a year.
The four (4) certifications, CISA, CISM, CGEIT, and CRISC require an exam to be passed before the individual may apply for certification. It is at MANETIC, where this exam has been held for both the June and the December exams. The number of participants in the exam has remained stable at about eight (8) participants per exam session, and provides evidence that individuals of Macau do find the convenience and worth in having the exam administered locally.
The Macao Chapter is a small chapter in an association that is essentially an international network of information systems audit and control professionals. To be able to ensure that the chapters around the area are in line and up-to-date with international developments, ISACA chapters participate in the Leadership Conference held every year.
Wardriving is the common name given to auditing of the information security settings of wireless access points reachable from the street level. MANETIC has, since 2007 been supportive of gathering and sharing information and techniques for a more secure wireless local area network environment. Although the last year of the audit activity has been in 2010, MANETIC still provides seminars on how and why to do such WLAN audits.
The results of 2010 as well as the summary result of the previous four years.2010’s results
2010 was the first year where by so many data collection software were used on so many laptops. Some of these laptops catered for the new protocol of wifi called 802.11n. This, therefore, is the first time that the report has been able to report on details about the new protocol.
Overall, it is encouraging that the strongest form of security features of access points is being applied at an accelerated pace. Thus far in 2010, 29% of all access points discovered use the strongest form of security, (WPA 2), which is a remarkable jump from 2009’s proportion of only 16%.
From the data collected three issues are found of importance:
From these figures, it can be said that the Macau public is increasingly securing itself with the use of technology that protects their wireless access points.
Yet, there is an indication than an underlying vulnerability of WEP, a broken security control, is still present and provides a point of concern for secure use of WLAN in Macau. It seems, from the data collected, that there still is a large proportion of WLAN access point owners that are still relying on the old security technology WEP, that are unwilling or unable to upgrade.
It can be seen that Macau in 2010 has a broader use of security features of WLAN.
Macau International Food Safety Association has continued to provide the necessary service of providing verifiable information to consumers about the supply chain of manufactures and retailers listed in the MIFSA website www.mifsa.com. These manufactures and retailers enjoy the fact that customers can check that due and proper verification was performed on their product. The supply chain covered may reach back from the time that the product has left the store of the manufacturer all the way to the store where the customer has bought the product.
MIFSA, enabling customers, to be able to trace the path of their purchased product allow the customer to not only make a more informed decision before purchase but also assures that the product purchased is the original. In the case of food stuffs, it assists in ensuring that the food was tested by the expected authority and that it is still safe from tampering before being purchased. MIFSA prides itself in being the only system in Macau and in the region to offer this service and looks forward to continuing the service for customers and manufactures alike.
In the year of 2008 the Macau Food Safety Association took part in the annual China International Food Exposition (Guangzhou). The bakery industry of Macau has been invited to either participate in taking a booth or to visit the exhibition. The event was a success with the food industry from around China converging to see the latest products in a chance to expand their brand names.