PECB Lead Cloud Security Manager

PECB recently launched Lead Cloud Security Manager course and certification. This course is developed based on ISO 27017 and ISO 27018. ISO 27017 provides guidance to implement controls for cloud services and ISO 27018 provides guidance to implement controls to protect PII in public clouds acting as PII processors. This is well designed course which is very much needed for security practitioners to understand the controls needed to secure cloud services.

Cybersecurity Definition

I recently happened to download the Risk IT Framework, 2nd Edition from ISACA. During December 2019 the National Cyber Security Center of United Kingdom released the Cyber Security Body of Knowledge (CyBok 1.0). The CyBok has 19 knowledge areas which are grouped into five categories. This a very detailed body of knowledge that will be useful for practitioners, trainers and auditors. I made a comparison of Cybersecurity definition.

Audit Request List

Recently, one of my old student asked me to give some inputs on Data Request List (DRL) for IT General controls. I couldn’t understand the meaning and informed him that I have not heard of such term in auditing body of knowledge. I also explained to him that the Data Request List (DRL) he wants is the information provided by auditee before the audit or during the audit. Audit Request List: Audit request list is the list of documents (Policies, reports, etc) that the auditor may request from audit client. The documents are used by auditors to understand the controls and prepare for testing. This Audit request list is also called Document Request List (DRL).


IT General controls (ITGC’s) are applicable to any information systems infrastructure. These controls are primarily in the following areas: Access Management (assess to data and programs), Change Management (Changes to programs and data), Systems development (feasibility, design, Testing, installation, version control, Move to production) , IT Operations (Backup, Incident Management, Job monitoring, Batch processing, etc). IT General controls audit should test for the effectiveness of these controls. The ITGC’s are important component of the business operations. The reliability on data, reports underlying the business process depends on the effectiveness of these controls. The integrity and reliability of financial information depends on the access controls, change management, and operational controls. All the CISA certified candidates must be aware of these controls as these were covered in Domain 3, 4 and 5 (of old syllabus).

How did this start?

The Enron scandal in 2001 led to the creation of Sabarnes Oxley Act (SOX) to improve the reliability of information provided by organizations. The ITGC controls of SOX are a regulatory obligation to all companies in United States of America.

Personal Data Protection Act 2012 of Singapore

Personal Data Protection Act 2012 of Singapore is to govern the collection, use and disclosure of personal data by organizations. Any organization who wants to demonstrate that they comply with PDPA of Singapore can apply DPTM certification. DPTM certification is voluntary certification which will help organizations build trust with their stakeholders and gain competitive advantage. Certification requirements is based on 4 principles and each principle has set of assessment criteria, and each criteria having set of controls.

Foundation of Management Consulting

I created a new course today, the course is about Management Consulting. Many consultants i worked over the past few years neither had the foundational knowledge of management systems consulting or ignored to apply the concepts of management consulting during the consulting projects, this has resulted in many challenges, and misunderstandings during the project. I hope this short course will give clarity on some of the concepts. The course is in the Articles section of this website.

ITIL4 Leader – Digital and IT Strategy

ITIL4 Digital and IT Strategy is one of the most unique course and perfect course for Senior Managers and Business Leaders, this course is the most appropriate for the digital economy and for leaders who oversee digital transformation journey. The course will also cover topics on how organizations need to make a shift in their strategy driven by digital technologies to remain competitive. It also covers the risks and opportunities in digital transformation journey.

ITIL4 Foundation Class

Just completed an ITIL4 Foundation class in Bangalore for a training organization in Bangalore.

ISO 27001 Implementer course at Hyderabad

Completed an PECB ISO 27001 Lead Implementer course in Hyderabad on June 30.

ISO 27001 LA Training in Mumbai

I delivered an ISO 27001 LA training to the SOC team of large IT Services organization in Mumbai last week. They were a group of highly experienced and enthusiastic learners, the class was very interactive and we had role plays and exercises through the course. Please contact me on +91 95054 52841 for ISO 27001 LA training.