Conference Agenda

Now a days, IT governance is a key to an organization success. IT governance has to be measured continuously for its effectiveness. Security governance is one of the important components in IT governance. IT governance is always having its own risks. So effective risk management will minimize the risks and improve the benefits. Internal controls are the key success factors for managing the risk.

Many small things can be done to improve the effectiveness of the IT governance.

The continuous and stringent reviews and trainings are the two giant wings that help IT governance to fly.

Implementing the Management Systems smoothens the IT governance. The Management and the process owners are playing the major roles in implementing the Management systems. The success of the IT governance relies finally on end users. The Audit is the checkpoint for the IT governance and helps organizations to make appropriate corrective and preventive actions on time.

In this presentation, we will be seeing the fundamentals of IT governance and their related components. We will be seeing, how important the security governance in IT governance? What is the role of ISO27001 in IT governance? How important the internal controls for IT governance? What are the small things can be done to improve the benefits of IT governance.

MS Muthukrishnan is the Principal Consultant (e-Security) of Secure Matrix India. Holding 19 years of IT experience, he has been predominantly working in the fields of ISO9001 Implementation / Training / Auditing, ISO27001 Implementation/Training/Auditing, Quality Assurance, Quality Control, Project Management and Banking software Development / Testing / Implementation.

Muthukrishnan holds a Master's degree in Mathematics from Madras University (1989). He is a Certified Information System Auditor (CISA), Certified Software Quality Analyst (CSQA), Certified Vulnerability Assessor (CVA) by DNV, Project Management Professional (PMP) from PMI and a ISO 27001:2005 (ISMS) Lead Auditor.

Prior to Secure Matrix India, he had been heading the quality division of CashTech Solutions India Ltd (a banking solution provider). He had also worked as the Senior Quality Manager of Laser Soft Infosystems Ltd, another banking solutions provider.

This session will focus on the relevance of ERM (Enterprise Risk Management) in today's business environment and an explanation of COSO's ERM framework. Emphasis will be placed on organizational issues, alignment of responsibilities and critical success factors for an effective roll out of an ERM program. Essentially, this session aims to educate the audience on the practical approach to implementing ERM and the benefits resulting therefrom.

Dushan Soza is the Executive Vice President of WNS Global Services, a NYSE listed leader in the offshore Business Process Outsourcing (BPO) business.

Dushan is responsible for setting up and spearheading WNS’ BPO operations in Sri Lanka. He is also responsible for the successful set up of Sri Lanka's first "Finance and Accounting Center of Excellence" employing a talent pool of over 375 finance and accounting professionals as well as setting up a legal services pool of 100 all engaged in providing high end F&A and Legal services to a global clients. WNS-Sri Lanka is today a forerunner in the BPO industry and has won numerous awards and recognitions both in Sri Lanka as well as internationally. In 2005, CIMA UK at its Annual Awards Ceremony held in London recognized WNS Sri Lanka with the coveted 'highly commended' status under the category of 'The International Employer of the year' within its member countries worldwide and several other recognitions.

The WNS group employs over 23,000 professionals operating from a number of locations spread in India, Philippines, Sri Lanka ,Romania, USA and UK. The group has won many accolades in almost every sphere and has been ranked one of top 2 BPO companies for the past 4 years running by NASSCOM of India.

Dushan has been with the WNS group for 5 years and held the positions of head of Change Management and Director Projects before he set up the Sri Lankan Operations.

Dushan is an engineer by profession and graduated from the University of Reading UK.

Dushan has over 20 years of diverse work experience in UK, India and Sri Lanka and has held many senior leadership positions.

This paper is a literature survey. It introduces the key concepts of Social Engineering. It discusses the types of attacks, and how to become a social engineer and perform social engineering attacks. It then discusses how to identify social engineering attacks, how to deal with them, and how to prevent them.

Kanishka is the Managing Director of I.T. Advisors (Pvt) Ltd. He is a former president of ISACA Sri Lanka Chapter. Graduated from the University of London, he is a Certified Information Systems Auditor (CISA) and also holds a P.G. Diploma in Business Administration (PIM).

Pervasive IT utilization in modern organizations is a catalytic mechanism to grow, expand and dominate in the markets of respective industries. IT is not seen just as a tool to fast service clients, but more and more as a strategic tool. However, IT costs a lot and hence the investments are non-trivial. This creates foundation stones for us to reflect on what we have been doing so far.

1. Have we been spending a lot on IT systems that we cannot throw away easily due to price, but also do not provide expected values to the organization?
2. Are our IT systems not adaptable at all or cost prohibitive to change? Do they limit our business opportunities by not letting us do what we want to do, but want us to operate within the features they provide?
3. Are our IT systems easily integrable with other systems? How easy and secure it is to integrate our systems with the systems of other businesses?
4. Can we build our systems little by little, modify little by little, throw away portions without much hassle so that we don't have to spend massive sums of money in one go and we also grow on demand?

Service Oriented Architecture (SOA) provides the solutions to the above and is the present paradigm of software systems implementation. Maturity of SOA has grown during the latter part of the past decade from the period of hype to production ready capabilities. Hence, many organizations are presently not interested in massive scale monolithic IT systems implementations. For example, expensive and change resistant ERP systems are not the choice of many organizations at present times, except if they are SOA enabled.

This presentation on SOA demonstrates the business and technical capabilities of SOA. It describes how organizations should drive towards SOA and the context within which SOA should be fitted into the organizations. The presentation also discusses about the issues faced by organizations specially within our parts of the world.

IT/Software Architect & Trainer, Software View.
http://www.swview.org/profile

Scammers, Phishers, Bot Herders, Spammers, Online Extortionist, and Identity thieves...The names may seem obscure, but their intent is not: they are all out to steal our money. It is no secret that today, cyber crime is draining massive amounts of money every year, all around the globe. today's cyber criminals combine social engineering, viruses, trojans and spyware to target average, everyday users. There are several questions that we must try and understand in order to fight these cyber criminals: who are the culprits and do they fit any standard profile? What is their business model and how easy is it to set up? Through which channels is the cyber crime money flowing and who is getting this money, eventually? Is the "real" organized criminals -the so called mob- implicated at certain levels in the model?

This paper will attempt to shed some light on these questions. Answers will be developed, correlated and backed up by concrete data, numbers, and figures.

Vishak Raman, Regional Manager for India & SAARC of Fortinet, Inc., comes to the company with over 10 years' experience in sales, marketing and business development at security and channels companies such as WatchGuard, Satyam Infoway Ltd & HCL Technologies . Before joining Fortinet, Raman served Country Manager for India at WatchGuard. He was responsible for growing the Watchguard channel strategy in India

Prior to WatchGuard, Raman served as the product manager for Internet and Network Security business for Satyam InfoWay Ltd. where he struck alliances with security vendors and supported the field with solution design & product information.

Raman holds a Bachelors of Engineering in Computer Science from the PSG College of Technology and PGDBM (Post graduate Diploma in Business Management) from IIM Ahmedabad (96-98 batch) .

Investment in ICT is a risky decision that may erode the capital instead of adding value to shareholders wealth. Val-IT is an emerging IT governance framework that includes generally accepted guiding principles help management ensure that organizations realize optimal value from IT enabled business investments at an affordable cost with a known and acceptable level of risk. To optimize the value of ICT investment, the Val-IT principles are applied to management processes, including value governance, portfolio management and investment management. It also provides benchmarking capability and allows enterprises to exchange experiences on best practices for value management. This paper discuss the burning issue of IT business value and opportunities of application of Val-IT framework in Banking and Financial Services Sector Organizations in Sri Lanka.

Director / CEO, CISCO Information Security Service (Pvt) Ltd.

Assistant General Manager, Information Systems Audit, Seylan Bank PLC

Reverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation. The importance of reverse engineering in the field of Information Technology is rapidly increasing due to the growth in field of Information Security Sector. Reverse engineering often is done because the documentation of a particular device has been lost (or was never written), and the person who built it is no longer available. Integrated circuits often seem to have been designed on obsolete, proprietary systems, which means that the only way to incorporate the functionality into new technology is to reverse-engineer the existing chip and then re-design it. It enable finding out how a product works and its main components. When applied to information security, Reverse engineering aids in security auditing to check for fraud. The application of reverse engineering will be highlighted using a series of informative demonstrations.

Phd (German), MSc (Poland), MSc (USA), BSc (USA), BSc (Denmark), XFC-RE (China), CEH (USA), CHFI (USA), Mircrosoft Security(USA), Network Security(USA), Master MCSE+I (USA), CORE-CRE (USA), BBCM (USA), SUN-SOAT (USA), STATION-X-CCB (UK), TFCC (USA), CyberDefense+ (USA),CyberForensics (Israel), CyberCrime/Hacking (Russia-Former K.G.B), MS-ISA2004 (USA), Mil-Net Attack Defense (China), Mil-Net Security (Ukraine), Military-CyberForce+(Denmark-German), CyberForensics(UK-ScotlandYard))

Sri Lankan Gov Military-NET Consultant/Information Security/Reverse Engineering Consultant

More than 15 years experience in Information Technology, with emphasis on Information Security and consulting. Key projects included security assessments, security architecture, business and systems analysis, and software design. Client base included public utilities, civilian aerospace, financial institutions, health maintenance organizations, telecommunications providers, retail, distribution, and manufacturing businesses.

Dr Shanika's service engagement experience is diverse within the domain of IS security: Information security management, Security policy development and implementation, Business continuity and disaster recovery planning, Intrusion detection engineering and implementation, Firewall administration and training, Incident handling and reporting procedures, Physical security management, System, LAN/WAN engineering and implementation, Strategic and operational planning, Quality and performance improvement management, Security awareness training, Large Systems Integrator/Technology Consulting Firm/ Security Trainer Senior technical lead on multiple security planning, assessment, and implementation projects.

Dr. Shanika's Information Security background fills Digital Forensics, Operating Systems(OS) Hardening, Firewall, Intrusion Detection Systems and Intrusion Prevention Systems Bypass techniques, Internet and Network Security, Attack Method planning, Planning Network Security Strategies, principles policies and procedures, Security Implementation for Wireless and Mobile technologies, Penetration Testing, Auditing, Vulnerability Assessments, Incident Response Management, Universal Data Recovering, Disaster Recovery, Risk Management and Information Security Consulting.

Other expertise of Dr. Shanika includes Reverse Engineering encompasses Multiplatform Assembly Language Development, Software Security Concepts and Solutions, Software Architecture, Web security, Operating System Reverse Engineering, Shell Scripting, Programming Language Compilers Researching and Reversing, Emulation Design for Multiplatform, Computer Viruses, Worms, Trojans, Rootkits, Exploits, Shell-Codes and Malware Research, OS Architectural Developments, Research and Development on Application Weaknesses and OS Weaknesses, Reverse engineering on Multi Platform file systems, Antivirus Software Development, Encryption Technologies and Compression Technologies Research, Data packetize Research and Packet Crafting Mechanisms, Artificial Intelligence Software and Virtual Reality application technologies development, Operating systems device drivers (Kernel Level) and Internals Development, OS Kernel Architectural development, OS Shell Customization, OS Shell Codes, Exploits, Rootkits, Backdoors, Viruses and Spyware Developments, Revealing with Countermeasures.

Risk Management developed into a specialised professional discipline during latter part of 1900s. Today, Risk management is considered applicable to almost every type of private/public or commercial/non commercial venture.

Bankers take serious notice of Risk Management as a result of prudent initiatives taken by the industry, regulators, and also due to a number of bitter experiences faced by the banks during the last few decades. Today, Risk Management has become one of the most talked about disciplines getting integrated into banking.

The paper focuses on a range of factors such as Laws and Regulations, Organisational Readiness, Developments taking place in the business of Banking, Socio-Economic and Country Specific conditions, and Global Trends affecting the Banking Industry. Each factor is further expanded into several second level factors for discussing challenges faced by the Risk Managers in Banking Industry.

Priam Kasturiratna is a banker having wide range of experience in Banking, Core Banking Systems, E-Commerce Systems, Card and other Payment Systems, IT Project Management, and Risk Management.

He holds a Masters of Business Administration from Postgraduate Institute of Management, University of Sri Jayawardenepura, a Postgraduate Diploma in Business and Financial Administration, Diploma in Credit Management, and is also an Associate of Institute of Bankers of Sri Lanka.

Kasturi completed Certified Information Security Manager (CISM) examination in 2004, and has been a member of panel of resource persons for CISM and CISA exam preparation courses conducted by ISACA Sri Lanka Chapter since 2006.

He is attached to Sampath Bank PLC, currently as the Manager Operational Risk.

Among the top concerns of the CEOs and CIOs, Business Continuity is a priority. It has become a key necessity for survival in today's turbulent and technology based economy.

Hence Business Continuity has to be ensured and implemented as a discipline and not merely as an audit requirement. This presentation throws some light, how best it can be achieved.

Nalin Wijetilleke is the President of the ISACA UAE Chapter. As a Business Continuity Management expert, Nalin has a solid hands-on experience in this specialized area for the past eight years. Currently he is heading the BCM functions with one of the largest retail Banks in the UAE.

He combines his professional knowledge in other management disciplines to deliver effective continuity strategies. He has been in the Banking sector over three decades holding senior positions. He is also a senior assessor for the Dubai Quality Award. Graduated in Industrial Engineering/Work Study from the IMS-UK, Nalin has a MBA from the Postgraduate Institute of Management, SriJ - Sri Lanka and also many coveted certifications in Information Systems Audit, Project Management and Business Continuity Management. He is also a certified Lead Auditor in BS7799 -Information Security as well as in BS25999 - Business Continuity Management standards.

He is an eloquent speaker and has presented several professional papers at various international conferences and seminars. Nalin also lectures in the areas of Business Continuity, Information Governance, Risk Management, Disaster Recovery, Crisis Management, Quality Management etc at several local and international professional institutions as well as with some of the universities in the UAE.

Most interestingly Nalin's expertise span onto other areas such as Yoga, Naturopathy and poetry.

Our project teams are technically competent. They are skilful people and are the best in their own fields. When they are given the opportunity, right support and the proper leadership, what we can achieve is limitless.

Globally renowned Project management expert who has been recognised by the USA PM network magazine as one of the Top 25 most influential women in project management, Dr. Madhu Fernando, discusses how to achieve the best performance in IT projects through better governance, by fostering a project management culture in your organisations with a renewed strategy, improved structure and supportive leadership.

Dr. Madhu Fernando is a management trainer and a consultant. She is renowned as a Project Management expert, and has conducted management and project management workshops, seminars and in-house training courses, with local and multinational organisations across various industries. Her qualifications include:

• Doctor of Business Administration, Swinburne University, Melbourne, Australia
• Master of Telecommunications Engineering, RMIT University, Melbourne, Australia
• Certified Project Management Professional (PMP), PMI, USA
• Member Institute of Project Management USA and Melbourne and Colombo Chapter
• Founding Director/President/CEO of Project Management Institute Colombo Chapter
• Member of Australian Institute of Management
• Management Consultant and Trainer - Singapore Informatics
• Visiting Lecturer MBA program for University of Wales at Imperial Institute Sri Lanka
• Visiting Lecturer MBA Program - Department of Management of Technology, Moratuwa University

Madhu has worked with Ericsson Australia since 1997 and played many roles including her role as a Project Manager for the Asia Pacific Region, and the Regional Project Manager for the Y2K Project. After leaving Ericsson she has started her own consultancy, Innova Strategies, mainly focusing on advancing project management. One of the key roles she has played during this time is Head of Project Management Office and Project Director- Site Acquisition at Mobitel Sri Lanka where she has gained experience working in her motherland. She has conducted management and project management workshops, seminars and in-house training courses, for more than 150 companies, universities and professional organisations.

Madhu writes to management magazines on regular basis. Some of the publications include: Management Today, Australian Institute of Management - Australia's premier management magazine, PM Network - The professional magazine of the Project Management Institute USA circulating in over 125 countries and Management Monthly- Sri Lanka. She writes on Innovation, Strategy, Emotional Intelligence, Knowledge Management, change management and the new trends in project management.

Madhu has been recognised by the Project Management Institute USA PM Network magazine as one of the 25 most influential women in Project Management in 2007. And, her Doctoral Thesis on "Innovation Strategies for Project Success" has been graded at the highest standard by the Swinburne University, Melbourne Australia.

This presentation seeks to identify the current developments in one aspect of virtualization technologies, namely, presentation virtualization. The aim is to identify the key obstacles in promoting such technology and to find out the initiatives that have been so far taken to mitigate such obstacles and the effectiveness of such mitigation measures.

Dr. Malitha Wijesundara obtained his Bachelor of Engineering degree with honours in Electronic Engineering from University of Warwick, United Kingdom in 1998. He obtained his PhD from Department of Electrical and Computer Engineering from National University of Singapore in 2005. He is currently a senior lecturer at Sri Lanka Institute of Information Technology, where he is the Head of Department of Computer Systems & Networking and Head of IT Services. He also serves at the board of directors of ISACA Sri Lanka Chapter as the Academic Advocate.

His research areas include peer-to-peer networks, networked computing and storage, virtualization and e-learning.

Security mechanisms found in a range of wireless networks including Bluetooth, WiFi and Cellular systems are presented in this paper. The paper also includes an overview of specific threats and vulnerabilities in wireless networks as well as preventive measures.

Dileeka Dias is a Professor of Electronic & Telecommunication Engineering at the University of Moratuwa.

She graduated from the University of Moratuwa, and subsequently completed her M.S and Ph.D at the University of California, Davis, specializing in Mobile Communications. She has been a member of the academic staff of the University of Moratuwa since 1992, and was the Head of the Department of Electronic & Telecommunication Engineering from 1999 to 2003. She is currently, the Dean of the Faculty of Information Technology at the University of Moratuwa.

Her research interests are in the area of wireless technologies and applications. She has published over 30 papers in related areas and has authored several chapters in books. She is the joint author of Essentials of Modern Telecommunications Systems, published by Artech House, USA in 2004.

Dileeka Dias is a member of the Board of Directors of the National Engineering Research and Development Centre (NERD) and the Director of the Dialog-University of Moratuwa Mobile Communications Research Laoratorty.

Organizations are continually exposed to error, fraud, and inefficiencies that can lead to increased risk and financial loss. Moreover, an evolving regulatory environment, increased globalization, market pressure to improve operations, and rapidly changing business conditions require that organizations ensure that internal controls are effective and that risk is being properly mitigated. Leading organizations have turned to the continuous auditing and monitoring of financial transactions as a way to ensure that policies and procedures are followed and the business is operating as intended.

This presentation explores the challenges, experience of ACL and AUDITime, continous control monitoring, data migration auditing, forensic analytics and managed data analytics (MDA)

Chetan is an all India Merit holder in CA Final and passed his CISA in year 2000. Since 2000 he along with 2 other colleagues have promoted a company called AUDITime Information systems (I) Ltd.

AUDITime is one of the leading companies in India specializing in the areas of IT Audits, Application testing, Data Analytics and Audit & Risk management solutions. With a strong team of more than 100 professionals and being partnered to ACL, AUDITime is positioned to deliver major services in the areas of Data Analysis to any corporate house. AUDITime presently works with more than 40 large corporate houses in India on data analytics services using ACL technology.

AUDITimes' ACL implementation services to Siemens and Mahindra & Mahindra has been awarded "The Impact Award" in the year 2007 and 2008 respectively at the ACL Global conference as the ACL best implementation - Asia region.

Chetan have been taking sessions on various National and International forums where he is a regular speaker at ISACA chapters in India and ICA India and has also being invited in past at ICAS.

With rich experience in Banking, Insurance, Manufacturing and other verticals we invite ...

The ICT Agency of Sri Lanka is running the "Lanka Gate" initiative, a framework to integrate government and related non-government organizations together. We implemented a "thin-slice" of major Lanka Gate projects to demonstrate its end-to-end functionality, and validate technologies involved. In the present context, we discuss technical and non-technical findings on combining payment systems into Lanka Gate.

Independent Consultant
http://www.sayura.net/anuradha/

Scandals at companies such as Enron, Barings, WorldCom and Parmalat have highlighted the huge losses that can occur through frauds or the breakdown of internal controls. At Societe Generale, the activities of a rogue trader triggered a sequence of events that cost the bank €4.9bn ($7.2bn) – and this does not account for soft costs including the diversion of senior management’s focus from the day-to-day business, the negative impact on the franchise and the blow to employee morale.

In view of such huge losses, it is unbelievable how little interest there is in the subject of internal controls among financial analysts, shareholders and bondholders, unions and employee organizations, board members and senior management. Too many leaders underestimate the risks of fraud to their organizations and to the economy.

This Presentation will concentrate on analyzing the event that lead to the fraud and counter measures.The Presenter would shares the different control failures which lead to the Societe Generale fraud. He would be using his experience in the financial service industry (Goldman sachs) to bring out the different facets of the fraud. The main aim is to emphasis on good Risk Management practices which are necessary to avoid such incidents. Also the events would be put in the perspective of the failure of the IT controls and how the whole fraud could have been avoided.

The presentation will also try to create a linkage between other such frauds which has happened in past and how those learning are relevant even today. Last but not least, the presentation will talk about the importance of enterprise wide risk management and how it needs to be implemented.

Anand is a Chartered Accountant, Certified Information System Auditor (USA), Certified Information System manager (USA) and an Approva Certified Professional.

His area of specialization includes Governance, Risk & Compliance (GRC), Enterprise Risk Management, Project Management, designing and implementation of Regulatory compliance framework, IT Governance and Management Audits. He is a subject matter expert in the field of business and IT controls & audits.

Anand was part of the risk management team at Goldman Sachs, covering multiple audits across much geography for different function in the organization. His areas of specialization were anti money laundering, Basel II, BCP and operational risk.

Prior to Goldman Sachs, he was with the ES consulting group at Infosys Technologies limited, Bangalore. Here he was involved in the development of regulatory compliance framework for various compliances like Sarbanes Oxley Act etc and was part of the team developing solution for BASEL II Accord implementation. His responsibilities included working in sync with project of Infosys Consulting, Dallas.

He has been involved in Enterprise Risk Management implementation and IT audit for many International projects at USA, U.K, Japan, China, etc.

Other Professional interests:

• Was honorary treasurer of ISACA-Bangalore Chapter
• Visiting faculty at ISACA, ICAI and Welingkar Institute of Management
• Presented papers on Enterprise Risk Management and IT controls at various national and international forums.
• Has conducted many international workshops on Enterprise Risk Management.
• Have been involved in many educational and research engagement for Infosys’s consulting group
• Have conducted many CPE (Continuing Professional Education) engagements of ISACA and ICAI.
• Was a member of sub-committee on information technology of Institute of Chartered Accountants of India, Bangalore chapter.
• Is an active member of Young India, (A Confederation of Indian Industries Associate) which works to make Indians proud about themselves and encourage nationalistic feeling.

With IT now in the driver's seat, organisations globally, have been struggling to make IT naturally responsive to business demands. While most IT managements are increasingly harbouring the dreams of a robust management framework for IT but often feel lost or frustrated. The session provides an overview of COBIT 4.1 and its components, and discusses how successful enterprises are using COBIT 4.1 from ITGI for effective IT Governance that supports and extends enterprise governance thereby enhancing enterprise value.

R Vittal Raj, Director, Pristine Consulting Private Limited and Partner of M/s. Kumar & Raj, Chartered Accountants, leads and manages the Business Risk Assurance Services Practice. A Fellow Member of the Institute of Chartered Accountants of India, he is also a Certified Information Systems Auditor (CISA) & Certified Information Security Manager(CISM) from ISACA, USA, Certified Information Systems Security Professional (CISSP) from ISC2, USA, Certified Internal Auditor (CIA) from The Institute of Internal Auditors, Florida, USA, Certified Fraud Examiner(CFE) from ACFE, USA and BS7799 qualified auditor and holds the Post qualification diploma in Information Systems Audit from The Institute of Chartered Accountants of India. He specializes in Consulting, Implementation, Audit and Assurance for IT Governance, ISO 27001, Enterprise Risk Management, Internal Audit, Risk Management and SOX 404.

He is also presently the Director on Board and Past President of the Chennai Chapter of ISACA and member. He is also the Governor on the Board of Governors and Past President of the Madras Chapter of Institute of Internal Auditors. He is the Vice Chairman on the IT Committee of the Madras Chamber of Commerce and Industry, Member of the IT Committee of the SIRC of Institute of Chartered Accountants of India.

He is a visiting faculty with Institute of Chartered Accountants of India and Sri Lanka, The office of the Comptroller and Auditor General, RBI, Institute of Internal Auditors, Tamil Nadu Police on cyber crime investigation, various Banks, several ISACA Chapters in India for the CISA Examination and provides in-house training for corporates.

He is a specialist trainer on IT Governance and COBIT, Risk Management, Information Security, Information Systems & Risk Based Internal Audit and has presented papers in national and international conferences and contributes to various national and international journals.