Upload
dangkhuong
View
220
Download
0
Embed Size (px)
Citation preview
1
N O V E M B E R , 2 0 1 5
I N S I D E T H I S
I S S U E :
Letter from the
President
1
Member-get-a-
Member
2
ISACA NTX
Fall 2015
Seminar
2
Next Meeting
Agenda:
Luncheon
3
Next Meeting:
Pre &
Post-Luncheon
4
In the News 5
Conferences &
Training
6
2014-2015
ISACA NTX
Board &
Coordinators
7
ISACA NTX
Events Policy
8
Career
Opportunities
9
Payments /
Cancellations
9
Letter from the President Cooler weather has finally arrived and Thanksgiving is just around the corner. That means this a good time to take stock of your CPE requirements and get some training before the end of the year. Of course, 3 CPE credits may be earned by attending our November meeting, where we would be glad to see you. In addition, 16 CPE may be earned by attending the Fall Seminar, "Audit and Security for Cloud-Based Services." Our November meeting takes place this Thursday, November 12th at the Renaissance Dallas Richardson Hotel located at 900 E Lookout
Drive, Richardson, TX 75082. Ryan Day from SoftLayer will present "How to Manage Incident Response" at the pre-meeting. Lunch will feature Rocky Grindstaff, Brinker International, presenting "I.T. Change Management – Why Do It." Our post session will feature Paul Dunn, Montgomery Coscia Greilich LLP, presenting "Cost Reduction: Transforming the Cost Structure for Sustained Benefits." Registration is open for our Fall Seminar "Audit and Security for Cloud-Based Services." The seminar will take place December 1-2, 2015 from 8:30 AM - 4:30 PM at Weaver located at 12221 Merit Drive, Suite 1200, Dallas, TX 75251. The presenter is Jason D. Claycomb from the MIS Training Institute. See page 2 for details! Our December meeting will take place on December 10th at the Dallas Marriott Las Colinas located at 223 West Las Colinas Boulevard, Irving, TX 75039. David Maxwell ,Chief Information Security Officer & Director of Information Security Practice, Columbia Advisory Group will present "What IT Needs to Consider for Legal Hold and what Auditors Should Look for." Lunch will feature Carol Brooks from Inghilleri Consulting Group presenting on the topic of Soft Skills Are the New Hard Skills, and the post session will feature Girish Chiruvolu, Director of Information Security and Risk Management, Thomson Reuters presenting " Online User Authentication: Beyond Passwords." Please take advantage of the opportunities your ISACA North Texas chapter membership offers you. Invest in yourself and your career. Whether attending monthly chapter meetings, educational seminars, certification reviews or networking events, I look forward to meeting YOU at one of these events this year! Laurie Flandrau, CISA, CRISC
GM Financial
President – ISACA North Texas
Laurie Flandrau Chapter President
2
T H E PA S S W O R D P A G E 2
Join in ISACA’s Member Get a Member Program! Reach out and invite colleagues and other professionals to become ISACA
® members—from now until 31
December 2015 during the Member Get a Member program 2015, receive exciting rewards!
The more new members you recruit, the more valuable the reward:
2-3: receive a passport wallet with RFID-blocking technology: US $45 value. 4-5: receive high quality 10x42, 10-power multicoated lens binoculars: US $99 value. 6-7: receive a whisper-quiet, 10” bladeless fan: US $255 value. 8-9: receive a performance camera—12MP photos, video, Wi-Fi and Bluetooth
®, waterproof: US $399
value. 10 or more: receive a smartwatch with fitness companion—a new way to connect to life-enhancing
technology: US $699 value. Get tips and tools. Hurry, the sooner you start, the sooner you begin earning rewards!
ISACA North Texas Fall 2015 Seminar
Audit and Security for Cloud-Based Services Instructor
Jason D. Claycomb CISA, CISSP, is the founder of INARMA LLC, where he helps clients assess, implement, and manage GRC policies and processes. He is a 25-year veteran in computer system
security, audit, and development. Mr. Claycomb brings a realistic approach to GRC to comply with laws, federal regulations, and industry best practices.
Mr. Claycomb is proficient in IT planning, systems development and installation, data analysis and
reporting, and in evaluating logical and physical controls. He works extensively with financial services and healthcare companies to analyze risk and implement appropriate controls. He serves as the
Corporate Governance Officer of OS33, a leading cloud services provider, and previously was the
National Director of IT Services at Jefferson Wells (now Expiris), and a Manager at PricewaterhouseCoopers. Mr. Claycomb also served as the Director of IT Services at CrossCheck
Compliance and as an IT Auditor at First Colonial Bankshares Corporation. Mr. Claycomb is a member of ISACA, IIA, and ISSA.
Program Description
Offering Internet-based computing and on-demand resources, software, and data, cloud-based services are rapidly changing the landscape of IT. With Software as a Service (SaaS) delivering
application software, Platform as a Service (PaaS) available to design and develop software, and Infrastructure as a Service (IaaS) providing the equipment upon which to support other services, cloud
computing offers IT a way to increase capacity and capabilities minus a huge investment.
In this two-day seminar, attendees will explore the current state of cloud computing and its common
architecture, and examine the major SaaS, PaaS, and IaaS providers in the market today. We will cover the security and control deficiencies that exist in cloud-based services and look at Security as a
Service as a way to protect against them. We will review a risk-based approach to audit and controls for cloud based-services and investigate such areas as cloud-based network models, cloud brokers,
and disaster recovery and governance in a cloud-services environment. Throughout the seminar, class exercises will reinforce what you learn and help you identify the risks, controls, and gaps in cloud
services.
When: Tuesday 12/1 & Wednesday 12/2, 8:30 - 4:30 PM
Where: Weaver 12221 Merit Drive, Suite 1200 Dallas, Texas 75251
Get Registered!
Cost:
$800 - Includes all materials, breakfast,
lunch, beverages
3
...and elsewhere
Did you enjoy CACS last year? This year it’s in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Haven’t even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
T H E P A S S W O R D
How much is too much when it comes to IT risk management?
Microsoft has joined the FIDO (Fast IDentity Online) alliance in an
attempt to move away from passwords to more secure means of
authentication. Sounds great...but surely nobody will ever guess “123456”
is your password?
P A G E 3
Scenes from our June meeting...
Pre & Post Luncheon on Page 4
Luncheon
Luncheon registration opens at 11:15 am
Lunch served no later than 11:45 am
Speaker at 12:20 pm
Topic: “I.T. Change Management – Why Do It”
Presenter: Rocky Grindstaff, Director IT Operations and Service Management at Brinker International
Description: This session will discuss the true intent of an organization’s I.T.
Change Management process. Is the objective to pass an audit or to mitigate risk to the business? The presentation will help in determining what a successful I.T. Change Management process looks like for your organization.
Speaker Bio: Rocky has been with Brinker International for just over one year
where he is leading an effort to introduce I.T. Service Management processes and
contributing toward the building of a Plan – Build – Run organization. Before coming to Brinker International, he was with JCPenney for 15 years as the Senior Manager over ITSM and Automation. Prior to this he spent 15 years with Philips Consumer Electronics
as the Data Center Manager.
Objectives - Attendees will learn about:
The importance of measuring the success of I.T. Change Management
How to market I.T. Change Management internally within I.T. and externally to the business partner
The impact and relationship between I.T. Change Management and other processes such as Incident, Problem and Project Management
Program Level: Basic
Category: Specialized Knowledge & Applications
Prerequisites/Advance
Preparation: None
Recommended CPE Hours: 1 per session
November Meeting Agenda When: Thursday, November 12th
Where: Renaissance Dallas Richardson Hotel
900 E Lookout Drive
Richardson, Texas 75082
**Note about Presentations: ISACA North Texas can only post presentations from monthly meetings that are provided by the speaker with their permission. If a presentation is not on the website it either means we have not been granted permission or the speaker has not provided us the presentation to post yet.
4
T H E P A S S W O R D
Pre-Luncheon 10:30 AM (Pre-Luncheon registration begins at 10:00 am)
Topic: “How to Manage Incident Response " Presenters: Ryan Day, SR Information Security and Compliance Advisor at SoftLayer
Description: Ryan will talk about how to manage cyber incident response from a project perspective. He will share several case studies that he encountered, and how he managed not only the incident, but also the
clients and people that was involved and how this is similar to project management. Ryan will review the
methodology that he used to manage the incident, and will give tips to better prepare Managers and Executives to handle the inevitable cyber breach.
Speaker Bios: Ryan is the Senior Information Security and Compliance Advisor for SoftLayer, an IBM
company. He is responsible for highly specialized security projects for the company. Ryan has over 15 years of experience in technology and over 10 years of experience in IT Security. Ryan’s certifications include:
CISSP, NSA:IAM/IEM, SANS GSEC (Incident Handler), SANS GWAPT (GIAC Web Application Penetration Tester) , Attended SANS DIACAP Boot Camp, Verizon Lean Six Sigma Certified, ITIL, and Master’s Certificate
in Project Management from UTD. He is also a member of: Academy of Forensic Science, ISSA, PMI, ISSCA,
and Infragard. Objectives - Attendees will learn about:
Managing cyber incident response from a project perspective
Communicating with clients in incident response scenarios
Comparing incident response and project management methodologies
Preparing managers and executives for better handling a breach
--------------------------------------------------------------------------------------------------------------
Post-Luncheon 1:30 PM
Topic: “Minimizing Risks in Enterprise Cost Reduction: Transforming the Cost Structure for Sustained Benefit”
Presenter: Paul Dunn, Montgomery Coscia Greilich LLP
Description: This session will discuss how leading companies use risk management while implementing enterprise-wide cost reduction programs to increase organizational value and sustain change while
managing the costs of controls and minimizing risks. Topics discussed include the key elements of an end-to-end cost reduction program with techniques focused on functional and product costs as well as working
capital efficiency. The session will also cover development of a framework, process, and set of tools to implement and monitor exposures in a sustainable cost reduction program, including vendor risk
management.
Speaker Bio: Paul is a Partner in Montgomery Coscia Greilich LLP’s Advisory Services practice serving
large companies in the areas of financial and management reporting, and implementing profit improvement projects. He leads projects in Finance Transformation, Corporate Performance Management, and Strategic
Cost Reduction. Paul is a CPA, a Certified Management Accountant and is a member of Finance Executives International. He is also a Project Management Professional, licensed by the Project Management Institute
and certified through the American Society of Quality as a Six Sigma Black Belt. He serves on the Board of Examiners for the Malcolm Baldrige National Quality Award.
Objectives - Attendees will learn about:
Partnering with the finance organization in cost reduction projects focused on functional and product
costs as well as working capital efficiency and the role of the auditor in managing risks and the cost of controls.
End-to-end Cost Reduction programs conducted at an enterprise, business unit, region, or functional
level including identifying key areas of potential significant opportunity for cost reduction and identifying
and managing risks.
Techniques to assess the approach, techniques, program and initiative design, expected benefits and
realization monitoring to capture and sustain benefits and controls.
P A G E 4
5
...and elsewhere
Did you enjoy CACS last year? This year it’s in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Haven’t even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
T H E
How much is too much when it comes to IT risk management?
Microsoft has joined the FIDO (Fast IDentity Online) alliance in an
attempt to move away from passwords to more secure means of
authentication. Sounds great...but surely nobody will ever guess “123456”
is your password?
News from ISACA International ISACA has officially launched the Cybersecurity Nexus, a new
security knowledge platform and professional program that
provides cutting-edge thought leadership, training and
certification programs.
Contribute to ISACA’s knowledge center - Gather and share
knowledge, and earn badges!
...and be sure to take advantage of ISACA’s available research
and publications!
Have a passion for helping out your fellow IT geeks? Want to
do more within the community? Become an ISACA
volunteer!
P A G E 5
...and in other news Microsoft aims to simplify SCCM…for Windows 10 users.
Last month we talked about the move to chip-and-signature...but is that the
future? Apple Pay and other solutions may provide easier adoption, but
growth has apparently slowed.
At Black Hat Europe next month, hackers will demonstrate how the oil &
gas industry is at risk to have ERP systems hacked...providing an avenue to
exploit under-developed cybersecurity.
Information Week with a great story about an AMEX executive tasked with
updating 16 different ERP systems (acquired through various acquisitions
around the world). The challenges associated with such an undertaking
make for good reading.
From CSO Online - The banking industry,
always a target for attackers, may be better
served focusing on incident response.
It’s official...Washington has officially given
companies the right to share consumer
data with the government in the event of a
security breach or cyber attack. What’s
your take?
6
P A G E 6 T H E PA S S W O R D
Upcoming Conferences & Training Opportunities
ISACA’s last training event of 2015 is in Seattle, December 14th to 17th. Get your CPE in
before the end of the year—up to 32!
Just looking for some straight training? ISACA offers four-day training courses around the
country surrounding a variety of topics. Take a trip and learn something new!
Don’t have time for all that travel? Try one of ISACA’s virtual conferences! The latest
covers cybersecurity for the enterprise environment and will earn you 5 free CPE!!!
Travel AND time-constrained? Check for free webinars with ISACA that are short and
sweet ways to earn that extra hour of CPE.
Tanya Baccam of Baccam Consulting has a number of IT Audit training opportunities being offered in the near future here in Dallas! Coming February 2016 – CISSP in Dallas, TX
Click here for more information. Coming March 2016 – IT Foundations in Dallas, TX
Click here for more information. Coming April 2016 – Auditing Active Directory and Windows in Dallas, TX
Click here for more information. Coming May 2016 – Auditing Oracle Databases in Dallas, TX
Click here for more information. Coming July 2016 – Auditing Web Applications in Dallas, TX
Click here for more information. Coming September 2016 – Auditing UNIX/Linux in Dallas, TX
Click here for more information.
These courses offered by Baccam Consulting provide an excellent way to develop your IT audit skills and receive CPEs via NASBA at the same time. If you have questions, you can contact Tanya at [email protected] or go to www.securityaudits.org/events.html.
7
2015-2016 ISACA North Texas Coordinators
P A G E 7
T H E P A S S W O R D
2015-2016 ISACA North Texas Board of Directors
Position Volunteer Affiliation E-mail Address
President Laurie Flandrau GM Financial [email protected]
Secretary Eric Ballantyne General Datatech, L.P. [email protected]
Treasurer Chris Jordan D.R. Horton [email protected]
VP Programs Carol Barke Barke & Associates, LLC [email protected]
VP Education Iddah Wangondu Alliance Data [email protected]
VP Facilities Doug Gorrie Vendor Resource Management [email protected]
VP Communications Brittany George Weaver [email protected]
VP Membership Austin Browning State Farm [email protected]
VP Certification Kyle Wess EY [email protected]
1st Past President Greg Streder General Datatech, L.P. N/A
2nd Past President Marvin Reader Coalfire Systems N/A
3rd Past President Sue Pagel University of North Texas N/A
Position Volunteer Affiliation E-mail Address
Assistant Treasurer Sowmitha Kalyan EY [email protected]
Education Coordinator Roshan Pulikkiel City of Garland [email protected]
Education Coordinator Raveen Bhasin Weaver [email protected]
Certification Coordinator Dariel Dato-on EY [email protected]
Certification Coordinator Sean McAloon Crowe Horwath [email protected]
Academic Relations Coordinator Jose Lineros University of North Texas [email protected]
Reservation Coordinator Leslie Norwood Ocwen Financial Corporation [email protected]
Newsletter Coordinator Ian Connors Crowe Horwath [email protected]
Website Coordinator Jeff Kromer UT Southwestern [email protected]
Marketing Coordinator Shirley Walker Bank of America communications@isaca-
northtexas.org
Marketing Coordinator Neha Patel Weaver communications@isaca-
northtexas.org
Chapter Photographer Zac Taylor Grant Thornton [email protected]
Jobs Coordinator Joe McKeman IBM [email protected]
CPE Compliance Coordinator Lisa Bartsch Capital One [email protected]
Volunteer Coordinator Eryn Shields GM Financial [email protected]
8
T H E PA S S W O R D
ISACA North Texas Events Policy 10/24/14
The ISACA North Texas Chapter offers three types of fee based programs: Chapter Monthly Meetings, CISA® and CISM® Review Courses, and Seminars. The chapter strongly encourages advance registration and payment for all events, as this reduces chapter expenses and the capacity for many of our events is limited due to the size of the event locations. Therefore, seats may not be available on the day of the event for walk-up registrants. The following table summarizes the chapter's payment and cancellation policies: Payment Policy All advance, online event registration payments will be made through CVENT. For advance, online
registrations, payment is accepted via Visa, MasterCard, American Express, Discover and PayPal. Advance registrations will not be accepted after the time noted above unless otherwise noted in online event
details. For Pay at Door registrations, credit card via Cvent, check, cash or Paypal payment at the door is required. For walk-in registrations, credit card via Cvent, check, cash or Paypal payment is required. Cancellation and Refund Policy The North Texas Chapter of ISACA (ISACA NTX) strives to provide appropriate facilities for meetings, seminars and certification review classes. Since facility providers and/or speakers require advance notice and financial commitment, ISACA NTX must balance those obligations against our members’ periodic need to cancel a reservation based on job requirements, illness or other circumstances. Upon receipt of e-mail notification to [email protected], ISACA NTX will refund prepaid fee according to the following deadlines:
Monthly Program Meetings - cancellations must be received by 6:00 PM three days prior to the meeting. Certification Reviews - cancellations must be received at by 6:00 PM eight days before the first class. Seminars - cancellations must be received by at least one week prior to the first day of the seminar. If
unusual cancellation terms are required based on speaker and/or venue, details will be included in the online event details.
Attendee substitution is permitted at any time until the event by contacting the Registration Coordinator at [email protected] and is subject to any additional charge for non-member fees. Cancellations and refund for advance registrations are allowed if cancellations are submitted to [email protected] by the deadline noted in the table above. Advance registrants who do not attend the event or do not cancel by the date noted in the table above are not eligible for a refund. Attendee substitutions are permitted at any time until the event, subject to any additional charge for non-
member fees. Inquire with Chapter Registration Coordinator at [email protected].
-->Please see Page 7 for table that summarizes payments & cancellations policy<--
P A G E 8
9
Current Career Opportunities P A G E 9
The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August through June. It is objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of
ideas. Statements of position or expressions opinion appearing herein are those of the authors and not, by the fact of publi-cation, necessarily those of ISACA or the North Texas Likewise, the publication of any advertisement is not construed
to be an endorsement of the product or service offered unless specifically
Copyright 2015 ISACA North Texas Chapter
all rights
Questions? Comments? Corrections? Please advise us at [email protected] T H E P A S S W O R D
Job Title Company Location Category Career Level Post Date Exp. Date
Remediation Lead HPE USA Permanent Non-Management 9/23/2015 12/31/2015
Investigative Lead HPE USA Permanent Non-Management 9/23/2015 12/31/2015
Senior Internal IT Auditor I Blue Cross Blue Shield Richardson, TX Permanent Non-Management 9/29/2015 12/18/2015
Senior Internal IT Auditor I Blue Cross Blue Shield Richardson, TX Permanent Non-Management 9/29/2015 12/18/2015
Senior Internal IT Auditor Harris & Dickey, LLC Dallas Permanent Non-Management 10/1/2015 11/13/2015
Senior Internal IT Auditor Harris & Dickey, LLC Dallas Permanent Non-Management 10/1/2015 11/13/2015
Compliance Auditor Think Finance Fort Worth /
Addison Permanent Non-Management 10/6/2015 12/1/2015
IT Audit Program Manager The University of Texas
System Austin TX Permanent Management 10/7/2015 11/15/2015
Oracle GRC Practice Director Oracle Independent
Consultants (OIC) Any City, USA Internship Non-Management 10/22/2015 12/31/2015
Sr Privacy/Security Consultant -
DSS IT Audit Management Resources -
Robert Half
Plano/Frisco,
Texas
Temp/
Contract Management 11/2/2015 11/20/2015
The following table summarizes the chapter's payment and cancellation policies: Policy Chapter Monthly Meetings CISA or CISM Review Courses Seminars
Payments Advance registration payments accepted
Credit Card** (Visa/MC/AMEX/Discover) and PayPal**
Credit Card** (Visa/MC/AMEX/Discover), PayPal**, Check, and Purchase Order (Invoice payment must be received by the pre-registration deadline)
Credit Card** (Visa/MC/AMEX/Discover), PayPal**, Check, and Purchase Order (Invoice payment must be received by the pre-registration deadline)
Advance registration cutoff date
6:00 PM three days before the event (May be earlier if a joint event with another organization that requires earlier registration counts)
6:00 PM eight days before the first class.
6:00 PM two weeks prior to the first day of the seminar.
Walk-in registration payments accepted
Cash, Check, Credit Card** (Visa/MC/AMEX) and PayPal**
All attendees must pre-register for this event. Walk-in registration is not permitted.
All attendees must pre-register for this event. Walk-in registration is not permitted.
Cancellations
Cut-off date for cancellations
6:00 PM three days prior to the event.
6:00 PM eight days before the first class.
At least one week prior to the first day of the seminar.
Substitutions permitted for cancellations after cutoff date?
Attendee substitution is permitted at any time until the event, subject to any additional charge for non-member fees. Inquire with Chapter Registration Coordinator at [email protected]
Attendee substitution is permitted at any time until the event. Inquire with Chapter Registration Coordinator at [email protected]
Attendee substitution is permitted at any time until the event, subject to any additional charge for non-member fees. Inquire with Chapter Registration Coordinator at [email protected]
**Credit Card and Paypal only if you register electronically via Cvent on the chapter website