Registration:
To register for these events, please click the following link: http://www.123signup.com/calendar?Org=isaca-chicago

September 8, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

This session on Data Analysis, Continuous Auditing/Continuous Monitoring within an Anti-fraud Framework will be presented by Don Sparks. For more details about the event, please check out the information through our registration site. Thank you.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

October 13, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

This session on Internal Control Implications of Middleware Technologies will be presented by Kumar Setty and Dr. George Thiruvathukal. For more details about the event, please check out the information through our registration site. Thank you.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

November 10, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

This session on Social Networking - Business, Compliance & Audit Implications will be presented by John Gatto. For more details about the event, please check out the information through our registration site. Thank you.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

December 8, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

This session on Emotional Intelligence will be presented by Julie Kowalski. For more details about the event, please check out the information through our registration site. Thank you.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

PAST MEETINGS

August 11, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

This session on Virtualization Security and Audit will be presented by Michael T. Housing, CISA, CISSP, CDP, ACDA, CIA, CFSA, CMA, CPA. Mike has over 30 years of experience in both public accounting and internal audit in the areas of information systems audit and assurance, information systems implementation, and financial audit.

This session will start with an enumeration of the risks, and related controls, that are both unique to a virtualized server environment and those that carry over from the physical server world which may be exacerbated in a virtual server environment. The starting point of any assessment is the organization’s standards. Sources (CIS, DISA, vendors) to help you create a standard appropriate for your situation will be discussed. Assessment tools applicable to metric gathering in a virtualized environment, including both free and commercial tools will be indentified. Examples of applying the assessment tools to examples (sprawl and configuration) will be demonstrated.

The Server Virtualization Assessment presentation is now available.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

July 14, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

The International Auditing and Assurance Board (IAASB) and the Auditing Standards Board (ASB) have recently approved new standards for reporting on controls at a service organization. The new standards will replace the current Statement on Auditing Standards No. 70 (SAS 70). The new reports will be known as Service Organization Control (SOC) reports.

This month's presentation will be hosted by Dave Palmer of KPMG, a member of the AICPA task force that wrote the new guidance for SOC reports. Participants will receive practical guidance on the new standards and comprehensive viewpoints from the standard setter's perspective.

The SOC_Reporting: The Standard Setters Perspective presentation is now available. Please send an email to Michael Podemski at mediadirector@isaca-chicago.org for a copy of the presentation.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

June 30, 2011

ISACA/ISSA Boat Cruise - IT Risk Management and IT Security
Location: Navy Pier - Odyssey
Time: 7:30 am to 5:00 pm (networking reception 2:30 pm to 5:00 pm)
Member early-bird discount has been extended … Register Early and Save!!!

Before April 30th, 2011, prices for ISACA or ISSA Members are:
Training session (5 hours CPE) and networking cruise: $125
Networking cruise only: $30

After April 30th, 2011, prices for ISACA or ISSA Members are:
Training session (5 hours CPE) and networking cruise: $150
Networking cruise only: $40

Non-Member & Guest prices are:
Training session (5 hours CPE) and networking cruise: $175
Networking cruise only: $40

Members-in-Transition, Full Time Student Members &
Retired Chapter Member prices are:
Training session (5 hours CPE) and networking cruise: $100
Networking cruise only: $25

CPE: 5 hours
Attendance at the training includes a complimentary breakfast, lunch and an afternoon networking cocktail cruise with hors d'oeuvres.

Learn about implementing and improving IT Risk Management and IT Security capabilities … network with friends and colleagues … enjoy breathtaking scenery aboard Chicago’s premier luxury vessel, the Odyssey.

Join us for our annual joint ISACA and ISSA training and networking event. This year, we are expanding the event to include a training portion prior to the networking cruise. We have several outstanding speakers lined up including:

• Robert Allen, Chief Information Security Officer (CISO), CNA Insurance
• Brett Colvin, Special Agent, Forensic Examiner, US Secret Service
• John B. Fowler, Senior Vice President and Director, Global Business Continuity, Physical Security, and Technology Risk, Northern Trust
• Tim Elliott, Accenture North American Banking Leader – Security and Risk
• John A. Gatto, Divisional Vice President, Health Care Service Corporation (HCSC)
• Michael A. Davis, Chief Executive Officer, Savid Technologies, Inc.
• Brad Pinne, Director, Navigant Consulting
• Kristofer Swanson, Managing Director, Navigant Consulting
• Ken Vander Wal, Partner, Ernst & Young (retired), ISACA International Vice President

In addition to the great line-up of speakers, we have several sponsors for the event including:

GOLD:

• HP www.hp.com
• WhiteHat Security https://www.whitehatsec.com/
• Deloitte http://www.deloitte.com/

• Navigant Consulting http://www.navigant.com/

The training will be held aboard the Odyssey, with a networking cocktail cruise on Lake Michigan to follow immediately after the training. We will be offering a discount to members who take advantage of our early bird registration period. There are a limited number of seats available at this training, so we encourage you to register today to secure your seat! !!

Click here to register today:https://www.123signup.com/register?id=vbspb

The Mobile Security presentation and the Trade Secret Theft presentation are now available. We will continue to post presentations once they become available.

June 9, 2011

Annual Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

Please join us for the Chicago ISACA Chapter's Annual General Meeting!

At this meeting, you will hear from several officers on the board as they discuss highlights from this past year, and focus on exciting plans for the 2011-2012 chapter year! You will also have the opportunity to meet next year's newly elected officers!

The 2011 Annual General Meeting presentation is now available.

In addition, we will be offering complimentary hors d'oeuvres and cocktails and a chance to network with friends and colleagues...We look forward to seeing you at this important meeting!

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

May 12, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

This session on Vendor Risk Management will be presented by Steve Gerschoffer and John Hanrahan of Crowe Horwath LLP. The presentation will focus on emerging risks and business drivers related to the increasing use of vendors in the business world. The presentation will cover:

• Business Drivers for Vendor Risk Management
• Real-Life Examples Affecting Various Industries
• Third Party Relationship Risks
• Techniques for Auditing Third Party Relationships

Registration: https://www.123signup.com/register?id=vmvhn

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

April 18-19, 2011

Two day Spring Seminar – IT Audit Bootcamp - SecureIT
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: Mon - Tues: April 18 - 19, 2011 08:00 AM to 5:00 PM
Cost:

• Members: $350
• Non-members: $450
• In-transition Rate: $100
• Students: $100

This seminar will give participants the knowledge necessary to understand and effectively evaluate controls in an information processing environment. It will outline and define basic technical concepts, and provide a risk-based approach for ensuring that adequate controls have been implemented. The seminar will incorporate guidance contained in leading industry standards, most notably the Control Objectives for Information Technology (COBIT), the Federal Information Systems Controls Audit Manual (FISCAM), and ISO 17799. It will begin at a very basic level and slowly progress into more complex technology issues that are prevalent in today’s information processing environments.

The seminar will consist of modules that address the core areas of IT risk. Each module will explain the objectives, risks, key controls, and primary audit procedures that can be used. You will leave this seminar with a solid knowledge of key technology concepts, and the foundation needed to audit these technologies and processes effectively.

Registration for the seminar is now open and when space is full, registrations will be closed. Send in your registration early while space remains open. ISACA-Chicago reserves the right to cancel the seminar and refund payments if a minimum number of participants are not registered by April 4, 2011.

For seminar full details, outline and registration click on the following link: https://www.123signup.com/servlet/SignUpMember?PG=1532762182300&P=153276200

Please email your status to Bob Pardon at bobpardon@aol.com for consideration of this offer. Limitations may apply. No refunds for cancellation will be made beyond the date of April 11, 2011. You may designate a substitute via email any time before the event.

April 14, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

Enterprise Risk Management (ERM) came into focus for Internal Auditors with the publication of the COSO ERM framework. Since then, there continues to be a vast proliferation of Risk Management specialties (technology, continuity, disaster recovery), sub-specialties (portfolio risk), professional guidance, regulatory mandates, industry standards and management consulting frameworks (think GRC) and it is difficult to figure out where is ERM in all this.

This session is presented by Adi Agrawal, Director, Enterprise Risk Management, CME Group who will help clear up some of the confusion and cover the following:

• Just starting/ early stage: Many companies are thinking about or getting started with ERM. The presentation will review the evolution of tools that bring us to our current day ability to manage risk and frame enterprise risk management. Many definitions exist, so what is the truth? How do you characterize risk and is it a point estimate or a gut feel or consensus?
• ERM program exists: If ERM exists in your enterprise, what does it do? We will review ERM infrastructure, process and value in the context of CME Group's ERM program. The presentation and discussion will illustrate components of the CME Group ERM program and share experiences, both things that work well and addressable challenges.
• What next: If you feel ERM is a robust and repeatable program in your company, then you probably wish to search for adding value to your program (incremental or quantum leap). There are a variety of considerations that may help. This presentation will help you answer questions such as, is your program working, is it adding value, how do you know, and what can you do.

Adi Agrawal leads ERM at CME Group, the world's largest and most diverse derivatives marketplace. Prior to this, he lead the Internal Audit team for CME Group and participated in the early stage build-out of the ERM program at CME Group. Before joining CME Group in 2005, Adi held leadership roles in management consulting, operations, technology and internal audit. During his career over the last 19 years, Adi has been an active student and practitioner across a spectrum of strategy and risk management disciplines. Adi has completed the Stanford University certificate in Strategic Decisions and Risk Management, has an MBA from University of Chicago Booth School of Business and an MS in Computer Science from SUNY Institute of Technology. He holds the CISA, CGEIT, CISSP, CIA, CFSA and CFE certifications.

The Part 1 and Part 2 presentations are now available.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

April 7, 2011

ISSA Chicago Chapter April Meeting
Location: Hamburger University, Classroom 226, 2715 Jorie Blvd., Oak Brook, IL 606523-2158
Time: 3:00 pm to 5:00 pm
Cost: Free

Meeting PCI DSS compliance is important, but it is also imperative to understand that compliance does not equal security: PCI DSS was intended to be the floor, not the ceiling. The emergence of cloud computing has added a new wrinkle to the ongoing efforts to improve data security. This presentation will discuss the factors that must be considered when securing data in the Cloud, and how next-generation tokenization protects data as it flows across systems while minimizing PCI compliance costs.

Ulf T. Mattsson, Chief Technology Officer of Protegrity, created the innovative architecture of the Protegrity database security technology. Prior to joining Protegrity, he worked 20 years at IBM in software development as a consulting resource to IBM's Research organization, specializing in the areas of IT Architecture and IT Security. He is the inventor of more than 20 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. He is a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security, ANSI X9, Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). Ulf received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden, and holds degrees in electrical engineering and finance.

Registration: http://www.eventbrite.com/event/1476996737/mcivte
Registration ends at 12:00 PM CDT on Wednesday, April 6th.

March 23, 2011

ISACA/IIA West Chapter Joint Training Session
Location: Crowe Horwath offices in One Mid America Plaza, Suite 700 Oak Brook, IL
Time: 8:30 am to 5:00 pm
Cost:

• ISACA & IIA Members: $100
• Non-members: $120
• In-transition Rate: $50
• Students: $50

Internal Audit needs to understand and prepare for the next major step in the evolution of technology and business collaboration – a change that eventually could have as much impact as the Internet. Cloud computing is not just a technological change. It will ultimately change the way organizations operate internally and externally. In the cloud computing world, merely having technology and robust application systems does not provide a competitive advantage. Computing power is destined to become a necessary utility like electricity and water. As cloud computing becomes part of the business mainstream, the number of individual data centers throughout the world will drop significantly. Instead, organizations will need to draw their competitive advantages from the employees who can best harness and adapt computing resources from the cloud to meet their organizations’ needs and business objectives.

When a major shift in the way business is conducted is on the horizon, critical questions must be addressed prior to making the decision to change. Although the answers will vary by organization, management should reach definitive and satisfactory answers for the following topics before embarking on their cloud journey.

Cloud Computing Topics:

• Cloud Computing Overview
• Benefits of Cloud Computing
• Potential Risks of Cloud Computing
• Key Management Questions
• Tactical Consideration

Afternoon Session: Panel Discussion

• Transitioning to a Cloud Computing Environment
• What we did
• What we should have done

Join us as we hear case studies and real life experiences from companies in various industries who have recently transitioned to a cloud computing environment. Come and ask questions, share your experiences and gain perspective on do’s and don’ts in implementing this major new technological approach!

Warren Chan, Principal at Crowe Horwath has overall responsibility for developing Crowe’s thought leadership and strategy for addressing risks and controls with the evolving paradigm of Cloud Computing. He has conducted seminars on Cloud Computing risk strategies at the 2010 annual National ISACA Security Conference. He was also a featured panelist for Compliance Week magazine in their 2011 forum on the topic of ‘Legal and Compliance Challenges with Cloud Computing.

Eugene Leung, Senior Manager at Crowe Horwath is developing Crowe’s risk thought leadership on emerging technology trends in cloud computing and a key collaborator in Crowe’s Cloud Assessment solutions.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

March 10, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

Join Heather Paquette and Tom Humbert for a discussion of cloud computing from an internal audit perspective including:

• Cloud benefits and risks
• Various Cloud Computing Models
• Cloud Lifecycle
• Auditing Cloud Arrangements

Please join Heather Paquette and Tom Humbert from KPMG’s IT Advisory practice, for a discussion of cloud computing from an internal audit perspective. The discussion begins with an overview of cloud computing including its benefits, risks, and various cloud models. The discussion then turns to an evaluation of cloud using the COBIT framework including the outsourcing lifecycle and the risks associated with each phase, and a discussion about auditing cloud computing arrangements.

Heather Paquette is a partner in the Advisory Services practice of KPMG LLP, where she serves as the Midwest leader for information technology in the external audit. Heather has over twenty years of information technology experience, focusing in information security, business continuity management, risk management and control. Heather also serves as a national lead for assessing the IT impacts of accounting policy changes and International Financial Reporting (IFRS) conversions. Heather has advised many clients regarding the security and control of cloud computing environments and currently serves as engagement partner for several clients who offer outsourced cloud computing environments. Heather began her career in information technology as a computer operator in the U.S. Air Force. Ms. Paquette has a Bachelor of Science degree in Accountancy from Southern Illinois University, graduating cum laude and an Associate of Applied Science in Information Technology from the Community College of the Air Force. Ms. Paquette is also a Certified Public Accountant (CPA) and a Certified Information Systems Auditor (CISA).

Tom Humbert is a Manager in the Chicago office of KPMG’s IT Advisory Practice. Tom has approximately nine years of experience providing IT attestation and advisory services to global clients. He has a strong background in accounting and is familiar with Service Organization Control Reports, the Systems Development Life Cycle, and cloud computing. Tom has substantial experience leading and coordinating IT advisory engagements across several industries, with a focus on the healthcare, consumer products, and diversified industrials sectors. Mr. Humbert has a Bachelor of Science and MBA from Indiana University’s Kelly School of Business. Mr. Humbert is a CPA and a CISA.

The presentation is now available.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

March 8, 2011

ISACA/IIA NW Chicago Chapter Joint Training Session
Location: Allstate in Northbrook, IL
Time: 8 am to 12 pm
Cost: $50 for members; $20 for members-in-transition, students, and retirees.
CPE: 3.5

Cloud Computing has been described as “the ultimate form of outsourcing”. This refers to the fact that moving into the cloud allows the enterprise to outsource or rent Infrastructure, IT services, or application software or any combination of these.

Although the Cloud model has the allure of potential cost savings and speed to market, CIOs and auditors express concerns about several issues, first and foremost being security.

The training session will be led by: Phil Lageschulte - Partner - KPMG Advisory Services and Rob Barrett Director - KPMG Business Effectiveness Advisory Services The morning session will conclude with an hour facilitated panel discussion with representation from KPMG, Allstate and other local companies.

In this meeting, you will learn about:

• Overview of the Cloud
• Platforms and Deployment Models
• Business Enablement by the Cloud: Demonstration of a Cloud Solution
• Challenges to Successful Deployment
• Risks and Mitigation Strategies
• Facilitated Panel Discussion

About our speakers

Phil Lageschulte is a partner with KPMG’s Advisory Services practice. Mr. Lageschulte is a member of ISACA’s Guidance and Practice Committee, a member of the ISACA Cloud Strategy Task Force, and is current leading an ISACA Task Force to author a book on Cloud Computing. Mr. Lageschulte has also served on the ISACA Conferences and Education Board, presented various ISACA local chapter and global events, and co-authored ISACA’s book on IT Control Objectives for Sarbanes Oxley. He is the Global Service Line Leader for KPMG’s IT Internal Audit Services practice and is also a member of KPMG’s Global Cloud Steering Committee. Phil has spent his entire career working with companies in the insurance industry. He has 22 years of experience providing information technology consulting and attestation services to clients across a variety of industries including insurance, healthcare, distribution, consumer retail, and data services. Mr. Lageschulte spent the first eleven years of his career with KPMG performing a variety of audit related services within KPMG’s insurance audit practice. Over the last eleven years of his career he has advised clients in managing the business risk related to technology including security, business continuity, ERP implementations, IT Audit, IT Governance, Sarbanes-Oxley, and technology attestation. Mr. Lageschulte has an MBA in Strategy and Technology Management from Northwestern University and a BS in Accountancy from the University of Illinois. Mr. Lageschulte is a Certified Public Accountant (CPA) and Certified in Governance of Enterprise IT (CGEIT).

Rob Barrett is a Director in KPMG’s Business Effectiveness Advisory practice with more than 13 years of business advisory and industry experience. Mr. Barrett is also a member of KPMG’s Global Cloud Steering Committee and leader of a track responsible for thought leadership surrounding business transformation enabled by cloud technologies. Mr. Barrett has significant experience deploying cloud solutions in support of global transformation efforts and is considered a thought leader in supply chain process management, partner integration, and business transformation enabled by cloud. His most recent efforts have centered around supply chain transformation and helping companies to improve supply continuity and reduce operating expenses across a variety of processes including vendor managed inventory, automated replenishment, collaborative planning, automated procurement, manufacturing visibility, outsourced manufacturing, and buy-sell procurement. Mr. Barrett has been a key member of more than 20 large enterprise transformation programs with leading companies in high tech, aerospace & defense, and logistics. Mr. Barrett has a BS in Chemical Engineering from the University of California, Los Angeles.

Registration: https://www.123signup.com/register?id=vbpyt

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

February 21-26, 2011

SANS is pleased to announce we are running one of our new best-selling courses, Network Forensics in Chicago from February 21-26. Take advantage of this training opportunity in your area and save $400 when you register before January 19. ISACA members receive an additional 10% off tuition – see below for discount code! For complete details please visit (https://www.sans.org/chicago-2011-cs).

Event Details
What: SANS Forensics 558: Network Forensics
Instructor: Alan Ptak
Location: Sheraton Suites O'Hare
6501 North Mannheim Road
Rosemont, IL 60018 USA
Cost: $3,185* through January 19, 2011,
https://www.sans.org/chicago-2011-cs/tuition.php
*ISACA members receive an additional 10% off tuition by entering discount code ‘COINS10’ at the time of registration. Discounts cannot be applied once registration is complete.
For Group Discounts or to Request a Class in your Area contact community@sans.org.
CPE: 31.5 hours
GIAC Certification: GIAC Certified Incident Handler (GCIH) Department of Defense Directive 8570.1 compliant course, (http://www.giac.org/8570).

*********************************************************************
THE COMMUNITY SANS ADVANTAGE (http://www.sans.org/info/41114)

The Community SANS format offers the most popular SANS courses in your local community at a reduced tuition fee. This class has been selling out in other locations so be sure to register early to avoid disappointment.

The small class size also makes it much easier for you to network with your professional peers throughout the six course days, as you get ready to Capture the Flag on day 6. Your fellow students will also form part of your infosec network as it grows. Professionals don't work in isolation -- we all learn more by working with and sharing ideas with a coach and colleagues.

SANS promises that you will be able to use what you learn in the classroom as soon as you return to the office. Does this sound like the kind of training that would help you to be more effective in your job combating Cyber Crime and doing your best to provide a secure networked environment for your organization? Then register today to join us in Chicago by visiting (https://www.sans.org/chicago-2011-cs).

Please contact ahogan@sans.org if you have any questions, and thank you for your continued participation in the SANS community.

See you in Chicago!

February 10, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

Join Trusteer and ISACA to get up to speed on Zeus and its focus on attacking enterprises. Wayne Johnson, Trusteer’s Central Regional Sales Manager at a 50,000 foot level will talk about new malware that's attacking the financial sector.

In this meeting, you will learn about:

1. The current king of malware - Zeus, its latest version and new features
2. Attacks on the enterprise - how Zeus purposefully bypasses SSL-VPN
3. New malware discovered and how they can impact you
4. Mitigating malware attacks - tools and tips

Trusteer Rapport secures online financial transactions (Online Banking, ACH, Wire transfers,etc) and employee machines against online theft and fraud due to PC/Macintosh based malware. Trusteer Rapport secures online financial transactions from malware. The FDIC has identified malware as one of the top 5 security issues for banks.

Wayne Johnson had been the President for the Chicago Chapter of the Information System Security Association for the past 4 years, and an active multiple association board member for over 10 years. Wayne’s been in the information security vendor channel since 1996 and information technology since 1982. His experience has brought a common sense approach to technology and career development. Wayne’s also spoken at many companies on career development and helping people with the process in finding the right career.

Registration: https://www.123signup.com/register?id=vmvnf

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

January 13, 2011

Monthly Chapter Meeting
Location: Conference Center at UBS Tower - Michigan Ballroom, One North Wacker Drive, 2nd Floor
Time: 3:00 pm to 5:00 pm central
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

John Gatto, Divisional Vice President, IT Audit & Advisory Services at Health Care Service Corporation (HCSC) will discuss the various risks that IT organizations face, how organizational and IT risks are related, and the components of a risk management model.

Also covered are the components and scope of a risk assessment along with detailed steps on what the auditor should look for.

1. Understanding IT organization risks
2. How to perform a risk assessment
3. Various reporting vehicles

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA–Chicago Chapter’s cancellation policy for more information.

December 17, 2010
ISACA Lunch & Learn Holiday Event: "Building a Social Media Risk Management Program"

“You can either get on the social bus or your can get dragged behind it, your choice” CIO Magazine, October 18, 2010
The Social Media Revolution is here. Facebook has skyrocketed in a short time period to 500 million users, half of which log on every single day. Companies are leveraging the vast power of social media for marketing, recruiting, and to monitor their brand image. Employees may be accessing Social Network sites from company owned equipment. In this session you will learn:
--Defining the Social Universe: The power of social networking and social media
--Understanding Risks: The risks of social media
--Taking Action: Steps that you and your organization can take to mitigate the risks of social media

***Lunch will be served immediately following the event at Ditka's Restaurant, on the first floor of One Mid America Plaza.***

Registration Link: https://www.123signup.com/servlet/SignUpMember?PG=1532762182300&P=153276200

The presentation is now available.

December 9, 2010
December Training Session: ISACA/IIA Joint Training Event and Holiday Networking Reception

The Chicago Chapters of the IIA and ISACA are pleased to present the 2010 Annual Holiday Celebration.

Please join us for an elegant afternoon of networking and holiday cheer. We are extremely excited to welcome Mr. Richard (Dick) Anderson as our keynote speaker, an acclaimed scholar on the subject of corporate governance and internal audit.
Dick will discuss the topic, "The 10 Greatest Challenges the IA Profession Faces in the Next Two Years." He will draw from recent IIA GAIN surveys, roundtables conducted by The IIA's Audit Executive Network, other recent publications, and feedback from internal audit leaders across the country to highlight current issues impacting the internal audit profession, and practical lessons learned to help respond to these issues. This will be an outstanding discussion, so don't miss out, and register today!

Location: UBS Tower (training) and 1 North Kitchen (reception)
Agenda:
1:00 - 1:30 registration
1:30 - 3:30 Presentation (90 min plus 30 min Q&A)
People depart and head downstairs to 1 North Kitchen
Networking Reception 3:45 - 7:00 pm
CPE Hours: 2
Members, Students, Retired Members, and Members in Transition: $40
Non-Members: $75
Registration Link: https://www.123signup.com/register?id=vqhyn

The presentation is now available.

December 2nd and December 3rd, 2010
Fall Annual Seminar: Hidden Secrets From IT Auditors
Location: UBS Tower
Time: 8:00 am to 5:00 pm
Cost: The cost for this seminar is only $300 for members and $75 for students.
CPE: 15 hours

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA ISACA–Chicago Chapter’s cancellation policy for more information.

November 11, 2010
Title: Beyond Reactive: Leverage Forensics to Increase Security and Auditability presented by Andrew Hoog, Owner of viaForensics
Location: UBS Tower
Time: 3:00 pm to 5:00 pm
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA ISACA–Chicago Chapter’s cancellation policy for more information.

October 18, 2010
October Training Session: ISACA/IIA Joint Training Event: “IT Governance, Risk & Compliance"

Registration is now open for our October training session that we will be hosting with the IIA on Monday, October 18th, 2010. This full day seminar will be held at DePaul’s new state of the art campus near O’Hare with easy access by car or CTA.

Time: 7:00 am to 8:00 am for registration --- 8:00 am to 5:00 pm for the training session
Location: DePaul University , O'Hare Campus, 8770 W. Bryn Mawr Avenue ( Triangle Plaza , Cumberland L Stop on the Blue Line)
Cost: ISACA and IIA Members – $125; IIA Retirees, Students, Educators and Unemployed – $75; Non-Members – $200
CPE: Eight (8) hours

About the Seminar
This full day seminar will be held at DePaul’s new state of the art campus near O’Hare with easy access by car or CTA. We are pleased to welcome several notable speakers including: Jim Woo, Senior Manager, Internal Audit, Kraft Foods; Dr. Janine Spears, Assistant Professor, College of Computing and Digital Media, DePaul University; Tim Elliott , North American Banking Leader, Accenture; Daniel Frank, Senior Manager, Security & Privacy Services, Deloitte & Touche; Sarah Buerger, Director of Information Security Governance, CNA Insurance; and, Tom Drzich, Senior Manager KPMG.

Specifically, this seminar will examine the following topics:

• IT Governance | A starting point for risk management and compliance
• Survey of IT regulatory and compliance emerging focus areas
• Understanding and monitoring IT risks
• IT risk management priorities for Management and the Board | A Panel Discussion

October 14, 2010
Title: Unix Security presented by Kumar Setty, IT Audit Manager from Solo Cup
Location: UBS Tower
Time: 3:00 pm to 5:00 pm
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA ISACA–Chicago Chapter’s cancellation policy for more information.

October 7, 2010
Title: Verizon’s 2010 Data Breach Investigations Report (DBIR) presented by David Ostertag, Global Investigations Manager, Investigative Response, Verizon Business
Location: Downers Grove, IL
Time: 3:00 pm to 5:00 pm
The Chicago ISSA Chapter has extended an invitation to ISACA Chicago members regarding an upcoming seminar, hosted by Verizon

Registration: Click the following link for more information and registration details: http://issachicagooct2010.eventbrite.com/

September 9, 2010
Title: The Risk Behind the Silver Lining: What Cloud Vendors Don't Want You to Know
Location: UBS Tower
Time: 3:00 pm to 5:00 pm
Cost: Free for members; $25 for non-members and guests
CPE: 2 hour

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA ISACA–Chicago Chapter’s cancellation policy for more information.

August 30, 2010
Title: Emerging Practices Around Continuous Auditing and Risk Monitoring
Location: Discover Financial Services, 2500 Lake Cook Road, Riverwoods, IL
Time: 11:00 am to 1:00 pm
Cost: Free for members; $25 for non-members and guests
CPE: 1 hour
Other: Lunch will be served. Due to space restrictions, early registration is suggested.

Registration: http://www.123signup.com/calendar?Org=isaca-chicago

You must notify Douglas Ochab, ISACA–Chicago Chapter Media Director, info@isaca-chicago.org, in the event you must cancel. Please refer to ISACA ISACA–Chicago Chapter’s cancellation policy for more information.

August 12, 2010
IT Audit's Role in Segregation of Duties Continuous Monitoring and Analysis
We are excited to have Eugene Leung, Senior Manager, and Nathan Anderson, Manager, Crowe Horwath LLP join us for our August Chapter Meeting. They will be leading us through the following discussion. Segregation of duties (SOD) is a key concern for most organizations and tools to effectively address them has been a challenge for internal audit departments due to the prerequisite expertise over business processes and business system security configuration. Additionally, there is a significant challenge for organizations to collect data, develop reporting and analyze the information across multiple critical applications in the organization. In this month's meeting, we plan to address both of these challenges with project-based examples and application-specific scenarios. We will review and discuss how IT auditors can best assist with and perform a risk-based SOD review that is deep enough to satisfy compliance requirements and fraud concerns while remaining reasonable in scope.

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

June 25th, 2010
4th Annual Spirit of Chicago ISACA Networking Dinner Cruise

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

May 21, 2010
Several seats remain open for our May 21st Lunch & Learn program. David Nolan, CEO of Fusion Risk Management, Inc. will join us for a presentation at DePaul's Naperville campus, titled, "The Benefits of Creating and Managing an IT & Operational Risk Management Program."

May 13th
Virtualization and Cloud Computing: Risk versus Reward
Virtualization is not a “set it and forget it” technology. It requires the same and more security controls than a physical system. This collaboration aims to enable IT and security professionals to identify and solve security problems within virtualized computing environments. Specifically, attendees should depart with a working knowledge of virtualization, an ability to recognize the security concerns associated with the technology, and a competency to identify and apply controls when assessing/auditing a virtual network. An overview of virtualization security vulnerabilities including examples of struggles experienced by organizations (e.g. segregation of networks, virtual firewalls, auditing & logging) and options for mitigation, along with controls to verify during an assessment will be discussed in detail. In addition, the session will explore the use of virtual security hardware, offline guests, encryption, hypervisor access, and the movement of workloads.

Cloud computing is a rapidly growing set of technology products and application capabilities delivered as a service through the Internet. It refers to both the applications delivered as services, and the hardware systems in the third-party data centers. The data center hardware, software and connecting networks make up what is called the “cloud”. New technology services such as cloud computing often lack clear standards or appropriate security practices and controls. Companies subscribing to cloud computing services will face challenges in securing both physical and logical infrastructure. This has the potential to expose the organization to potential negative financial impacts from fraud, data breaches or critical application failures and downtime. This talk will define cloud computing, identify delivery models, assess the risks and discuss security and controls of cloud computing. Specific control issues including vendor service levels, information security and the location, segregation, backup and recovery of data will be covered.

Speaker Bio:
Christopher Olson is an IT Security Architect with the Federal Reserve Bank of Chicago with 26 years of computer industry experience. Chris has been in technology and management roles and has been concentrating on Information Security risk for the last 16 years. Prior to joining the Federal Reserve in 2006 Chris was consulting to Wachovia Bank. Chris has worked with Microsoft, McDonald’s, Coke-Cola, and other Fortune 500 companies to establish effective security programs through better risk identification. Chris carries numerous industry certifications.

Paul Meynen works for Deloitte & Touche in its Security & Privacy practice as a consultant. He has consulted to a broad array of clients in the government, retail, travel, insurance, and utility industries. His five years of experience includes conducting security investigations, performing vulnerability assessments of Windows and network environments, developing vulnerability management programs, implementing and deploying Intrusion Prevention System (IPS) technology, and developing information and network security policies (using ISO 27002, NIST, and NERC CIP). Paul is actively involved in virtualization security at Deloitte and has spoken previously on the topic.

April 8th, 2010
The Case for Database Activity Monitoring
In 2010 databases, which typically contain an organization’s most sensitive data, were the primary source of breached data. Although most organizations have deployed a variety of perimeter defenses, statistics show this approach is inadequate. In this month’s meeting we’ll review the issues surrounding securing databases, including common threats, typical weaknesses found in database controls and questions an auditor should ask their clients.

Speaker Bio:
Al Cooley – Director, Guardium, an IBM Company

Al Cooley has broad software and security industry experience with start-ups like Industrial Defender, as well as public companies like Tele Atlas. His articles and lectures on topics including industrial cyber security, HIDS and UTM technologies have appeared in a variety of media. Al holds a MBA from Michigan, a BS from WPI and has conducted advanced studies in Computer Engineering at BU.

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

Dear Chapter Member:

We are excited to announce a number of training and networking opportunities! First, don’t forget to take advantage of our early bird discount for our Managing Your Career in an Uncertain World series on March 13th and March 20th at UBS Tower. A limited number of members who sign up for this training event by March 5th will receive a discount. Please note, we have extended the early bird deadline and reduced the discount for this training to $75. If you have already registered, we will credit your account. This is an exciting program that is designed to help you advance your professional career goals. Eight CPE credits are available for this training series.

Monthly Chapter Meeting — Thursday, March 11th | 2 CPE credits … Members Attend for FREE!
Next, for our March Chapter Meeting, we are pleased to welcome Caroline R. Hamilton, President of Risk Watch International, a leading security risk assessment expert. Ms. Hamilton will be speaking to us about the topic: “Understanding Risk Assessment as a Business Process in an International Threat Environment” to our March 11th ISACA Chicago Chapter meeting from 3:00 to 5:00 pm at UBS Tower. This presentation will show how to develop and manage an effective security risk and compliance assessment program, based on metrics, and by combining elements of both information and corporate security programs.

To register for these events, please click the following link: http://www.123signup.com/calendar?Org=isaca-chicago

Lunch & Learn Series — Friday March 5th, 19th and 26th | 1 CPE credit per session … Members Attend for FREE!
We are also excited to announce a new program designed to supplement our monthly chapter meetings. We are planning to offer a Lunch & Learn Sessions on a periodic basis throughout the Chicagoland area. Chapter member and volunteer, Michael Krutzsch will be working hard to make sure this is a highly successful series.

Typically, these events will be held on Fridays from 11:00 am to 1:00 pm and will be limited to 40 attendees. We are delighted to start the series off with three outstanding speakers who will be presenting on the following topics:

March 5th — Stephen Gierach, President, Executive Compumetrics, Inc. – “Securing Intellectual Property – A Step-by-Step Process” – DePaul University, DePaul Center, 1 E. Jackson

March 19th — Janine L. Spears, Ph.D. – “Harnessing Opportunity from Regulatory Compliance” – DePaul University, DePaul Center, 1 E. Jackson

March 26th — Clint Pollock, Senior Solutions Architect at Veracode – “Protecting Your Applications from Backdoors: How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data Breaches“ – Maggiano’s Little Italy, 1901 E. Woodfield Rd., Schaumburg, Illinois

OTHER TRAINING AND NETWORKING OPPORTUNITIES:
ISACA’s North America Computer Audit, Control and Security (North America CACSSM) Conference is open for registration. This year, the conference will be held in Chicago from April 18th to the 22nd at the Hyatt Regency downtown. Immerse yourself in an environment that stimulates learning. Network with an unmatched group of peers. Return to the office, motivated to improve the organization and immediately apply the information you learned. Cynthia Cooper, an internationally recognized speaker on ethical leadership, will serve as keynote speaker, discussing the current economic crises and recent scandals. She was named one of Time magazine’s Persons of the Year in 2002 and is one of only seven women who have ever received that distinction. For more information about this event, including a link to registration, please click here.

The Chicago Chapter of the Institute of Internal Auditors is celebrating the 50th Anniversary of their Annual Seminar on Monday, April 19th and would like to invite ISACA Chicago Chapter Members to share in this milestone celebration. For this year only, ISACA members can register at the IIA Member registration rates. ISACA Members will save $100 per registration. Register now and take advantage of the early registration rate which is available until Friday, March 19th. To receive IIA member pricing during registration, ISACA members need to enter the code ISACA2010 in the space provided for Membership Number. For more information regarding this event, please click here.

In addition to these events, be on the look out for additional training and networking opportunities – cloud computing and virtualization, Spirit of Chicago Annual Boat Cruise, Arlington Park Race Track, career transition coaching, and more …….. Also, have you joined our LinkedIn Group "Chicago ISACA Chapter" yet? Please click here to join now!

Please note: if you are interested in speaking at an upcoming chapter meeting, or lunch & learn program, please contact either Jim Enstrom or Tom Humbert.

Detailed information about these upcoming events, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

Dear Chapter Member:

We have re-scheduled our Managing Your Career in an Uncertain World (8 CPEs) series to March 13th and March 20th at UBS Tower. These training opportunities are designed, for those who are currently employed, to help you take you career to the next level by learning techniques to take control of and contribute and ultimately achieve more in your career. You will learn how to create more value for your company by using relationship-building tools in internal and external markets. You will learn how to establish your personal relationship-building plan with accountability and clear action steps. Lastly, given the importance of social media in today’s business environment, you will find out how to use social media to build your personal brand and to tap into resources and networking channels to add value to you and your company. Career Coaches and Trainers Sara Schiffer, Kirsten Zalik and the Founder of the Social Media Club of Chicago, Barbara Rozgonyi will be presenting this exciting a series of sessions. We are offering an early bird discount – a limited number of members who sign up for this training event by February 24th will receive a discount. Hurry … space is limited so register today!

Please note: if you are interested in speaking at an upcoming chapter meeting, or lunch & learn program, please contact either Jim Enstrom or Tom Humbert.

Detailed information about these events, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

SPEAKER NOTES:

Sara Schiffer is a Certified Professional Coach, professional instructional designer, and CPA, whose clients say she inspires them to find the perfect career fit. She has been using coaching and adult learning techniques in companies and the community to enhance personal and professional growth for six years, and managed IT audit and training teams at PricewaterhouseCoopers for 5 years. Sara focuses on communication, teamwork and leadership development using seminars and coaching on a group- and one-on-one. In addition to her management and training background, she has been keynote speaker at associations and career development organizations. Sara is VP of PR for Platinum Toastmasters and a former Director on the Board of the Chicago Chapter of ISACA. She was honored with the Team Chairman’s Award at PricewaterhouseCoopers for educating the team beyond expectations and relishes the opportunity to help accounting and IT audit professionals succeed. She graduated Magna Cum Laude from the University of Maryland, College Park, with a degree in Accounting and a focus in Computer Science.

Kirsten Zalik is a Certified Professional Coach with expertise in Career Coaching, Resume Creation, Interviewing, Networking and Salary Negotiations. Her background includes over ten years experience in Talent Management, working for organizations such as Hewitt, Accenture and the Federal Reserve Bank of Chicago. In addition, as an independent contractor, she spent four years teaching Career Management and Resume Writing courses at Right Management Consultants, an international outplacement and human resources consulting firm. From 2001 to 2005, Kirsten founded and managed "BNC Chicago," a networking group for professionals looking for new career opportunities. In her role as BNC leader, she was featured as a speaker on career topics at numerous networking events. Kirsten speaks Spanish, Portuguese, German and French and enjoys working with people from diverse backgrounds. She is a graduate of Georgetown University and earned an MBA from the University of Michigan's Ross School of Business.

Barbara Rozgonyi leads CoryWest Media, LLC, a Midwest-based strategic marketing consultancy founded in 1990. As publisher of www.wiredPRworks.com, Barbara reports on ways to wire marketing, social media and public relations together to grow business, build brands, and connect communities. The founder of Chicago’s Social Media Club chapter, Barbara is a keynote speaker and an educator on the topics of leadership, communications, marketing and change. Barbara earned her marketing degree at the University of Illinois at Urbana-Champaign.

We are pleased to welcome Alan Plastow, MAT, PMP to our February 11th, 2010 ISACA Chicago Chapter meeting from3:00 to 5:00 pm at UBS Tower. Mr. Plastow will lead us in a discussion regarding the topic ? Stop Losing Your Assets to Ineffective Technology Financial Management.

Topic overview - How would you stop the punitive external compliance enforcement auditors cold while improving the ROIC on IT goods and services? During this interactive discussion/seminar we explore the wide range of hidden traps and pitfalls of technology compliance assurance. We'll discuss proven methods for stonewalling the 26+ aggressive enforcement auditing groups that currently hunt your companies and/or clients (Hint: Up to $1,000,000 Whistle-Blower rewards). Once we've set the compliance audit assurance baseline, we'll explore supplier-neutral processes you can use to enhance the same cost-effective infrastructure to establish and grow a framework for serious IT environment life cycle savings. The following questions will be discussed in this session:

· Why are American SMEs the most frequently audited for copyright non compliance in the world?
· Why are American businesses the only ones on the planet subject to up to $1,000,000 software piracy Whistle-Blower rewards?
· What simple document management procedures could you implement to reduce non compliance exposure by as much as 80%?
· How can you help your company / clients reduce the existing technology spend by as much as 30% -- in only a few weeks?
· What single error to over 80% of enterprises make that results in over-spending on software by more than 60%?
· Why are we paying up to double for technology support and maintenance?

Alan Plastow, MAT, PMP, is a highly experienced resource for enterprises seeking to take control over the bloated costs and unnecessary risks of business technologies. Plastow has been the consistent voice of consumer rights in software licensing, compliance auditing & enforcement, and IT ROI value restoration since 1995. His globally delivered presentations and Knowledge Briefings provide supplier-neutral, cost-effective, and common sense solutions to an enormous range of real world IT infrastructure problems encountered by virtually every business. Plastow is an author, serial entrepreneur, and teaches project management at The University of Akron.

Plastow is the founder of “The Institute for Technology Asset Management”, “The Business Technology Consumer Network”, and the “Consortium for Technology Portfolio Management Excellence” (at Kent State University).

January 14th, 2010
Dear Member:
We are pleased to welcome Jan Hertzberg, Executive Director, Grant Thornton, and Vincent Concialdi, Director, Grant Thornton to our January 14th, 2010 ISACA Chicago Chapter meeting from 3:00 to 5:00 pm at UBS Tower. Mssrs. Hertzberg and Concialdi will lead us in a discussion regarding the topic ? SAS 70 and the Third Party Assurance Landscape.

About this Event
Issued in 1992, the Statement on Auditing Standards, No. 70 (SAS 70) serves as an important tool by which companies and their auditors can assess the strength of their third party service organizations’ internal control structure as it relates to the company’s financial statements. However, as companies continue to outsource an increasing array of business activities that affect their critical operations, the need for third party assurance continues to increase beyond the traditional financial statement scope limitations of SAS 70. The following questions will be discussed:

What are the key business drivers that are leading to the increased need for third party assurance? What are the various types of third party assurance products (i.e., SAS 70 Type I/Type II, Agreed-Upon Procedures Reports, WebTrust? and SysTrust?)? When do you use a SAS 70 vs. an Agreed-Upon Procedures and what are the related benefits? What are the components of a SAS 70 report and how do I read a SAS 70 report? What are subservice organizations and when should carve-out or inclusive methods be used? What are the various testing approaches used by public accounting firms? How can you derive value from a SAS 70 or assurance service?

A panel of public accounting and user organization professionals will discuss these and other questions related to SAS 70s and third party assurance services. They will also share insights into proposed SAS 70 changes currently under consideration by the American Institute of Certified Public Accountants (AICPA), key dates for review/approval of the new guidance and potential impact to user and service organizations. Attendees will receive two (2) hours of Continuing Professional Education (CPE) credit.

About the Speakers
Jan is an Executive Director in the Business Advisory Services (BAS) Practice of Grant Thornton’s Chicago office. He oversees the local Information Technology (BAS IT) group and directs Grant Thornton’s National Information Security and Privacy Task Force in the US. With over 25 years of experience, Jan has helped multinational companies in health care, banking, life sciences and telecommunications develop strong internal IT controls for enhanced reliability and regulatory compliance. He has served as concurring reviewer on numerous SAS70 attestations for both public and private companies. Jan is a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP).

Vince is a Director in the Business Advisory Services (BAS) Practice of the Grant Thornton LLP Chicago office. Vince has more than 17 years of auditing, consulting and industry experience, including 9 years with Grant Thornton. He currently leads many consulting, internal audit services and SAS 70 projects for a wide-array of publicly traded businesses with international operations. Vince has also worked with the National Practice Quality Review Team to review SAS 70s for compliance with Firm and Professional Standards. He has publicly spoken on many topics related to internal controls, governance, risk and compliance. He is a member of the Grant Thornton SAS 70 National Task Force. Vince is a Certified Public Accountant (CPA), Certified Internal Auditor (CIA) and Certified Information Systems Auditor (CISA).