Registration:
To register for these events, please click the following link: http://www.123signup.com/calendar?Org=isaca-chicago

May 21, 2010
Several seats remain open for our May 21st Lunch & Learn program. David Nolan, CEO of Fusion Risk Management, Inc. will join us for a presentation at DePaul's Naperville campus, titled, "The Benefits of Creating and Managing an IT & Operational Risk Management Program."

June 10th, 2010
On June 10th Ivar Alexander, who leads the software services practice at Fujitsu America, will join us for our monthly chapter meeting and will be presenting on "Process Visualization | The First Step for GRC | A Case Study." Click here to register for these outstanding training opportunities!

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

June 25th, 2010
4th Annual Spirit of Chicago ISACA Networking Dinner Cruise

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

August 12, 2010
IT Audit's Role in Segregation of Duties Continuous Monitoring and Analysis
We are excited to have Eugene Leung, Senior Manager, and Nathan Anderson, Manager, Crowe Horwath LLP join us for our August Chapter Meeting. They will be leading us through the following discussion. Segregation of duties (SOD) is a key concern for most organizations and tools to effectively address them has been a challenge for internal audit departments due to the prerequisite expertise over business processes and business system security configuration. Additionally, there is a significant challenge for organizations to collect data, develop reporting and analyze the information across multiple critical applications in the organization. In this month's meeting, we plan to address both of these challenges with project-based examples and application-specific scenarios. We will review and discuss how IT auditors can best assist with and perform a risk-based SOD review that is deep enough to satisfy compliance requirements and fraud concerns while remaining reasonable in scope.

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

PAST MEETINGS

April 8th, 2010
The Case for Database Activity Monitoring
In 2010 databases, which typically contain an organization’s most sensitive data, were the primary source of breached data. Although most organizations have deployed a variety of perimeter defenses, statistics show this approach is inadequate. In this month’s meeting we’ll review the issues surrounding securing databases, including common threats, typical weaknesses found in database controls and questions an auditor should ask their clients.

Speaker Bio:
Al Cooley – Director, Guardium, an IBM Company

Al Cooley has broad software and security industry experience with start-ups like Industrial Defender, as well as public companies like Tele Atlas. His articles and lectures on topics including industrial cyber security, HIDS and UTM technologies have appeared in a variety of media. Al holds a MBA from Michigan, a BS from WPI and has conducted advanced studies in Computer Engineering at BU.

Detailed information about this event, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

May 13th
Virtualization and Cloud Computing: Risk versus Reward
Virtualization is not a “set it and forget it” technology. It requires the same and more security controls than a physical system. This collaboration aims to enable IT and security professionals to identify and solve security problems within virtualized computing environments. Specifically, attendees should depart with a working knowledge of virtualization, an ability to recognize the security concerns associated with the technology, and a competency to identify and apply controls when assessing/auditing a virtual network. An overview of virtualization security vulnerabilities including examples of struggles experienced by organizations (e.g. segregation of networks, virtual firewalls, auditing & logging) and options for mitigation, along with controls to verify during an assessment will be discussed in detail. In addition, the session will explore the use of virtual security hardware, offline guests, encryption, hypervisor access, and the movement of workloads.

Cloud computing is a rapidly growing set of technology products and application capabilities delivered as a service through the Internet. It refers to both the applications delivered as services, and the hardware systems in the third-party data centers. The data center hardware, software and connecting networks make up what is called the “cloud”. New technology services such as cloud computing often lack clear standards or appropriate security practices and controls. Companies subscribing to cloud computing services will face challenges in securing both physical and logical infrastructure. This has the potential to expose the organization to potential negative financial impacts from fraud, data breaches or critical application failures and downtime. This talk will define cloud computing, identify delivery models, assess the risks and discuss security and controls of cloud computing. Specific control issues including vendor service levels, information security and the location, segregation, backup and recovery of data will be covered.

Speaker Bio:
Christopher Olson is an IT Security Architect with the Federal Reserve Bank of Chicago with 26 years of computer industry experience. Chris has been in technology and management roles and has been concentrating on Information Security risk for the last 16 years. Prior to joining the Federal Reserve in 2006 Chris was consulting to Wachovia Bank. Chris has worked with Microsoft, McDonald’s, Coke-Cola, and other Fortune 500 companies to establish effective security programs through better risk identification. Chris carries numerous industry certifications.

Paul Meynen works for Deloitte & Touche in its Security & Privacy practice as a consultant. He has consulted to a broad array of clients in the government, retail, travel, insurance, and utility industries. His five years of experience includes conducting security investigations, performing vulnerability assessments of Windows and network environments, developing vulnerability management programs, implementing and deploying Intrusion Prevention System (IPS) technology, and developing information and network security policies (using ISO 27002, NIST, and NERC CIP). Paul is actively involved in virtualization security at Deloitte and has spoken previously on the topic.

Dear Chapter Member:

We are excited to announce a number of training and networking opportunities! First, don’t forget to take advantage of our early bird discount for our Managing Your Career in an Uncertain World series on March 13th and March 20th at UBS Tower. A limited number of members who sign up for this training event by March 5th will receive a discount. Please note, we have extended the early bird deadline and reduced the discount for this training to $75. If you have already registered, we will credit your account. This is an exciting program that is designed to help you advance your professional career goals. Eight CPE credits are available for this training series.

Monthly Chapter Meeting — Thursday, March 11th | 2 CPE credits … Members Attend for FREE!
Next, for our March Chapter Meeting, we are pleased to welcome Caroline R. Hamilton, President of Risk Watch International, a leading security risk assessment expert. Ms. Hamilton will be speaking to us about the topic: “Understanding Risk Assessment as a Business Process in an International Threat Environment” to our March 11th ISACA Chicago Chapter meeting from 3:00 to 5:00 pm at UBS Tower. This presentation will show how to develop and manage an effective security risk and compliance assessment program, based on metrics, and by combining elements of both information and corporate security programs.

To register for these events, please click the following link: http://www.123signup.com/calendar?Org=isaca-chicago

Lunch & Learn Series — Friday March 5th, 19th and 26th | 1 CPE credit per session … Members Attend for FREE!
We are also excited to announce a new program designed to supplement our monthly chapter meetings. We are planning to offer a Lunch & Learn Sessions on a periodic basis throughout the Chicagoland area. Chapter member and volunteer, Michael Krutzsch will be working hard to make sure this is a highly successful series.

Typically, these events will be held on Fridays from 11:00 am to 1:00 pm and will be limited to 40 attendees. We are delighted to start the series off with three outstanding speakers who will be presenting on the following topics:

March 5th — Stephen Gierach, President, Executive Compumetrics, Inc. – “Securing Intellectual Property – A Step-by-Step Process” – DePaul University, DePaul Center, 1 E. Jackson

March 19th — Janine L. Spears, Ph.D. – “Harnessing Opportunity from Regulatory Compliance” – DePaul University, DePaul Center, 1 E. Jackson

March 26th — Clint Pollock, Senior Solutions Architect at Veracode – “Protecting Your Applications from Backdoors: How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data Breaches“ – Maggiano’s Little Italy, 1901 E. Woodfield Rd., Schaumburg, Illinois

OTHER TRAINING AND NETWORKING OPPORTUNITIES:
ISACA’s North America Computer Audit, Control and Security (North America CACSSM) Conference is open for registration. This year, the conference will be held in Chicago from April 18th to the 22nd at the Hyatt Regency downtown. Immerse yourself in an environment that stimulates learning. Network with an unmatched group of peers. Return to the office, motivated to improve the organization and immediately apply the information you learned. Cynthia Cooper, an internationally recognized speaker on ethical leadership, will serve as keynote speaker, discussing the current economic crises and recent scandals. She was named one of Time magazine’s Persons of the Year in 2002 and is one of only seven women who have ever received that distinction. For more information about this event, including a link to registration, please click here.

The Chicago Chapter of the Institute of Internal Auditors is celebrating the 50th Anniversary of their Annual Seminar on Monday, April 19th and would like to invite ISACA Chicago Chapter Members to share in this milestone celebration. For this year only, ISACA members can register at the IIA Member registration rates. ISACA Members will save $100 per registration. Register now and take advantage of the early registration rate which is available until Friday, March 19th. To receive IIA member pricing during registration, ISACA members need to enter the code ISACA2010 in the space provided for Membership Number. For more information regarding this event, please click here.

In addition to these events, be on the look out for additional training and networking opportunities – cloud computing and virtualization, Spirit of Chicago Annual Boat Cruise, Arlington Park Race Track, career transition coaching, and more …….. Also, have you joined our LinkedIn Group "Chicago ISACA Chapter" yet? Please click here to join now!

Please note: if you are interested in speaking at an upcoming chapter meeting, or lunch & learn program, please contact either Jim Enstrom or Tom Humbert.

Detailed information about these upcoming events, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

Dear Chapter Member:

We have re-scheduled our Managing Your Career in an Uncertain World (8 CPEs) series to March 13th and March 20th at UBS Tower. These training opportunities are designed, for those who are currently employed, to help you take you career to the next level by learning techniques to take control of and contribute and ultimately achieve more in your career. You will learn how to create more value for your company by using relationship-building tools in internal and external markets. You will learn how to establish your personal relationship-building plan with accountability and clear action steps. Lastly, given the importance of social media in today’s business environment, you will find out how to use social media to build your personal brand and to tap into resources and networking channels to add value to you and your company. Career Coaches and Trainers Sara Schiffer, Kirsten Zalik and the Founder of the Social Media Club of Chicago, Barbara Rozgonyi will be presenting this exciting a series of sessions. We are offering an early bird discount – a limited number of members who sign up for this training event by February 24th will receive a discount. Hurry … space is limited so register today!

Please note: if you are interested in speaking at an upcoming chapter meeting, or lunch & learn program, please contact either Jim Enstrom or Tom Humbert.

Detailed information about these events, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago

SPEAKER NOTES:

Sara Schiffer is a Certified Professional Coach, professional instructional designer, and CPA, whose clients say she inspires them to find the perfect career fit. She has been using coaching and adult learning techniques in companies and the community to enhance personal and professional growth for six years, and managed IT audit and training teams at PricewaterhouseCoopers for 5 years. Sara focuses on communication, teamwork and leadership development using seminars and coaching on a group- and one-on-one. In addition to her management and training background, she has been keynote speaker at associations and career development organizations. Sara is VP of PR for Platinum Toastmasters and a former Director on the Board of the Chicago Chapter of ISACA. She was honored with the Team Chairman’s Award at PricewaterhouseCoopers for educating the team beyond expectations and relishes the opportunity to help accounting and IT audit professionals succeed. She graduated Magna Cum Laude from the University of Maryland, College Park, with a degree in Accounting and a focus in Computer Science.

Kirsten Zalik is a Certified Professional Coach with expertise in Career Coaching, Resume Creation, Interviewing, Networking and Salary Negotiations. Her background includes over ten years experience in Talent Management, working for organizations such as Hewitt, Accenture and the Federal Reserve Bank of Chicago. In addition, as an independent contractor, she spent four years teaching Career Management and Resume Writing courses at Right Management Consultants, an international outplacement and human resources consulting firm. From 2001 to 2005, Kirsten founded and managed "BNC Chicago," a networking group for professionals looking for new career opportunities. In her role as BNC leader, she was featured as a speaker on career topics at numerous networking events. Kirsten speaks Spanish, Portuguese, German and French and enjoys working with people from diverse backgrounds. She is a graduate of Georgetown University and earned an MBA from the University of Michigan's Ross School of Business.

Barbara Rozgonyi leads CoryWest Media, LLC, a Midwest-based strategic marketing consultancy founded in 1990. As publisher of www.wiredPRworks.com, Barbara reports on ways to wire marketing, social media and public relations together to grow business, build brands, and connect communities. The founder of Chicago’s Social Media Club chapter, Barbara is a keynote speaker and an educator on the topics of leadership, communications, marketing and change. Barbara earned her marketing degree at the University of Illinois at Urbana-Champaign.

We are pleased to welcome Alan Plastow, MAT, PMP to our February 11th, 2010 ISACA Chicago Chapter meeting from3:00 to 5:00 pm at UBS Tower. Mr. Plastow will lead us in a discussion regarding the topic ? Stop Losing Your Assets to Ineffective Technology Financial Management.

Topic overview - How would you stop the punitive external compliance enforcement auditors cold while improving the ROIC on IT goods and services? During this interactive discussion/seminar we explore the wide range of hidden traps and pitfalls of technology compliance assurance. We'll discuss proven methods for stonewalling the 26+ aggressive enforcement auditing groups that currently hunt your companies and/or clients (Hint: Up to $1,000,000 Whistle-Blower rewards). Once we've set the compliance audit assurance baseline, we'll explore supplier-neutral processes you can use to enhance the same cost-effective infrastructure to establish and grow a framework for serious IT environment life cycle savings. The following questions will be discussed in this session:

· Why are American SMEs the most frequently audited for copyright non compliance in the world?
· Why are American businesses the only ones on the planet subject to up to $1,000,000 software piracy Whistle-Blower rewards?
· What simple document management procedures could you implement to reduce non compliance exposure by as much as 80%?
· How can you help your company / clients reduce the existing technology spend by as much as 30% -- in only a few weeks?
· What single error to over 80% of enterprises make that results in over-spending on software by more than 60%?
· Why are we paying up to double for technology support and maintenance?

Alan Plastow, MAT, PMP, is a highly experienced resource for enterprises seeking to take control over the bloated costs and unnecessary risks of business technologies. Plastow has been the consistent voice of consumer rights in software licensing, compliance auditing & enforcement, and IT ROI value restoration since 1995. His globally delivered presentations and Knowledge Briefings provide supplier-neutral, cost-effective, and common sense solutions to an enormous range of real world IT infrastructure problems encountered by virtually every business. Plastow is an author, serial entrepreneur, and teaches project management at The University of Akron.

Plastow is the founder of “The Institute for Technology Asset Management”, “The Business Technology Consumer Network”, and the “Consortium for Technology Portfolio Management Excellence” (at Kent State University).

January 14th, 2010
Dear Member:
We are pleased to welcome Jan Hertzberg, Executive Director, Grant Thornton, and Vincent Concialdi, Director, Grant Thornton to our January 14th, 2010 ISACA Chicago Chapter meeting from 3:00 to 5:00 pm at UBS Tower. Mssrs. Hertzberg and Concialdi will lead us in a discussion regarding the topic ? SAS 70 and the Third Party Assurance Landscape.

About this Event
Issued in 1992, the Statement on Auditing Standards, No. 70 (SAS 70) serves as an important tool by which companies and their auditors can assess the strength of their third party service organizations’ internal control structure as it relates to the company’s financial statements. However, as companies continue to outsource an increasing array of business activities that affect their critical operations, the need for third party assurance continues to increase beyond the traditional financial statement scope limitations of SAS 70. The following questions will be discussed:

What are the key business drivers that are leading to the increased need for third party assurance? What are the various types of third party assurance products (i.e., SAS 70 Type I/Type II, Agreed-Upon Procedures Reports, WebTrust? and SysTrust?)? When do you use a SAS 70 vs. an Agreed-Upon Procedures and what are the related benefits? What are the components of a SAS 70 report and how do I read a SAS 70 report? What are subservice organizations and when should carve-out or inclusive methods be used? What are the various testing approaches used by public accounting firms? How can you derive value from a SAS 70 or assurance service?

A panel of public accounting and user organization professionals will discuss these and other questions related to SAS 70s and third party assurance services. They will also share insights into proposed SAS 70 changes currently under consideration by the American Institute of Certified Public Accountants (AICPA), key dates for review/approval of the new guidance and potential impact to user and service organizations. Attendees will receive two (2) hours of Continuing Professional Education (CPE) credit.

About the Speakers
Jan is an Executive Director in the Business Advisory Services (BAS) Practice of Grant Thornton’s Chicago office. He oversees the local Information Technology (BAS IT) group and directs Grant Thornton’s National Information Security and Privacy Task Force in the US. With over 25 years of experience, Jan has helped multinational companies in health care, banking, life sciences and telecommunications develop strong internal IT controls for enhanced reliability and regulatory compliance. He has served as concurring reviewer on numerous SAS70 attestations for both public and private companies. Jan is a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP).

Vince is a Director in the Business Advisory Services (BAS) Practice of the Grant Thornton LLP Chicago office. Vince has more than 17 years of auditing, consulting and industry experience, including 9 years with Grant Thornton. He currently leads many consulting, internal audit services and SAS 70 projects for a wide-array of publicly traded businesses with international operations. Vince has also worked with the National Practice Quality Review Team to review SAS 70s for compliance with Firm and Professional Standards. He has publicly spoken on many topics related to internal controls, governance, risk and compliance. He is a member of the Grant Thornton SAS 70 National Task Force. Vince is a Certified Public Accountant (CPA), Certified Internal Auditor (CIA) and Certified Information Systems Auditor (CISA).

Thursday, December 10th
Chicago Chapter Holiday Reception: December 10th at the Metropolitan Club - 66th Floor of Willis Tower

Lastly, please SAVE THE DATE for our annual ISACA Chicago Chapter holiday reception. This year, our event will be held the afternoon of Thursday, December 10th at the Metropolitan Club on the 66th floor of Willis Tower. We are extremely excited to welcome Dr. Patricia H. Werhane as our keynote speaker. Dr. Werhane is an acclaimed scholar on the subject of business ethics and presently serves as the Wicklander Chair of Business Ethics in the Department of Philosophy and Executive Director of the Institute for Business and Professional Ethics at DePaul University with a joint appointment as the Peter and Adeline Ruffin Professor of Business Ethics and Senior Fellow at of the Olsson Center for Applied Ethics in the Darden School at the University of Virginia.

When: December 10th, 2009
Time: 1:30pm - 6:00pm
Where: Metropolitan Club - 66th Floor of Willis Tower (Formerly known as the Sears Tower)
CPE: 1 hour
Physical Security: Photo ID required for entry into the building

November 9-10, 2009
Securing and Auditing Your Web-Enabled Applications | Two Day Technical Training Seminar

Focus and Features
The recent avalanche of government regulatory initiatives, litigations, and intensified attacks on Web-based applications, along with traditional information asset protection, have significantly raised the stakes on the importance of secure application design, testing, certification/accreditation, and audit. In addition, IT applications have become more complex and frequently rushed to market by commercial IT product and internal developers, increasing the business risks and the challenges to applying and verifying reliable security safeguards.

In this information-packed two-day seminar you will cover key building blocks and significant risks, and systematically sort through the available safeguards in today's complex Web-enabled, multi-tiered applications. We will place special emphasis on a control point definition and transactional analysis approach to application design, security, and auditing within the context of robust but practical enterprise architecture and governance models. Case studies, demonstrations, and checklists will provide reinforcement and enhanced comprehension of complex design, safeguard concepts, and best practices.

Learning Level: Intermediate

Prerequisite: Auditing Application Systems Development (ITG212) or Intermediate IT Audit School (ITG241). A basic understanding of TCP/IP networking and associated network applications is assumed.

Bonus: You will receive the Standard Edition of the MIS Swiss Army Knife Reference listing hundreds of valuable resources for you and your organization.

Who Should Attend: Information Security Managers and Analysts; IT Managers, Auditors, and Architects; Security Architects; Application Certification Specialists, Consultants, Architects and Developers.

Speaker: Ken Cutler, CISSP, CISA, CISM

Ken Cutler is the Vice President of Information Security at MIS Training Institute, where his responsibilities include directing MIS’ infosecurity public training programs. In addition, he sets strategy for MIS’ information security certificate programs. He is also the principal consultant for Ken Cutler & Associates (KCA), an independent information security consulting firm.

Previously, Mr. Cutler headed up companywide information security programs for American Express Travel Related Services and Martin Marietta Data Systems. His responsibilities at these major corporations included developing security policies and standards, creating awareness programs, conducting security risk assessments, providing consulting services, and guiding security technology selection on a worldwide basis.

Mr. Cutler has over 25 years of experience in information security, auditing, quality assurance, and information services. His industry experience includes insurance and financial services, natural resources, manufacturing, government contracting, consulting and training.

An internationally recognized expert in the information security and audit fields, Mr. Cutler is the primary author of the widely acclaimed Commercial International Security Requirements (CISR), which offers a commercial alternative to military security standards for system design. He has also published works on network security, security architecture, wireless networks, and single sign-on. Mr. Cutler has been an active participant in international government and industry security standards initiatives, including the President’s Commission on Critical Infrastructure Protection, Generally Accepted System Security Principles (GSSP), Information Technology Security Evaluation Criteria (ITSEC), and the US Federal Criteria. He previously served on the Member Advisory Council for the International Information Integrity Institute (I-4) and as an Advisory Member of the ISSA Board of Directors.

A much-in-demand speaker and consultant, Mr. Cutler frequently lectures and provides hands-on consulting services in the areas of information security management and architecture, network vulnerability testing, Unix and Windows-based systems, Internet/Web security, dial-up/remote access security, wireless security, and local area network security. He has lectured at many major industry and regional professional association events, including US and international COMDEX shows in 1997-2002.

Mr. Cutler is frequently quoted in popular trade publications such as Computerworld, Information Security, CIO Bulletin, Healthcare Information Security Newsletter, InfoWorld, InformationWeek, HP Professional, HCPro - HIPAA Compliance Insider, and Bank Systems and Technology. He also served as technical advisor on the Editorial Advisory Board of SC Magazine. Mr. Cutler was featured on Crime Talk, broadcast on the Talk America Radio Network, and on MyTechnology Lawyer Web casts.

What You Will Learn

1. Web Application Architectures
Client/server and middleware security for multi-tiered applications
Contemporary application building blocks
Web application control points
Middleware and security application program interfaces (APIs)
Hypertext transfer protocol (HTTP) and uniform resource locator (URL) essentials
HTTP state management: cookies, hidden fields, view state, query strings
Locating control points and mapping associated sources of security services in complex, multi-tiered applications

2. Web (HTTP) Server Security and Audit
Web server configuration / operational and security features:
web server configuration best practices
user authentication and web-based single sign-on
access control and server lockdown procedures
session encryption: Secure Sockets Layer (SSL)
web server security audit logs and intrusion detection systems
Comparing and contrasting security features for prominent web servers: Apache, Microsoft IIS, Sun Java System Web Server (iPlanet/NetScape)
Perils and protections for remote Web application development: Frontpage, WebDAV, Expression Web, SharePoint
Application firewalls and intrusion prevention systems
Tools, techniques, and checklists for securing and auditing Web servers

3. Security in Web Application Software Design
Sorting out the Web application environment building blocks and tools
Common vulnerabilities and attacks on Web applications: brute force attacks, privilege escalation, cross-site scripting, SQL injection, buffer overflow
Server-side web page scripting security: SSI, CGI, ASP, ASP.NET, PHP, JSP
Mobile code security: Java, ActiveX, VBScript, JavaScript, AJAX
Best practices for input validation and error handling
Software testing and assurance tools and techniques
Tools, techniques, and checklists for secure application design

4. Web Application Servers
Roles, architecture, and security control points for XML-oriented development environments and associated Web application servers
Assessing available security services and associated design best practices for the two prevailing Web application server environments:
Microsoft .NET Framework and associated ASP.NET components
Java 2 Enterprise Edition (J2EE)
Demystifying web services and Service Oriented Architectures (SOAs)
Tools and techniques for securing and auditing Web application servers and web services

Contact:
Mr. Norm Spielman
Phone: 312-356-2265
norman.spielman@us.thewg.com

Cancellation Policy:
In the event the ISACA–Chicago Chapter (the "Chapter") cancels a program, seminar or course, registrants who have prepaid will receive a full refund. In the event a registrant cannot attend a program, seminar, or course, the Chapter requests notification two (2) weeks prior to the date of the event. Generally, the Chapter does not charge registrants a cancellation fee or penalty. However, at its discretion, the Chapter may assess a fee up to the full amount of the registration fee for “no-show registrants” to offset Chapter expenses related to the event. Substitution of another individual for a confirmed registrant will be accepted at any time prior to the date of the event.

Thu Nov 12, 2009
3:00 - 5:00p Enterprise Firewall Configuration and Design

Enterprise firewall infrastructures can be mistakenly overlooked when it comes to prioritizing security initiatives. Most vendor provided tools cannot validate the impact of changes to the firewall. This leaves most firewalls, which are costly and time consuming to manage and maintain, incapable of protecting the hosts they were installed to protect. Most enterprises, who value defense in depth and a comprehensive security program, are unaware that their firewalls are configured to allow dangerous traffic without their knowledge.

Cost: Free! to members; non-members $20
CPE: Two (2) hours

Thursday, October 8th, 2009
Register: http://www.123signup.com/calendar?Org=isaca-chicago
Location: UBS Tower – 2nd Floor Michigan I
Time: 3:00 pm to 5:00 pm (registration from 2:30 to 3:00 pm)
Cost: Free! to members; non–members $20
CPE: Two (2) hours

Join us for two highly relevant discussions on business continuity planning and analyzing results of a business impact assessment (BIA) versus a quantified risk assessment (RA).

Topic No. 1 – Business Continuity Planning

Eight years after September 11th, Business Continuity Planning (BCP) continues to be of vital importance for organizations today. Cyberterrorism and threats to our critical infrastructure persist, and organizations must remain vigilant in their efforts to protect organizational assets. This discussion will take a “back to basics” view of BCP by re-visiting several key principles such as:

• Board and senior management responsibilities
• Risk assessment and planning
• Preventative measures
• Monitoring and testing

The discussion will be framed by relating these principles to threats we face today – such as, pandemics.

Topic No. 2 – What We Can Learn from the Results of BIA vs. a Quantified RA

Downtime has an economic impact and it no longer takes a catastrophe to experience a severe economic loss. The Business Impact Analysis (BIA) has been promoted as an effective tool for business continuity planners as a method to understand the criticality of downtime and focus planners on the resource needs of essential corporate functions. While the BIA may be appropriate for planning efforts but it has inherent limitations for anything less than catastrophic event and many organizations have found that this method falls far short of expectations.

The BIA approach falls short because it is focused on recovery efforts rather than mitigation actions. It has been well established that reducing defects and avoiding failures leads to lower cost of operations because prevention can be more than five times more cost effective than recovery. Prevention is arduous when there are an overwhelming number of threats that can disrupt service and cause economic loss. In this presentation you will learn the inherent limitations and shortcomings of the fashionable BIA, as well as, how to devote the right amount of scarce resources to the right problem.

About the Speakers

Dennis Wenk — As a Senior Director, Mr. Wenk has consulted worldwide with large Fortune 500 customers; Generating demand for new innovative service areas, leading consulting engagements, and managing new, evolving organizations in over 20 different countries – tackling some very challenging, complex, and ambiguous problems. He has performed quantitative operational risk assessments that were used to justify the significant investments required to build, transform and maintain resilient infrastructures; he has performed technology assessments, IT consolidation and transition strategies, and developed site selection criteria for complex heterogeneous technology consolidations.

Dennis has worked at Hitachi Data Systems as a Principal Business Consultant, Senior Global Solutions Architect, Consulting Project Executive and Director of High Availability Solutions. His background also includes experience with IBM Global Network as an Outsourcing Project Executive; Comdisco where he was Western of Director Technology Consulting; KPMG where he was Senior Manager, Group Leader for IT Operations and Transformations, as well as Heller Financial where he served as VP/Information Processing. Dennis Wenk earned an MBA in Accounting and Finance, BS in Computer Science from Northern Illinois University. He is a certified Information Systems Auditor (CISA), Certified Data Processor (CDP), and Certified Systems Professional (CSP), certified in ITIL Service Management. He was awarded Best Management Paper by Computer Measurement Group.

Dean Jones — Dean is a long term member of the IIA and ISACA, both in the United Kingdom and United States. He has served as President and board member, and brings a great deal of passion and enthusiasm to the roles held and the Chapter itself. Dean has worked in the financial services sector for 17 years of which 16 has been as an Internal Auditor in the United Kingdom, Switzerland, Canada and currently in the United States for Zurich North America. He has and continues to provide audit focus on all areas of general and life insurance including information technology. After having achieved certificates for investment management and languages (French and German), Dean is currently studying for the CFSA certification in December. He is also working with IIA personnel in the Chicago region to establish a financial services and insurance committee to provide support and represent those IIA members who work in these areas.

Register: http://www.123signup.com/calendar?Org=isaca-chicago
When: Thursday, October 8th, 2009
Location: UBS Tower – 2nd Floor Michigan I
Time: 3:00 pm to 5:00 pm (registration from 2:30 to 3:00 pm)
Cost: Free! to members; non–members $20
CPE: Two (2) hours

Tripwire’s Founder and Chief Technology Officer, Gene Kim – Change & Security Patch Management

Tripwire’s Founder and Chief Technology Officer, Mr. Gene Kim, will be facilitating an in–depth discussion on change and security patch management best practices. This 2–hour session will explore questions such as:

Why should I care about more effectively managing change in my environment?
What are the critical change and patch management controls?
What questions should I ask to better understand the effectiveness of change and patch management controls?
Where should the internal auditor begin?

Please note, this event was re-scheduled from a prior date.

Register: http://www.123signup.com/calendar?Org=isaca-chicago
When: Tuesday, September 29th, 2009
Location: Marriott Lincolnshire Resort (corner of Rt 22 Half–Day Rd and Milwaukee Ave. in Lincolnshire)
Time: 3:00 pm to 5:00 pm (registration from 2:30 to 3:00 pm)
Cost: Free! to members; non–members $20
CPE: Two (2) hours


Cancellation Policy:
In the event the ISACA–Chicago Chapter (the "Chapter") cancels a program, seminar or course, registrants who have prepaid will receive a full refund. In the event a registrant cannot attend a program, seminar, or course, the Chapter requests notification two (2) weeks prior to the date of the event. Generally, the Chapter does not charge registrants a cancellation fee or penalty. However, at its discretion, the Chapter may assess a fee up to the full amount of the registration fee for “no-show registrants” to offset Chapter expenses related to the event. Substitution of another individual for a confirmed registrant will be accepted at any time prior to the date of the event.

Registration:
To register for these events, please click the following link: http://www.123signup.com/calendar?Org=isaca-chicago

September 10th, 2009

Click here to view the presentation!

The Changing US and Global Privacy and Data Protection Regulatory Landscape: As Viewed Through the Lens of the HITECH Act

Privacy and data protection laws were previously viewed to be a European compliance and risk issue—but not anymore. As these laws proliferate, privacy and data protection is now a concern for all companies operating within the US and globally. Further, privacy compliance obligations are expanding and enforcement efforts are being stepped up everywhere—posing significant new challenges for companies as they manage the personal information of their employees and customers. Our speakers will discuss the current global and US privacy and data protection regulatory environment and how corporate operations are being required to change to meet these new requirements. They will place a particular focus on the recent developments in the healthcare privacy environment as a result of the HITECH Act to explore the privacy and data protection developments that US and multinational companies in all industries can expect to face in the near future.

Please join us for a networking reception at River's Restaurant, immediately following the meeting.

About the Speakers

Amy Yates — As a Director at Deloitte, Amy Yates advises domestic and international clients on a wide range of privacy and data protection issues. In her role, she works with her clients on developing business solutions that can be implemented across organizations to address increasingly complex data protection requirements. Prior to joining Deloitte, she served as the Chief Privacy Officer for Hewitt Associates LLC where she established and led Hewitt’s Privacy Office and its global privacy program for many years. Prior to that, she served as the acting privacy officer at Andersen.

Amy is a graduate of the Georgetown University School of Foreign Service and she received her J.D. degree from Northwestern University Law School. Amy is a Certified Information Privacy Professional (CIPP), a member of the Board of Directors of the International Association of Privacy Professionals, and a member of the Board of the HITRUST / Ponemon eLearning Program Advisory.

David Reitzel — As a Senior Manager, David Reitzel is a national leader within the Health Sciences – Provider Practice, with a strong focus on security, privacy and business controls. David has had over thirteen years of business, finance and technology experience within commercial industries, which includes Non-For-Profit, Education and Healthcare industries. David has helped clients develop and implement enterprise strategies and programs for managing information and technology risks, specifically related to the management of financial and operational data, deployment of integrated financial reporting, and compliance with security and data privacy laws and regulations as well as internal control requirements. David is a graduate of Carthage College with degrees in Business Administration and International Business and he received his M.B.A from the University of Illinois.

Register: http://www.123signup.com/calendar?Org=isaca-chicago
When: Thursday, September 10th, 2009
Location: UBS Tower – 2nd Floor Michigan I
Time: 3:00 pm to 5:00 pm (registration from 2:30 to 3:00 pm) ***Networking reception immediately following the event at River’s
Cost: Free! to members; non–members $20
CPE: Two (2) hours

August 31, 2009

On August 31, 2008 the Chicago Chapters of ISACA and the IIA held a joint session entitled, "Compliance and Use of Social Networking Tools in Your Business." Close to 100 professionals attended a three hour morning session at Chicago's Gleacher Center. The program was moderated by Francine McKenna, President of the ISACA Chicago Chapter and author of the blog, re: The Auditors. She facilitated presentations and a panel discussion of these tools from the user's perspective by Jason Moriber, Principal, Director of Marketing Communications, Wise Elephant, a marketing strategy social media and design firm, Tricia Bassett, VP, Financial Monitoring and Controls Manager for Re:Sources, the shared services organization supporting Publicis, the global media company, Amahdy E. Bradley, Associate Director of Compliance & Security for Re:Sources, an ISACA member, a CISA and a CGEIT, and Jim Huddleston also an ISACA member and a CISSP, CISM, CIPP, CGEIT who is Global Director, Information Security for Re:Sources.

The presentations below describe how professionals are both using social media and social networking tools and technology (a.k.a. Web 2.0) and managing them within their organizations. Tools used both personally and professionally such as corporate blogs, Facebook, Twitter, YouTube, Wikis were discussed as well as approaches to managing and controlling the potential risks (i.e., legal, regulatory, internal audit, IT security, etc. ) for your organization.

The session was videotaped. A link to the video will be found on the blog, re: The Auditor later this week along with an analysis of the results from the survey responses from session participants.

Jason Moriber's presentation can be found here.

Tricia, Amahdy, and Jim's presentations are here.

August Meeting: Solutions for Managing End-Point Security
When: August 5th, 2009
Location: UBS Tower - Michigan Ballroom
Time: 3:00 pm to 5:00 pm
Cost: Free! to members; non-members $20
CPE: Two (2) hours
We'll start the meeting with Daniel Dec from Fusion Risk Management facilitating a discussion on the business case for managing End-Point controls and the vulnerabilities that exist. Wayne Johnson from Promisec will then give a presentation discussing various options to manage End-Point controls while utilizing an clientless solution. We'll take an interactive approach so bring your questions and challenges and we'll also demonstrate how auditors can use tools to review the controls around End-Points while enforcing compliance.

Business professionals need transparent, rapidly-implemented, low overhead solutions that seamlessly seek out internal network security weak spots, vigilantly monitor electronic end point activity, and quickly respond to suspicious network events in real time. Plus Auditors can use the same solutions to measure their own requirements for compliance and risk reporting. From a single PC or laptop, Promisec's CEM quickly shows you every endpoint and server in your network and checks for compliance. Promisec then identifies & removes any non-compliant agent (software). The presentation will consist of a demonstration of the power and lexibility you will have with a software product that gives you audit and remediation control over your end points.

About Daniel Dec, CISA, CISM,

Dan is a past President and long time board member of the Chicago ISACA chapter. Holding positions as a Partner with PriceWaterhouseCoopers, Chief Security Officer of Conseco, and now as Senior Vice President with Fusion Risk Management, Dan has designed, implemented and managed a wide variety of systems and business controls.

About Wayne Johnson,
Wayne is currently the Director of Sales for the Midwest at Promisec and has been in the security industry since 1996 and in the IT Vendor channel since 1981 supporting Midwest clients ranging from selling word processors to today's high technology security products and services. Currently Wayne is the Information Systems Security Association Chicago Chapter President, AITP Security Co-Chair and Bartlett Lions International Vice President.

Cancellation Policy:

In the event the ISACA–Chicago Chapter (the "Chapter") cancels a program, seminar or course, registrants who have prepaid will receive a full refund. In the event a registrant cannot attend a program, seminar, or course, the Chapter requests notification two (2) weeks prior to the date of the event. Generally, the Chapter does not charge registrants a cancellation fee or penalty. However, at its discretion, the Chapter may assess a fee up to the full amount of the registration fee for “no-show registrants” to offset Chapter expenses related to the event. Substitution of another individual for a confirmed registrant will be accepted at any time prior to the date of the event.

Two Day Technical Training Seminar – Internet Security and Oracle Database Security

Richard Cascarino, MBA, CISM, CIA, CFE will be teaching a two–day summer training seminar on Internet/E–commerce and Oracle database security. Richard is a consultant and lecturer with over 29 years experience in IT, Internal and Forensic auditing education and is author of the following books:

· Auditor’s Guide to IS Auditing
· Internal Auditing - an Integrated Approach

When: July 13th and 14th, 2009
Location: UBS Tower – Michigan Ballroom
Time: 8:00 am to 5:00 pm
Cost: Value Priced! $250 for members; $500 for non–members
CPE: Fifteen (15) hours

Annual Boat Cruise and Joint Networking Event with the ISSA

Annual meeting and dinner boat cruise outing – this year, we are please to welcome the Chicago Chapter of the Information Systems Security Association (ISSA) as well. In addition, we are also pleased to welcome our guest keynote speaker, Mr. Russ Gates, Principal, DuPage Consulting LLC. Russ is a senior business executive with significant experience working with senior and board level executives, with a focus on enterprise risk management, corporate governance, and information security and technology risk management.

When: July 9th, 2009
Location: Navy Pier, Spirit of Chicago
Time: 3:00 to 6:00 pm
Cost: Only! $20 for members and their guests
CPE: One (1) hour

June Meeting - 6/10/09
Information Security Breaches: Detection, Response and Management | Plus! Networking Cocktail Reception

Kirkland & Ellis Partner, Mr. Jeffery Norman and Navigant Consulting Managing Consultant, Mr. Aaron Philipp, NSA IAM Certified, will be facilitating a panel discussion of industry experts, including Mr. Wayne Cerne, UBS AG, Head of IT Security and Mr. Esteban Rockett, Motorola, Senior Counsel, related to the topic of incident management and response:

· Case study that explores best practices for creating, managing, and sustaining incident management capabilities
· Information preservation and investigation
· Legal response – avoiding potential pitfalls
· Communication mandates
· Lessons learned – autopsy of a Security Breach/Response

Following the session, please stay for a networking cocktail reception, immediately following the presentation!

When: June 10th, 2009
Location: Kirkland & Ellis LLP
300 North LaSalle
Chicago, IL 60654
Time: 3:00 to 5:00 pm – networking reception to follow
Cost: Free! to members (members are encouraged to bring a member of their in–house counsel)
CPE: Two (2) hours
MCLE : Two (2) hours (Illinois)

May Meeting - 5/21/2009

Click here to access documents from the May meeting.

A Presentation on the "New Requirements/Standards for IT
Governance" will take place at our May 21's meeting.

May 21 Topic: Spotlight on New Internal Auditors' (IIA) International
Standards for the Professional Practice of Internal Auditing: IT
Governance and related new IT audit standards raises the bar for our
profession

Description: New Standard for IT Governance
On January 1, 2009 the Institute of Internal Auditors (IIA) issued
International Standard 2110.A2, which states:

The internal audit activity must assess whether the information
technology governance of the organization sustains and supports the
organization's strategies and objectives.

Compliance with this new standard presents a unique opportunity to align
IT activities and performance with business operations, while
simultaneously complying with this new IIA International Standard.
Effective IT governance provides visibility of IT management's ability
to achieve its objectives, adapt quickly to the changing business
environment, manage risks and identify continuous improvement
opportunities for business and IT outcomes.

Our speakers will discuss these the new IIA International Standards and
the positive impact they will have on the IT Auditing profession and the
organizations we serve.

Speakers and Bios:

Tom Luick, Associate Director, Protiviti IT Internal Audit

Tom is an Associate Director in Protiviti's IT Internal Audit solution
with more than 10 years of experience leading Internal Audit, SOX, and
IT consulting engagements. He has extensive experience in planning and
executing risk assessments, IT compliance and audit activities, and IT
strategy consulting services. Tom's principle areas of practice include
assisting clients with value-added IT Audit capabilities needed to help
companies protect their investment in IT through identifying critical IT
risk areas and delivering relevant, timely recommendations. Tom assists
in clients' efforts to improve IT governance capabilities including
defining IT strategy, and implementing IT processes and procedures.

Dan Roth, Manager, Protiviti IT Internal Audit
Dan Roth is a Manager in Protiviti's IT Internal Audit solution. He is a
Certified Information Systems Auditor (CISA) with six years of
consulting experience focusing on the execution and project management
of Internal Audit, Sarbanes-Oxley, and IT consulting engagements.

Date April 21, 2009
Registration: 1:30
Training Session: 2:00 - 4:00

What happens when three forces in audit controls join forces for a training event? Come join us on April 21st and find out in person!

The IIA NW Metro Chicago Chapter and the Chicagoland ISACA Chapter are proud to present internationally acclaimed Gordon Smith from Canaudit presenting:

"Corporate Insecurity: Pillaging Information Assets, Destroying Established Reputations"

Corporations, governments, and universities have one thing in common. They have all been targets of hackers and dishonest employees. All of these institutions not only had to perform costly remediation, but their issues were widely reported in newspapers across the land and around the world. Clearly, traditional control structures have failed! Servers, databases and even outsourced operations are exposed to pillagers! Executive management is not only embarrassed, but they feel that they have been deceived by incorrect assurances from middle managers, security staff and even auditors that their systems and data were safe. They provided management with a false sense of security based on testing and verifying antiquated controls that are not effective against the skilled cyber-thief.

The event is graciously hosted by Motorola in their state of the art auditorium.

The Motorola Campus is located in Schaumburg, Il at Algonquin and Meacham Rds. Please enter through the Visitor's Entrance located on Algonquin Rd. Tell the guard you are attending a training session in the Corporate Tower Auditorium and ask that he direct you to the Tower, Door 50. You may park in Visitor's Parking. If Visitor's Parking is full, you may park in the Employee Lot. Upon arrival into the building you will be escorted to the Auditorium.

Earn 2 Cpe's for only $40

Thursday, April 16th, 2009

Topic: Ensuring Security and Integrity of Company Data Resources in a Downsizing Climate

Click here for a copy of the presentation!

Description: This presentation is based on a whitepaper from RSM McGladrey by the same title. The focus of the presentation is to discuss what IT Auditors should consider during their audits of IT environment given today’s down turning economy. The speaker will discuss areas to focus on and identify what risks may be exaggerated depending on how IT environments manage the demands of the economic downturn.

Speaker: Lowell Smith
Title: Manager, RSM McGladrey’s Technology Risk Management Services group
Company: RSM McGladrey

BIO: Lowell has 29 years of information systems experience. Prior to joining RSM McGladrey he performed SOX IT audits and general security audits serving clients in the financial services, broadcasting, printing and manufacturing industries. Before these consulting experiences, Lowell held lead roles in implementing data security programs at privately held companies in the financial services sector. He was also responsible for internal IT audits and for responding to client-led security audits. Lowell’s current areas of concentration include SAS 70 review services, information systems security control reviews, Sarbanes-Oxley (SOX) information technology (IT) compliance consulting services and business continuity planning.

March 2009 Monthly Meeting
3/19/2009

Topic: A Preview of the upcoming International Financial Reporting Standards (IFRS)

Description: This presentation will provide an overview of IFRS including adoption dates, a Case Study explaining the process and impacts and a panel discussion. The globalization of business and finance has led to the successful mass adoption of IFRS by over 12,000 companies in over 100 countries. The convergence of US GAAP to IFRS and its impact on IT audit will be discussed.

Speaker: Heather Paquette, Midwest IFRS Leader – IT Advisory Services
Louis Manello, Director of Transaction Services

Company: KPMG

Suburban Chapter Meeting
ISACA’s Chicago Chapter is pleased to announce that is has teamed with the ISSA and Motorola to offer its members an opportunity to attend an educational meeting to be held at the Motorola campus in Schaumburg. In addition to the fantastic agenda we’ll also have the opportunity to network with members of the ISSA as well as ISACA members who do not generally make it to our Downtown Chicago chapter meetings. We appreciate Motorola’s hospitality in allowing our membership to attend.

To attend, simply send an email or call John Kinyon (contact information is listed below) and let him know that you will be attending and that you are a member of ISACA.

Meeting Information:
2:45 - 3:00 -- Refreshments and networking, Innovation Center Auditorium

3:00 - 4:00 -- Converged Security presentation, by Bill Boni, Corporate Security Officer, Motorola

Motorola recently combined the loss prevention, investigations and information protection teams to safeguard the company's people, business operations and intellectual property. Learn why and how this was done, and hear about the plans, goals and anticipated benefits from the architect and leader of the converged organization.
Bill is one of the leading information risk management practitioners, with broad experience in all aspects of creating, sustaining and transforming protection organizations. He is Responsible for global policy, processes and operations, and develops solutions for internal and external customers to cost effectively manage risks that could adversely impact the company's brand, reputation and customer credibility. He has direct experience with Federal/state governments, high technology, biotech, aerospace/defense and banking segments and operations in mainland China.

4:00 - 5:00 -- Building a Successful Data Classification Program, by John Kinyon, CISM, Motorola

In 2007 Motorola updated its information classification standards and procedures to be more relevant and practical. The briefing will review the business drivers for this change, how the change was accomplished, and describe the lessons learned.
John has been involved with information protection at Motorola since 1991 and has been a Certified Information Protection Manager since 2004. He helped research, develop and roll-out Motorola's new information classification program, and is responsible for Motorola's security policies and standards. John contributes to awareness/education, IT process improvement, and risk assessment and management activities.

5:15 -- Interested people will meet for drinks and appetizers at the Ram Restaurant & Brewery

5 minute drive from Motorola, near IKEA (north of Woodfield Mall). Driving directions will be provided at the meeting.
http://www.theram.com/illinois/schaumburg.shtml

Please direct RSVPs and questions to:
John J. Kinyon, CISM
Motorola Asset Protection Services
1303 E. Algonquin Road, Schaumburg, IL 60196
Cell +1 (847) 815-0582
mailto:John.Kinyon@Motorola.com

February 2009 Monthly Meeting 2/19/2009

Topic: An in-depth discussion on the causes of data breaches, and how to prevent them

Description: This presentation on the 2008 Data Breach Investigation Report and supplement will give internal auditors insight into what policies and procedures were not followed that at least a contributing factor if not a major factor in 90% of the Data Breaches included in the study. In those 90%, if company policies had been followed at least once per year the vulnerabilities would not have been a factor. Learn more about the "Unknown Unknowns".
Speaker: David Ostertag
Title: Investigations Manager, Investigative Response
Company: Verizon Business
BIO: David has more than 25 years of investigative experience in the government and security arenas. Dave coordinates the forensic investigations conducted by the investigative response unit worldwide. Dave has taken the lead on many of the highly publicized large data compromise investigations over the past few years. In addition, Mr. Ostertag is considered a leader in criminal and civil investigative techniques, is a certified expert witness and is a frequent instructor and speaker on the topics of data compromise investigation and international criminal organizations.

January 2009 Monthly Meeting
DATE: Wednesday, January 28th, 2009
LOCATION: UBS Tower
TIME: 3:00 to 5:00 pm (networking reception from 5:00 to 6:00 pm)

Click here for a link to the presentation

We are ready to kick-off our first chapter meeting of the year and pleased to welcome presenter Katie Jensen, Navigant Consulting, who will lead a panel discussion on the topic of e-discovery. The panel will include Dave Tonisson, Sonnenschein Nath & Rosenthal LLP and Rick Schoeneck, Accenture.

Working with your legal department: Understanding the legal lingo and how to avoid costly errors and improve your professional value in the marketplace. A panel discussion on hot legal and e-discovery topics including a case study on how IT can affect the outcome of litigation.

Agenda to include:
* Providing the definition of e-discovery
* How to avoid costly mistakes
* Case studies of past projects

Given the topic, we are offering a complimentary invitation to a member of your legal department. General MCLE credit for this presentation is available in Illinois for attorneys. If you are interested in having a member of your legal department join you at this event, please indicate in your email registration. Registration is limited to the first 100 respondents. A networking reception will follow the presentation from 5:00 to 6:00 pm.

Logistics
Detailed information about the event, location etc. can be found by visiting on http://www.isaca-chicago.org/meetingschedule.html.
Reserve your seat today by emailing on isacachicago@gmail.com.

November 20, 2008

Overview of IT Audit Job Market
Key Skills, Trends, and Other Food for Thought

Update: Click here to view the presentation

October 27, 2008

Presentation to DePaul: Panel Discussion regarding IT issues in today's environment.

Update: Click here to view the presentation

September 16, 2008

Speakers Glenn Harkabus and Scott Shinners from Deloitte & Touche will present the following topic:

Title: "Evolving Your IT Internal Audit Function"

Update: Click here to view the presentation

Discussion of emerging practices and trends in IT Internal Auditing
Hot topics or key risk areas such as continued globalization of IT, increasing regulatory complexity, green or eco-friendly IT, cost containment, data quality to name a few will also be discussed