Registration:
To register for these events, please click the following link: http://www.123signup.com/calendar?Org=isaca-chicago
Dear Chapter Member:
We are excited to announce a number of training and networking opportunities! First, don’t forget to take advantage of our early bird discount for our Managing Your Career in an Uncertain World series on March 13th and March 20th at UBS Tower. A limited number of members who sign up for this training event by March 5th will receive a discount. Please note, we have extended the early bird deadline and reduced the discount for this training to $75. If you have already registered, we will credit your account. This is an exciting program that is designed to help you advance your professional career goals. Eight CPE credits are available for this training series.
Monthly Chapter Meeting — Thursday, March 11th | 2 CPE credits … Members Attend for FREE!
Next, for our March Chapter Meeting, we are pleased to welcome Caroline R. Hamilton, President of Risk Watch International, a leading security risk assessment expert. Ms. Hamilton will be speaking to us about the topic: “Understanding Risk Assessment as a Business Process in an International Threat Environment” to our March 11th ISACA Chicago Chapter meeting from 3:00 to 5:00 pm at UBS Tower. This presentation will show how to develop and manage an effective security risk and compliance assessment program, based on metrics, and by combining elements of both information and corporate security programs.
To register for these events, please click the following link: http://www.123signup.com/calendar?Org=isaca-chicago
Lunch & Learn Series — Friday March 5th, 19th and 26th | 1 CPE credit per session … Members Attend for FREE!
We are also excited to announce a new program designed to supplement our monthly chapter meetings. We are planning to offer a Lunch & Learn Sessions on a periodic basis throughout the Chicagoland area. Chapter member and volunteer, Michael Krutzsch will be working hard to make sure this is a highly successful series.
Typically, these events will be held on Fridays from 11:00 am to 1:00 pm and will be limited to 40 attendees. We are delighted to start the series off with three outstanding speakers who will be presenting on the following topics:
March 5th — Stephen Gierach, President, Executive Compumetrics, Inc. – “Securing Intellectual Property – A Step-by-Step Process” – DePaul University, DePaul Center, 1 E. Jackson
March 19th — Janine L. Spears, Ph.D. – “Harnessing Opportunity from Regulatory Compliance” – DePaul University, DePaul Center, 1 E. Jackson
March 26th — Clint Pollock, Senior Solutions Architect at Veracode – “Protecting Your Applications from Backdoors: How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data Breaches“ – Maggiano’s Little Italy, 1901 E. Woodfield Rd., Schaumburg, Illinois
OTHER TRAINING AND NETWORKING OPPORTUNITIES:
ISACA’s North America Computer Audit, Control and Security (North America CACSSM) Conference is open for registration. This year, the conference will be held in Chicago from April 18th to the 22nd at the Hyatt Regency downtown. Immerse yourself in an environment that stimulates learning. Network with an unmatched group of peers. Return to the office, motivated to improve the organization and immediately apply the information you learned. Cynthia Cooper, an internationally recognized speaker on ethical leadership, will serve as keynote speaker, discussing the current economic crises and recent scandals. She was named one of Time magazine’s Persons of the Year in 2002 and is one of only seven women who have ever received that distinction. For more information about this event, including a link to registration, please click here.
The Chicago Chapter of the Institute of Internal Auditors is celebrating the 50th Anniversary of their Annual Seminar on Monday, April 19th and would like to invite ISACA Chicago Chapter Members to share in this milestone celebration. For this year only, ISACA members can register at the IIA Member registration rates. ISACA Members will save $100 per registration. Register now and take advantage of the early registration rate which is available until Friday, March 19th. To receive IIA member pricing during registration, ISACA members need to enter the code ISACA2010 in the space provided for Membership Number. For more information regarding this event, please click here.
In addition to these events, be on the look out for additional training and networking opportunities – cloud computing and virtualization, Spirit of Chicago Annual Boat Cruise, Arlington Park Race Track, career transition coaching, and more …….. Also, have you joined our LinkedIn Group "Chicago ISACA Chapter" yet? Please click here to join now!
Please note: if you are interested in speaking at an upcoming chapter meeting, or lunch & learn program, please contact either Jim Enstrom or Tom Humbert.
Detailed information about these upcoming events, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago
Dear Chapter Member:
We have re-scheduled our Managing Your Career in an Uncertain World (8 CPEs) series to March 13th and March 20th at UBS Tower. These training opportunities are designed, for those who are currently employed, to help you take you career to the next level by learning techniques to take control of and contribute and ultimately achieve more in your career. You will learn how to create more value for your company by using relationship-building tools in internal and external markets. You will learn how to establish your personal relationship-building plan with accountability and clear action steps. Lastly, given the importance of social media in today’s business environment, you will find out how to use social media to build your personal brand and to tap into resources and networking channels to add value to you and your company. Career Coaches and Trainers Sara Schiffer, Kirsten Zalik and the Founder of the Social Media Club of Chicago, Barbara Rozgonyi will be presenting this exciting a series of sessions. We are offering an early bird discount – a limited number of members who sign up for this training event by February 24th will receive a discount. Hurry … space is limited so register today!
Please note: if you are interested in speaking at an upcoming chapter meeting, or lunch & learn program, please contact either Jim Enstrom or Tom Humbert.
Detailed information about these events, sign-up and logistics can be found at: http://www.123signup.com/calendar?Org=isaca-chicago
SPEAKER NOTES:
Sara Schiffer is a Certified Professional Coach, professional instructional designer, and CPA, whose clients say she inspires them to find the perfect career fit. She has been using coaching and adult learning techniques in companies and the community to enhance personal and professional growth for six years, and managed IT audit and training teams at PricewaterhouseCoopers for 5 years. Sara focuses on communication, teamwork and leadership development using seminars and coaching on a group- and one-on-one. In addition to her management and training background, she has been keynote speaker at associations and career development organizations. Sara is VP of PR for Platinum Toastmasters and a former Director on the Board of the Chicago Chapter of ISACA. She was honored with the Team Chairman’s Award at PricewaterhouseCoopers for educating the team beyond expectations and relishes the opportunity to help accounting and IT audit professionals succeed. She graduated Magna Cum Laude from the University of Maryland, College Park, with a degree in Accounting and a focus in Computer Science.
Kirsten Zalik is a Certified Professional Coach with expertise in Career Coaching, Resume Creation, Interviewing, Networking and Salary Negotiations. Her background includes over ten years experience in Talent Management, working for organizations such as Hewitt, Accenture and the Federal Reserve Bank of Chicago. In addition, as an independent contractor, she spent four years teaching Career Management and Resume Writing courses at Right Management Consultants, an international outplacement and human resources consulting firm. From 2001 to 2005, Kirsten founded and managed "BNC Chicago," a networking group for professionals looking for new career opportunities. In her role as BNC leader, she was featured as a speaker on career topics at numerous networking events. Kirsten speaks Spanish, Portuguese, German and French and enjoys working with people from diverse backgrounds. She is a graduate of Georgetown University and earned an MBA from the University of Michigan's Ross School of Business.
Barbara Rozgonyi leads CoryWest Media, LLC, a Midwest-based strategic marketing consultancy founded in 1990. As publisher of www.wiredPRworks.com, Barbara reports on ways to wire marketing, social media and public relations together to grow business, build brands, and connect communities. The founder of Chicago’s Social Media Club chapter, Barbara is a keynote speaker and an educator on the topics of leadership, communications, marketing and change. Barbara earned her marketing degree at the University of Illinois at Urbana-Champaign.
Detailed information about this event, sign-up and logistics can
be found at: http://www.123signup.com/calendar?Org=isaca-chicago
PAST MEETINGS
We are pleased to welcome Alan Plastow, MAT, PMP to our February 11th, 2010 ISACA Chicago Chapter meeting from3:00 to 5:00 pm at UBS Tower. Mr. Plastow will lead us in a discussion regarding the topic ? Stop Losing Your Assets to Ineffective Technology Financial Management.
Topic overview - How would you stop the punitive external compliance enforcement auditors cold while improving the ROIC on IT goods and services? During this interactive discussion/seminar we explore the wide range of hidden traps and pitfalls of technology compliance assurance. We'll discuss proven methods for stonewalling the 26+ aggressive enforcement auditing groups that currently hunt your companies and/or clients (Hint: Up to $1,000,000 Whistle-Blower rewards). Once we've set the compliance audit assurance baseline, we'll explore supplier-neutral processes you can use to enhance the same cost-effective infrastructure to establish and grow a framework for serious IT environment life cycle savings. The following questions will be discussed in this session:
· Why are American SMEs the most frequently audited for copyright non compliance in the world?
· Why are American businesses the only ones on the planet subject to up to $1,000,000 software piracy Whistle-Blower rewards?
· What simple document management procedures could you implement to reduce non compliance exposure by as much as 80%?
· How can you help your company / clients reduce the existing technology spend by as much as 30% -- in only a few weeks?
· What single error to over 80% of enterprises make that results in over-spending on software by more than 60%?
· Why are we paying up to double for technology support and maintenance?
Alan Plastow, MAT, PMP, is a highly experienced resource for enterprises seeking to take control over the bloated costs and unnecessary risks of business technologies. Plastow has been the consistent voice of consumer rights in software licensing, compliance auditing & enforcement, and IT ROI value restoration since 1995. His globally delivered presentations and Knowledge Briefings provide supplier-neutral, cost-effective, and common sense solutions to an enormous range of real world IT infrastructure problems encountered by virtually every business. Plastow is an author, serial entrepreneur, and teaches project management at The University of Akron.
Plastow is the founder of “The Institute for Technology Asset Management”, “The Business Technology Consumer Network”, and the “Consortium for Technology Portfolio Management Excellence” (at Kent State University).
January 14th, 2010
Dear Member:
We are pleased to welcome Jan Hertzberg, Executive Director,
Grant Thornton, and Vincent Concialdi, Director, Grant Thornton
to our January 14th, 2010 ISACA Chicago Chapter meeting from 3:00
to 5:00 pm at UBS Tower. Mssrs. Hertzberg and Concialdi will lead
us in a discussion regarding the topic ? SAS 70 and the Third Party
Assurance Landscape.
About this Event
Issued in 1992, the Statement on Auditing Standards, No. 70 (SAS
70) serves as an important tool by which companies and their auditors
can assess the strength of their third party service organizations’
internal control structure as it relates to the company’s
financial statements. However, as companies continue to outsource
an increasing array of business activities that affect their critical
operations, the need for third party assurance continues to increase
beyond the traditional financial statement scope limitations of
SAS 70. The following questions will be discussed:
What are the key business drivers that are leading to the increased
need for third party assurance? What are the various types of third
party assurance products (i.e., SAS 70 Type I/Type II, Agreed-Upon
Procedures Reports, WebTrust? and SysTrust?)? When do you use a
SAS 70 vs. an Agreed-Upon Procedures and what are the related benefits?
What are the components of a SAS 70 report and how do I read a SAS
70 report? What are subservice organizations and when should carve-out
or inclusive methods be used? What are the various testing approaches
used by public accounting firms? How can you derive value from a
SAS 70 or assurance service?
A panel of public accounting and user organization professionals
will discuss these and other questions related to SAS 70s and third
party assurance services. They will also share insights into proposed
SAS 70 changes currently under consideration by the American Institute
of Certified Public Accountants (AICPA), key dates for review/approval
of the new guidance and potential impact to user and service organizations.
Attendees will receive two (2) hours of Continuing Professional
Education (CPE) credit.
About the Speakers
Jan is an Executive Director in the Business Advisory Services (BAS)
Practice of Grant Thornton’s Chicago office. He oversees the
local Information Technology (BAS IT) group and directs Grant Thornton’s
National Information Security and Privacy Task Force in the US.
With over 25 years of experience, Jan has helped multinational companies
in health care, banking, life sciences and telecommunications develop
strong internal IT controls for enhanced reliability and regulatory
compliance. He has served as concurring reviewer on numerous SAS70
attestations for both public and private companies. Jan is a Certified
Information Systems Auditor (CISA) and Certified Information Systems
Security Professional (CISSP).
Vince is a Director in the Business Advisory Services (BAS) Practice
of the Grant Thornton LLP Chicago office. Vince has more than 17
years of auditing, consulting and industry experience, including
9 years with Grant Thornton. He currently leads many consulting,
internal audit services and SAS 70 projects for a wide-array of
publicly traded businesses with international operations. Vince
has also worked with the National Practice Quality Review Team to
review SAS 70s for compliance with Firm and Professional Standards.
He has publicly spoken on many topics related to internal controls,
governance, risk and compliance. He is a member of the Grant Thornton
SAS 70 National Task Force. Vince is a Certified Public Accountant
(CPA), Certified Internal Auditor (CIA) and Certified Information
Systems Auditor (CISA).
Thursday, December 10th
Chicago Chapter Holiday Reception: December 10th
at the Metropolitan Club - 66th Floor of Willis Tower
Lastly, please SAVE THE DATE for our annual ISACA
Chicago Chapter holiday reception. This year, our event
will be held the afternoon of Thursday, December 10th
at the Metropolitan Club on the 66th floor of Willis Tower. We are
extremely excited to welcome Dr. Patricia H. Werhane as our keynote
speaker. Dr. Werhane is an acclaimed scholar on the subject of business
ethics and presently serves as the Wicklander Chair of Business
Ethics in the Department of Philosophy and Executive Director of
the Institute for Business and Professional Ethics at DePaul University
with a joint appointment as the Peter and Adeline Ruffin Professor
of Business Ethics and Senior Fellow at of the Olsson Center for
Applied Ethics in the Darden School at the University of Virginia.
When: December 10th, 2009
Time: 1:30pm - 6:00pm
Where: Metropolitan Club - 66th Floor of Willis Tower (Formerly
known as the Sears Tower)
CPE: 1 hour
Physical Security: Photo ID required for entry into the building
November 9-10, 2009
Securing and Auditing Your Web-Enabled Applications | Two Day Technical
Training Seminar
Focus and Features
The recent avalanche of government regulatory initiatives, litigations,
and intensified attacks on Web-based applications, along with traditional
information asset protection, have significantly raised the stakes
on the importance of secure application design, testing, certification/accreditation,
and audit. In addition, IT applications have become more complex
and frequently rushed to market by commercial IT product and internal
developers, increasing the business risks and the challenges to
applying and verifying reliable security safeguards.
In this information-packed two-day seminar you will cover key building
blocks and significant risks, and systematically sort through the
available safeguards in today's complex Web-enabled, multi-tiered
applications. We will place special emphasis on a control point
definition and transactional analysis approach to application design,
security, and auditing within the context of robust but practical
enterprise architecture and governance models. Case studies, demonstrations,
and checklists will provide reinforcement and enhanced comprehension
of complex design, safeguard concepts, and best practices.
Learning Level: Intermediate
Prerequisite: Auditing Application Systems Development
(ITG212) or Intermediate IT Audit School (ITG241). A basic understanding
of TCP/IP networking and associated network applications is assumed.
Bonus: You will receive the Standard Edition of
the MIS Swiss Army Knife Reference listing hundreds of valuable
resources for you and your organization.
Who Should Attend: Information Security Managers
and Analysts; IT Managers, Auditors, and Architects; Security Architects;
Application Certification Specialists, Consultants, Architects and
Developers.
Speaker: Ken Cutler, CISSP, CISA, CISM
Ken Cutler is the Vice President of Information Security at MIS
Training Institute, where his responsibilities include directing
MIS’ infosecurity public training programs. In addition, he
sets strategy for MIS’ information security certificate programs.
He is also the principal consultant for Ken Cutler & Associates
(KCA), an independent information security consulting firm.
Previously, Mr. Cutler headed up companywide information security
programs for American Express Travel Related Services and Martin
Marietta Data Systems. His responsibilities at these major corporations
included developing security policies and standards, creating awareness
programs, conducting security risk assessments, providing consulting
services, and guiding security technology selection on a worldwide
basis.
Mr. Cutler has over 25 years of experience in information security,
auditing, quality assurance, and information services. His industry
experience includes insurance and financial services, natural resources,
manufacturing, government contracting, consulting and training.
An internationally recognized expert in the information security
and audit fields, Mr. Cutler is the primary author of the widely
acclaimed Commercial International Security Requirements (CISR),
which offers a commercial alternative to military security standards
for system design. He has also published works on network security,
security architecture, wireless networks, and single sign-on. Mr.
Cutler has been an active participant in international government
and industry security standards initiatives, including the President’s
Commission on Critical Infrastructure Protection, Generally Accepted
System Security Principles (GSSP), Information Technology Security
Evaluation Criteria (ITSEC), and the US Federal Criteria. He previously
served on the Member Advisory Council for the International Information
Integrity Institute (I-4) and as an Advisory Member of the ISSA
Board of Directors.
A much-in-demand speaker and consultant, Mr. Cutler frequently
lectures and provides hands-on consulting services in the areas
of information security management and architecture, network vulnerability
testing, Unix and Windows-based systems, Internet/Web security,
dial-up/remote access security, wireless security, and local area
network security. He has lectured at many major industry and regional
professional association events, including US and international
COMDEX shows in 1997-2002.
Mr. Cutler is frequently quoted in popular trade publications such
as Computerworld, Information Security, CIO Bulletin, Healthcare
Information Security Newsletter, InfoWorld, InformationWeek, HP
Professional, HCPro - HIPAA Compliance Insider, and Bank Systems
and Technology. He also served as technical advisor on the Editorial
Advisory Board of SC Magazine. Mr. Cutler was featured on Crime
Talk, broadcast on the Talk America Radio Network, and on MyTechnology
Lawyer Web casts.
What You Will Learn
1. Web Application Architectures
Client/server and middleware security for multi-tiered applications
Contemporary application building blocks
Web application control points
Middleware and security application program interfaces (APIs)
Hypertext transfer protocol (HTTP) and uniform resource locator
(URL) essentials
HTTP state management: cookies, hidden fields, view state, query
strings
Locating control points and mapping associated sources of security
services in complex, multi-tiered applications
2. Web (HTTP) Server Security and Audit
Web server configuration / operational and security features:
web server configuration best practices
user authentication and web-based single sign-on
access control and server lockdown procedures
session encryption: Secure Sockets Layer (SSL)
web server security audit logs and intrusion detection systems
Comparing and contrasting security features for prominent web servers:
Apache, Microsoft IIS, Sun Java System Web Server (iPlanet/NetScape)
Perils and protections for remote Web application development: Frontpage,
WebDAV, Expression Web, SharePoint
Application firewalls and intrusion prevention systems
Tools, techniques, and checklists for securing and auditing Web
servers
3. Security in Web Application Software Design
Sorting out the Web application environment building blocks and
tools
Common vulnerabilities and attacks on Web applications: brute force
attacks, privilege escalation, cross-site scripting, SQL injection,
buffer overflow
Server-side web page scripting security: SSI, CGI, ASP, ASP.NET,
PHP, JSP
Mobile code security: Java, ActiveX, VBScript, JavaScript, AJAX
Best practices for input validation and error handling
Software testing and assurance tools and techniques
Tools, techniques, and checklists for secure application design
4. Web Application Servers
Roles, architecture, and security control points for XML-oriented
development environments and associated Web application servers
Assessing available security services and associated design best
practices for the two prevailing Web application server environments:
Microsoft .NET Framework and associated ASP.NET components
Java 2 Enterprise Edition (J2EE)
Demystifying web services and Service Oriented Architectures (SOAs)
Tools and techniques for securing and auditing Web application servers
and web services
Contact:
Mr. Norm Spielman
Phone: 312-356-2265
norman.spielman@us.thewg.com
Cancellation Policy:
In the event the ISACA–Chicago Chapter (the "Chapter")
cancels a program, seminar or course, registrants who have prepaid
will receive a full refund. In the event a registrant cannot attend
a program, seminar, or course, the Chapter requests notification
two (2) weeks prior to the date of the event. Generally, the Chapter
does not charge registrants a cancellation fee or penalty. However,
at its discretion, the Chapter may assess a fee up to the full amount
of the registration fee for “no-show registrants” to
offset Chapter expenses related to the event. Substitution of another
individual for a confirmed registrant will be accepted at any time
prior to the date of the event.
| Price: |
Regular (Sep 19, 2009 - Nov 03, 2009) |
| Registrant Type Price |
|
| General |
US $250.00 |
| Non-Members |
US $500.00 |
Thu Nov 12, 2009
3:00 - 5:00p Enterprise Firewall Configuration and Design
Enterprise firewall infrastructures can be mistakenly overlooked
when it comes to prioritizing security initiatives. Most vendor
provided tools cannot validate the impact of changes to the firewall.
This leaves most firewalls, which are costly and time consuming
to manage and maintain, incapable of protecting the hosts they were
installed to protect. Most enterprises, who value defense in depth
and a comprehensive security program, are unaware that their firewalls
are configured to allow dangerous traffic without their knowledge.
Cost: Free! to members; non-members $20
CPE: Two (2) hours
Thursday, October 8th, 2009
Register: http://www.123signup.com/calendar?Org=isaca-chicago
Location: UBS Tower – 2nd Floor Michigan I
Time: 3:00 pm to 5:00 pm (registration from 2:30 to 3:00 pm)
Cost: Free! to members; non–members $20
CPE: Two (2) hours
Join us for two highly relevant discussions on business continuity
planning and analyzing results of a business impact assessment (BIA)
versus a quantified risk assessment (RA).
Topic No. 1 – Business Continuity Planning
Eight years after September 11th, Business Continuity Planning
(BCP) continues to be of vital importance for organizations today.
Cyberterrorism and threats to our critical infrastructure persist,
and organizations must remain vigilant in their efforts to protect
organizational assets. This discussion will take a “back to
basics” view of BCP by re-visiting several key principles
such as:
• Board and senior management responsibilities
• Risk assessment and planning
• Preventative measures
• Monitoring and testing
The discussion will be framed by relating these principles to threats
we face today – such as, pandemics.
Topic No. 2 – What We Can Learn from the Results of BIA vs.
a Quantified RA
Downtime has an economic impact and it no longer takes a catastrophe
to experience a severe economic loss. The Business Impact Analysis
(BIA) has been promoted as an effective tool for business continuity
planners as a method to understand the criticality of downtime and
focus planners on the resource needs of essential corporate functions.
While the BIA may be appropriate for planning efforts but it has
inherent limitations for anything less than catastrophic event and
many organizations have found that this method falls far short of
expectations.
The BIA approach falls short because it is focused on recovery efforts
rather than mitigation actions. It has been well established that
reducing defects and avoiding failures leads to lower cost of operations
because prevention can be more than five times more cost effective
than recovery. Prevention is arduous when there are an overwhelming
number of threats that can disrupt service and cause economic loss.
In this presentation you will learn the inherent limitations and
shortcomings of the fashionable BIA, as well as, how to devote the
right amount of scarce resources to the right problem.
About the Speakers
Dennis Wenk — As a Senior Director, Mr. Wenk has consulted
worldwide with large Fortune 500 customers; Generating demand for
new innovative service areas, leading consulting engagements, and
managing new, evolving organizations in over 20 different countries
– tackling some very challenging, complex, and ambiguous problems.
He has performed quantitative operational risk assessments that
were used to justify the significant investments required to build,
transform and maintain resilient infrastructures; he has performed
technology assessments, IT consolidation and transition strategies,
and developed site selection criteria for complex heterogeneous
technology consolidations.
Dennis has worked at Hitachi Data Systems as a Principal Business
Consultant, Senior Global Solutions Architect, Consulting Project
Executive and Director of High Availability Solutions. His background
also includes experience with IBM Global Network as an Outsourcing
Project Executive; Comdisco where he was Western of Director Technology
Consulting; KPMG where he was Senior Manager, Group Leader for IT
Operations and Transformations, as well as Heller Financial where
he served as VP/Information Processing. Dennis Wenk earned an MBA
in Accounting and Finance, BS in Computer Science from Northern
Illinois University. He is a certified Information Systems Auditor
(CISA), Certified Data Processor (CDP), and Certified Systems Professional
(CSP), certified in ITIL Service Management. He was awarded Best
Management Paper by Computer Measurement Group.
Dean Jones — Dean is a long term member of the IIA and ISACA,
both in the United Kingdom and United States. He has served as President
and board member, and brings a great deal of passion and enthusiasm
to the roles held and the Chapter itself. Dean has worked in the
financial services sector for 17 years of which 16 has been as an
Internal Auditor in the United Kingdom, Switzerland, Canada and
currently in the United States for Zurich North America. He has
and continues to provide audit focus on all areas of general and
life insurance including information technology. After having achieved
certificates for investment management and languages (French and
German), Dean is currently studying for the CFSA certification in
December. He is also working with IIA personnel in the Chicago region
to establish a financial services and insurance committee to provide
support and represent those IIA members who work in these areas.
Register: http://www.123signup.com/calendar?Org=isaca-chicago
When: Thursday, October 8th, 2009
Location: UBS Tower – 2nd Floor Michigan I
Time: 3:00 pm to 5:00 pm (registration from 2:30 to 3:00 pm)
Cost: Free! to members; non–members $20
CPE: Two (2) hours
Tripwire’s Founder and Chief Technology Officer,
Gene Kim – Change & Security Patch Management
Tripwire’s Founder and Chief Technology Officer, Mr. Gene
Kim, will be facilitating an in–depth discussion on change
and security patch management best practices. This 2–hour
session will explore questions such as:
Why should I care about more effectively managing change in my environment?
What are the critical change and patch management controls?
What questions should I ask to better understand the effectiveness
of change and patch management controls?
Where should the internal auditor begin?
Please note, this event was re-scheduled from a prior date.
Register: http://www.123signup.com/calendar?Org=isaca-chicago
When: Tuesday, September 29th, 2009
Location: Marriott Lincolnshire Resort (corner of Rt 22 Half–Day
Rd and Milwaukee Ave. in Lincolnshire)
Time: 3:00 pm to 5:00 pm (registration from 2:30 to 3:00 pm)
Cost: Free! to members; non–members $20
CPE: Two (2) hours
Cancellation Policy:
In the event the ISACA–Chicago Chapter (the "Chapter")
cancels a program, seminar or course, registrants who have prepaid
will receive a full refund. In the event a registrant cannot attend
a program, seminar, or course, the Chapter requests notification
two (2) weeks prior to the date of the event. Generally, the Chapter
does not charge registrants a cancellation fee or penalty. However,
at its discretion, the Chapter may assess a fee up to the full amount
of the registration fee for “no-show registrants” to
offset Chapter expenses related to the event. Substitution of another
individual for a confirmed registrant will be accepted at any time
prior to the date of the event.
Registration:
To register for these events, please click the following link: http://www.123signup.com/calendar?Org=isaca-chicago
September 10th, 2009
Click
here to view the presentation!
The Changing US and Global Privacy and Data Protection
Regulatory Landscape: As Viewed Through the Lens of the HITECH Act
Privacy and data protection laws were previously viewed to be a
European compliance and risk issue—but not anymore. As these
laws proliferate, privacy and data protection is now a concern for
all companies operating within the US and globally. Further, privacy
compliance obligations are expanding and enforcement efforts are
being stepped up everywhere—posing significant new challenges
for companies as they manage the personal information of their employees
and customers. Our speakers will discuss the current global and
US privacy and data protection regulatory environment and how corporate
operations are being required to change to meet these new requirements.
They will place a particular focus on the recent developments in
the healthcare privacy environment as a result of the HITECH Act
to explore the privacy and data protection developments that US
and multinational companies in all industries can expect to face
in the near future.
Please join us for a networking reception at River's Restaurant,
immediately following the meeting.
About the Speakers
Amy Yates — As a Director at Deloitte, Amy Yates advises domestic
and international clients on a wide range of privacy and data protection
issues. In her role, she works with her clients on developing business
solutions that can be implemented across organizations to address
increasingly complex data protection requirements. Prior to joining
Deloitte, she served as the Chief Privacy Officer for Hewitt Associates
LLC where she established and led Hewitt’s Privacy Office
and its global privacy program for many years. Prior to that, she
served as the acting privacy officer at Andersen.
Amy is a graduate of the Georgetown University School of Foreign
Service and she received her J.D. degree from Northwestern University
Law School. Amy is a Certified Information Privacy Professional
(CIPP), a member of the Board of Directors of the International
Association of Privacy Professionals, and a member of the Board
of the HITRUST / Ponemon eLearning Program Advisory.
David Reitzel — As a Senior Manager, David Reitzel is a national
leader within the Health Sciences – Provider Practice, with
a strong focus on security, privacy and business controls. David
has had over thirteen years of business, finance and technology
experience within commercial industries, which includes Non-For-Profit,
Education and Healthcare industries. David has helped clients develop
and implement enterprise strategies and programs for managing information
and technology risks, specifically related to the management of
financial and operational data, deployment of integrated financial
reporting, and compliance with security and data privacy laws and
regulations as well as internal control requirements. David is a
graduate of Carthage College with degrees in Business Administration
and International Business and he received his M.B.A from the University
of Illinois.
Register: http://www.123signup.com/calendar?Org=isaca-chicago
When: Thursday, September 10th, 2009
Location: UBS Tower – 2nd Floor Michigan I
Time: 3:00 pm to 5:00 pm (registration from 2:30 to 3:00 pm) ***Networking
reception immediately following the event at River’s
Cost: Free! to members; non–members $20
CPE: Two (2) hours
August 31, 2009
On August 31, 2008 the Chicago Chapters of ISACA and the IIA held
a joint session entitled, "Compliance and Use of Social Networking
Tools in Your Business." Close to 100 professionals attended
a three hour morning session at Chicago's Gleacher Center. The program
was moderated by Francine McKenna, President of the ISACA Chicago
Chapter and author of the blog, re: The Auditors. She facilitated
presentations and a panel discussion of these tools from the user's
perspective by Jason Moriber, Principal, Director of Marketing Communications,
Wise Elephant, a marketing strategy social media and design firm,
Tricia Bassett, VP, Financial Monitoring and Controls Manager for
Re:Sources, the shared services organization supporting Publicis,
the global media company, Amahdy E. Bradley, Associate Director
of Compliance & Security for Re:Sources, an ISACA member, a
CISA and a CGEIT, and Jim Huddleston also an ISACA member and a
CISSP, CISM, CIPP, CGEIT who is Global Director, Information Security
for Re:Sources.
The presentations below describe how professionals are both using
social media and social networking tools and technology (a.k.a.
Web 2.0) and managing them within their organizations. Tools used
both personally and professionally such as corporate blogs, Facebook,
Twitter, YouTube, Wikis were discussed as well as approaches to
managing and controlling the potential risks (i.e., legal, regulatory,
internal audit, IT security, etc. ) for your organization.
The session was videotaped. A link to the video will be found on
the blog, re: The Auditor later this week along with an analysis
of the results from the survey responses from session participants.
Jason
Moriber's presentation can be found here.
Tricia, Amahdy, and Jim's
presentations are here.
August Meeting: Solutions for Managing End-Point
Security
When: August 5th, 2009
Location: UBS Tower - Michigan Ballroom
Time: 3:00 pm to 5:00 pm
Cost: Free! to members; non-members $20
CPE: Two (2) hours
We'll start the meeting with Daniel Dec from Fusion Risk Management
facilitating a discussion on the business case for managing End-Point
controls and the vulnerabilities that exist. Wayne Johnson from
Promisec will then give a presentation discussing various options
to manage End-Point controls while utilizing an clientless solution.
We'll take an interactive approach so bring your questions and challenges
and we'll also demonstrate how auditors can use tools to review
the controls around End-Points while enforcing compliance.
Business professionals need transparent, rapidly-implemented, low
overhead solutions that seamlessly seek out internal network security
weak spots, vigilantly monitor electronic end point activity, and
quickly respond to suspicious network events in real time. Plus
Auditors can use the same solutions to measure their own requirements
for compliance and risk reporting. From a single PC or laptop, Promisec's
CEM quickly shows you every endpoint and server in your network
and checks for compliance. Promisec then identifies & removes
any non-compliant agent (software). The presentation will consist
of a demonstration of the power and lexibility you will have with
a software product that gives you audit and remediation control
over your end points.
About Daniel Dec, CISA, CISM,
Dan is a past President and long time board member of the Chicago
ISACA chapter. Holding positions as a Partner with PriceWaterhouseCoopers,
Chief Security Officer of Conseco, and now as Senior Vice President
with Fusion Risk Management, Dan has designed, implemented and managed
a wide variety of systems and business controls.
About Wayne Johnson,
Wayne is currently the Director of Sales for the Midwest at Promisec
and has been in the security industry since 1996 and in the IT Vendor
channel since 1981 supporting Midwest clients ranging from selling
word processors to today's high technology security products and
services. Currently Wayne is the Information Systems Security Association
Chicago Chapter President, AITP Security Co-Chair and Bartlett Lions
International Vice President.
Cancellation Policy:
In the event the ISACA–Chicago Chapter (the "Chapter")
cancels a program, seminar or course, registrants who have prepaid
will receive a full refund. In the event a registrant cannot attend
a program, seminar, or course, the Chapter requests notification
two (2) weeks prior to the date of the event. Generally, the Chapter
does not charge registrants a cancellation fee or penalty. However,
at its discretion, the Chapter may assess a fee up to the full amount
of the registration fee for “no-show registrants” to
offset Chapter expenses related to the event. Substitution of another
individual for a confirmed registrant will be accepted at any time
prior to the date of the event.
Two Day Technical Training Seminar – Internet Security
and Oracle Database Security
Richard Cascarino, MBA, CISM, CIA, CFE will be teaching a two–day
summer training seminar on Internet/E–commerce and Oracle
database security. Richard is a consultant and lecturer with over
29 years experience in IT, Internal and Forensic auditing education
and is author of the following books:
· Auditor’s Guide to IS Auditing
· Internal Auditing - an Integrated Approach
When: July 13th and 14th, 2009
Location: UBS Tower – Michigan Ballroom
Time: 8:00 am to 5:00 pm
Cost: Value Priced! $250 for members; $500 for non–members
CPE: Fifteen (15) hours
Annual Boat Cruise and Joint Networking Event with the
ISSA
Annual meeting and dinner boat cruise outing – this year,
we are please to welcome the Chicago Chapter of the Information
Systems Security Association (ISSA) as well. In addition, we are
also pleased to welcome our guest keynote speaker, Mr. Russ Gates,
Principal, DuPage Consulting LLC. Russ is a senior business executive
with significant experience working with senior and board level
executives, with a focus on enterprise risk management, corporate
governance, and information security and technology risk management.
When: July 9th, 2009
Location: Navy Pier, Spirit of Chicago
Time: 3:00 to 6:00 pm
Cost: Only! $20 for members and their guests
CPE: One (1) hour
June Meeting - 6/10/09
Information Security Breaches: Detection, Response
and Management | Plus! Networking Cocktail Reception
Kirkland & Ellis Partner, Mr. Jeffery Norman and Navigant Consulting
Managing Consultant, Mr. Aaron Philipp, NSA IAM Certified, will
be facilitating a panel discussion of industry experts, including
Mr. Wayne Cerne, UBS AG, Head of IT Security and Mr. Esteban Rockett,
Motorola, Senior Counsel, related to the topic of incident management
and response:
· Case study that explores best practices for creating,
managing, and sustaining incident management capabilities
· Information preservation and investigation
· Legal response – avoiding potential pitfalls
· Communication mandates
· Lessons learned – autopsy of a Security Breach/Response
Following the session, please stay for a networking cocktail reception,
immediately following the presentation!
When: June 10th, 2009
Location: Kirkland & Ellis LLP
300 North LaSalle
Chicago, IL 60654
Time: 3:00 to 5:00 pm – networking reception to follow
Cost: Free! to members (members are encouraged to bring a member
of their in–house counsel)
CPE: Two (2) hours
MCLE : Two (2) hours (Illinois)
May Meeting - 5/21/2009
Click
here to access documents from the May meeting.
A Presentation on the "New Requirements/Standards for IT
Governance" will take place at our May 21's meeting.
May 21 Topic: Spotlight on New Internal Auditors'
(IIA) International
Standards for the Professional Practice of Internal Auditing: IT
Governance and related new IT audit standards raises the bar for
our
profession
Description: New Standard for IT Governance
On January 1, 2009 the Institute of Internal Auditors (IIA) issued
International Standard 2110.A2, which states:
The internal audit activity must assess whether the information
technology governance of the organization sustains and supports
the
organization's strategies and objectives.
Compliance with this new standard presents a unique opportunity
to align
IT activities and performance with business operations, while
simultaneously complying with this new IIA International Standard.
Effective IT governance provides visibility of IT management's ability
to achieve its objectives, adapt quickly to the changing business
environment, manage risks and identify continuous improvement
opportunities for business and IT outcomes.
Our speakers will discuss these the new IIA International Standards
and
the positive impact they will have on the IT Auditing profession
and the
organizations we serve.
Speakers and Bios:
Tom Luick, Associate Director, Protiviti IT Internal Audit
Tom is an Associate Director in Protiviti's IT Internal Audit solution
with more than 10 years of experience leading Internal Audit, SOX,
and
IT consulting engagements. He has extensive experience in planning
and
executing risk assessments, IT compliance and audit activities,
and IT
strategy consulting services. Tom's principle areas of practice
include
assisting clients with value-added IT Audit capabilities needed
to help
companies protect their investment in IT through identifying critical
IT
risk areas and delivering relevant, timely recommendations. Tom
assists
in clients' efforts to improve IT governance capabilities including
defining IT strategy, and implementing IT processes and procedures.
Dan Roth, Manager, Protiviti IT Internal Audit
Dan Roth is a Manager in Protiviti's IT Internal Audit
solution. He is a
Certified Information Systems Auditor (CISA) with six years of
consulting experience focusing on the execution and project management
of Internal Audit, Sarbanes-Oxley, and IT consulting engagements.
Date April 21, 2009
Registration: 1:30
Training Session: 2:00 - 4:00
What happens when three forces in audit controls join forces for
a training event? Come join us on April 21st and find out in person!
The IIA NW Metro Chicago Chapter and the Chicagoland ISACA Chapter
are proud to present internationally acclaimed Gordon Smith
from Canaudit presenting:
"Corporate Insecurity: Pillaging Information Assets,
Destroying Established Reputations"
Corporations, governments, and universities have one thing in common.
They have all been targets of hackers and dishonest employees. All
of these institutions not only had to perform costly remediation,
but their issues were widely reported in newspapers across the land
and around the world. Clearly, traditional control structures have
failed! Servers, databases and even outsourced operations are exposed
to pillagers! Executive management is not only embarrassed, but
they feel that they have been deceived by incorrect assurances from
middle managers, security staff and even auditors that their systems
and data were safe. They provided management with a false sense
of security based on testing and verifying antiquated controls that
are not effective against the skilled cyber-thief.
The event is graciously hosted by Motorola in their state of the
art auditorium.
The Motorola Campus is located in Schaumburg, Il at Algonquin and
Meacham Rds. Please enter through the Visitor's Entrance located
on Algonquin Rd. Tell the guard you are attending a training session
in the Corporate Tower Auditorium and ask that he direct you to
the Tower, Door 50. You may park in Visitor's Parking. If Visitor's
Parking is full, you may park in the Employee Lot. Upon arrival
into the building you will be escorted to the Auditorium.
Earn 2 Cpe's for only $40
Thursday, April 16th, 2009
Topic: Ensuring Security and Integrity of Company
Data Resources in a Downsizing Climate
Click
here for a copy of the presentation!
Description: This presentation is based on a whitepaper
from RSM McGladrey by the same title. The focus of the presentation
is to discuss what IT Auditors should consider during their audits
of IT environment given today’s down turning economy. The
speaker will discuss areas to focus on and identify what risks may
be exaggerated depending on how IT environments manage the demands
of the economic downturn.
Speaker: Lowell Smith
Title: Manager, RSM McGladrey’s Technology Risk Management
Services group
Company: RSM McGladrey
BIO: Lowell has 29 years of information systems
experience. Prior to joining RSM McGladrey he performed SOX IT audits
and general security audits serving clients in the financial services,
broadcasting, printing and manufacturing industries. Before these
consulting experiences, Lowell held lead roles in implementing data
security programs at privately held companies in the financial services
sector. He was also responsible for internal IT audits and for responding
to client-led security audits. Lowell’s current areas of concentration
include SAS 70 review services, information systems security control
reviews, Sarbanes-Oxley (SOX) information technology (IT) compliance
consulting services and business continuity planning.
March 2009 Monthly Meeting
3/19/2009
Topic: A Preview of the upcoming International Financial Reporting
Standards (IFRS)
Description: This presentation will provide an overview of IFRS
including adoption dates, a Case Study explaining the process and
impacts and a panel discussion. The globalization of business and
finance has led to the successful mass adoption of IFRS by over
12,000 companies in over 100 countries. The convergence of US GAAP
to IFRS and its impact on IT audit will be discussed.
Speaker: Heather Paquette, Midwest IFRS Leader – IT Advisory
Services
Louis Manello, Director of Transaction Services
Company: KPMG
Suburban Chapter Meeting
ISACA’s Chicago Chapter is pleased to announce that is has
teamed with the ISSA and Motorola to offer its members an opportunity
to attend an educational meeting to be held at the Motorola campus
in Schaumburg. In addition to the fantastic agenda we’ll also
have the opportunity to network with members of the ISSA as well
as ISACA members who do not generally make it to our Downtown Chicago
chapter meetings. We appreciate Motorola’s hospitality in
allowing our membership to attend.
To attend, simply send an email or call John Kinyon (contact information
is listed below) and let him know that you will be attending and
that you are a member of ISACA.
Meeting Information:
2:45 - 3:00 -- Refreshments and networking, Innovation Center Auditorium
3:00 - 4:00 -- Converged Security presentation, by Bill Boni, Corporate
Security Officer, Motorola
Motorola recently combined the loss prevention, investigations and
information protection teams to safeguard the company's people,
business operations and intellectual property. Learn why and how
this was done, and hear about the plans, goals and anticipated benefits
from the architect and leader of the converged organization.
Bill is one of the leading information risk management practitioners,
with broad experience in all aspects of creating, sustaining and
transforming protection organizations. He is Responsible for global
policy, processes and operations, and develops solutions for internal
and external customers to cost effectively manage risks that could
adversely impact the company's brand, reputation and customer credibility.
He has direct experience with Federal/state governments, high technology,
biotech, aerospace/defense and banking segments and operations in
mainland China.
4:00 - 5:00 -- Building a Successful Data Classification Program,
by John Kinyon, CISM, Motorola
In 2007 Motorola updated its information classification standards
and procedures to be more relevant and practical. The briefing will
review the business drivers for this change, how the change was
accomplished, and describe the lessons learned.
John has been involved with information protection at Motorola since
1991 and has been a Certified Information Protection Manager since
2004. He helped research, develop and roll-out Motorola's new information
classification program, and is responsible for Motorola's security
policies and standards. John contributes to awareness/education,
IT process improvement, and risk assessment and management activities.
5:15 -- Interested people will meet for drinks and appetizers at
the Ram Restaurant & Brewery
5 minute drive from Motorola, near IKEA (north of Woodfield Mall).
Driving directions will be provided at the meeting.
http://www.theram.com/illinois/schaumburg.shtml
Please direct RSVPs and questions to:
John J. Kinyon, CISM
Motorola Asset Protection Services
1303 E. Algonquin Road, Schaumburg, IL 60196
Cell +1 (847) 815-0582
mailto:John.Kinyon@Motorola.com
February 2009 Monthly Meeting 2/19/2009
Topic: An in-depth discussion on the causes of data breaches,
and how to prevent them
Description: This presentation on the 2008 Data Breach
Investigation Report and supplement will give internal auditors
insight into what policies and procedures were not followed that
at least a contributing factor if not a major factor in 90% of the
Data Breaches included in the study. In those 90%, if company policies
had been followed at least once per year the vulnerabilities would
not have been a factor. Learn more about the "Unknown Unknowns".
Speaker: David Ostertag
Title: Investigations Manager, Investigative Response
Company: Verizon Business
BIO: David has more than 25 years of investigative
experience in the government and security arenas. Dave coordinates
the forensic investigations conducted by the investigative response
unit worldwide. Dave has taken the lead on many of the highly publicized
large data compromise investigations over the past few years. In
addition, Mr. Ostertag is considered a leader in criminal and civil
investigative techniques, is a certified expert witness and is a
frequent instructor and speaker on the topics of data compromise
investigation and international criminal organizations.
January 2009 Monthly Meeting
DATE: Wednesday, January 28th, 2009
LOCATION: UBS Tower
TIME: 3:00 to 5:00 pm (networking reception from 5:00 to 6:00 pm)
Click here for a link to the
presentation
We are ready to kick-off our first chapter meeting of the year
and pleased to welcome presenter Katie Jensen, Navigant Consulting,
who will lead a panel discussion on the topic of e-discovery. The
panel will include Dave Tonisson, Sonnenschein Nath & Rosenthal
LLP and Rick Schoeneck, Accenture.
Working with your legal department: Understanding the legal lingo
and how to avoid costly errors and improve your professional value
in the marketplace. A panel discussion on hot legal and e-discovery
topics including a case study on how IT can affect the outcome of
litigation.
Agenda to include:
* Providing the definition of e-discovery
* How to avoid costly mistakes
* Case studies of past projects
Given the topic, we are offering a complimentary invitation to a
member of your legal department. General MCLE credit
for this presentation is available in Illinois for attorneys. If
you are interested in having a member of your legal department join
you at this event, please indicate in your email registration. Registration
is limited to the first 100 respondents. A networking reception
will follow the presentation from 5:00 to 6:00 pm.
Logistics
Detailed information about the event, location etc. can be found
by visiting on http://www.isaca-chicago.org/meetingschedule.html.
Reserve your seat today by emailing on isacachicago@gmail.com.
November 20, 2008
Overview of IT Audit Job Market
Key Skills, Trends, and Other Food for Thought
Update:
Click here to view the presentation
October 27, 2008
Presentation to DePaul: Panel Discussion regarding IT issues in
today's environment.
Update: Click here
to view the presentation
September 16, 2008
Speakers Glenn Harkabus and Scott Shinners
from Deloitte & Touche will present the following topic:
Title: "Evolving Your IT Internal Audit
Function"
Update:
Click here to view the presentation
Discussion of emerging practices and trends in IT
Internal Auditing
Hot topics or key risk areas such as continued globalization of
IT, increasing regulatory complexity, green or eco-friendly IT,
cost containment, data quality to name a few will also be discussed
|
