2004 K. Wesley Snipes Award - ISACA – Los Angeles Chapter

ISACALA.org
LA Chapter
Information Systems Audit and Control Association
March 2005
Inside
ISACA-IIA Joint
Meeting .............1&3
President’s Message ...2
2004 K Wesley
Snipes Award .........2
Security Alliance ........5
Spring Conference .....6
Academic Relations ...7
Call for Papers ..........7
News Update ...........8
New Members .........11
Employment ...........12
Spring Conference
Board ....................22
Celebrating the chapter’s 35th anniversary included (left to right): Mario Damianides,
International President; ISACA and IT Governance Institute; Gerald Conroy, Partner,
PricewaterhouseCoopers; Howard “Bud” Friedman, Founder and Past International
President (1973-1974); Debbie Lew, Past Los Angeles Chapter President (19992000); Thomas Phelps, Los Angeles Chapter President; Eugene Frank, Founder
and Past International President (1971-1972); and, Robert Roussey, Immediate Past
International President; ISACA and IT Governance Institute
Chapter Officers
MARCH 9 MEETING NOTICE
Schedule/Form .....17
CISM Exam
Prep Workshop .....20
CISA Exam
Review Courses ...21
President
Thomas Phelps IV, CISA
PricewaterhouseCoopers LLP
president@isacala.org
(626) 590-9995
Vice President
Cheryl Santor
CISSP, CISM, CISA
Metropolitan Water District
of Southern California
vicepres@isacala.org
(805) 795-2057
Secretary
Anita Montgomery
CIA, CISA
Countrywide Financial
Corporation
secretary@isacala.org
(805) 520-5482
Treasurer
Martin Rojas
PricewaterhouseCoopers LLP
treasurer@isacala.org
(213) 217-3309
The Los Angeles Chapter of the Institute of Internal Auditors
proudly presents:
Integrated Auditing, XBRL, and Enterprise Risk
Management - Integrated Framework
A Joint Full-Day Seminar and Luncheon with LA-ISACA
Wednesday, March 9, 2005
Featuring:
Glen L. Gray of California State University at Northridge
David McKenzie and Lyn Takemura of Wells Fargo
Gerald C. Riss of Metropolitan Water District (MWD) of Southern
California
March 2005
President’s Message/Calendar
President’s
Message
BY
THOMAS
PHELPS IV
V
alentine’s Day has always been my
favorite holiday. It’s a day when
we are reminded of what is important
– and we give our hearts to the special
people in our lives.
On February 14, 2005, the Los
Angeles Chapter received a Valentine’s
Day gift.
ISACA International notified us
about earning the 2004 K. Wayne Snipes
award for the Best Very Large Chapter
in North America.
Cheryl Santor, Vice President, and I
will be accepting this award on behalf
of our chapter at the 2005 Global
Leadership Conference in Las Vegas on
April 23, 2005.
Megan Maynard, ISACA Chapter
Relations Coordinator, said in her email, “The competition was very intense
this year, and you should be extremely
proud of the hard work your chapter put
forth in order to earn this distinction.”
I am immensely grateful and humbled
to serve with the outstanding volunteers
who comprised the 2003-2004 Board of
Directors and Volunteers.
Please join me in thanking these
individuals. They spent their lunch hours
and Saturdays to passionately devote
their time to the chapter.
It seems appropriate to be notified
of earning the 2004 K. Wayne Snipes
award on Valentine’s Day.
I know you’ll agree that these warm
and fun-loving people have a lot of
heart.
Page 2
2004 K. Wesley Snipes Award
ISACA Los Angeles Chapter
2003-2004 Board of Directors and Volunteers
In special recognition of receiving the 2004 K. Wesley Snipes
Award, the 2004-2005 ISACA Los Angeles Chapter
Board of Directors would like to thank the following volunteers.
2003-2004 Officers
• Thomas Phelps IV, President
• Cheryl Santor, Vice President and Programs Chair
• Anita Montgomery, Secretary
• Andrea Daverio, Treasurer
2003-2004 Directors
• Larry Hanson, Past-President and Chief Operations Officer
• Debbie Lew, Spring Conference Chair
• David Lowe, Seminars Chair and Spring Conference Committee
• Greg Ash, CISA Review Chair
• Edson Gin, Academic Relations Chair
• Frank Ness, Spring Conference Vice-Chair and Newsletter Editor
2003-2004 Associate Directors
• Mark Stanley, Membership Committee Chair
• Sandy Geffner, Reservations Chair and Spring Conference Committee
2003-2004 Other Volunteers
• Chris Chung, Spring Conference Committee
• Fred Gallegos, Marketing Committee
• Peter.C.Hewitt, Webmaster
• Bruce Hoffman, Marketing Committee Chair
• Lisa Kinyon, Spring Conference Committee
• Roger Lux, Employment Chair
• Mike Mauro, Elections
• Michelle Quan, Audit Chair and Layout Editor
• Carin Ruiz, Hospitality Chair
• Constance Slack, Membership Committee
• Gary Wong, Academic Relations and Spring Conference Committee
• Amanda Xu, Academic Relations and Spring Conference Committee
ISACA-IIA Joint Meeting
March 2005
Page 3
Registration Procedures:
1)
You may register online at http://www.theiia-la.org/html/events.htm or via email at registration@theiia-la.org or contact
James Borella at (310) 228-1319 or Kevin Trainor at (310) 228-1312
2)
You may register for the half-day seminar (price includes lunch) or luncheon only
3)
Provide the following: Name, Organization, Membership status, Meal choice (prime rib, salmon or vegetarian)
Location:
Lawry’s The Prime Rib
100 North La Cienega Blvd.
Beverly Hills, CA
(310) 652 - 2827
Time:
7: 3 0 a.m. - 5:0 0 p.m. ( Registration starts at at 7:30 for seminar and 11:00 for luncheon)
Rates
Members Non-Members Full-time Students
Full Day*
$150
$160
$80
Half Day*
$80
$90
$45
Luncheon Only**
$35
$40
$15
* Lunch is included ** $30 Price per person for five or more
members from the same organization
Payment Methods: Cash and Checks (made payable to LA-IIA) only.
7:30am - 8:00am
8:00am - 9:40am
9:50am - 11:30am
11:30am
12:00pm - 1:00PM
1:15pm - 3:00pm
3:15pm - 5:00pm
Registration and Breakfast
Integrated Auditing – Once More Back to the Drawing Board, presented by David McKenzie and Lyn Takemura of Wells Fargo
Integrated Auditing (continued)
Lunch Served
XBRL: What does it all mean? presented by Glen L Gray, PhD - California State University of Northridge
A Parallel Course - SOX/ERM, presented by Gerry Riss of Metropolitan Water District of Southern California
A Parallel Course (continued)
Topic Descriptions :
Integrated Auditing - Once More
Back to the Drawing Board at Wells
Fargo
Technology audits, especially those
focused on business applications, have
changed dramatically over the last
15 years. From a time when it was
completely separate from other audit
disciplines to a time when it was so
integrated with business auditing that it
almost disappeared, application auditing
continues to evolve. In response
to trends of the time, Wells Fargo
adopted “integrated auditing” only
to find limitations with this approach
in large and complex technical
environments. Current technology
trends and the realities of a highly
incongruent technology environment
also had their impacts. The presentation
outlines the strategies and tools recently
developed to help business auditors
identify and quantify technology risks,
and it emphasizes how the business
perspective should be leveraged. The
processes outlined result in a workable
inventory of business applications that
inherently include higher technology
risks and demonstrate sufficient
coverage of general computer controls.
The presentation goes on to discuss
current risk analysis strategies that
make strong distinctions between risks
associated with technology management
organizations and risks associated with
business applications. It explains why
such distinctions are useful and result
in an efficient definition of audit scope.
Throughout, the presentation shows how
application auditing can be engineered
to leverage the increasing expertise and
specialization that both technology and
business auditors must process.
The presentation will cover the
following:
• Evolution of Integrated
- Auditing Autonomy and bliss.
- Helping your pals.
- This ain’t so tough.
- Oh-oh, back to the future.
• Annual Planning Strategies
- Isn’t everything technology risk?
- This hurts my head!
- A rose by any other name. . .
- Did someone steal the machine?
• Technology Risk Analysis
- There are two sides to every risk.
- We make the magic happen.
- So buddy, what’s it do?
- All together now.
• Conclusions and discussion
See ISACA-IIA, page 4
March 2005
ISACA-IIA
continued from page 3
XBRL: What does it all mean?
The SEC is allowing companies to file
supplementary XBRL documents with
their 10-Qs and 10-Ks. Next year, the
FDIC will require banks file their quarterly
call reports using XBRL. Major software
companies are incorporating XBRL into
their software. XBRL International, which
promotes and supports XBRL adoption,
includes approximately 250 companies
and agencies worldwide working
together to build the XBRL language.
Today’s presentation will help answer the
questions: What is XBRL? What does it
mean to my organization? What does it
mean for internal auditors?
A Parallel Course - SOX/ERM
Mr. Riss will navigate us through
historical events shaping the current
business environment. Mr. Riss will
provide an overview of the Sarbanes
Oxley 2002 Act (SOX), its impact on
corporate governance, and identify
corporate governance participants. Mr.
Riss will discuss SOX implications
on publicly traded entities, as well as
non-profit agencies. He will also take
us through components of the COSO
Enterprise Risk Management (ERM)
Integrated Framework and discuss internal
audit’s role in ERM and how it relates to
the rest of the organization, as well as its
stakeholders.
Speaker Profiles:
David McKenzie, CISA, CIA, CPA
David is a Vice President and IT
Audit Manager at Wells Fargo, and is
responsible for managing audits of its
core business applications. His team
develops and executes audits of business
applications, focusing on systems and
business applications managed by the
Chief Information Officers supporting
each of Wells Fargo’s major businesses.
David joined Wells Fargo in 2002
from PricewaterhouseCoopers (PwC)
where he was a senior manager in the
firm’s financial services practice in San
Francisco, Brussels and Los Angeles.
ISACA-IIA Joint Meeting
Between 1998 and 2001, David managed
PwC’s engagement with Euroclear, the
world’s largest cross-border securities
clearing organization, where he evaluated
risks and controls associated with several
strategic projects, including European
Monetary Union, mergers with securities
clearing organizations in France, Belgium
and the Netherlands and the establishment
of Euroclear Bank, as an independent
European institution.
David received his bachelor’s degree
in economics from the University of
California at Davis, his MBA in industrial
operations from the University of
Wyoming and his master’s of science
degree in information systems from the
University of Colorado at Boulder.
Speaking with David is his colleague, Lyn
Takemura.
Lyn Takemura, CISA
Lyn is a Senior Audit Project Leader
responsible for conducting audits of the
core business applications. Lyn re-joined
Wells Fargo in 2000 from a consulting
position with Visa, International Systems,
now known as Inovant. Prior to Inovant,
she was with Wells Fargo from 1990 to
1997, as information Systems Auditor.
Lyn has over 30 years experience in the
banking industry. She started her career
in computer operations and systems
development, which led to what was then
called EDP Auditing. She has worked for
small community banks as well as major
banks such as Bank of America.
Glen L. Gray, PhD, CPA
Glen L. Gray, PhD, CPA, is a professor in
the Accounting and Information Systems
Department of the College of Business and
Economics at California State University
at Northridge. He has been a member
of the XBRL International consortium
since January, 2000. He was a member of
the FASB Electronic Delivery Working
Group, which published “Business
Reporting Research Project: Electronic
Distribution of Business Information.” He
was a co-author of the IASC’s publication,
“Business Reporting on the Internet.”
He has authored four research reports
published by the Institute of Internal
Page 4
Auditors Research Foundation, including:
“Changing Internal Audit Practices in
the New Paradigm: The Sarbanes-Oxley
Environment” (2004), “Assurance
Services within the Audit Profession”
(2000), “Enhancing Internal Auditing
through Innovative Practices”(1996),
and “Business Management Auditing:
Promoting of Consulting Auditing”(1994).
Before joining the academic world, Dr.
Gray was a consultant with national CPA
firms and an engineer at an aerospace
company. He has a BSEE from Michigan
Technological University; an MBA from
the University of California, Los Angeles;
and a Ph.D. from the University of
Southern California.
Gerry Riss, CFE
Gerry Riss is the General Auditor for
Metropolitan Water District (MWD) of
Southern California, the region’s major
water importer and wholesaler.
Mr. Riss brings over 25 years of audit,
accounting and risk management
experience to Metropolitan. His
responsibilities include reviewing
internal controls, financial records and
reports, developing a flexible annual
audit plan, determining compliance with
bond covenants and applicable laws and
regulations, ascertaining that assets and
resources are properly accounted for and
safeguarded against waste, loss or misuse,
and administering Metropolitan’s contract
for audit services. Mr. Riss reports to the
Board of Directors and is accountable to
the Audit Committee.
Prior to Metropolitan, Mr. Riss was Vice
President and Assistant Division Head for
the Risk Management Administration at
United California Bank/Bank of the West.
He also served as Senior Vice President,
Director of Risk Management and General
Auditor of Tokai Bank of California.
Mr. Riss earned a bachelor’s degree
in accounting and a MBA in financial
accounting from Wayne State University
in Detroit, Michigan. He is certified as a
fraud examiner, financial services auditor,
risk professional and has completed the
certified public accountant examination.
March 2005
ISACA and Security Alliance
Page 5
Important Announcement about ISACA and Security Alliance
A
s an ISACA member/
CISM/CISA, you
will be interested
to learn of an exciting new
initiative ISACA is pursuing
on behalf of the security
profession. Late in 2004,
ISACA began discussing with
Information Systems Security
Association (ISSA) and ASIS
International the possibility
of a joint effort to address the
increasing convergence of
the information and physical
security roles. Those discussions
have progressed to a formal
agreement, with the result that
ISACA, ASIS International and
ISSA will form a global alliance
to lead the convergence of
security and protection functions
within enterprises. Taking an
integrated approach to security,
the Alliance will bring together
more than 80,000 global
security professionals and draw
on the collective strength and
experience of organizations that
have actively supported security
professionals for a combined
total of more than 100 years.
The Alliance’s primary
objectives are to:
1. Define the capability
requirements of the converged
security manager role. The
Alliance believes that security
should be a board-level concern
and an enterprisewide function.
That level of responsibility
requires leadership by qualified
professionals who embody the
converged security approach.
We can help ensure that level
of qualification by creating
a road map to define the
qualification and training
requirements for the CISO/CSO
role. Once those requirements
are defined, the Alliance will
focus on developing, delivering
and facilitating the necessary
training programs and resources.
2. Enable more effective
management of enterprise
security risks. The alliance will
help businesses address security
challenges by defining models
that encompass qualitative
and quantitative aspects of
risk, enabling a more effective
understanding of business
impact. We plan to devise
methods to quantify security
performance, to ensure that the
value of security efforts are
measured and communicated.
And, we will support
information sharing among
members so that the best and
most current security solutions
can be made available.
3. Promote a common security
management voice to legislators
and government agencies.
The Alliance believes that it
takes the combined efforts of
legislators, regulators, business
and security management to
develop effective solutions to
security problems. Each group
has unique needs. Legislators
and regulators need insight into
business risk and remedies;
we can provide that. Security
management needs to speak
with a unified voice to ensure
that all aspects of regulatory
requirements and legislative
enactments are considered;
we can facilitate that through
our combined worldwide
memberships.
We believe ISACA members,
CISMs and CISAs will benefit
in a very direct way from the
research, education, legislative
influence, business solutions and
other activities undertaken by
the Alliance.
The creation of the Alliance
was announced February 16
at the RSA Conference in San
Francisco (California, USA).
ISACA is very excited to
have this opportunity to work
with two other respected
organizations in this field, and
we look forward to the support
the Alliance will provide the
security profession. If you have
any questions, please feel free
to contact Ron Hale, ISACA’s
director of security initiatives, at
rhale@isaca.org.
Spring Conference
March 2005
2005
Spring
Conference
BY
DEBBIE LEW,
CISA
SOUTHERN CALIFORNIA’S LEADING
CONFERENCE FOR IT GOVERNANCE,
CONTROL, SECURITY AND ASSURANCE
Make plans now to attend the 31st
annual Spring Conference. This
conference will provide affordable
quality training on fundamental I.S.
Auditing concepts and emerging
technology risks, and an opportunity
to network with other auditing and
security professionals. The Spring
Conference will address the complex
issues facing professionals responsible
for information assurance, IT risk
management, security and governance.
Industry experts will be on hand
to provide solutions and practical
approaches to enable and equip you to
meet the challenges ahead.
The conference features enhanced
coverage of compliance issues
involving HIPAA, GLBA, SarbanesOxley and the California Privacy Law;
controls issues including applications
of COBIT; and information security
issues including Intrusion detection
and protection, wireless network
security, and cybercrime. In addition,
an entire track is devoted to tools and
techniques to provide practitioners
an opportunity to help each other
solve real problems and develop
best practices. The opening keynote
Page 6
panel profiles senior management
from various industries discussing
their experience with Sarbanes-Oxley
and their thoughts for post SarbanesOxley.
An insert of the program schedule
and registration is included in this
newsletter. You should have received
a full brochure in the mail. Don’t be
disappointed. Register early! Register
online! www.isacala.org. Places in
the pre-conference workshops and
conference sessions are limited. For
information or questions please email
conference@isacala.org.
Debbie Lew
Los Angeles, ISACA
2005 Spring Conference Chair
www.isacala.org
Many leaders from various associations came out to celebrate and provide good wishes for the chapters anniversary including (left to right): Dan Manson, President, ISSA Inland Empire; Ray Bejerano, President, IIA San
Gabriel Valley, Stan Stahl, Vice President, ISSA Los Angeles, Lou Breckenridge, President, IIA, Orange County;
Steve Hudoba, President, IIA Los Angeles; and Todd Weinman, Past President, ISACA San Francisco Chapter
March 2005
Academic Relations and
Research
BY
AMANDA XU
STUDENT VOLUNTEERS
NEEDED FOR ISACA 2005
SPRING CONFERENCE
ISACA LA is looking for student
volunteers for the Spring Conference.
This is an excellent opportunity to
attend a professional conference for
free and to network with working
professionals. Many student
volunteers have found full-time
positions as a result of contacts made
at past conferences. The dates are
April 10 - 13. Anyone interested
should contact Academic Relations
at academicrelations@isacala.org or
abxu@kpmg.com, as we are currently
in the process of finalizing all plans.
The deadline for submission is March
14, 2005.
Academic Relations
STUDENT LIAISON PROGRAM
ISACA-LA is searching for one to
two student representatives from
each local college and university to
promote ISACA-LA events (dinner
meetings, Spring Conference, CISA
Review, summer picnic, etc...)
Academic Relations offers free
student membership for the selected
student representatives. Contact
academicrelations@isacala.org for
more information.
ISACA STUDENT MEMBERSHIP
(ONLY $25)
Two years ago the ISACA
International Board of Directors
approved the reduction of ISACA
Student Membership Dues. The
International dues for students have
been reduced from US $60 to US
$25 annually. Also, student fees are
waived for the Los Angeles Chapter.
To facilitate the 58% reduction
in dues, the benefits that students
Page 7
receive by mail will now be available
electronically. Most notably, the IS
Control Journal will be made available
exclusively online via the web site.
Please visit ISACA’s student site at
http://www.isaca.org and click on the
link “Students & Educators” for more
information.
VOLUNTEERS NEEDED FOR
2005 SUMMER PICNIC
ISACA Los Angeles would like to
have a summer picnic for students,
volunteers, and members for
networking and fun in the sun. We are
inviting students from local colleges
and universities to participate. We
are looking for ISACA members and
students of LA and Orange County
colleges and universities to promote
and assist with the 2005 Summer
Picnic planning event. Please join our
volunteer committee by contacting
Amanda Xu at abxu@kpmg.com or
academicrelations@isacala.org.
CALL FOR PAPERS
FREE DINNER MEETING
Students have an opportunity
to publish an article in our local
newsletter and attend our dinner
meeting for free. Submit a short
article on an emerging technology
emphasizing audit, security,
and/or controls to Amanda Xu at
abxu@kpmg.com or academicrela
tions@isacala.org. If the article is
selected and published, the student
will receive a complimentary dinner
meeting. Newsletters are published
quarterly and up to three articles may
be selected.
Dear ISACA-LA members,
We are seeking articles to include in future editions of our newsletter. The
newsletter provides a forum for you to contribute to the continuing education
of our members. This is an excellent opportunity to receive recognition for
your areas of expertise among the ISACA family and to raise your profile
among the professionals in your field. Our readers have expressed interest in the following areas: IT security and governance, audit and controls,
information assurance, compliance issues, tools and technologies, and
emerging issues. Please send your submissions to news@isacala.org. We
really look forward to hearing from you!
Mary Ma
ISACA-LA Newsletter Editor
March 2005
COBIT ONLINE
An online version of COBIT,
brought to you by ISACA and the
IT Governance Institute®. ISACA
members have Basic Subscriber
access, which includes the ability to
browse all of COBIT (except the IT
control practices), search, download
PDFs, secure access to survey results
and gain access to the discussion area.
It is available at www.isaca.org/
cobitonline.
INTERNATIONAL CONFERENCE
19-22 June 2005
Oslo, Norway
The International Conference is
celebrating its 33rd year as the
world’s leading executive and
management forum for IT governance,
control, security and assurance
professionals. This highly interactive
three-day conference focuses on
the IT challenges that can impact
organizations today and in the future.
For additional information, please visit
www.isaca.org/international.
RESEARCH PROJECT
SPOTLIGHT
Security Harmonization—
Classification of Guidance
The role of the information security
manager has evolved over the past
few years from an essentially ITfocused role to that of a business/IT
hybrid. At the same time, numerous
security standards, codes of practices,
methodologies, etc., have been
News Update
developed and published, all with
the purpose of providing some level
of direction or support for security
objectives.
The purpose of this technical study
is to provide the CISM holder with a
guide to the better-known and more
widely available information security
documents. In all, more than 17
standards/guidance were evaluated
across a number of criteria, enabling
information security managers to
identify those that may be most
appropriate for improving their own
skills and knowledge or most useful
within their organizations.
The full study includes insights
learned from a global survey of
CISMs. The results are targeted for
release in the first quarter of 2005.
Managing Enterprise Information
Integrity: Security, Control and Audit
Issues
The IT Governance Institute (ITGI)
has completed a research project on
information integrity. Professional
and academic literature addressing
information integrity was used to
develop a framework, which was
validated by practitioners.
The resulting publication summarizes
the findings of the project and provides
recommendations that will be of most
interest to data/information quality
managers, assurance providers and
educators. The publication is available
in the ISACA Bookstore, www.isaca.
org/bookstore.
Page 8
COBIT Mapping: Mapping of ISO/
IEC17799:2000 With COBIT
This new publication demonstrates
how these two standards are
interrelated and how the detailed
information requirements of ISO/
IEC17799:2000 can be integrated with
COBIT. Almost 1,000 information
requirements were mapped to 318
COBIT control objectives.
The document is a profound source
of information for all stakeholders
responsible for, and interested in, IT
governance and information security
management and their respective
controls. It is especially useful for IT
and information security managers
who hold the responsibility to
address these issues, especially when
implementing COBIT, ISO/IEC17799
or both.
This detailed mapping document is
posted for complimentary download
at www.isaca.org/research. It is
available along with the previously
released high-level publication COBIT
Mapping: Overview of International
IT Guidance.
COBIT SECURITY BASELINE
COBIT Security Baseline is now
available for purchase at the ISACA
Bookstore, www.isaca.org/bookstore,
and is available as a free PDF
download from www.isaca.org.
The pre-release version of Security
Baseline was made available to
ISACA members and CISMs only.
See News Update, page 9
March 2005
News Update,
continued from page 8
This guide is based on Control
Objectives for Information and related
Technology (COBIT), which covers
security in addition to all the other
risks that can occur with the use of
IT. This guide focuses on the specific
risk of IT security in a way that is
simple to follow and implement for
the home user or the user in small
to medium enterprises, as well as
executives and board members of
larger organizations.
As a result of feedback from
the recipients of the pre-release
version, the publication has been
slightly refined, including minor
improvements in the cross-referencing
of COBIT to ISO17799 and the
addition of points to the survival
kits. The publication includes the
survival kits on separate cards for easy
access and use. These cards are also
available separately from the ISACA
Bookstore in packets of five for each
user category to provide flexibility
in ordering material to support
organizational needs.
STUDY NAMES CISA AND CISM
“HOT” CERTIFICATIONS
According to a recent study conducted
by Foote Partners LLC, the CISA and
CISM certifications are among the
hot certifications to watch over the
next 12 months.CISA is also listed
in the study as a strong certified
skill and was named by Foote
Partners in September 2004 as the
certification that gained the most
News Update
value in the past 12 months. Results
of the study, published in “IT Insider
Compensation Benchmarks and
Employment Trends,” were compiled
from direct interviews with 45,000
North American and European IT
workers in 1,860 private and public
sector organizations.
INFORMATION SECURITY
GOVERNANCE—TOP ACTIONS
FOR SECURITY MANAGERS
Information Security Governance:
Guidance for Boards of Directors and
Executive Management, published by
ITGI in 2001, provides background on
why information security is important.
Its focus is on what the board and
senior management should do to
fit information security within the
governance framework. Information
Security Governance—Top Actions
for Security Managers furthers that
research by taking the list of questions
that appeared in the original book and
creating a list of specific actions for
information security managers and
CISOs. It addresses:
• Uncovering the information security
issues in an enterprise from a business
and management perspective
• Dealing with management’s
perception of information security and
security risk management issues
• Positioning information security
as a component of IT and business
governance
Page 9
• Establishing requirements to ensure
that information security governance
is successfully implemented within
the enterprise
The research report is targeted for
release in the second quarter of 2005.
IT GOVERNANCE
DOMAINS PRACTICES AND
COMPETENCIES
The IT Governance Institute is
conducting a survey of executives
around the globe. An in-depth
personal interview is being held
with 200 IT directors and managers
for feedback on the following five
domains:
• Obtaining a return on IT investments
• Performance management
• Risk management
• IT alignment—IT strategy
committees
• Managing IT resources—
outsourcing
The results of this survey, along
with the research for the five areas
of IT governance, are expected to
be complete during the first quarter.
Release will be toward the end of the
first quarter of 2005.
See News Update, page 10
March 2005
News Update,
continued from page 9
ISACA MODEL CURRICULUM
FOR IS AUDIT AND CONTROL
In September 2004, ISACA released
this new edition of its model
curriculum. If you are aware of a
school that offers such a program
or class, or is thinking of offering
one, please take a look at the
comprehensive model, which is posted
at www.isaca.org/modelcurricula.
COBIT IN ACADEMIA
A new ISACA deliverable has been
created for the university setting. This
robust package contains a:
• Student Book
• PowerPoint deck of 80 slides for
professors
• Comprehensive case study
• Several smaller caselets
COBIT in Academia is being
announced to as many university
professors as possible, including
well-recognized business schools, the
American Accounting Association
(AAA) and the European Accounting
Association (EAA). Many additional
schools focused on information
systems management, information
security management, auditing or
information systems auditing, that do
not have an accounting focus, would
also benefit from these materials.
News Update
Academics can receive this
complimentary electronic publication
by completing a questionnaire at
www.isaca.org/cobitinacademia.
Page 10
BOOKSTORE UPDATE
Please remind those preparing for
the CISA exam of the CISA study
aids available through the ISACA
Bookstore:
• CISA Review Manual 2005
(Available in English, Italian,
Japanese and Spanish)
NORTH AMERICA CACS
24-28 April 2005
Las Vegas, Nevada, USA
North America CACS is well known
for addressing the complex issues
facing professionals responsible for
information assurance, security and
governance. The 2005 conference
will offer more than 70 sessions and
eight optional workshops all designed
to increase your knowledge and
technical proficiency. For additional
information or to download the
preliminary brochure, please visit
www.isaca.org/nacacs.
LISTSERVS OR DISCUSSION
FORUMS:
ISACA and ITGI have established
several listservs to enable interested
parties to find the group most suited
to their professional interests. Each
of the six listservs offers excellent
opportunities to share advice,
seek assistance and raise pertinent
questions. Please visit www.isaca.
org/listservfor more information.
• CISA Review Questions, Answers
& Explanations CD-ROM 2005
(Available in English and Spanish)
• CISA Review Questions, Answers
& Explanations Manual 2005
(Available in English, Japanese and
Spanish)
• CISA Review Questions, Answers
& Explanations Manual 2005
Supplement (Available in English,
Italian, Japanese and Spanish)
For those preparing for the CISM
exam, ISACA offers:
• Certified Information Security
Manager (CISM) Review Manual
2005 (Available in English)
• CISM Review Questions, Answers
& Explanations Manual 2005
(Available in English)
• CISM Review Questions, Answers
& Explanations Manual 2004
(Available in English and Japanese)
• Certified Information Security
Manager (CISM) Review Manual
2004 (Available in Japanese)
For more information or to place
an order, please visit www.isaca.
org/cisabooks or www.isaca.org/
cismbooks.
New Los Angeles Members
March 2005
Page 11
Welcome New Members!
Name
Company
Winnie Qiu
Name
Company
Duane Doucette
Amgen
Robin Byon
Ernst & Young LLP
Brian Garcia
Amgen
Peter Papaioannou
Deloitte & Touche, LLP
Sonia Luna
SOX Solutions
Alin Gharapetian
Syed Peeran
Mohammad Nayeri
Deloitte & Touche LLP
Cheng-Wei Cheng
Neostone International
Chris Stoneley
Treasury Bank
Gerald Conroy
PricewaterhouseCoopers LLP
Jennifer Kuo
Farmers Insurance Group, Inc.
Joanne Nhan
California State University, Los Angeles
David Melnick
David Melnick
Carlo Bayani
Washington Mutual
Eric Rasmussen
Ernst & Young LLP
Bonnie Saxe
Washington Mutual
Keith Walk-Green
KPMG LLP
Sevan Irmak
Aida Avanessian
KPMG LLP
Carolyn McGrath
Amgen
Mark Jimmerson
San Francisco State University
Marilu Surma
Nissan North America, Inc
Jena Lee
WellPoint, Inc.
Bob Cancilla
IGNITe/400
Joan Wong
KPMG LLP
Christopher Wu
Donna Boswell
Deloitte & Touche LLP
Charmaine Heather
Geovane Sandoval
Mattel, Inc
Edward Sommer
Charles Buresh
Bottom Line Consulting, Inc.
Brian Li
Ernst & Young LLP
Ricardo Linder
Ministério da Defesa
Kevin Thoeng
Ernst & Young LLP
Hungchih Liu
Red Chamber Co.
Joaquin Licea
ITT Technical Institute
Rick Dukhovny
DTS
Dori Daniel
The Siegfried Group, LLP
Ka-Yu Fung
Cal Poly Pomona
Lisa Garay
City of Hope National Medical Center
Jason Ho
Ernst and Young LLP
Joseph Reddy
WEB3M Incorp.
Anthony Reyes
PricewaterhouseCoopers LLP
Anne Moore
University of Phoenix
Steven Gin
BDO Seidman, LLP
Deanne Herbers
Ernst & Young LLP
Ray Joanne Leyva
OSI Systems, Inc.
Robert Thayer
Engemann Asset Management
Puneet Pandey
KPMG LLP
Luca Palombi
Mansour Bighamian
KPMG LLP
Roy Hernandez
Office of Thrift Supervision
Jacqueline Valentin
Jefferson Wells
Shirley Johnson
WellPoint
Jonathan Kesterson
PricewaterhouseCoopers LLP
Eve Polyachenko
BPPC
Christopher Garlington
Ernst & Young LLP
Linda Antwi-Addo
Michael Goay
USC Annenberg Center
Bob Harman
Michael Muro
City of Hope
Devroy Barnett
Terri Tyler
Terroid Computing
125th Digital Solutions
Consulting
Ryan Ung
PricewaterhouseCoopers LLP
Edward Chavannes
Ernst & Young LLP
Tu Huynh
Steven Garcia
Saima Khan
Saima Khan Hyper Tech
Regina McDuel
Panavision, Inc.
Robert Lai
SystemGate Consulting
Terry Belter
FDIC
Richars Eyers
Experian
Carin Ruiz
Bank of the West
James Pu
LACERA
Marshall Nu
Ernst & Young LLP
George Chigogidze
KPMG LLP
Ed Tobias
March 2005
Employment Opportunities
Employment Ads
BECKMAN COULTER, INC.
Senior Internal Auditor - Information
Technology
Fullerton, CA
Job Description:
• Review entities to assess internal
controls, operational practices and
compliance with company policies
and regulatory requirements with
focus on information technology.
• Plan and conduct complex IT and
integrated audit projects that will
include ERP post implementation
evaluations, general computer and
application controls assessments and
other specialized technical reviews.
• Experience in the development of
computer assisted audit techniques
using ACL and other tools desirable.
• Must have excellent interpersonal
and communication skills (written and
verbal).
Qualifications:
• Requires a BA in Information
Technology, or business related field
with a minimum of 4 years IT Audit
experience.
• CISA, CISSP, CIA or CPA
credentials preferred.
• Second language fluency is highly
desirable.
Salary Range: Commensurate with
experience.
Contact: Apply online at www.
beckmancoulter.com. Search on Job
# 02661
BECKMAN COULTER, INC.
Senior Quality Systems Assessment
Specialist
Fullerton, CA
Job Description:
• Conduct reviews of Information
Technology functions to address IT
practices and internal controls.
• Perfrom reviews to assess the
effectiveness of IT controls and
compliance with Company policies/
procedures and applicable regulatory
requirements.
• Provide relevant recommendations
to strengthen and enhance IT risk
management practicies and controls.
• Assist in year-end audit with public
accountants and special management
projects.
Experience:
• Requires a Bachelor’s degree with
a major in IT.
• Masters degree in Business
Administration, professional
certification (CISA/CIA/CPA)
desirable.
• Second language fluency is highly
desirable.
Salary Range: Commensurate with
experience
Contact: Apply online at http//www.
beckmancoulter.com
Contact Fax: (714) 961-4113
===========================
ERNST & YOUNG
Technology & Security Risk Services
Senior
Los Angeles, Irvine, San Diego, Las
Vegas, Denver, Phoenix
Page 12
Job Description:
• Participate in identification and
testing of IT processes and controls
(general & application).
• Help plan engagement and develop
work programs timelines, risk
assessments, & other doc’s.
• Work with audit team to document
business processes dependent on
information technology.
• Direct progress of fieldwork and
manage staff performance.
Experience:
• Degree in business, accounting,
finance, CS , IS, engineering and/or
other related major.
• Min. 2 yrs audit exp. for public
accounting firm or systems experience
to meet special needs.
• Advanced written and verbal
communication skills.
• Excellent leadership and teamwork
skills.
• Demonstrated integrity within a
professional environment.
Salary Range: Depends on
experience
Contact: For consideration, please
submit your résumé/CV using the
password 26514 at: http://ey.com/
ca/doorway (http://ey.com/ca/porte).
Visit our Web site at: www.ey.com.
Ernst & Young LLP, an equal
opportunity employer, values the
diversity of our work force and the
knowledge of our people.
===========================
FARMERS INSURANCE GROUP
IT Auditors (2 positions)
Mid-Wilshire, Los Angeles, CA
March 2005
Employment Opportunities
Job Description:
• Opportunities to work in a global
audit environment
• Responsibilities include conducting
IT audits and participating in
consulting engagements.
• Compensation includes
competitive salary and fully-funded
deferred profit sharing plan and
pension plan.
Qualifications:
• Progressive experience in IT
Auditing, Auditing, or IT
• Big 4 experience a plus; insurance
experience a plus
• CISA, CIA or pursuing designation
• Bachelor’s degree in Business,
Accounting, or Computer Science
• Master’s degree a plus
• Strong interpersonal skills,
communication skills, and work ethics
Contact Name: Evangeline Funda
Email : evangeline.
funda@farmersinsurance.com
Contact Fax: (323) 930-6101
===========================
FARMERS INSURANCE GROUP
Financial Auditors (2 positions)
Mid-Wilshire, Los Angeles, CA
Job Description:
• Opportunities to work in a global
audit environment.
• Responsibilities include conducting
financial and operational audits.
• Compensation package includes
competitive salary and fully-funded
deferred profit sharing plan and
pension plan.
Qualifications:
• Progressive experience in Auditing
or Accounting
• Strong GAAP knowledge
• Big 4 experience a plus; insurance
experience a plus
• CPA, CIA or pursuing designation
• Bachelor’s degree in Business or
Accounting
• Strong interpersonal skills, oral
and written communication skills, and
work ethics
Contact Name: Evangeline Funda
Email : evangeline.
funda@farmersinsurance.com
Contact Fax: (323) 930-6101
===========================
FIRST DATA CORPORATION
Technical Audit Team Lead
Denver, Colorado
Job Description:
• The Technical Audit Team Lead is
responsible for establishing objectives
for and participating in complex IT
audits and consulting projects.
• The incumbent is also responsible
for identification of required
resources, project time scales, detailed
project objectives, pre-assessment
of risk, establishing time and travel
budgets, and leading other team
members in completing analysis.
Experience:
• Bachelors degree in MIS, computer
science, or business related.
• A minimum of 6 years experience
in audit, information technology, or
process management.
• Background in mainframe,
distributed systems, and/or project
Page 13
management.
• Strong knowledge of internal audit
function and consultative skills.
• Advanced degree or professional
certification (CIA, CISA), foreign
language, or experience in major
public accounting firm.
Contact:
To apply for this position, please
complete our online application found
at www.firstdatajobs.com, requisition
001CO10400159.
===========================
FREMONT INVESTMENT AND
LOAN
IT Senior Auditor
Brea, CA
Description:
• Plan and perform complex IT
audits. Assist in IT testing during
integrated audits.
• Consult with system
implementation project teams to
provide guidance on internal controls.
• Assist in performing companywide and process specific risk
assessments.
Experience:
• Bachelor Degree in Accounting,
MIS or Computer Science
• Minimum of 3 year IT audit
experience
• CISA, CIA, CPA preferred
• Big 4 experience preferred
Contact Name: Jane Vong
Email Address: jvong@fmtinv.com
Contact Phone: 714-961-2967
Contact Fax: 714-961-2966
March 2005
Employment Opportunities
HONDA NORTH AMERICA
Senior Info Systems Auditor
Torrance, CA
Job Description:
• Primary responsibilities include
audit planning & conducting business
systems reviews, process reviews
(SDLC, BRP, etc.), and general ISD
control reviews of Honda companies,
suppliers and other Honda service
providers.
• Other responsibilities include
technical support for the department
and also working on non-technical
reviews.
Experience:
• The qualified candidate will have
an appropriate BS degree (CISA
desired) or equivalent experience
• Minimum of 10 years work
experience in pre/post implementation
reviews of manufacturing systems
(Inventory , accounting , SAP,
PeopleSoft,etc)
• Please see: http://www.
hondacorporate.com/careers/index.
html?subsection=results&location=al
l&keywords=Systems+Auditor&job_
id=
Contact:
Reply to attention of job code
HNA10499/TDD, Honda North
America, 1919 Torrance Boulevard,
MS100-1C-3A, Torrance, CA 905012746 Fax: (310) 783-2110
Responses accepted from principals
only. No emails, please. EOE/AA
Contact Fax: (310) 783-2110
JEFFERSON WELLS
INTERNATIONAL
Information Systems Auditors
Jefferson Wells International, a global
provider of professional services in
the areas of risk, controls, compliance
and financial process improvement,
has excellent opportunities for
Information Systems Audit
Professionals.
We are seeking Information Systems
Audit Professionals for a variety of
engagements including SarbanesOxley. Consultants must understand
business processes, internal control
risk management, IT controls and
related regulations for identification of
technology and evaluation of business
process risks. Consultants must also
have excellent interpersonal skills to
build positive working relationships
with clients.
Candidates should have 3 years
prior experience in audit or IT audit.
BA/BS in Business Administration,
Accounting, Computer Science,
Information Systems Administration
or related field; CPA, CIA, CISA,
preferred.
For consideration, please apply to
Jefferson Wells International
2 Park Plaza, Suite 950
Irvine, CA 92614.
E-mail: gina_colene@jeffersonwells.
com
===========================
PCAOB (PUBLIC COMPANY
ACCOUNTING OVERSIGHT
BOARD)
Manager of Inspection - Information
Page 14
Systems
Los Angeles, CA
Description:
• Develop a vigorous program of
regular and special inspections of
registered public accounting firms
(“firms”) relating to the IS Auditing of
publicly traded companies
• Fully execute the IS Audit facet
of inspection programs (interviewing
audit firm personnel; communicating/
reporting issue identification, findings,
and recommendations; etc.)
• Evaluate the firms’ assessment of
information systems and automated
accounting systems for the public
companies under review
• Determine if the firms’ engagement
team had performed appropriate
procedures to achieve the resulting
assessment
• Effectively document and
communicate any deficiencies or
weaknesses in the firms’ procedures
applied to the engagement under
review to the inspection teams
Experience:
• At least 6 years of progressively
responsible IS Audit experience with
recent experience as an external IS
Auditor at a public accounting firm.
• Strong grasp of automated
accounting systems with experience
documenting transaction flows
through various financial accounting
applications.
• Proficiency identifying automated
application controls and programmed
accounting procedures in automated
accounting systems.
• Strong knowledge and experience
performing general controls reviews
in various IS environments
• Ability to clearly explain why
March 2005
Employment Opportunities
general controls are important and the
relationship between general controls
and accounting systems.
Contact: Please view the full posting
and apply online via our Career Center
at www.pcaobus.org
===========================
PRICEWATERHOUSECOOPERS
Sr. Associate – Threat & Vulnerability
Management
San Francisco, San Jose, Los Angeles
Job Description:
• Develop work plans and lead core
security projects
• Participate in penetration testing,
system security assessments, incident
response and forensic analysis, privacy
policy development, training and
awareness program development,
security strategy development, and IT
security and privacy risk assessments.
• Support internal audit and external
financial audit projects involving
focused security and controls reviews
of information systems.
Qualifications:
• BA/BS degree required with an
emphasis in MIS/CS. CISA/CISSP a
plus.
• Mainframe, Unix, Windows
NT/2000, Netware, firewalls, Cisco
routers, intrusion detection
• Experience in security policy
development and risk assessments a
plus
• Strong oral and written
communication skills
• Ability to travel at least 50% or
greater
Contact:
Please submit resumes to our website
at: http://search.pwcglobal.com/
extweb/jobsrch.nsf/search?openform&
language=eng~country=us~interest=
===========================
SONY
Senior IT Auditor
Culver City, CA
Job Description:
• Sony Corporate of America seeks
a Senior IT Auditor primarily for our
entertainment operations in Culver
City, California.
• The position carries a wide range
of responsibilities in performing IT
audits, with emphasis on assessing
business/technology risks and controls
and providing practical, value-added
recommendations.
Qualifications:
• Minimum three years of IT audit
experience, with CISA, CISSP or other
related certifications
• A BS degree in Business, Computer
Science, Information Systems, or a
related field.
• Experience in identifying and
linking business risks to the relevant
IT audit procedures.
• Experience with IT general
controls, system development and
integrated audits.
• Experience in performing network,
web, Windows, Novell, UNIX, or
database audits.
Contact: Go to IT_
AUDITJOBS@SONYUSA.COM
PLEASE REFER TO ITSA2914
IN YOUR SUBJECT LINE. NO
AGENCY REFERRALS.
Page 15
Contact Fax: (310) 244-1919.
===========================
SONY
Senior IT (SAP) Auditor
Culver City, CA
Job Description:
• Sony Corporate of America seeks
a Senior IT Auditor primarily for our
entertainment operations in California.
• The position will perform SAP and
a variety of other IT and integrated
audits, with emphasis on assessing
business/technology risks and controls
and providing practical, value-added
recommendations
• The position requires occasional
domestic and international travel.
Qualifications:
• Working knowledge of SAP that
focuses on security over the financial
modules.
• Minimum three years IT audit
experience, with CISA, CISSP or other
related certification
• BS degree in Business, Computer
Science, Information Systems, or a
related field.
• Experience in identifying and
linking business risks to the relevant
IT audit procedures.
• Experience in performing network,
web, Windows, Novell, UNIX, or
database audits.
Contact: Go to IT_
AUDITJOBS@SONYUSA.COM
PLEASE REFER TO ITSA2914
IN YOUR SUBJECT LINE. NO
AGENCY REFERRALS.
Contact Fax: (310) 244-1919
March 2005
Employment Opportunities
V
BLUWATER CONSULTING
INC.
ALACON, INC.
“We Practice Quality”
Internal or IT Auditor
Description:
• Perform audit of internal
procedures and document those
procedures
• Help implement internal
controls as they related to Sarbanes
Oxley
• Test internal controls as they
relate to Sarbanes Oxley
The job market is now very active. As new opportunities arise, are you prepared to
take advantage? Call us now so that we know what you are looking for, and we
can alert you when “your” position is available.
Outstanding career moves and outstanding candidates don’t usually just appear
out of the blue. They are a result of effort and careful screening and matching. In
addition to his 13 years of recruiting experience, Sandy Geffner was an IS Audit
director and manager for eight years and a Big 4 consultant prior to that. He has
passed the CISA and CPA exams.
If you are looking for an opportunity that’s right for you, or a person who’s right for
your opening, let him put his 20+ years of experience to work on your behalf.
City, State: Southern California
and Seattle Washington locations
PARTIAL LIST OF JOB POSTINGS
•
Qualification and Experience:
• 5 + years Internal Audit/
Accounting or IT experience
• Accounting, Computer Science
or like degree required
• Sarbanes Oxley experience
strongly desired
• Strong documentation
experience desired
• CISA, CISSP, CIA or like
certification desired
Application Deadline: None
Salary Range: $45+ an hour or
$85,000+ a year
Contact: Please call Jill Boon
at 206-354-4114 / 425-8423105 or email resume to jill.
boon@bluwater.com
Page 16
•
•
•
•
•
•
Contract opportunities - Work on Sarbanes Oxley projects or other IT Audit
reviews. Hands on skills. Salary DOE from $50-$95+ per hour. Various
locations.
Senior / Staff IT Auditor - Full range of IT Audits (applications, general controls,
systems development, technical, audit software). AS400, UNIX +. Strong communications skills. Big 4 exp +. Travel to 30%. Salary to $60s - $80s DOE.
IS Audit Senior and Staff – Fortune 500 Company. Wide range of IS audits.
Solid IT Audit exp. SAP or Network exp ++. Work in teams and/or independently. NT, Unix, Internet. Limited Travel (to 15%). Salary $60s to $80s DOE.
IS Audit Senior – Experienced with a mix of: ORACLE, Networks, Security,
Systems, General Controls, Applications, Audit Software. Spend a few years in
audit and then move out into the company. Good interpersonal/communications
skills necessary. Salary $60s/70s.
IS Audit Supervisor / Senior – Financial Services Company. Big4+. Varying
needs. Perform applications reviews, general controls, integrated audits,
Sarbanes, etc. Domestic travel to 35% (higher the first year). 7+ yrs exp.
Strong writing skills. Salary $80s.
Call for additional oportunities.
IT Audit openings in Northern California, Pacific Northwest and Texas - call
for details.
Sandy Geffner
Phone: (626) 296-2751
Fax:
(626) 296-2760
Email: sandy@valacon.com
Valacon, Inc., P.O. Box 6136, Altadena, CA 91003-6136
www.valacon.com
Spring Conference Schedule/Form
March 2005
Page 17
ISACA LOS ANGELES SPRING 2005 CONFERENCE SCHEDULE
APRIL 10 TO 13 – UNIVERSAL CITY HILTON AND TOWERS
SUNDAY, APRIL 10, 2005
Pre-Conference Workshops
WS1 – Network Security, Gene Schultz, Lawrence Berkeley National Laboratory
8:30-4:30
WS2 – Hands-on Linux Workshop, Justin Peltier, Peltier & Assoc.
WS3 – Designing Secure Systems: An Architected Approach, Alex Woda, DynTeK
MONDAY, APRIL 11, 2005
Core
Competencies
Information
Security
Current and
Emerging
Tools and
Techniques
7:30 - 8:30
REGISTRATION and BREAKFAST BREAK sponsored by PwC
8:30 - 10:00
Keynote Session – Ballroom A
Sarbanes Oxley: Lessons Learned and Next Steps
Panel Discussion with Senior Management
10:00 - 10:20
NETWORKING BREAK sponsored by Ernst & Young
10:20 - 11:50
C1
Fundamentals of IT
Auditing
Anita Montgomery
Aleksandra Looho-Davis
Countrywide Financial
S1
11:50 - 1:10
The Good, the Bad,
the Ugly of Information
Security
Todd Barnum
Ron Dilley
Amgen
E1
The Importance of
SAS 70
in the New World of
SOX 404
Scott Coolidge
E&Y
Audit Perspective on IT
Disaster Recovery Testing
Shannon Parks, Tom Knodle
IndyMac
T1
LUNCH – Ballroom A
1:10 - 2:40
(Continued)
C1
S2A
2:40 - 3:00
Common Mistakes in
Intrusion Detection
and Protection
Gene Schultz
Lawrence Berkeley
National Laboratory
E2
What Auditors & IT
Mgmt May Not Know
About Change & Patch
Mgmt Processes
Gene Kim, Tripwire
Jay Taylor, General
Motors
Cyber Disaster-Recovery –
Planning for the Inevitable
Ed Hudson
ISS
T2
NETWORKING BREAK sponsored by Microsoft
3:00 - 4:30
Lotus Notes Audit and
Security
Rodney Kocot
Systems Control and
Security Inc.
(Continued)
C1
S2B
E3
Corporate Protection
Through Information
Control and Records
Policy Enforcement
Jeff Hatfield
Jordan Lawrence
Group
T3
So You Need to Audit
Mainframe Security for
SOX Compliance – RACF
Best Practices
Frank Ness
Honda
Spring Conference Schedule/Form
March 2005
Page 18
TUESDAY, APRIL 12, 2005
Core
Competencies
7:30 - 8:30
Information
Security
Current and
Emerging
Tools and
Techniques
REGISTRATION and BREAKFAST BREAK sponsored by KPMG
Risk, IT Governance
& Compliance
Alex Fowler
PwC
8:30 - 10:00
C2
S3
10:00 - 10:20
Impact of Regulations
on Security:
CISO Panel Discussion
CISOs from Warner
Bros., HealthNet,
Countrywide, SCE and
CB Richard Ellis
E4
Addressing the Need to
Understand Who Has
Access to What
on Your IT Systems
Jeff Kovach
KPMG
Using ACL to Prevent
and Detect Fraud
Michael Kano
ACL
T4
NETWORKING BREAK sponsored by Sygate
10:20 - 11:50
(Continued)
C2
S4
11:50 - 1:30
Eliminating Rogue
Devices From the
Corporate Network
Paul Deakin
Sygate
E5
Cyber Crime Trends
Terry Willis
LAPD/Electronic
Crimes
Task Force
T5
Taking Data Analysis
Technology to the Next
Level through Continuous
Monitoring
Fred Balcom
ACL
BUFFET LUNCH – EXHIBITION FAIR – Ballroom A & B
1:30 - 3:00
(Continued)
C2
S5
3:00 - 3:30
Live Hacking Demo
– Top Web App Attack
Methods and How to
Combat Them
Brian Christian
SPI Dynamic
E6
E-Mail Control
– Treating the Common
Cold
Jeff Hatfield
Jordan Lawrence
Group
T6
Tools to Assist in Meeting
Regulatory IT Compliance/
Policy Requirements
Paul Castillo
Countrywide
Financial Corp.
Exhibition Fair (Continued)
3:30 - 5:00
(Continued)
C2
S6
Update on Microsoft
Trustworthy Computing
and Microsoft
Security Roadmap
Ned Curic
Microsoft
E7
Identity/Access Mgmt
and
SOX 404
Tushar Padhiar &
Ayan Roy
Ernst & Young
(Continued)
T6
WEDNESDAY, APRIL 13, 2005
7:30 - 8:30
REGISTRATION and BREAKFAST BREAK sponsored by Deloitte & Touche
8:30 - 10:00
C3
COBIT Security
Baseline – Overview &
Implement. Case Study
Mark Stanley
Toyota Financial
10:00 - 10:20
S7
Wireless Network
Security – Breaking &
Fixing
Justin Peltier
Peltier & Assoc.
E8
Audit and Security
of Oracle Database
Ron Hoffer, UBOC
Bill Liao,
BDO Seidman
T7
Establishing a Sustainable
Compliance Framework
Larry Kucera
Brant Whitebread
IBM
NETWORKING BREAK sponsored by Lander International
10:20 - 11:50
(Continued)
C3
(Continued)
S7
11:50 - 1:15
(Continued)
E8
T8
SOX Compliance and
Beyond: Active Risk
Management Practices
Dr. Ed Shea
Providus
LUNCH – BALLROOM A
1:15 - 3:15
(Continued)
C3
S8
Mapping Security to the
System Development
Life Cycle
Tom Peltier
Peltier & Assoc.
E9
Choosing “Best
Practices” Frameworks
for IT Audit: COBIT,
COSO,
ISO 17799 etc.
Nelson Gibbs
Deloitte & Touche
T9
How to Secure The
Enterprise with One Tool
and One Process
Alan Wong
Bank of America
Registration Form
Universal Hilton
Universal City, CA 91608
(818) 506-2500
ISACA Los Angeles Spring Conference
April 10 - 13, 2005
(7 CPEs for a workshop and 21 CPEs for the conference!)
1. Fill in the information below
Membership Affiliation (Please check one):
ISACA
IIA
ISSA
None
Chapter Affiliation: ___________________________________________________
Membership No.: _________________________________________________
E-Mail Address: _______________________________________________________
Name: __________________________________________________________
Title: ________________________________________________________________
Company: _______________________________________________________
Telephone: ___________________________________________________________
Address:
City: ____________________________________________________________
State: ___________ Zip Code:
2. Select your session choices
Sunday
April 10
Conference Tracks
Monday
April 11
Tuesday
April 12
WS1
WS2
WS3
Information Security
Current & Emerging
Tools & Techniques
Pre-Conference Workshops
>
Core Competencies
10:20 am - 11:50 am
S1
E1
T1
S2A
E2
T2
3:00 pm - 4:30 pm
S2B
E3
T3
8:30 am - 10:00 am
S3
E4
T4
S4
E5
T5
S5
E6
S6
E7
S7
E8
S8
E9
1:10 pm - 2:40 pm
C1
10:20 am - 11:50 am
C2
1:30 pm - 3:00 pm
3:30 pm - 5:00 pm
Wednesday
April 13
8:30 am - 10:00 am
10:20 am - 11:50 am
C3
1:15 pm - 3:15 pm
T6
T7
T8
T9
NOTE: Registrants may not sign up for more than one session in a given period including “double sessions.”
3. Registration Fees (Please select your choices)
NOTE: Payment should be sent to address outlined in STEP 6.
6. Choose one of two easy ways to register
Conference Registration
Early Registration (On or before March 14, 2005)
3 Day
1 Day
Members (ISACA, IIA, ISSA)
$495.00
$250.00
Non-Members
$625.00
$315.00
Regular Registration (After March 14, 2005)
3 Day
1 Day
Members (ISACA, IIA, ISSA)
$595.00
$300.00
Non-Members
$725.00
$365.00
CONFERENCE REGISTRATION DISCOUNT: A $50.00 discount per three-day registration is
available to companies with three or more paid three-day registrants. For multiple registrations,
please use one form per person.
Workshop Registration
With 3-Day
Registration
Without 3-Day
Registration
Members (ISACA, IIA, ISSA)
$125.00
$175.00
Non-Members
$150.00
$225.00
TOTAL REGISTRATION COST
$ __________________
4. Special Arrangements
Please check the box if you prefer vegetarian meals.
Please check the box if you wish to opt-out from the conference attendee list.
5. Indicate method of payment (Mail or PayPal)
Payment enclosed. Please make check payable to: ISACA
(ISACA-LA’s Taxpayer Identification Number is 23-7294468)
PayPal payment. (ISACA-LA’s PayPal address is paypal@isacala.or
paypal@isacala.org
g)
A.
Fax completed registration form to (626) 296-2760
B.
Register online at http://www.isacala.org
C.
Mail registration form to:
Sandy Geffner, Valacon, Inc.
P.O. Box 6136, Altadena, CA 91003-6136
NOTE: Registration will not guarantee acceptance into a session unless the
payment was also received.
7. Cancellation Policy:
Cancellation requests via mail or fax received on or before March 21, 2005 for
paid registration will be eligible for a full refund. Requests received after March
21, 2005, but before April 8, 2005, will be subject to a $75.00 cancellation fee. No
refund will be issued for any cancellation request received on or after April 8, 2005.
Cancellation / refund requests must be made in writing to:
Sandy Geffner, Valacon, Inc.
P.O. Box 6136, Altadena, CA 91003-6136
Fax: (626) 296-2760
8. Questions?
For additional information about the conference, contact
Web Site: www.isacala.org
E-mail: conference@isacala.org
CISM Exam Prep Workshop
March 2005
ISACA – Los Angeles Chapter
Present
CISM Exam Preparation Workshop
Thursday - Friday, April 14 - 15, 2005
8:30 a.m. to 4:30 p.m. (Registration at 8:00 a.m. April 14)
Universal Hilton and Towers – Salon 5
555 Universal Hollywood Dr., Universal City/Los Angeles, CA
COST: $500 for members with early registration discount or $600 for all others
INSTRUCTOR: Tom Peltier, CISM, Justin Peltier, CISM
CPE HOURS: 14 CPE hours for 2 days
The Certified Information Security Manager (CISM) is designed to provide executive
management with assurance that those earning the designation have the required knowledge
and ability to provide effective security management and consulting. While the CISM’s
central focus is security management, all those in the information systems profession
with security experience will find the value in the CISM. This workshop will examine
the qualifications for the CISM five key areas (Security Governance, Risk Management,
Information Security Program Management, Information Security Management and
Response Management).
This two-day workshop is designed to provide CISM candidates with exposure to the areas
tested in the core competencies and international standards to assist in the preparation
and study for the CISM examination. Candidates will be tested on their not only their
knowledge of the topics but your ability to apply the knowledge to real world situations.
This workshop will address both of these elements.
Register early
----------------------------------------------------------------------------------------------------------SEMINAR COST:
$500
ISACA, ISSA Members with early registration discount
(Payment received on or before March 21, 2005)
$600
Non-Members or Members registering after March 21, 2005
Name ____________________________________Company _____________________
Address _______________________________________________________________
City, State, Zip Code _____________________________________________________
Telephone _______________________________ Email _________________________
Please make checks payable to ISACA, Los Angeles Chapter and return registration form
with payment to:
Sandy Geffner, Valacon, Inc. P.O. Box 6136, Altadena, CA 91003-6136. You may also
register online www.isacala.org and utilize PayPal for payment.
For additional information email: CISM@isacala.org. Please note there will be no refunds
unless the class is cancelled by ISACA Los Angeles. Enrollment in class is not guaranteed
until the payment is received by the seminar registrar and will be processed on a firstcome-first-served basis.
Page 20
CISM Exam Preparation Workshop
April 14 and 15, 2005
AGENDA
Day 1
Information Security Governance – Establish
and maintain a framework to provide assurance
that information security strategies are aligned
with business objectives and consistent with
applicable laws and regulations. The objective
of this core competency, which accounts for 21%
of the exam content, is to focus on the need for
a stable security program.
Risk Management – Identify and manage
information security risks to achieve business
objectives. This topic area is included to test
the applicant’s knowledge in the area of risk
identification and management as they relate to
business needs. This area accounts for 21% of
the exam contents.
Exam Overview – This section will review the
requirements to sit for the CISM exam and how
to maintain the certification after successful
completion of the examination process. We will
provide the attendees with techniques used by
other successful certification candidates, and
with tips on how to study and how to prepare
for an exam.
Day 2
Information Security Program – Design, develop
and manage an information security program to
implement the information security governance
framework. The topic area stresses the skills and
knowledge necessary to create and implement the
information security framework. This section
accounts for 21% of the examination material.
Information Security Management – Oversee the
internal and external resources for information
security are identified, appropriated and managed.
Candidates will have to show proficiency in their
understanding of the tools required to manage an
information security program. The topic area
accounts for 24% of the examination total.
Response Management – Develop and manage
a capability to respond to and recover from
disruptive and destructive information security
events. This section addresses the need for
development and implementation of policies
and procedures and accounts for 13% of the
exam total.
You Will Learn:
• The requirements to obtain the CISM
• Why the CISM is the certification of choice
for security professionals
• How to study for an exam
• How to take a certification exam
You’ll Take Back With You:
• Knowledge of the five core competencies
that make up the CISM
• Reference lists to improve weak areas
• A sample exam to test your readiness for
the exam
CISA Exams
June 11, 2005
Los Angeles Chapter’s
Annual CISA Review Courses
The LA Chapter is proud to offer its annual CISA Review Course. This course is designed to help
candidates prepare for the exams. The CISA course for the 2005 exam is held on six Saturdays, from
April 9 to May 14, 2005. The four-hour review sessions are held from 9 am to 1 pm and generally
cover the exam’s process and content areas:
• Domain 1: IS Audit Process (10%)
• Domain 2: Management, Planning, and Organization of IS (11%)
• Domain 3: Technical Infrastructure & Operational Practices (13%)
• Domain 4: Protection of Information Assets (25%)
• Domain 5: Disaster Recovery and Business Continuity (10%)
• Domain 6: Business Application System Development, Acquisition, Implementation, and
Maintenance (16%)
• Domain 7: Business Process Evaluation & Risk Management
Course Location:
Southern California Edison Facilities
2244 Walnut Grove, Rosemead, CA 91770
Parking is provided free of charge.
Course Materials:
Participants are strongly encouraged to purchase the CISA Review Manual 2005 from the ISACA
Bookstore. The manuals are not provided with the course. The CISA manual costs $105 for members
and $135 for non-members. To order the manual, access the ISACA bookstore or call (847) 253-1545,
ext 401.
Course Costs:
Members:
Non-members:
Part-time Students:
Full-time Students:
Register by 3/18/2005
$ 65
$135
$ 45
Free (12 units +)
Register by 4/9/2005
$ 75
$150
$ 50
$ 10
After 4/10/2005
$ 85
$160
$ 60
$ 20
Course Registration:
To register, download a copy of the registration form from www.isacala.org, pick one up at the monthly
chapter meeting or contact Greg Ash for the CISA course at (626) 302-9959 or e-mail cisa@isacala.org,
or Cheryl Santor for the CISM course at (805) 795-2057 or e-mail cism@isacala.org.
CISA & CISM Exam Registration Deadlines and Fees
Early registrations received by February 2, 2005
ISACA Member: US $325.00
Non-Member:
US $445.00
Early Registrations received by February 2, 2005
Final registrations received by March 30, 2005
ISACA Member: US $375.00
Non-Member:
US $495.00
Final Registrations received by March 30, 2005
Information Systems Audit
and Control Association
Los Angeles Chapter
PO Box 712726
Los Angeles, CA 90071
www.isacala.org
ISACA LOS ANGELES CHAPTER
BOARD OF DIRECTORS
ASSOCIATE DIRECTORS & VOLUNTEERS
Spring
Conference Chair
Debbie Lew, CISA
Ernst & Young, LLP
conference@isacala.org
(818) 703-4728
Reservations Chair
Sandy Geffner
Valacon, Inc.
reservations@isacala.org
(626) 296-2751
Employment Chair
Roger Lux
Farmers Insurance
employment@isacala.org
323-930-4053
Membership Chair
Mark Stanley, CISA
Toyota Financial Services
membership@isacala.org
(310) 468-8587
Newsletter Editor
Mary Ma
PricewaterhouseCoopers LLP
news@isacala.org
(213) 356-6305
CISA Review Chair
Greg Ash, CISA
Southern California Edison
cisa@isacala.org
(626) 302-9959
Webmaster Chair
Edson Gin, CISA, CFE, SSCP
City National Bank
webmaster@isacala.org
Spring Conference
and Marketing
Frank Ness, CISA
Honda North America
marketing@isacala.org
(310) 781-4673
Seminars Chair
David Lowe, CISA, CISSP
Sony Pictures Entertainment
seminars@isacala.org
(310) 665-6630
Academic Relations Chair
Amanda Xu
KPMG LLP
academicrelations@isacala.org
(213) 955-8552
Chief Technology
Officer
Larry Hanson, CPA, CISA, CIA
Southern California Edison
cto@isacala.org
(626) 302-9956
Newsletter Layout Editor
Don Kuo
Cal Poly Pomona
news@isacala.org
Co-Webmaster - Associate
Director
Peter Hewitt, CISA, CISSP
HealthNet
Audit Chair
webmaster@isacala.org
Michelle Quan, CPA
(818) 676-7734
PricewaterhouseCoopers LLP
audit@isacala.org
Marketing Committee
Chair
Membership Committee
Robert Brown
Constance Slack
PricewaterhouseCoopers LLP
Ingram Micro
marketing@isacala.org
membership@isacala.org
(310) 500-7957