Effective IT Governance October Meeting Details
Transcription
Effective IT Governance October Meeting Details
October 2014 Volume 7, Issue 3 2014 - 2015 Officers: October Meeting Details President Dan Sterba Effective IT Governance 2 CPEs Date: Time: Location: October 9, 2014 Registration 11:30 AM | Lunch 12:00—1:00 PM | Presentation 1:00 - 3:00 PM Brio Tuscan Grille | 502 Nichols Road | Kansas City | MO | 64112 Secretary Avanti Sulakhe CPE: 2 Credits Treasurer Anthony Canning Price: $35 members | $50 guests | $5 students Menu: Chopped Salad and Caesar Salad | Lasagna Bolognese and Chicken “Under-theBrick” | Roasted Vegetables | Mashed Potatoes | Chocolate Caramel Cake or Cheesecake | Coffee, Tea Registration: www.isaca-kc.org by 5:00 p.m. on Monday, October 6th. Vice President Steve Kerns NOTE: Actual CPE hours granted are dependent upon duration of the speaker’s presentation and may differ from the advertised number of CPE hours. Directors Ted Combs Brian Howell BJ Smith Presentation Overview: Effective IT governance leads to the efficient and effective deployment of IT resources in alignment with key business objectives. On the surface, many IT governance structures and processes can appear effective. How do we critically evaluate and work with management to provide feedback, perspective, and take advantage of what can be the biggest opportunity to add value within our company? This session will provide concrete examples of effective and ineffective IT governance elements. We will consider the utilization of key, but seldom utilized, techniques such as benefits realization. And we will also explore two case studies of organizations that failed to deliver an effective IT governance function, which led to expensive and critical project failures. In This Issue: October Meeting Details 1 KC Fall Training 2 Chapter News 3 Events Calendar 4 and North America ISRM Information News from ISACA 5 Speaker: Gordon Braun, CIA, CISA, CGEIT Gordon Braun is a Managing Director at Protiviti where he leads the Protiviti Kansas City office. For the last fifteen years, Mr. Braun has been providing IT risk consulting services across several industries. He is an active leader of Protiviti’s Central Area Internal Audit and IT consulting practice and has a particular focus on assisting clients with the management of business risks associated with the deployment and maintenance of technology. He has managed the delivery of numerous IT consulting projects related to the structure and governance of an effectively managed IT organization and is one of Protiviti’s experts in application security and controls. Before joining Protiviti, Mr. Braun was with Arthur Andersen for three years. Mr. Braun has presented at many chapters of both the IIA and ISACA, at national webinars, SAP conferences, and multiple universities in the Midwest. He is a member of the Board of Advisors for Pittsburg State University’s Endorsed Internal Audit Program and has previously served on the Board of Governors for the Kansas City IIA Chapter. The information presented and included in accompanying materials (if any) is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although the speaker and content authors endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. 1 2-Day Fall Training Coming Up in November Evaluating IT Security Management 16 CPEs Date & Time: November 11, 2014 and November 12, 2014 (8:30 am to 4:30 pm) Location: Sprint Nextel World Headquarters – Overland Park, KS (Additional parking and building information will be provided to registered attendees) CPE’s: 16 CPEs NOTE: The actual CPE hours granted are dependent upon duration of speaker’s presentation and may differ from advertised number of CPE hours. Price: ISACA Members Early-Bird: $430 (through October 31st) ISACA Regular Members: $480 (from November 1st through November 7th) Non-Members: $640 (through November 7th) Registration: Registration fees include course materials, lunch and morning\afternoon drink service. Fees must be paid promptly following registration to secure your seat and course materials if you are paying by check. Credit Card payment must be made at the time of registration. For more information or to register, visit www.isaca-kc.org/meetingReg.php. Course Description: A good percentage of internal and external IT auditors’ scope relates to information security. The assurance function must either place reliance on the management of the information function or perform extensive substantive procedures to satisfy compliance requirements. Where reliance is placed, the auditor must depend on their assertions and records of the information management function. A mature information security function will translate into reduced fieldwork. The internal auditor also is responsible for evaluating the effectiveness and efficiency of the information security function as part of their audit universe. ISO 31000 is the new standard (2009) for managing and assessing risk. But what is the risk associated with IT security management itself? An inadequate level of skill or competence in IT security management can lead to serious negative consequences for the enterprise, including: Inability to comply with statutes and regulations, such as Sarbanes Oxley, HIPAA, FISMA, PCI DSS, GLBA, Basel II, and governmental entities Lack of preparedness for security incidents and/or inability to execute a timely recovery Higher audit and insurance costs During this course, we will discuss organizational security, best-in-class security management, objectives and scope of an IT security management assessment, evaluation approaches, metrics for measuring risk associated with IT security management’s performance, and reporting approaches for maximum impact with senior management and stakeholders. For the speaker bio and more information on the course, please view the training flyer. 2 It’s Time to Renew Your Membership and Certifications Are you looking for the next step in your career? Social media can be a valuable tool in your search. It’s a great place to ... rub elbows with peers ... research employers ... and find new job opportunities. Join the discussion with ISACA-KC at: www.linkedin.co m/groups? gid=2863242 Don’t forget to renew your membership so you can continue to receive the many benefits that ISACA membership has to offer. And, if you’re a certification holder, don’t forget that December 31st is the deadline for submitting CPEs for the 2014 reporting year. Not a member? You can find mor e infor mation about the gr eat benefits of an ISACA membership and apply online at www.isaca.org/Membership/Join-ISACA. We’d love to have you be a part of the Kansas City chapter! Welcome to Our Newest Members! We’re growing! The Chapter welcomes the following new members who have joined us this summer. If you run into them at an upcoming Chapter event, please introduce yourself and give them a warm welcome. John Carney Kristen Ellis Leo Walsh Sarah Duckwitz Rahul Mosangi Robert Young Save the Dates! Upcoming ISACA-KC Meeting Info The next couple of months is jam-packed with training, interesting monthly meetings and lots of CPE and networking opportunities. Here’s what’s coming up: Date(s) Event Description November 11—12 2 day training seminar Topic: Evaluating IT Security Management November 13 ISACA monthly chapter meeting Topic: Third Party Risks December 4 Joint ISACA and IIA monthly chapter meeting Topic: 2015 Security and Privacy Headlines—Looking Ahead January 15, 2015 ISACA monthly chapter meeting Topic: ERM—Focusing on the Right Risks 3 Upcoming Events Calendar Other Events October 7, 2014 Johnson County Cyber Security Conf & Expo Olathe, KS October 9, 2014 Why Implement the NICM Cybersecurity Workforce Framework? Online webinar October 17, 2014 SecureKansasCity President Hotel, KCMO (8 CPES) October 23, 2014 Data-Centric Audit and Protection: Reducing Risk and Improving Security Posture Online webinar October 24, 2014 Final Registration Deadline for December exams (Register online and save $75!) October 28, 2014 Self-Defense Strategies to Thwart Cloud Intruders Online webinar November 19, 2014 Innotech Kansas City Business and Technology Innovation Conference (Use discount code ISACA4C for complimentary admission!) December 13, 2014 CISA, CISM, CRISC and CGEIT Exams Learn the latest on cybersecurity at ISACA’s North America ISRM Conference November 19 - 21 The tactics of cyberwarfare are constantly changing, and methods to counter attacks must adapt to keep pace. At the 2014 North America Information Security and Risk Management (ISRM) conference at CPEs Caesars Palace in Las Vegas, Nevada, ISACA will equip secur ity professionals with guidance to help defend and protect their organizations. 32 Keynote Speaker Curtis KS Levinson CDP, CISSP, MBCP, CCSK, United States cyber defense advisor to NATO, will present “Digital Doomsday—What Happens to Facebook If the World Ends?” Levinson has more than 25 years of experience in cybersecurity, information governance and continuity of operations. He has served two sitting US presidents, two chairmen of the Joint Chiefs of Staff, and the chief justice. Additionally, he has been selected by the North Atlantic Treaty Organization (NATO) to represent the US as an advisory subject matter expert on cyber defense. Levinson will help attendees prepare for the inevitable and look at how fighting the cybersecurity battle involves learning, adapting and using intelligence and creativity. Also keynoting is Alec Ross, former Hillary Clinton advisor and author, who will share “Lessons from the Cyber Battlefield.” Ross was a senior advisor to Clinton when she was secretary of state. In that role, he advanced the State Department on issues including Internet freedom, cybersecurity, disaster response and the use of network technologies in conflict zones. He will discuss how the weaponization of code has turned the Internet into a battlefield, and the best strategies to protect against cyberattackers. Eddie Schwartz, CISA, CISM, chair of ISACA’s Cybersecurity Taskforce and former CISO of RSA, will moderate the C3 panel, which will discuss what enterprises need from professionals and how to equip candidates to effectively prepare for these roles. Risk and security professionals of all levels can enhance their knowledge by attending sessions in the following tracks: Compliance, Privacy, Risk Management and Cybersecurity. Pre- and post-conference workshops will address: Forensics in Action Incident Response for Cyber-based Events Measuring What Matters Effective Information Security Programs Are Not Born! Also, two pre-conference Cybersecurity Fundamentals Workshops will be held to prepare attendees for the new Cybersecurity Fundamentals Certificate. Conference attendees can earn up to 32 CPE hours. Registration is $1,595 for ISACA members and $1,795 for non-members. For more information or to register, visit www.isaca.org/isrmna2014. 4 News from ISACA 2014-2015 Board Members Report Calls for Licensing of Cybersecurity Professionals President Dan Sterba president@isaca-kc.org Vice President Steve Kerns vp@isaca-kc.org Secretary Avanti Sulakhe Target. Home Depot, J.P. Morgan-Chase. These are but a few of the cybersecurity breaches that have occurred in 2014 and the speed in which these are coming to light is increasing. As we’ve seen in earlier research, there just aren’t enough skilled security professionals to meet business needs. But is it time for information security to become a formal “profession”? A recent report from the Pell Center for International Relations and Public Policy at Salve Regina University in Rhode Island says yes. The report recommends the formation of a professional cybersecurity association with a code of ethics and formal certification and licensing requirements. Secretary@isaca-kc.org Treasurer Anthony Canning treasurer@isaca-kc.org Directors Ted Combs Brian Howell BJ Smith directors@isaca-kc.org Programs Committee Shaun Miller Molly Coplen Dennis Keglovits programs@isaca-kc.org Membership Director TBD membership@isaca-kc.org Research Director Chester Smidt research@isaca-kc.org Webmaster Chester Smidt webmaster@isaca-kc.org Newsletter Editor Sherry Callahan newsletter@isaca-kc.org By providing a central location for cybersecurity professionals to find research, guidance, certifications and information, ISACA’s new CyerSecurity Nexus (CSX) program already addresses many of the Pell Center report’s recommendations for a regulatory body for security professionals. Visit the Cybersecurity Nexus page to learn more about the new CSX program. NEW! Cybersecurity Fundamentals Certificate Now Available Cybersecurity skills are in high demand, but one in five students report that their universities do not offer cybersecurity courses and less than half feel they will have the adequate skills and knowledge when they graduate to successfully seek a position in cybersecurity. To fill this gap, ISACA developed the Cybersecurity Fundamentals Certificate to provide education and verification of skills in this area. As the newest element in ISACA’s Cybersecurity Nexus (CSX) program, the certificate is particularly relevant for recent college/university graduates and those looking for a career change to cybersecurity. To earn the Cybersecurity Fundamentals Certificate, candidates must successfully pass the examination and agree to adhere to ISACA’s Code of Professional Ethics. The exam tests for foundational cybersecurity knowledge in four key areas: (1) Cybersecurity architecture principles; (2) cybersecurity of networks, systems, applications, and data; (3) incident response; and (4) security implications of the adoption of emerging technologies. Price for the exam is $150. A PDF study guide is available to ISACA members for $45 ($55 for non-members). Buy the study guide and exam bundled together and save $10. For more information, visit the Cybersecurity Fundamentals page. 5