Third Party Risks November Meeting Details
Transcription
Third Party Risks November Meeting Details
November 2014 Volume 7, Issue 4 2014 - 2015 Officers: November Meeting Details President Dan Sterba Third Party Risks Vice President Steve Kerns Secretary Avanti Sulakhe Date: Time: Location: November 13, 2014 Registration 11:30 AM | Lunch 12:00—1:00 PM | Presentation 1:00 - 3:00 PM Lidia’s Italy | 101 West 22nd Street | Kansas City | MO | 64108 CPE: 2 Credits NOTE: Actual CPE hours granted are dependent upon duration of the speaker’s presentation and may differ from the advertised number of CPE hours. Treasurer Anthony Canning Director Ted Combs Brian Howell BJ Smith 2 CPEs Price: $35 members | $50 guests | $5 students Menu: Insalata Caesar alla Lidia | The Pasta Trio | Tiramisu | Coffee, Tea Please denote any dietary restrictions when registering and accommodations will be made. Registration: www.isaca-kc.org by 5:00 p.m. on Monday, November 10th. Presentation Overview: What should organizations consider when evaluating third-party providers for services? With organizations evaluating resources and capabilities internally and out-sourcing services to third parties, it is important to evaluate the possible impacts to data, security, personnel, and service levels. The presentation will cover topics for consideration when using out-sourced services and third-party providers and possible risks. In This Issue: November Meeting 1 Details Chapter News 2 December Meeting 3 Details and Events Calendar KC Fall Training Update 4 Career Opportunities 5 Speaker: Greg Schu Greg Schu is a partner with McGladrey's technology risk advisory services practice. He provides organizations with IT risk management, compliance and risk advisory services and solutions, assists them with business process analysis and evaluates business and systems controls. Greg brings his experience as a consultant for financial audit and compliance requirements for Sarbanes-Oxley (SOX), Payment Card Industry (PCI), Service Organization Controls (SOC), and Health Insurance Portability and Accountability Act (HIPAA) standards. Greg is a CPA and CISA, based in the Minneapolis office. The information presented and included in accompanying materials (if any) is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although the speaker and content authors endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. News from ISACA 6 1 Membership Renewal and CPE Submission Deadlines Coming Up It’s that time of year again and the deadlines are coming up fast. Here are the deadlines that you need to be aware of: December 31, 2014: Deadline for certificate holders to submit CPEs for the 2014 reporting year January 15, 2015: Deadline for membership renewals Still need CPEs? Don’t worry! You still have lots of ways to earn them before the deadline. Attending the November and December monthly chapter meetings will net you 4 more CPEs. And, in addition to the “Upcoming Events” list on page 3, there are over 30 CPEs available for viewing webinars in ISACA’s webinar archive. Not an ISACA member yet? If you purchase a 2015 membership now, you’ll receive the remainder of 2014 for FREE as well as discounts on local meetings and training events, ISACA publications and national conferences. You can find more information about the great benefits of an ISACA membership and apply online at www.isaca.org/Membership/JoinISACA. We’d love to have you be a part of the Kansas City chapter! Congratulations, Exam Passers Welcome to Our Newest Members! The Chapter would like to congratulate Shogo Cottrell on successfully passing the CISM Certification Exam in September. Great job! We’re growing! The Chapter would like to welcome its newest members, Mansoor Haq and Justin Lin. If you run into them at an upcoming Chapter event, please introduce yourself and give them a warm welcome. Meet Steve Kerns, ISACA-KC Vice President Steve Kerns is our chapter’s Vice President and leads the Program Committee in the development and delivery of our chapter meetings and educational programs. Steve is the Director Enterprise Risk Management at YRC Worldwide where he works closely with management in the identification and mitigation of top risks facing the Corporation. Steve is also the interim Director IT Audit. Steve is a seasoned risk management, audit, technical and financial professional with over 30 years of experience (e.g., enterprise risk management, auditing, financial systems, and accounting). Steve maintains multiple certifications, including CISA, CRMA, CIA and CFE. His interests and hobbies include his family, bowling, reading, home brew and wine making, bicycling, and nature. 2 Upcoming Events Calendar Other Events Mark Your Calendar! Joint Meeting with ISSA in December November 6, 2014 Webinar on Securing Servers in a Hybrid Data Center (1 CPE) DATE CHANGE: Please note that the December meeting will be held on the 1st Thursday of the month. November 11, 2014 Webinar on Data Breaches: A Risk-Based Approach to Identification, Impact Estimation, and Effective Remediation (1 CPE) November 12, 2014 Webinar on Cyber Assurance—What Should the IT Auditor Focus On (1 CPE) November 19, 2014 Innotech Kansas City Business and Technology Innovation Conference & Expo (Use discount code ISACA4C for free admission!) November 20, 2014 Webinar on Collaborating, Communicating and Making Friends (1 CPE) December 4, 2014 Webinar Want to Avoid Security Breaches? Leveraging the NIST Framework for Improved CyberSecurity (1 CPE) December 9, 2014 Virtual Conference Evolving Security for a Maturing Cloud (5 CPEs) December 13, 2014 CISA, CISM, CRISC and CGEIT Exams 2015 Security and Privacy Headlines 2 CPEs (joint meeting with ISSA) Date: Time: Location: December 4, 2014 Registration 11:30 AM | Lunch 12:00—1:00 PM | Presentation 1:00 - 3:00 PM Hereford House | 5001 Town Center Drive | Leawood | KS | 66211 CPE: 2 Credits NOTE: Actual CPE hours granted are dependent upon duration of the speaker’s presentation and may differ from the advertised number of CPE hours. Price: $35 members | $50 guests | $5 students Menu: Kansas City Classic BBQ Buffet—Grilled Boneless Chicken Breast, Sliced Brisket and Pork Ribs | Coleslaw | Cheddar Ranch Potatoes | Sauteed Green Beans | Chef’s Dessert Selection | Coffee, Tea Registration: Will be available on www.isaca-kc.org starting on November 11th. Presentation Overview: Latest trends/threats in the industry in regards to Security and Privacy; how are companies dealing with these threats Issues that companies are facing in regards to Security and Privacy; companies approach to dealing with Security and Privacy issues Future topics of interests for Security and Privacy Speaker Bio: Chris Crevits is a Senior Manager in the Infor mation Secur ity Advisor y Ser vices pr actice of Ernst & Young LLP. Chris has more than ten years of experience at EY in IT auditing and information security and four years in IT operations prior to joining the firm. Chris specializes in cyber threat management, security program management including transformation strategies and data protection. Chris is the leader of EY Advanced Security Center SOC / CSIRT services including managed and co-source Security Monitoring services and the Lead Subject Matter Resource (SMR) on several SOC / CSIRT program assessments, strategy and road map engagements. Chris is a Contributing author to ISACA publication, “Responding to Targeted Cyber Attacks” (May 2013) and Presenter at ISACA 2013 North America CACS on developing an effective cyber security plan. Tori Tripp is a Senior in the Advisor y Ser vices pr actice at EY. She has exper ience wor king with clients in privacy, information security, auditing, and business and IT processes. Tori is responsible for reviewing and assessing privacy programs for compliance with the EU-US Safe Harbor framework, EU Data Protection Directive, Health Insurance Portability and Accountability Act (HIPAA), and assessing privacy programs for alignment with the Generally Accepted Privacy Principles (GAPP). Tori has also assisted in multiple SOC 2 for privacy pre-assessments and audits for her clients. Tori has experience in a variety of industries including consumer products, biotechnology, specialty and agriculture chemicals, healthcare, telecommunications, software, and consumer electronics. 3 Fall Training Registration Now Closed Registration for ISACA-KC’s 2-day fall seminar is now closed. We have received an overwhelming response to attend the seminar and all available spots are now taken. If you would like to be added to the wait list, please email treasurer@isaca-kc.org. Evaluating IT Security Management 16 Date & Time: November 11, 2014 and November 12, 2014 (8:30 am to 4:30 pm) Location: Sprint Nextel World Headquarters – Overland Park, KS CPE’s: 16 CPEs Price: ISACA Regular Members: $480 (from November 1st through November 7th) Non-Members: $640 (through November 7th) Registration: Registration fees include course materials, lunch and morning\afternoon drink service. Fees must be paid promptly following registration to secure your seat and course materials if you are paying by check. Credit Card payment must be made at the time of registration. CPEs Course Description: A good percentage of internal and external IT auditors’ scope relates to information security. The assurance function must either place reliance on the management of the information function or perform extensive substantive procedures to satisfy compliance requirements. Where reliance is placed, the auditor must depend on their assertions and records of the information management function. A mature information security function will translate into reduced fieldwork. The internal auditor also is responsible for evaluating the effectiveness and efficiency of the information security function as part of their audit universe. ISO 31000 is the new standard (2009) for managing and assessing risk. But what is the risk associated with IT security management itself? An inadequate level of skill or competence in IT security management can lead to serious negative consequences for the enterprise, including: Inability to comply with statutes and regulations, such as Sarbanes Oxley, HIPAA, FISMA, PCI DSS, GLBA, Basel II, and governmental entities Lack of preparedness for security incidents and/or inability to execute a timely recovery Higher audit and insurance costs During this course, we will discuss organizational security, best-in-class security management, objectives and scope of an IT security management assessment, evaluation approaches, metrics for measuring risk associated with IT security management’s performance, and reporting approaches for maximum impact with senior management and stakeholders. For the speaker bio and more information on the course, please view the training flyer. 4 IT, Finance & Compliance Auditor - BlueCross BlueShield of Kansas Job Summary: Information Systems, Compliance and Financial Auditing requires a combination of knowledge and skills that include information systems auditing, financial auditing and the determination of compliance with relevant policies, procedures, regulations and laws. This progressive and challenging approach to auditing requires broad and unique business and technical knowledge, business and auditing experience, auditing skills and extensive training and education in order to successfully perform. Apply online at www.bcbsks.com/careers. Updated 9/29/2014. Internal Auditor - American Century Investments Job Summary: The primary responsibility of an internal auditor is to review operational and systems aspects of the company and assess the adequacy and effectiveness of internal controls. Read more and apply online. Updated 10/20/2014. Sr. IT Security Analyst - Capitol Federal Job Summary: The Sr. IT Security Analyst is responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT security and IT risk across the enterprise. Assesses information risk and facilitates remediation of identified vulnerabilities with the Bank network, systems and applications. Reports on findings and recommendations for corrective action. Performs vulnerability assessments as assigned utilizing IT security tools and methodologies. Performs assessments of the IT security/ risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management Program. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides weekly project status reports, including outstanding issues. The IT Security Analyst assists in all IT audits, IT risk assessments and regulatory compliance. View the full description and apply online. Updated 10/24/2014. IT Audit Manager - H&R Block Job Summary: The IT Audit Manager will play a key role in the development and execution of the IT audit strategy and should possess a strong understanding of information technology, finance, operational and compliance related risks and controls. This individual will interact on a regular basis with all levels of management and will be responsible for developing a strong strategic partnership with the Information Technology function. In addition, this position will directly supervise two direct reports and will be responsible for coaching and developing associates in preparation for new roles and additional responsibilities. More information and applications accepted at the H&R Block website. Updated 10/27/2014 5 Are you looking for the next step in your career? Social media can be a valuable tool in your search. It’s a great place to ... rub elbows with peers ... research employers ... and find new job opportunities. Join the discussion with ISACA-KC at: www.linkedin.com/ groups?gid=2863242 News from ISACA 2014-2015 Board Members 2015-2016 ISACA Volunteers Sought President Dan Sterba president@isaca-kc.org Vice President Steve Kerns vp@isaca-kc.org Secretary Avanti Sulakhe Secretary@isaca-kc.org Treasurer Anthony Canning treasurer@isaca-kc.org Directors Ted Combs Brian Howell BJ Smith directors@isaca-kc.org Programs Committee Shaun Miller Molly Coplen Dennis Keglovits programs@isaca-kc.org Membership Director TBD membership@isaca-kc.org Research Director Chester Smidt research@isaca-kc.org Webmaster Chester Smidt webmaster@isaca-kc.org Newsletter Editor Sherry Callahan newsletter@isaca-kc.org Volunteers who are willing to share their time and talent are critical to the success of ISACA. Apply to become an ISACA volunteer—contribute to your profession and earn free continuing professional education (CPE) hours. ISACA’s annual volunteer application period is now open. Members interested in volunteering with ISACA at the international level can find information on available opportunities and the process for submitting an application for consideration on the 2015-16 Invitation to Participate page of the ISACA web site. In addition to the invitation to participate brochure, members can learn more about the boards, committees and subcommittees that support the association. Interested members should review the information contained in the brochure and online, identify those volunteer opportunities that are of most interest, and complete the online application. Volunteer applications for the 2015-16 administrative term are due by 12 February 2015. In addition to the annual volunteer appointments, there are a number of volunteer opportunities available throughout the year. For more information, visit the Additional Volunteer Opportunities page of the ISACA web site. Two Months Remain in Member-Get-A-Member Program There are only 2 months remaining in the 2014 Member Get a Member program. Follow up with your colleagues to ensure they join ISACA before 31 December 2014. Remember, newly recruited members need to register with your member ID number and be paid in full by 31 December 2014 for you to receive credit under the campaign. With every member you recruit, you move closer to earning rewards. There is still time to earn a checkpoint-friendly computer backpack by recruiting 3-4 new members. You have the opportunity to earn a personal wireless activity and sleep tracker by recruiting 5-6 new members, a portable mini-Bluetooth® speaker by recruiting 7-9 new members or noise-canceling headphones by recruiting 10 or more new members. Learn more on the Member Get a Member page of the ISACA web site. Changed jobs or email addresses? Be sure to update your profile on ISACA’s website so that you can continue to receive the monthly newsletter, notices of upcoming training and seminars, and other chapter information. As a reminder, the Kansas City chapter considers email addresses to be private and confidential. Your email address will not be shared with or sold to third parties. 6