2015 Tuesday Pre-Conference Sessions & Agenda

PRE CONFERENCE WORKSHOPS AT-A-GLANCE
CYBER WARFARE TRAINING AND THREAT SIMULATION (PRESENTED BY BLACKFIN SECURITY)
DATE: Tuesday, May 12, 2015
TIME: 8:00 am - 4:00 pm
EMERGING ISSUES IN IT AUDITING (PRESENTED BY DELOITTE)
DATE: Tuesday, May 12, 2015
TIME: 8:00 am - 4:00 pm
INTRODUCTION TO MALWARE ANALYSIS (PRESENTED BY KORELOGIC SECURITY)
DATE: Tuesday, May 12, 2015
TIME: 8:00 am - 4:00 pm
OPEN FAIR TRAINING (PRESENTED BY CXOWARE AND THE OPEN GROUP)
DATE: Tuesday, May 12, 2015
TIME: 8:00 am - 4:00 pm
SECURITY LEADERSHIP ROUNDTABLE (PRESENTED BY E&Y)
DATE: Tuesday, May 12, 2015
TIME: 1:00 pm - 4:00 pm
----------------------------------------------------------------------------------------------
PRE CONFERENCE WORKSHOP DESCRIPTIONS
CYBER WARFARE TRAINING AND THREAT SIMULATION (PRESENTED BY BLACKFIN SECURITY)
DATE: Tuesday, May 12, 2015
TIME: 8:00 am - 4:00 pm
SPEAKER:
Alex McCormack, Security Architect, Blackfin Security
SESSION DESCRIPTION:
During this course, enjoy a full immersive day of cyber warfare training and simulation exercises. The training will be split into
two sessions consisting of security training and hands-on threat simulation exercises. Attendees will be required to bring a
laptop to the event to participate in the live environment and final security challenge. During the morning session, attendees
will received cutting-edge training on Web Application Security covering tactics and skills needed to test the defenses of most
modern internet applications. After lunch, participants will compete head-to-head against each other in a Capture the Flag
(CTF) style security competition modeled after real-world attack scenarios in a Threat Simulation Environment. The CTF event
will allow you to test out your newly-learned security skills, while scoreboards give you a “play by play” as you navigate through
the challenge. The instructor will be available to answer any questions, and help you understand how to properly use the
techniques you learned in the morning session.
LEARNER OBJECTIVES:
Expect to walk away with knowledge and understanding in the following areas:

Web application security fundamentals

Network and application reconnaissance

Data exfiltration

Exploit application misconfigurations




Credential compromise and discovery (password cracking)
Privilege escalation
SQL injection
Remote exploitation of Microsoft operating system components
SPEAKER BIO:
Alex McCormack is a Security Architect with Blackfin Security. At Blackfin, Alex assists in the design and implementation of
Capture the Flag competitions and training events. Alex has designed CTF challenges since 2013 and given training since 2012.
Prior to joining Blackfin, Alex worked in Incident Response and Malware Analysis. Alex has a BS in Computer Science from the
Georgia Institute of Technology and holds the GREM and GCIH certifications. Alex can be reached at [email protected],
@amccormack, or amccormack.net
EMERGING ISSUES IN IT AUDITING (PRESENTED BY DELOITTE)
DATE: Tuesday, May 12, 2015
TIME: 8:00 am - 4:00 pm
SPEAKER:
Clayton Smith and Rhonda Willert, Senior Managers, Deloitte & Touche, LLP
SPREADSHEET CONTROL PROGRAM ASSESSMENT
SESSION DESCRIPTION:
During this course, you will learn about the four cornerstones of an effective spreadsheet control environment and current
issues currently in the marketplace.
LEARNER OBJECTIVES:
Expect to walk away with knowledge and understanding in the following areas:

Background knowledge of spreadsheet programs

Learn about the various types of governance models in place to support a spreadsheet program

People supporting a framework and common approaches to implementing the appropriate supporting teams

Identify and describe the process that is following for appropriate spreadsheet control.

Learn about the types of technologies that are in place to support a spreadsheet program
IDENTIFYING AND TESTING INFORMATION PRODUCED BY THE ENTITY (“IPE”) RELEVANT TO GENERAL IT CONTROLS
SESSION DESCRIPTION:
The content in this course is based on requirements for audits performed in accordance with the standards of the Public
Company Accounting Oversight Board (PCAOB) and integrated audits performed in accordance with the standards of the AICPA.
Refer to the Information Produced by the Entity Guidefor additional guidance related to this topic. This course will provide
learning on how to identify and test Information Produced by the Entity (IPE) relevant to General IT Controls (GITCs)
LEARNER OBJECTIVES:
Expect to walk away with knowledge and understanding in the following areas:

Identify relevant standards and firm guidance pertaining to IPE

Obtain an understanding and identify GITC IPE

Describe the steps to plan and perform tests of GITC IPE
WORKING PAPER RELIANCE AND INTEGRITY
SESSION DESCRIPTION:
Walk away with a deeper knowledge of testing and documenting internal controls testing. Documenting the results of our
testing in a meaningful way to enable other parties to rely on working papers is a key element to being an effective internal
auditor.
LEARNER OBJECTIVES:
Expect to walk away with knowledge and understanding in the following areas:

Design of controls

Design factors

Documentation considerations

Information produced by the entity

Test of controls

Risk associated with the control

Test of operating effectiveness

Plan the Nature, Timing, and Extent, and Perform Tests of Operating Effectiveness

Risk Based Approach: Planning & Timing

Performing tests of operating effectiveness of controls
COBIT 5 ASSESSMENT
SESSION DESCRIPTION:
During this course, enjoy a detailed breakdown or how to conduct a COBIT 5 assessment.
LEARNER OBJECTIVES:
Expect to walk away with knowledge and understanding in the following areas:

Background on COBIT 5

COBIT 5 assessment approach

Identifying key resources

Understanding the project guide
SPEAKER BIOS:
Clayton Smith and Rhonda Willert are Senior Managers within the Advisory practice at Deloitte & Touche, LLP. Together they
have more than 25 years of IT experience with extensive knowledge of IT audit testing methodologies. Clayton can be reached
at [email protected] and Rhonda can be reached at [email protected].
INTRODUCTION TO MALWARE ANALYSIS (PRESENTED BY KORELOGIC SECURITY)
DATE: Tuesday, May 12, 2015
TIME: 8:00 am - 4:00 pm
SPEAKER:
Tyler Hudak, Security Consultant, KoreLogic Security
SESSION DESCRIPTION:
Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze
worms, bots and trojan horses. This one day course will walk attendees through the concepts, techniques and processes for
analyzing malware.
Students will take a “from-the-wild” malware sample in a hands-on environment and learn how to analyze its characteristics
and behavior to determine what it does and the risk it presents.
PREREQUISITES:
No previous experience in malware analysis is necessary as this course is designed for those who have never performed it
before. However, an understanding of malware is recommended, and students must be experienced with Windows and a
virtual machine (e.g. Taking snapshots, etc.)
CLASS REQUIREMENTS:
Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation (NOT VMWARE
PLAYER) or VirtualBox installation with an install of Windows (XP or higher) as the guest OS prior to the class. All other tools will
be provided.
LEARNER OBJECTIVES:
In the course, students will learn:



Techniques for statically and dynamically analyzing malware.
How to safely analyze malicious programs.
Methods for setting up an effective malware analysis lab.
SPEAKER BIO:
Tyler Hudak is a security consultant for KoreLogic Security and has extensive real-world experience in malware analysis and
incident handling for Fortune 500 firms. He has worked numerous cases involving malware compromises and brings his front
line experience and proven techniques to bear in the training. He is also the lead developer of MASTIFF, the first open-source
static analysis framework used to quickly analyze malware.
OPEN FAIR TRAINING (PRESENTED BY CXOWARE AND THE OPEN GROUP)
DATE: Tuesday, May 12, 2015
TIME: 8:00 am - 4:00 pm
SPEAKERS: Chad Weinman, Director of Integration Services, CXOWARE and Jim Hietala, Vice President, Business Development
and Security, The Open Group
SESSION DESCRIPTION:
The Open Group and CXOWARE are partnering to provide a one day training on the Open FAIR risk analysis methodology. Prerequisites: a general understanding of security and risk concepts is a useful background to this training.
LEARNER OBJECTIVES:

Participants will develop an understanding of the Open FAIR risk taxonomy, including the various components of risk

Participants will learn the differences between qualitative and quantitative risk analysis, and where each is
appropriate

Participants will learn about measurement and calibration, and how to develop confidence in risk measurements

Finally, Participants will learn to work with available data, and to pick the right abstraction levels at which to perform
risk analysis

Participants will also learn about the Open FAIR certification program for risk analysts
SPEAKER BIOS:
Chad Weinman, Director of Integration Services, CXOWARE. Chad Weinman is a dynamic & motivated professional who is
passionate about risk. He has helped dozens of clients on risk program design & adoption, been a speaker for industry
conferences, and has facilitated over 75 training seminars on risk. Chad is the Director of Integration Services for CXOWARE, a
leader in the quantification of information & security risk. He jokingly claims to have the best job in his organization as he is
able to continually analyze risk and works daily with clients domestic and abroad. Chad is a leading expert in Factor Analysis of
Information Risk (FAIR), a framework for the quantification of risk (Quantification can and should be done). Chad is originally
from the Ohio in the US. @chadweinman. Jim Hietala, VP, Security, The Open Group
Jim Hietala, Open FAIR, CISSP, GSEC, is Vice President, Business Development and Security for The Open Group, where he
manages the business team, as well as security and risk management programs and standards activities, He has participated in
the development of several industry standards including O-ISM3, O-ESA, Risk Taxonomy Standard, Risk Analysis Standard, and
O-ACEML. He also led the development of compliance and audit guidance for the Cloud Security Alliance v2 publication.
Jim is a frequent speaker at industry conferences. He has participated in the SANS Analyst/Expert program, having written
several research white papers and participated in several webcasts for SANS. He has also published numerous articles on
information security, risk management, and compliance topics in publications including CSO, The ISSA Journal, Bank Accounting
& Finance, Risk Factor, SC Magazine, and others.
An IT security industry veteran, he has held leadership roles at several IT security vendors. Jim holds a B.S. in Marketing from
Southern Illinois University.
SECURITY LEADERSHIP FORUM (PRESENTED BY E&Y)
DATE: Tuesday, May 12, 2015
TIME: 12:00 pm - 4:00 pm
PARTICIPATION CRITERIA*:
Security Leadership Roundtable participants are required to be executive/senior-level information security professionals
reporting directly to the CEO, CFO, CIO or the equivalent. In companies with more than 200 employees, the Security Executive
Exchange attendance is open to qualified executive direct reports of the organization’s CISO. Individuals should be responsible
for information security at the corporate or enterprise level within their organizations, be interested in discussing sensitive
security issues with their peers, and be willing to share professional experiences. * Participants will be reviewed to ensure
qualifications are met and may not be permitted to participate if you don't meet the qualifications
JOB TITLE REQUIREMENTS:

CISOs and CSOs

Security Directors

IT Audit Leadership team

Senior Compliance Executives
Security Leadership Roundtable participants employed by a company that sells a security product or service must meet the
following additional requirements:



The organization must have a clear separation between the internal security or research practitioner and those
involved in sales, marketing or product management.
The organization must have a minimum of 200 employees or a minimum of 2 direct reports to the participant.
The attendee must certify that he or she is not involved with the sales, marketing or product management of security
products or offerings.
SESSION DESCRIPTION:
Join us at the 2015 RMISC Security Leadership Forum for an afternoon of peer discussion and industry insight. This session is
open to security leaders, such as CISOs, Security Directors, and others in leadership positions in their organizations. The
afternoon will start with an insightful discussion from E&Y experts that will inform attendees on current industry trends . Next,
leaders will participate in roundtable discussions with their peers to learn about each other's best practices and help provide a
common body of knowledge to the leadership community. After completing the roundtable discussions, the group will provide
their insights back to the group so that all can share in the insights gained. The roundtable groups will be kept small in order to
ensure that all group members can participate in the discussion. Please come join us for some quality time and interaction with
your peers.