Effective IT Governance October Meeting Details

October 2014
Volume 7, Issue 3
2014 - 2015 Officers:
October Meeting Details
President
Dan Sterba
Effective IT Governance
2
CPEs
Date:
Time:
Location:
October 9, 2014
Registration 11:30 AM | Lunch 12:00—1:00 PM | Presentation 1:00 - 3:00 PM
Brio Tuscan Grille | 502 Nichols Road | Kansas City | MO | 64112
Secretary
Avanti Sulakhe
CPE:
2 Credits
Treasurer
Anthony Canning
Price:
$35 members | $50 guests | $5 students
Menu:
Chopped Salad and Caesar Salad | Lasagna Bolognese and Chicken “Under-theBrick” | Roasted Vegetables | Mashed Potatoes | Chocolate Caramel Cake or
Cheesecake | Coffee, Tea
Registration:
www.isaca-kc.org by 5:00 p.m. on Monday, October 6th.
Vice President
Steve Kerns
NOTE: Actual CPE hours granted are dependent upon duration of the speaker’s
presentation and may differ from the advertised number of CPE hours.
Directors
Ted Combs
Brian Howell
BJ Smith
Presentation Overview:
Effective IT governance leads to the efficient and effective deployment of IT resources in
alignment with key business objectives. On the surface, many IT governance structures and
processes can appear effective. How do we critically evaluate and work with management to
provide feedback, perspective, and take advantage of what can be the biggest opportunity to add
value within our company? This session will provide concrete examples of effective and
ineffective IT governance elements. We will consider the utilization of key, but seldom utilized,
techniques such as benefits realization. And we will also explore two case studies of
organizations that failed to deliver an effective IT governance function, which led to expensive
and critical project failures.
In This Issue:
October Meeting
Details
1
KC Fall Training
2
Chapter News
3
Events Calendar
4
and North America
ISRM Information
News from ISACA 5
Speaker: Gordon Braun, CIA, CISA, CGEIT
Gordon Braun is a Managing Director at Protiviti where he leads the Protiviti Kansas City office.
For the last fifteen years, Mr. Braun has been providing IT risk consulting services across several
industries. He is an active leader of Protiviti’s Central Area Internal Audit and IT consulting
practice and has a particular focus on assisting clients with the management of business risks
associated with the deployment and maintenance of technology. He has managed the delivery of
numerous IT consulting projects related to the structure and governance of an effectively
managed IT organization and is one of Protiviti’s experts in application security and controls.
Before joining Protiviti, Mr. Braun was with Arthur Andersen for three years. Mr. Braun has
presented at many chapters of both the IIA and ISACA, at national webinars, SAP conferences,
and multiple universities in the Midwest. He is a member of the Board of Advisors for Pittsburg
State University’s Endorsed Internal Audit Program and has previously served on the Board of
Governors for the Kansas City IIA Chapter.
The information presented and included in accompanying materials (if any) is of a general nature and is not intended to
address the circumstances of any particular individual or entity. Although the speaker and content authors endeavor to
provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is
received or that it will continue to be accurate in the future. No one should act upon such information without
appropriate professional advice after a thorough examination of the particular situation.
1
2-Day Fall Training Coming Up in November
Evaluating IT Security Management
16
CPEs
Date & Time:
November 11, 2014 and November 12, 2014 (8:30 am to 4:30 pm)
Location:
Sprint Nextel World Headquarters – Overland Park, KS
(Additional parking and building information will be provided to registered attendees)
CPE’s:
16 CPEs
NOTE: The actual CPE hours granted are dependent upon duration of speaker’s
presentation and may differ from advertised number of CPE hours.
Price:
ISACA Members Early-Bird: $430 (through October 31st)
ISACA Regular Members: $480 (from November 1st through November 7th)
Non-Members: $640 (through November 7th)
Registration:
Registration fees include course materials, lunch and morning\afternoon drink service.
Fees must be paid promptly following registration to secure your seat and course
materials if you are paying by check. Credit Card payment must be made at the time
of registration. For more information or to register, visit
www.isaca-kc.org/meetingReg.php.
Course Description:
A good percentage of internal and external IT auditors’ scope relates to information security. The assurance
function must either place reliance on the management of the information function or perform extensive
substantive procedures to satisfy compliance requirements. Where reliance is placed, the auditor must
depend on their assertions and records of the information management function. A mature information
security function will translate into reduced fieldwork. The internal auditor also is responsible for evaluating
the effectiveness and efficiency of the information security function as part of their audit universe. ISO
31000 is the new standard (2009) for managing and assessing risk. But what is the risk associated with IT
security management itself?
An inadequate level of skill or competence in IT security management can lead to serious negative
consequences for the enterprise, including:
 Inability to comply with statutes and regulations, such as Sarbanes Oxley, HIPAA, FISMA, PCI
DSS, GLBA, Basel II, and governmental entities
 Lack of preparedness for security incidents and/or inability to execute a timely recovery
 Higher audit and insurance costs
During this course, we will discuss organizational security, best-in-class security management, objectives
and scope of an IT security management assessment, evaluation approaches, metrics for measuring risk
associated with IT security management’s performance, and reporting approaches for maximum impact with
senior management and stakeholders.
For the speaker bio and more information on the course, please view the training flyer.
2
It’s Time to Renew Your Membership and Certifications
Are you looking
for the next step in
your career?
Social media can
be a valuable tool
in your search.
It’s a great
place to
...
rub elbows
with peers
...
research
employers
...
and find new job
opportunities.
Join the
discussion with
ISACA-KC at:
www.linkedin.co
m/groups?
gid=2863242
Don’t forget to renew your membership so you can continue to receive the many
benefits that ISACA membership has to offer. And, if you’re a certification holder,
don’t forget that December 31st is the deadline for submitting CPEs for the 2014
reporting year.
Not a member? You can find mor e infor mation about the gr eat benefits of an
ISACA membership and apply online at www.isaca.org/Membership/Join-ISACA.
We’d love to have you be a part of the Kansas City chapter!
Welcome to Our Newest Members!
We’re growing! The Chapter welcomes the following new members who have
joined us this summer. If you run into them at an upcoming Chapter event, please
introduce yourself and give them a warm welcome.
John Carney
Kristen Ellis
Leo Walsh
Sarah Duckwitz
Rahul Mosangi
Robert Young
Save the Dates! Upcoming ISACA-KC Meeting Info
The next couple of months is jam-packed with training, interesting monthly
meetings and lots of CPE and networking opportunities. Here’s what’s coming up:
Date(s)
Event Description
November 11—12
2 day training seminar
Topic: Evaluating IT Security Management
November 13
ISACA monthly chapter meeting
Topic: Third Party Risks
December 4
Joint ISACA and IIA monthly chapter meeting
Topic: 2015 Security and Privacy Headlines—Looking Ahead
January 15, 2015
ISACA monthly chapter meeting
Topic: ERM—Focusing on the Right Risks
3
Upcoming Events Calendar
Other Events
October 7, 2014
Johnson County Cyber
Security Conf & Expo
Olathe, KS
October 9, 2014
Why Implement the NICM
Cybersecurity Workforce
Framework?
Online webinar
October 17, 2014
SecureKansasCity
President Hotel, KCMO
(8 CPES)
October 23, 2014
Data-Centric Audit
and Protection: Reducing
Risk and Improving
Security Posture
Online webinar
October 24, 2014
Final Registration Deadline
for December exams
(Register online and
save $75!)
October 28, 2014
Self-Defense Strategies to
Thwart Cloud Intruders
Online webinar
November 19, 2014
Innotech Kansas City
Business and Technology
Innovation Conference
(Use discount code
ISACA4C for
complimentary admission!)
December 13, 2014
CISA, CISM, CRISC and
CGEIT Exams
Learn the latest on cybersecurity at ISACA’s North America
ISRM Conference November 19 - 21
The tactics of cyberwarfare are constantly changing, and methods to
counter attacks must adapt to keep pace. At the 2014 North America
Information Security and Risk Management (ISRM) conference at
CPEs
Caesars Palace in Las Vegas, Nevada, ISACA will equip secur ity
professionals with guidance to help defend and protect their organizations.
32
Keynote Speaker Curtis KS Levinson CDP, CISSP, MBCP, CCSK, United States
cyber defense advisor to NATO, will present “Digital Doomsday—What Happens to
Facebook If the World Ends?” Levinson has more than 25 years of experience in
cybersecurity, information governance and continuity of operations. He has served
two sitting US presidents, two chairmen of the Joint Chiefs of Staff, and the chief
justice. Additionally, he has been selected by the North Atlantic Treaty Organization
(NATO) to represent the US as an advisory subject matter expert on cyber defense.
Levinson will help attendees prepare for the inevitable and look at how fighting the
cybersecurity battle involves learning, adapting and using intelligence and creativity.
Also keynoting is Alec Ross, former Hillary Clinton advisor and author, who will
share “Lessons from the Cyber Battlefield.” Ross was a senior advisor to Clinton
when she was secretary of state. In that role, he advanced the State Department on
issues including Internet freedom, cybersecurity, disaster response and the use of
network technologies in conflict zones. He will discuss how the weaponization of
code has turned the Internet into a battlefield, and the best strategies to protect
against cyberattackers.
Eddie Schwartz, CISA, CISM, chair of ISACA’s Cybersecurity Taskforce and
former CISO of RSA, will moderate the C3 panel, which will discuss what
enterprises need from professionals and how to equip candidates to effectively
prepare for these roles.
Risk and security professionals of all levels can enhance their knowledge by
attending sessions in the following tracks: Compliance, Privacy, Risk Management
and Cybersecurity. Pre- and post-conference workshops will address:

Forensics in Action

Incident Response for Cyber-based Events

Measuring What Matters

Effective Information Security Programs Are Not Born!
Also, two pre-conference Cybersecurity Fundamentals Workshops will be held to
prepare attendees for the new Cybersecurity Fundamentals Certificate.
Conference attendees can earn up to 32 CPE hours. Registration is $1,595 for
ISACA members and $1,795 for non-members. For more information or to register,
visit www.isaca.org/isrmna2014.
4
News from ISACA
2014-2015 Board Members
Report Calls for Licensing of Cybersecurity Professionals
President
Dan Sterba
[email protected]
Vice President
Steve Kerns
[email protected]
Secretary
Avanti Sulakhe
Target. Home Depot, J.P. Morgan-Chase. These are but a few of the
cybersecurity breaches that have occurred in 2014 and the speed in which
these are coming to light is increasing. As we’ve seen in earlier research,
there just aren’t enough skilled security professionals to meet business needs.
But is it time for information security to become a formal “profession”?
A recent report from the Pell Center for International Relations and Public
Policy at Salve Regina University in Rhode Island says yes. The report
recommends the formation of a professional cybersecurity association with a
code of ethics and formal certification and licensing requirements.
[email protected]
Treasurer
Anthony Canning
[email protected]
Directors
Ted Combs
Brian Howell
BJ Smith
[email protected]
Programs Committee
Shaun Miller
Molly Coplen
Dennis Keglovits
[email protected]
Membership Director
TBD
[email protected]
Research Director
Chester Smidt
[email protected]
Webmaster
Chester Smidt
[email protected]
Newsletter Editor
Sherry Callahan
[email protected]
By providing a central location for cybersecurity professionals to find
research, guidance, certifications and information, ISACA’s new CyerSecurity
Nexus (CSX) program already addresses many of the Pell Center report’s
recommendations for a regulatory body for security professionals.
Visit the Cybersecurity Nexus page to learn more about the new CSX
program.
NEW! Cybersecurity Fundamentals Certificate Now Available
Cybersecurity skills are in high demand, but one in five students report that
their universities do not offer cybersecurity courses and less than half feel they
will have the adequate skills and knowledge when they graduate to
successfully seek a position in cybersecurity.
To fill this gap, ISACA developed the Cybersecurity Fundamentals Certificate
to provide education and verification of skills in this area. As the newest
element in ISACA’s Cybersecurity Nexus (CSX) program, the certificate is
particularly relevant for recent college/university graduates and those looking
for a career change to cybersecurity.
To earn the Cybersecurity Fundamentals Certificate, candidates must
successfully pass the examination and agree to adhere to ISACA’s Code of
Professional Ethics. The exam tests for foundational cybersecurity knowledge
in four key areas: (1) Cybersecurity architecture principles; (2) cybersecurity
of networks, systems, applications, and data; (3) incident response; and (4)
security implications of the adoption of emerging technologies.
Price for the exam is $150. A PDF study guide is available to ISACA
members for $45 ($55 for non-members). Buy the study guide and exam
bundled together and save $10. For more information, visit the Cybersecurity
Fundamentals page.
5