SC Midlands Chapter 54 of ISACA

SC Midlands Chapter 54 of ISACA

January 2011 Newsletter
In This Issue
Welcome New Members!
Congratulations to the Newly Certified
Student Night at College of Charleston
CRISC Grandfathering
Event Registration - Member Login Reminder
Featured Articles
Managing Security Incident Response Teams and Events (3 CPEs)
Understanding Virtualization's Impact on Auditing and Security (6 CPEs)
Something Smells Phishy: The Evolution of Social Engineering (3 CPEs)
Welcome New Members!
 

November
Scott M. Morris
Claudia Wright

December
Thiyagarajan Ganesan, Sr., CISA

January
Tony A. McNeil
Todd Daniel Heath, CISM
Congratulations to the Newly Certified

CISA
Bret Peresich

CISM
Paige Easley
Brandon Schmidt

CRISC
Debbie Talbert
Kumar Gounder
Joseph Dance, Jr.
Dennie Dillard, III
David Gorney
Bradlie Bennett
Stephen Eastland
Harriet Simpson
Jeffrey Smith
Student Night at College of Charleston

The SC Midlands ISACA Chapter will be hosting a meeting for the College of Charleston Beta Alpha Psi Student group. 
Guest speakers include Dave Gorney and Kathy Riley. 

The presentation will focus on IT Auditing and how students with an Accounting Major can get involved.

The meeting is scheduled for February 24th and will be held at the Beatty Center on the College of Charleston Campus.
Dave Henderson and Dana Garner (Assistant Professor's of Accounting) have been instrumental in coordinating the meeting.

If you would like more information, contact Kathy Riley, Academic Relations Director for the SC Midlands ISACA Chapter.

CRISC Grandfathering
CRISC Logo 

The Certified in Risk and Information Systems Control™ certification (CRISC™, pronounced "see-risk") is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.

The CRISC designation will not only certify professionals who have knowledge and experience identifying and evaluating entity-specific risk, but also aid them in helping enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.

Professionals with 8 or more years of IT and business experience can now earn ISACA's new CRISC designation under its grandfathering program. 
The deadline for obtaining CRISC under the grandfathering program is March 31, 2011. Don't wait!

Event Registration - Member Login Reminder
 

This is a friendly reminder that all members need to log in prior to registering for any events that listed on the chapter website. Logging in with your supplied credentials ensures that you receive any member discounts that may be associated with any events. If you do not log in, you will be charged the Non-Member fee. Please take advantage of being a member and log in to get your discount. You can find the login prompt at the top right of the site.  Your username will be the email address that you have on file with ISACA International. If you cannot remember the password that was supplied to you, please click on the Forgot Login? link to reset your password.

Featured Articles

 
Troy DuMoulin, AVP Strategic Solutions, has an insightful blog post on Pink Elephants web site.

The blog post entitled "Documenting vs Deploying ITSM Processes" has great tips on process documentation and deployment.

Check it out by clicking here.

This month, we also have another blog post that you might want to take a look at.  David Hoelzer writes about presenting audit findings effectively on the SANS - IT Audit web site.

Check it out by clicking here.
::
Join Our Mailing List
From the President

Many people look forward to the New Year for a new start on old habits. My wish to you is that you start new habits that will build character and success. This coming year - 2011 - is full of new opportunities, hopes, challenges, and building experiences. The SC Midlands Chapter of ISACA has planned numerous opportunities for you to participate in these, starting with our Feb 3, 2011, monthly meeting.

There are great opportunities in certifications as well.  Maybe you should think about grandfathering in for the CRISC certification.  Deadline is March 30, 2011!  If you plan on the CISA or the CISM, our chapter is offering local review courses in May.  Get signed up to reserve your spot.

Know a student interested in ISACA?  See our planned student events at the College of Charleston and at Clemson University.  Students at these schools and at the University of SC will be eligible to win a scholarship from our chapter.  Get signed up to qualify!

Sincerely,
Sue Rusher
2010 - 2011 President
Managing Security Incident Response Teams and Events (3 CPEs)

presented by Leighton Johnson


Date:
February 3, 2011

NEW LOCATION:

BlueCross BlueShield of South Carolina Atrium Building in the Savannah Room (details below)

Registration:
8:30 am

Class Time:
9:00 am - 12:00 pm

Lunch:
12:00 pm - 1:00 pm

What you will learn:

The concepts and principles the security professionals and their managers need to know to conduct or participate in an incident response event investigation will be presented. Ensuring that proven policies and procedures are established and followed are manager level responsibilities, along with personnel certifications and levels of expertise. These will be discussed along with Incident Response Team Management. Critical chains of evidence collection and custody in each investigation is explored. The laws, ethics, regulations and boundaries for investigations and the investigators are next presented to help clarify positions and policies. Finally, the needed relations for the incident response team manager are presented; these include technical, management, law enforcement and civil relationships with professionals and organizations. After attending this training, the Security Administrator and the auditor will be able to:

 

1. Know what is required to manage a Security Incident Response Team

 

2. Delineate the Key Steps to a Computer Incident Investigation

 

3. Identify the Requirements for a Good Security IR Team Member

 

4. Understand/Implement Best Practices for Computer Security Incident Investigations


Regular Registration
Now - Jan 26th    

$45 - SC Midlands ISACA Members
$55 - Affiliate Members*
$65 - Non-Members

Late Registration:
Jan 27th - Feb 5th

$55 - SC Midlands ISACA Members
$65 - Affiliate Members*
$75 - Non-Members

*Affiliate Members of IIA, SIAA, IMA, other ISACA chapters, etc.

Location Details:
The Atrium building is located at 2401 Faraway Drive, Columbia, SC 29223.  Visitors are to park in between white lines anywhere in the parking lot and come to the central front entrance with a picture ID to check in with Security.  Matt Ligon and Glori Dean will be our escorts for those without building access.
Understanding Virtualization's Impact on Auditing and Security (6 CPEs)

presented by Greg Shields, MVP


Date:
March 2, 2011

Location:
BlueCross BlueShield Tower Auditorium

Registration:
8:30 am (Breakfast served)

Class Time:
9:00 am - 4:00 pm

Lunch
12:00 pm - 1:00 pm

What you will learn:

Security is an absolute requirement in your computing environment, and auditing is the only way to assure its correct configuration. Yet both of these key activities are rapidly changing with the introduction of virtualization. Virtual servers and desktops may feel the same as their physical counterparts, but under the covers they are in fact quite different. Those differences can either mean significant gains for your organization, or significant losses when hidden issues become exploited.

 

Need to know more? Join Microsoft MVP and VMware vExpert Greg Shields in this full-day exploration of virtualization and its impacts on traditional security and auditing. Greg is an industry-recognized presenter and analyst on IT and virtualization technologies, and brings to the table nearly 15 years of experience in IT. A Partner and Principal Technologist with Concentrated Technology (www.ConcentratedTech.com), he has assisted government entities and municipalities, contractors, and companies in the private sector with their virtualization needs for many years.  His writing has been seen in many IT publications around the industry.

 

With Greg, you'll learn the seven elements of a successful virtualization architecture, which he has developed over numerous engagements. You'll explore the common mistakes that many environments make when they attempt to move from physical to virtual. You'll get the opportunity to see virtualization in action across multiple platforms. And most importantly, you'll leave with a set of formal guidance in securing and auditing your virtual environment. FDCC, STIGS, SOX, or Security Benchmarks, you must keep on top of this technology and its security requirements if you're to be successful with your computing environment. With this all-day tutorial, you'll leave with the right tools as well as the right answers.


Early Bird:
Now - Feb 6th    

$180 - SC Midlands ISACA Members
$210 - Affiliate Members*
$230 - Non-Members

Regular Registration:
Feb 7th - Feb 23rd    

$200 - SC Midlands ISACA Members
$230 - Affiliate Members*
$250 - Non-Members

Late Registration:
Feb 24th - Mar 1st

$220 - SC Midlands ISACA Members
$250 - Affiliate Members*
$270 - Non-Members

*Affiliate Members of IIA, SIAA, IMA, other ISACA chapters, etc.
Something Smells Phishy: The Evolution of Social Engineering (3 CPEs)

presented by Chris Silvers and Dawn Perry of Foundstone

Co-hosted by the SC Midlands Chapter of ISACA� & Palmetto Chapter of IIA


Date:
April 6, 2011

Location:
BlueCross BlueShield Tower Auditorium

Registration:
11:30 am

Lunch:
12:00 pm - 1:00 pm

Class Time:
1:00 pm - 4:00 pm

What you will learn:

This presentation is on the evolution of social engineering and some tips on what organizations can do to determine how vulnerable their employees are to social engineering.  We will cover the main types of social engineering, including physical, telephone, email and media based attack vectors as well as some newer techniques employed by hackers such as utilizing social networks to increase their chances of success.  Examples of these methods employed by hackers and penetration testers will be illustrated.


Early Bird:
Now - Mar 6th    
$35

Regular Registration:
Mar 7th - Mar 27th    
$45

Late Registration:
Mar 28th - Apr 3rd
$55