New Members and Transfers for February
Mr. Ben Blakewood
Mr. Chris Patrick Lawrimore
Mr. William Repucci, CISA
Mr. Ryan Alan Boggs, CISA
We want to sincerely extend everyone a WARM welcome to the Chapter! |
Newly Certified - February 8 , 2013
CISA
Miriam Moore
Ru He
CISM
Dennis Yelverton
Exam Passers - December 2012
CISA
Robert K. Holland
David Allen Krieg, Jr.
Miriam Moore
James Eric Shell
CRISC
Ryan Alan Boggs, CISA
CONGRATULATIONS! |
CISA Review Course: Plan to join us if you are taking the June 8 or September 7 exam or you just need some CPEs! The June exam will be in Columbia, the September exam will be in Atlanta.
Where:
The HR Training Room
BlueCross BlueShield of SC
4101 Percival Road
Columbia, SC 29229
Enter at Front Lobby to sign in
Parking:
Free Parking in white spaces only!
When:Monday, Tuesday and Wednesday, April 29th, April 30th and May 1st, 2013
Time: 8 am to 5 pm
CPEs: 24
Cost:
You will receive a CPE certificate for 24 CPEs, light meals and printed PowerPoint's for class.
Early Bird - Member |
$ 200.00 |
Now until March 29, 2013 |
Regular - Member |
$ 225.00 |
March 30 - April 17, 2013 |
Late - Member |
$ 250.00 |
April 17 - April 26, 2013 |
|
|
|
Early Bird - NonMember |
$ 225.00 |
Now until March 29, 2013 |
Regular - NonMember |
$ 250.00 |
March 30 - April 17, 2013 |
Late - NonMember |
$ 275.00 |
April 17 - April 26, 2013 |
You may pay by credit card or check.
Pre-registration required.
To Register go to: http://www.scisaca.org
What to purchase and bring: The 2013 CISA Review Manual from the ISACA bookstore. Member cost is $105.
Your Instructor:
Leighton Johnson, the CTO of ISFMT (Information Security & Forensics Management Team), has presented computer security, cyber security and forensics classes and seminars all across the United States and Europe. He was the regional CIO and Senior Security Engineer for a 450 person directorate within Lockheed Martin Information Systems & Global Solutions Company covering 7 locations within the Eastern and Midwestern parts of the U.S. He is an adjust instructor of digital and network forensics and incident response at Augusta State University. He has over 35 years experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling. He holds CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator) CSSLP (Certified Security Software Lifecycle Professional), CMAS (Certified Master Antiterrorism Specialist) and CISA (Certified Information Systems Auditor) credentials. He has taught CISSP, CISA, CISM, DIACAP, Digital and Network Forensics, and Risk Management courses around the US over the past 7 years. He has presented at EuroCACS 2010, ISMC 2007, ISMC 2006, CyberCrime Summit 2007, multiple year presentations for OPNET Technologies international conferences, INFOSEC WORLD 2005, multiple presentations for military and civilian conferences for customers and clients worldwide.
Schedule (The order of the chapters may change):
Chapter 1 - The Process of IT Auditing
Chapter 2 - IT Governance
Chapter 3 - IS Acquisition, Development, and Maintenance
Chapter 4 - IS Operations, Maintenance, and Support
Chapter 5 - Protection of Information Assets
Practice Exam (Dependent on Interest)
|
Some very useful ISACA links:
Knowledge Base:
Bookstore:
|
Revisions to the Code of Ethics
The ISACA Credentialing and Career Management Board approved minor revisions suggested by the Professional Standards and Career Management Committee to clarify the Code of Professional Ethics. The following revisions to items 3 and 6 of the code are effective 1 February:
3. (Members and ISACA certification holders shall) serve in the interest of stakeholders in a lawful manner, while maintaining high standards of conduct and character, and not discrediting their profession or the Association.
6. (Members and ISACA certification holders shall) inform appropriate parties of the results of work performed including the disclosure of all significant facts known to them that, if not disclosed, may distort the reporting of the results.
Read the full text of the newly revised Code of Professional Ethics on the ISACA web site.
ISACA International Webinars, Events, and Deadlines
March |
5 March |
Social Graces: How to Use Social Media Without Compromising Your Reputation, Identity and Employer, webinar |
14 March |
Webinar, registration opening soon |
19 March |
Enterprise Risk Management: Provide Security From Cyberthreats, virtual conference |
28 March |
Webinar, registration opening soon |
April
|
11 April |
Webinar, registration opening soon |
12 April |
Final registration deadline for June CISA, CISM, CGEIT and CRISC Exams |
15-17 April |
North America Computer Audit, Control and Security Conference (North America CACS), Dallas, Texas, USA |
25 April |
Webinar, registration opening soon |
30 April |
Last day to renew 2013 membership online |
May
|
6-7 May |
Asia-Pacific Computer Audit, Control and Security (CACS) and Information Security and Risk Management (ISRM) Conference 2013, Singapore |
9 May |
Webinar, registration opening soon |
23 May |
Webinar, registration opening soon |
June
|
10-12 June |
World Congress: INSIGHTS 2013, Berlin, Germany |
13 June |
Webinar, registration opening soon |
27 June |
Webinar, registration opening soon |
|
Get started with Columbia Enterprise Developers Guild!
----------------------------------------------------------------
Welcome to the Columbia Enterprise Developers Guild! We meet every month at 6pm on the second Wednesday at Midlands Tech NE Campus Auditorium. Our meetings are free, and you will be able to enjoy food and networking while learning about the technologies used in our industry.
Thank you for joining. Please RSVP for the next event... we hope to see you there!
Chris Eargle Organizer, Columbia Enterprise Developers Guild
Upcoming Meetups
ASP.NET Web API Wed Mar 13 6:00PM Midlands Tech NE Campus 151 Powell Rd, Columbia, SC 29203 6 attending
Follow Columbia Enterprise Developers Guild on: - http://www.facebook.com/groups/117909274942136/ - https://github.com/columbiadevelopers
|
Fellow CFE Members:
It's time again for our next meeting. The details for our next meeting are listed below.
For this meeting, we are fortunate to have a very knowledgeable speaker, Taylor Gardner. Taylor earned a B.S. degree in Criminal Justice at USC. He began his Law Enforcement career with the Spartanburg County Sheriff's Office in 1998, where he investigated White Collar Crimes, Burglaries, Robberies and Homicide. After six years of Law Enforcement, Taylor began working with The Progressive Group of Insurance Companies as a Special Investigator, where he investigated Staged Auto Accidents, Questionable Bodily Injury Claims, Suspicious Auto Thefts, and Vehicle Fires. In 2007, Taylor went to work with Nationwide Mutual insurance Company as a Special Investigator, the position he currently holds. Taylor currently investigates Intentional Slip and Falls, Arson to Personal and Commercial Property and Autos, Mysterious Disappearances, Staged Auto Accidents, Questionable Bodily Injury Claims, and provides Fraud Training to other claims associates. Taylor earned his Fraud Claims Law Specialist Designation in 2003 and his Certified Insurance Fraud Investigator in 2011.
The following are the details of the training, and I hope that you all will join us:
Speaker: Taylor Gardner, CIFI, FCLS - Nationwide Insurance
Title: Insurance Fraud
Credit: 1 hour CFE credit
Date: Tuesday, March 19, 2013
Time: 11:30 - 1:00
Location: Brookland Baptist Convention Center
Cost: $20.00 for members of the Columbia Chapter
$30.00 for non-members
This amount includes the training and lunch w/gratuity
(Cash or Check only, made out to "Palmetto Chapter ACFE)*
The training will include information pertaining to private insurance fraud investigations including types of fraud, most commonly seen, and some related statistics. The presentation will also include several case studies in the insurance fraud industry.
Please respond by Monday, March 18, 2013 as to whether or not you are able to attend. If you know of any other members that may be interested, please feel free to pass this information along. If you have any questions, please email me at [email protected].
Sincerely,
Jennifer Armstrong-Day, CFE, AHFI
Columbia Branch Leader
Training Director
ACFE - Palmetto Chapter
|
|
|
From the President
Please join me in welcoming our newest board member. Jennifer Walker comes to us from the Harrisburg, PA chapter where she had previously served as their Treasurer. She will be serving on the SC Midlands board as Vice-President.
Jennifer Walker, CPA, CISA, CITP
Jen has 12 years of combined experience in auditing and actuarial science. Currently, she is the VP Audit Manager with CertusBank. Previous experience includes working as the Senior Manager, IS Audit with Rite Aid Corporation, 6 years of public accounting experience, and 5 years as a pension actuary. She earned her Bachelor of Science degree in Mathematics from Dickinson College and is a Certified Public Accountant, Computer Information Systems Auditor, and Certified Information Technology Professional. Jen, her husband Matt, and two kids Colton and Alyssa reside in Honea Path, SC. They are recent transplants from Harrisburg, PA.
I would like to thank all the panelists that participated in our February class. This was a new twist to our class and seemed to be well received. The panelists shared solutions and challenges that each have faced regarding Identity Access Management and Change Management within their respective companies.
We debuted a new format of the CISA review course at the fall audit conference last October. It was well received, so we are offering it again over 3 consecutive days at the end of April. More details can be found in the class announcement.
Make sure to check the calendar on our website. Not only do we have our own classes listed but also offerings of webinars and speakers at other chapters that we feel might be of interest and within reasonable proximity.
Tom Hart
2012 - 2013 President
|
SC Midlands Chapter of ISACA
Hosts a 3 Day Conference for 24 CPEs
April 3, 4, and 5, 2013
Your Choice of 1, 2 or 3 days:
DAY 1: Simplifying Audits of TCP/IP Network Security
DAY 2: "Good Fences Make Good Neighbors": Auditing Your DMZ Network
DAY 3: Taking the Mystery Out of Cryptography
Presented by Ken Cutler CISA, CISSP, CISM, Security+
DATES: Wednesday - Friday, April 3 - 5, 2013
LOCATION: BCBSSC Tower Auditorium
2501 Faraway Drive,
Columbia, SC 29223
Free Parking in white spaces only
Daily Schedule:
Registration: 7:30 am (Breakfast served)
Seminar: 1:00 - 5:00 pm
Pre-Registration and payment required at http://www.scisaca.org/ Click on future events, and locate this date. Checks and credit cards accepted for pre-registration.
Pricing:
Early Bird Registration: Now until March 15, 2013
One Day only |
Member |
$125.00 |
Non-Member |
$145.00 |
Two Days |
Member |
$200.00 |
Non-Member |
$220.00 |
Three Days |
Member |
$275.00 |
Non-Member |
$295.00 |
Regular Registration: March 16, 2013 - March 27 1, 2013
One Day only |
Member |
$175.00 |
Non-Member |
$195.00 |
Two Days |
Member |
$250.00 |
Non-Member |
$270.00 |
Three Days |
Member |
$325.00 |
Non-Member |
$345.00 |
Late Registration: March 28, 2013 - April 2, 2013
One Day only |
Member |
$225.00 |
Non-Member |
$245.00 |
Two Days |
Member |
$300.00 |
Non-Member |
$320.00 |
Three Days |
Member |
$375.00 |
Non-Member |
$395.00 |
What you will learn:
Day 1: Simplifying Audits of TCP/IP Network Security
TCP/IP networking is the lifeblood of modern business applications, but its ancient design and fundamentally insecure network services carries a lot of important risks. As more critical business applications move from centralized legacy systems to distributed systems, the open peer-to-peer architecture concept and poorly tested software leave organizations open to a wide array of security and control risks. In this information-packed workshop, you will review the security and audit implications of local-area network (LAN) and wide-area area network (WAN) TCP/IP infrastructures, uncover the risks in the technologies, and identify cost-effective tools for preventing and detecting serious security loopholes. Topics covered include:
Note: This course does not cover the details of DMZ and network perimeter security, which is covered in Auditing Your DMZ Network.
Prerequisites: A basic understanding of IT controls and terminology is assumed.
Day 2: "Good Fences Make Good Neighbors": Auditing Your DMZ Network
Today's Internet connections are typically shielded by a Demilitarized Zone (DMZ), a critical security buffer between your organization's internal network and the outside world. Firewalls, intrusion detection/prevention systems, proxy servers, packet filtering routers, and VPNs all play a major role in regulating and restricting traffic flowing to and from the Internet. Failure to properly configure, maintain, and monitor a secure and efficient DMZ increases the risk of your organization being attacked by external intruders. This intensive seminar is designed to equip you to better protect and audit your network's perimeter through a blend of practical, up-to-the minute knowledge transfer and audit case studies. Key topics covered include:
- Developing a DMZ and network perimeter security audit plan: identifying the control points
- Tools and techniques for auditing network devices and perimeter security
- Reviewing your network security traffic filters: border routers, firewalls, proxy servers
- Tunneling for safety: virtual private network (VPN) fundamentals
- Eye on the network: intrusion detection/prevention systems (IDS/IPS)
- Special considerations for performing network perimeter IT audits and vulnerability testing
Note: This course does not cover the details of audits of web application security and audit, which is covered in How to Audit Web Applications.
Prerequisites: Familiarity with TCP/IP concepts and terminology is assumed.
Day 3: Taking the Mystery Out of Cryptography
Fueled by PII data breach laws, Payment Card Industry Data Security Standard (PCI DSS), and alarming frequency of data leakage, encryption is becoming a necessary safeguard in many applications. In the down-to-earth workshop, we will build on the basic cryptography knowledge required for a CISA and expand the playing field to systematically cover the operation and use of shared key (symmetrical) and public key (asymmetrical) cryptography for a variety of essential business applications. We will also cover the use of hashing (message digest) and message authentication code (MAC) algorithms to ensure data integrity and to support digital signature applications. Highlighted will be a wide array of common applications of encryption and key audit points covering "data at rest" as well as "data in motion" traveling over the Internet and other untrusted network connections. We focus only on the practical, operational aspects of cryptography, NOT on the related complex mathematics and formulas. Numerous diagrams, information worksheets, references, and checklists will be provide to equip auditors with the necessary tools and know-how to effectively assess the prudent and secure use of the often mystifying area of encryption technology. Topics covered include:
- Building your cryptography vocabulary
- Identifying applications and risks requiring the use of encryption technology
- Operating characteristics and trade-offs associated with the major encryption algorithm families: symmetric (shared key), asymmetric (public key/private key), hashing (message digest), message authentication codes (MACs)
- Digital certificates and Certificate Authorities (CA)
- Public key infrastructure (PKI) workflow and control points
- Auditing key management and PKI controls
- Securing and auditing the use of encryption in web and network applications
Prerequisites: A basic understanding of IT controls and terminology is assumed.
About the Instructor:
Ken Cutler is President and Principal Consultant of Ken Cutler & Associates (KCA) InfoSec Assurance, an independent consulting firm delivering a wide array of Information Security and IT Audit management and technical professional services. He is also the Director - Q/ISP (Qualified Information Security Professional) programs for Security University and a Senior Teaching Fellow at CPEi, specializing in Technical Audits of IT Security and related IT controls.
Ken is an internationally recognized consultant and trainer in the Information Security and IT audit fields. He is both certified as and has conducted courses for: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and CompTIA Security+. In cooperation with Security University, he recently was featured in two full length training videos on CISSP and Security+.
Formerly he was Vice President - Information Security for MIS Training Institute (MISTI) where responsibilities included: Information Security curriculum, advanced IT Audit course development, and chairing major IS and Business Continuity Planning (BCP) conferences and symposia.
Ken is a frequent and much-in-demand speaker on a wide array of IS and IT Audit topics. He has over 30 years of experience in IS, IT auditing, quality assurance, BCP, and information services. He has been performing different forms of IT Auditing projects and services since 1979. Ken has been a long-time active participant in international government and industry security standards initiatives including the President's Commission on Critical Infrastructure Protection, Generally Accepted System Security Principles (GSSP), Information Technology Security Evaluation Criteria (ITSEC), US Federal Criteria, and Department of Defense Information Assurance Certification Initiative.
Ken is the primary author of the widely acclaimed Commercial International Security Requirements (CISR), which offers a commercial alternative to military security standards for system security design criteria, and is the co-author of the original NIST SP 800-41, "Guidelines on Firewalls and Firewall Policy". Ken has also published works on the intricacies of Information Security, security architecture, disaster recovery planning, wireless security, vulnerability testing, firewalls, single sign-on, and Payment Card Industry Data Security Standard (PCI DSS).
|
March 7th, 2013 Education Session
SC Midlands Chapter of ISACA Presents:
"Least Privilege for Endpoints," presented by Derek Melber, MCSE and MVP
Sponsored by
3 CPES
DATE: Thursday, March 7, 2013
LOCATION: BCBSSC Tower Auditorium
2501 Faraway Drive, Columbia, SC 29223
Free Parking
TIME:
Registration: 8:30 am (Breakfast served)
Seminar: 9:00 - 12 noon
Pre-Registration and payment required at http://www.scisaca.org/ Click on future events, and locate this date. Checks and credit cards accepted for pre-registration.
Enter our contest! One entry is allowed per the first 20 attendees who pay and bring a guest (one who has never attended our activities before). Your guest will attend for free. To sponsor a guest, please email the webmaster at webmaster to receive the code to register your guest for free. We will draw for the winner who will take home a gift basket worth $50+!!
Pricing:
Registration: March 2, 2013 - March 5, 2013
Member - $65
Non-Member - $75
What you will learn:
Most corporate desktops are not secured, protected, nor safe. Whether you are running Windows 2000, XP, Vista, 7, or 8 most of these end point computers are opening up security holes for the entire network. The reasons these end point computers are insecure vary. Regardless of the reason, the root result of the insecurity is due to the fact that user is a local administrator on the computer. Some might ask what about a solution to this dilemma? The solution is to implement least privilege, which is also referred to as Least Privilege User Access (LUA). In this workshop, Derek Melber will guide you through the proper solutions, and expose you to the failed solutions, in solving this complex issue with desktops. When you have completed this workshop, you will have all you need to develop and deploy a least privilege solution in your company.
Derek Melber (MCSE and MVP) is a consultant, speaker, and author. Derek educates and evangelizes Microsoft technology, focusing on Security and Auditing, Active Directory, Group Policy, and desktop management. As one of only a few MVPs in the world on Group Policy, Derek develops end-to-end solutions using Group Policy for companies. Derek is the author of the The Group Policy Resource Kit by MSPress, which is the defacto book on the subject. Derek is also author of Securing and Auditing Windows Active Directory (IIA). Derek provides comprehensive consulting, speaking, and training solutions for all of his areas of expertise, which you can find on his site, www.derekmelber.com, or by emailing Derek at [email protected].
Many thanks to our sponsor for this event and for the breakfast!
BeyondTrust is the global leader in privileged identity and threat management solutions, protecting customers from both internal and external threats. BeyondTrust is the only security solution vendor providing Context-Aware Security Intelligence, giving customers the visibility and controls necessary to reduce their it security risks, while at the same time simplifying their compliance reporting. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world's 10 largest banks, eight of the world's 10 largest aerospace and defense firms, and seven of the 10largest U.S. pharmaceutical companies, as well as renowned universities.
|
|
2013 IIA Mid-Atlantic Conference
The Charlotte IIA Chapter is very excited to announce
that this year the Charlotte Chapter is hosting the 2013
District Conference from March 11-13 (March 11 and
12 from 7:15am to 5:00pm and March 13 from 7:15am
to 12:00pm) at the embassy Suites in Concord, NC. We
are featuring a Financial Institutions track, and
Information Technology track and a Technical and
Government Accounting track.
Select all of your topics from one track or mix and
match the courses to attend a few courses from
each track.
Topics to be discussed include Financial Regulatory
Environment, Financial Crimes, Complexities of Internal
Fraud, Cloud Computing, Social Media, Data Analytics,
Auditing the Public Sector, Construction Auditing, T&E
Fraud, 2013 Professional Ethics and Conduct, and
Communication Skills for Auditors, among others.
See additional information about the speakers s
cheduled to appear within the links included below.
Financial Institutions track https://custom.cvent.com/81E85735AEA348F7AB84517C7AC727FF/files/8e19b8ec2e2e4e18ae22b79cd1e5e6e5.pdf
IT track https://custom.cvent.com/81E85735AEA348F7AB84517C7AC727FF/files/ab382ac045ef4771be42552400484bc6.pdf
Technical and Government Accounting track https://custom.cvent.com/81E85735AEA348F7AB84517C7AC727FF/files/4ad8c78893724a69815e57a87bfdb8ff.pdfConference
Overview https://custom.cvent.com/81E85735AEA348F7AB84517C7AC727FF/files/bef977a156bd4a9689b728eb32f3b7e3.pdf
CPE: 20
Field of Study: Auditing
Audit Prerequisites: None
Advance Preparation: None
Level of Knowledge: Beginner to Intermediate
Delivery Method: Group Live
Cost for IIA Members: $495
Cost for Non-Members: $595 |
|
|
|