New Members for March
Edward Daniel Baker
Donald B. Barnett, CRISC
Rhia Mack
Noah N. Miller
Willie Cornell Mullins
Dr. Benjamin Schooley
Chad Toney
Douglas Christopher Hewes
We want to sincerely extend everyone a WARM welcome to the Chapter! |
A big Thank You to all of our renewed Chapter members - we are currently at 219 members!
There is still time to renew and we greatly encourage those who may have overlooked it.
Your ISACA membership provides access to a wealth of practical and timely information which allows you to work smarter, connect with peers, and to increase your value.
In addition, the monthly discounts for members on the Chapter trainings and conferences will more than make up for your investment.
Please consider renewing TODAY!
|
CISA Review Course: Plan to join us if you are taking the June 8 or September 7 exam or you just need some CPEs! The June exam will be in Columbia, the September exam will be in Atlanta.
Where:
The HR Training Room
BlueCross BlueShield of SC
4101 Percival Road
Columbia, SC 29229
Enter at Front Lobby to sign in
Parking:
Free Parking in white spaces only!
When:Monday, Tuesday and Wednesday, April 29th, April 30th and May 1st, 2013
Time: 8 am to 5 pm CPEs: 24
Cost:
You will receive a CPE certificate for 24 CPEs, light meals and printed PowerPoint's for class.
Regular - Member |
$ 225.00 |
March 30 - April 17, 2013 |
Late - Member |
$ 250.00 |
April 17 - April 26, 2013 |
|
|
|
Regular - NonMember |
$ 250.00 |
March 30 - April 17, 2013 |
Late - NonMember |
$ 275.00 |
April 17 - April 26, 2013 |
Pre-registration required. You may pay by credit card or check.
To Register go to: http://www.scisaca.org
What to purchase and bring: The 2013 CISA Review Manual from the ISACA bookstore. Member cost is $105.
Your Instructor:
Leighton Johnson, the CTO of ISFMT (Information Security & Forensics Management Team), has presented computer security, cyber security and forensics classes and seminars all across the United States and Europe. He was the regional CIO and Senior Security Engineer for a 450 person directorate within Lockheed Martin Information Systems & Global Solutions Company covering 7 locations within the Eastern and Midwestern parts of the U.S. He is an adjust instructor of digital and network forensics and incident response at Augusta State University. He has over 35 years experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling. He holds CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator) CSSLP (Certified Security Software Lifecycle Professional), CMAS (Certified Master Antiterrorism Specialist) and CISA (Certified Information Systems Auditor) credentials. He has taught CISSP, CISA, CISM, DIACAP, Digital and Network Forensics, and Risk Management courses around the US over the past 7 years. He has presented at EuroCACS 2010, ISMC 2007, ISMC 2006, CyberCrime Summit 2007, multiple year presentations for OPNET Technologies international conferences, INFOSEC WORLD 2005, multiple presentations for military and civilian conferences for customers and clients worldwide.
Schedule (The order of the chapters may change):
Chapter 1 - The Process of IT Auditing
Chapter 2 - IT Governance
Chapter 3 - IS Acquisition, Development, and Maintenance
Chapter 4 - IS Operations, Maintenance and Support
Chapter 5 - Protection of Information Assets
Practice Exam(Dependent on Interest)
|
June Topic: The New Corporate Espionage: Social Engineering
Presented by Nejolla Bishop CEO of InterVeritas
Co-Hosted by SC Midlands ISACA, Palmetto IIA, and Palmetto ACFE
6 CPEs
DATE: Wednesday, June 5, 2013
LOCATION: BCBSSC Tower Auditorium
2501 Faraway Drive, Columbia, SC 29223
Free Parking in white spaces - but tickets in yellow or reserved!
TIME:
Registration and Breakfast 8:30am
Class: 9:00 am to noon Lunch: Noon to 1:00 pm Class 1:00 - 4:00 pm
Pre-Registration and payment required at http://www.scisaca.org/ Click on future events, and locate this date. Checks and credit cards accepted for pre-registration and payment.
Pricing:
$85 Early Bird: now - May1, 2013
$125 Regular Registration: May 2, 2013 - May 27, 2013
$150 Late Registration: May 28, 2013 to June 4, 2013
What you will learn:
The greatest security threat any organization is the human threat. How vulnerable are you and your organization to security breaches? We rely so heavily on technology to keep us secure that we neglect the most prevalent threat that puts us most at risk; people. Social engineering is the new term for the age old practice of espionage.
Nejolla Korris presents a full day session that features the Good, Bad and the Ugly about Social Engineering today. Be exposed to the various ways the bad guys can infiltrate your organization. Discover how to safeguard against it and how investigators use social engineering in today's world.
- Does it currently affect your organization without your knowledge?
- Discover the importance of performing personnel audits.
- Incorporating Human vulnerability checks into your standard audit practice.
- How to make yourself and your organization more secure.
Nejolla Korris is CEO of InterVeritas Intl. which provides anti-corruption consulting, interviewing and interrogation training, investigative services, intelligence gathering, litigation support, linguistic statement analysis, employee audits and reference checks to corporations.
Ms. Korris is an international expert in the field of Linguistic Lie Detection. She is skilled in Scientific Content Analysis (SCAN), a technique that can determine whether a subject is truthful or deceptive. Korris has analyzed documents for fraud, international security, arson, sexual assault, homicide and missing persons' cases, causing some of her clients to dub her the "Human Lie Detector."
Korris has taught this methodology throughout North
America, Europe, the Middle East, Brazil and South Africa. Her clients include corporations, government agencies, law enforcement and the military.
Ms. Korris is a popular speaker on Lie Detection, Fraud Prevention & Investigation, Workplace Fraud and Organizational Justice. Ms. Korris recently launched a new speaker's series on the differing communication styles between men and women. She is a frequent presenter for The Institute of Internal Auditors, ISACA, The American Society for Industrial Security, The American National Safety Council, The American Institute of Certified Public Accountants, The Association of Certified Fraud Examiners and for ASIS Middle East in Bahrain. Nejolla' s sessions on lie detection have ranked either #1 or #2 at the Institute of Internal Auditors International conferences consecutively since 2007.
Nejolla has a BA in Law from Carleton University and also serves as the Honorary Consul of Lithuania to Alberta. Ms. Korris writes a column in Edmontontians magazine entitled Civil Wars and is completing a book on interviewing techniques which is to be published in March, 2012.
|
Some very useful ISACA links:
Knowledge Base:
Bookstore:
|
Revisions to the Code of Ethics
The ISACA Credentialing and Career Management Board approved minor revisions suggested by the Professional Standards and Career Management Committee to clarify the Code of Professional Ethics. The following revisions to items 3 and 6 of the code are effective 1 February:
3. (Members and ISACA certification holders shall) serve in the interest of stakeholders in a lawful manner, while maintaining high standards of conduct and character, and not discrediting their profession or the Association.
6. (Members and ISACA certification holders shall) inform appropriate parties of the results of work performed including the disclosure of all significant facts known to them that, if not disclosed, may distort the reporting of the results.
Read the full text of the newly revised Code of Professional Ethics on the ISACA web site.
|
ISACA International Webinars, Events, and Deadlines
April |
11 April |
Webinar, registration opening soon |
12 April |
Final registration deadline for June CISA, CISM, CGEIT and CRISC Exams |
15-17 April |
North America Computer Audit, Control and Security Conference (North America CACS), Dallas, Texas, USA |
25 April |
Webinar, registration opening soon |
30 April |
Last day to renew 2013 membership online |
May
|
6-7 May |
Asia-Pacific Computer Audit, Control and Security (CACS) and Information Security and Risk Management (ISRM) Conference 2013, Singapore |
9 May |
Webinar, registration opening soon |
23 May |
Webinar, registration opening soon |
June
|
10-12 June |
World Congress: INSIGHTS 2013, Berlin, Germany |
13 June |
Webinar, registration opening soon |
27 June |
Webinar, registration opening soon |
|
InfraGard Members,
The South Carolina Infragard Member's Alliance Executive Board is pleased to announce that our Spring Conference will be on Wednesday April 24th at the Pine Island Club in Columbia South Carolina. Lunch will be included.
The conference topic is "Cyber Security, The Evolving Threat." Some of the speakers will include Mr. Jack Wiles from the Training Company, COL Chris "Hawk" Moore (USAF, Ret.) from Strategic Command, Marshall Heilman from Mandian, and Rachel Ray from Legal Shield. The Conference will begin at 8:30 am.
You may register for the conference at infragard-columbia.org. This event is free to dues paying members and $10 for members or guests that have not paid dues. You may pay the registration fee using Paypal on the SCIMA web site.
This is going to be an excellent opportunity to gain a better understanding of a threat that is evolving on a daily basis. We are looking forward to seeing you there!
Respectfully,
Glenn Remsen
President, SCIMA
|
Tech After Five - Columbia, SC Wednesday, April 10, 2013 from 5:30 PM to 7:30 PM (EDT)
It's Tech After Five in Columbia!
This is a 100% networking event designed to exclusively connect tech entrepreneurs and professionals. We meet from 5:30 to 7:30 and we're on a mission to help people make the connections they need to advance their businesses and careers.
RSVP Online and bring a business card with you and the first beer is on us. This is about networking and getting to know your fellow tech professionals.
Register now
Our mailing address is:
Tech After Five
209 North Main Street #201
Greenville, SC 29601 |
|
From the President
The March class was excellent. Many thanks to our sponsor, Beyond Trust and to Derek Melber, who presented on Least Privilege for Windows Endpoints. He showed some great examples on administrator settings and what to look for as auditors. I also got a lot out of his tips on dealing with system administrators and on being very specific when asking for information.
April 3 - 5 is our networking conference with our own Ken Cutler presenting. Ken is member of our local chapter but has taught a wide variety of topics worldwide. It's NOT too late to still sign up for this great opportunity.
April 12 is the deadline to register for any of the certification (CISA, CISM, CGEIT, and CRISC) exams to be held in June. Our CISA review course will be held from April 29 - May 1, 8am - 5pm each day. More details can be found in the class announcement in the newsletter or on our website.
The board is planning a social event to occur, most likely in May. Please watch for the announcement as this will be a fun time to mingle and catch up with chapter members.
Make sure to check the calendar on our website. Not only do we have our own classes listed but also offerings of webinars and speakers at other chapters that we feel might be of interest and within reasonable proximity.
Tom Hart
2012 - 2013 President |
SC Midlands Chapter of ISACA
Hosts a 3 Day Conference for 24 CPEs
April 3, 4, and 5, 2013
Your Choice of 1, 2 or 3 days:
DAY 1: Simplifying Audits of TCP/IP Network Security
DAY 2: "Good Fences Make Good Neighbors": Auditing Your DMZ Network
DAY 3: Taking the Mystery Out of Cryptography
Presented by Ken Cutler CISA, CISSP, CISM, Security+
DATES: Wednesday - Friday, April 3 - 5, 2013
LOCATION: BCBSSC Tower Auditorium
2501 Faraway Drive,
Columbia, SC 29223
Free Parking in white spaces only
Daily Schedule:
Registration: 7:30 am (Breakfast served)
Seminar: 1:00 - 5:00 pm
Pre-Registration and payment required at http://www.scisaca.org/ Click on future events, and locate this date. Checks and credit cards accepted for pre-registration.
Pricing:
Late Registration: March 28, 2013 - April 2, 2013
One Day only |
Member |
$225.00 |
Non-Member |
$245.00 |
Two Days |
Member |
$300.00 |
Non-Member |
$320.00 |
Three Days |
Member |
$375.00 |
Non-Member |
$395.00 |
What you will learn:
Day 1: Simplifying Audits of TCP/IP Network Security
TCP/IP networking is the lifeblood of modern business applications, but its ancient design and fundamentally insecure network services carries a lot of important risks. As more critical business applications move from centralized legacy systems to distributed systems, the open peer-to-peer architecture concept and poorly tested software leave organizations open to a wide array of security and control risks. In this information-packed workshop, you will review the security and audit implications of local-area network (LAN) and wide-area area network (WAN) TCP/IP infrastructures, uncover the risks in the technologies, and identify cost-effective tools for preventing and detecting serious security loopholes. Topics covered include:
Note: This course does not cover the details of DMZ and network perimeter security, which is covered in Auditing Your DMZ Network.
Prerequisites: A basic understanding of IT controls and terminology is assumed.
Day 2: "Good Fences Make Good Neighbors": Auditing Your DMZ Network
Today's Internet connections are typically shielded by a Demilitarized Zone (DMZ), a critical security buffer between your organization's internal network and the outside world. Firewalls, intrusion detection/prevention systems, proxy servers, packet filtering routers, and VPNs all play a major role in regulating and restricting traffic flowing to and from the Internet. Failure to properly configure, maintain, and monitor a secure and efficient DMZ increases the risk of your organization being attacked by external intruders. This intensive seminar is designed to equip you to better protect and audit your network's perimeter through a blend of practical, up-to-the minute knowledge transfer and audit case studies. Key topics covered include:
- Developing a DMZ and network perimeter security audit plan: identifying the control points
- Tools and techniques for auditing network devices and perimeter security
- Reviewing your network security traffic filters: border routers, firewalls, proxy servers
- Tunneling for safety: virtual private network (VPN) fundamentals
- Eye on the network: intrusion detection/prevention systems (IDS/IPS)
- Special considerations for performing network perimeter IT audits and vulnerability testing
Note: This course does not cover the details of audits of web application security and audit, which is covered in How to Audit Web Applications.
Prerequisites: Familiarity with TCP/IP concepts and terminology is assumed.
Day 3: Taking the Mystery Out of Cryptography
Fueled by PII data breach laws, Payment Card Industry Data Security Standard (PCI DSS), and alarming frequency of data leakage, encryption is becoming a necessary safeguard in many applications. In the down-to-earth workshop, we will build on the basic cryptography knowledge required for a CISA and expand the playing field to systematically cover the operation and use of shared key (symmetrical) and public key (asymmetrical) cryptography for a variety of essential business applications. We will also cover the use of hashing (message digest) and message authentication code (MAC) algorithms to ensure data integrity and to support digital signature applications. Highlighted will be a wide array of common applications of encryption and key audit points covering "data at rest" as well as "data in motion" traveling over the Internet and other untrusted network connections. We focus only on the practical, operational aspects of cryptography, NOT on the related complex mathematics and formulas. Numerous diagrams, information worksheets, references, and checklists will be provide to equip auditors with the necessary tools and know-how to effectively assess the prudent and secure use of the often mystifying area of encryption technology. Topics covered include:
- Building your cryptography vocabulary
- Identifying applications and risks requiring the use of encryption technology
- Operating characteristics and trade-offs associated with the major encryption algorithm families: symmetric (shared key), asymmetric (public key/private key), hashing (message digest), message authentication codes (MACs)
- Digital certificates and Certificate Authorities (CA)
- Public key infrastructure (PKI) workflow and control points
- Auditing key management and PKI controls
- Securing and auditing the use of encryption in web and network applications
Prerequisites: A basic understanding of IT controls and terminology is assumed.
About the Instructor:
Ken Cutler is President and Principal Consultant of Ken Cutler & Associates (KCA) InfoSec Assurance, an independent consulting firm delivering a wide array of Information Security and IT Audit management and technical professional services. He is also the Director - Q/ISP (Qualified Information Security Professional) programs for Security University and a Senior Teaching Fellow at CPEi, specializing in Technical Audits of IT Security and related IT controls.
Ken is an internationally recognized consultant and trainer in the Information Security and IT audit fields. He is both certified as and has conducted courses for: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and CompTIA Security+. In cooperation with Security University, he recently was featured in two full length training videos on CISSP and Security+.
Formerly he was Vice President - Information Security for MIS Training Institute (MISTI) where responsibilities included: Information Security curriculum, advanced IT Audit course development, and chairing major IS and Business Continuity Planning (BCP) conferences and symposia.
Ken is a frequent and much-in-demand speaker on a wide array of IS and IT Audit topics. He has over 30 years of experience in IS, IT auditing, quality assurance, BCP, and information services. He has been performing different forms of IT Auditing projects and services since 1979. Ken has been a long-time active participant in international government and industry security standards initiatives including the President's Commission on Critical Infrastructure Protection, Generally Accepted System Security Principles (GSSP), Information Technology Security Evaluation Criteria (ITSEC), US Federal Criteria, and Department of Defense Information Assurance Certification Initiative.
Ken is the primary author of the widely acclaimed Commercial International Security Requirements (CISR), which offers a commercial alternative to military security standards for system security design criteria, and is the co-author of the original NIST SP 800-41, "Guidelines on Firewalls and Firewall Policy". Ken has also published works on the intricacies of Information Security, security architecture, disaster recovery planning, wireless security, vulnerability testing, firewalls, single sign-on, and Payment Card Industry Data Security Standard (PCI DSS).
|
SC Midlands ISACA May Topic: Risk Management Framework Speaker: Leighton Johnson CTO of Information Security & Forensics Management Team
16 CPEs
DATE: Thursday and Friday, May 2 and 3rd, 2013
LOCATION: BCBSSC Tower Auditorium
2501 Faraway Drive, Columbia, SC 29223
Free Parking in white spaces - but tickets in yellow or reserved!
TIME:
Registration and Breakfast 7:30 am
Class: 8:00 am to noon Lunch: Noon to 1:00 pm Class 1:00 - 5:00 pm
Pre-Registration and payment required at http://www.scisaca.org/ Click on future events, and locate this date. Checks and credit cards accepted for pre-registration and payment.
Pricing:
Early Bird - Member |
$ 150.00 |
Now until April 8th, 2013 |
Regular - Member |
$ 175.00 |
April 9th to April 26th, 2013 |
Late - Member |
$ 200.00 |
April 27th to May 1st, 2013 |
|
|
|
Early Bird - Non-Member |
$ 175.00 |
Now until April 8th, 2013 |
Regular - Non-Member |
$ 200.00 |
April 9th to April 26th, 2013 |
Late - Non-Member |
$ 225.00 |
April 27th to May 1st, 2013 |
What you will learn:
Given the serious cyber risks to information technology (IT) assets, managing these various cyber risks effectively is an essential task for the security and managerial personnel of any institution. The process is one that will benefit both the individual department & the institution as a whole. Completing such a risk management process is extremely important in today's advanced technological world. It is important that management understand what risks exist in their IT environment, and how those risks can be reduced or even eliminated. Like any form of insurance, Risk Management is a form of protection that the institution simply cannot afford not to have. We will present the business processes, research and institutional efforts, and review the legally protected data that depend on IT assets, which each institution cannot afford to lose or have exposed. Unfortunately, these assets are subject to an increasing number of threats, attacks and vulnerabilities, against which more protection is continually required. We will cover the various stages and steps necessary to conduct these risk assessments as part of the overarching Risk Management corporate process. Although the Risk Management program will likely by welcomed by departments that have already experienced loss of mission-critical IT resources, many will not fully appreciate the need for assessment and planning. Consequently, we present the overall policies, procedures, information, templates, and tools provided in this presentation to initiate the risk management process in context with the ITGI"s Risk IT Framework and the various other "ism" frameworks currently in use around the world. We then apply the attendee's own corporate risk requirements to the process documents so the attendee can take home fully applicable documents for their own risk activities.
Leighton Johnson, the CTO of ISFMT (Information Security & Forensics Management Team), has presented computer security, cyber security and forensics classes and seminars all across the United States and Europe. He was the regional CIO and Senior Security Engineer for a 450 person directorate within Lockheed Martin Information Systems & Global Solutions Company covering 7 locations within the Eastern and Midwestern parts of the U.S. He is an adjust instructor of digital and network forensics and incident response at Augusta State University. He has over 35 years of experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling. He holds CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator) CSSLP (Certified Security Software Lifecycle Professional), CMAS (Certified Master Antiterrorism Specialist) and CISA (Certified Information Systems Auditor) credentials. He has taught CISSP, CISA, CISM, DIACAP, Digital and Network Forensics, and Risk Management courses around the US over the past 7 years. He has presented at EuroCACS 2010, ISMC 2007, ISMC 2006, CyberCrime Summit 2007, multiple year presentations for OPNET Technologies international conferences, INFOSEC WORLD 2005, multiple presentations for military and civilian conferences for customers and clients worldwide.
|
|
|
|
|