SC Midlands Chapter 54 of ISACA

SC Midlands Chapter 54 of ISACA

April 2015 Newsletter
In This Issue
New Chapter Members
ISACA Certifications
CISA Review Course
CISM Review Course
Techno Security Conference
ISACA Webinars, Events, and Deadlines
ISACA Training for 2015
CEH Study Materials
Volunteers Needed
May Seminar and Social
Job Opportunities
 

New Chapter Members:

 

New members:

 

Jonathan Greene

Daniel Holder

Mical Bowling

Russell Brannon

Carmetta Rice 

Richard Stingel

 

 

Transfers:

Edward Max Kalish, IV, CISA

Lewis P. Sale, CISA

 

 

We want to sincerely extend everyone a WARM welcome to the Chapter!

 

We are currently at 263 members! 

          

A big Thank You to all of our renewed Chapter members - There is still time to renew and we greatly encourage those who may have overlooked it.

                       

Your ISACA membership provides access to a wealth of practical and timely information which allows you to work smarter, connect with peers, and to increase your value.

 

In addition, the monthly discounts for members on the Chapter trainings and conferences will more than make up for your investment.

 

 

Ensure that your member benefits continue throughout 2015 - renew today! (www.isaca.org)

 

 

Congratulations to the following for their ISACA Certifications!

 

 

John Dorling - CISA - March 31, 2015

Jonathan Morelock - CISM - March 26, 2015

Mike Bray - CRISC - April 7, 2015

 

CISA Review Course: Plan to join us if you are taking the June 2015 certification exam or if you just need some CPEs! 

 

Instructed by Diane Delucia, M.S., PMP, CISA, CISM

 

Hosted by the SC Midlands Chapter of ISACA�

 

Where:

BlueCross BlueShield of SC

2501 Faraway Drive, Columbia, SC 29223

The Tower Auditorium - free parking in white spaces only!

 

When: 

Tuesday through Thursday - April 28, 29, and 30, 2015

Monday through Wednesday - May 4, 5, and 6, 2015

 

Time: 6:00 pm to 9:00 pm - Dinner included

                                        

 CPEs: 18

 

What to purchase and bring: The 2015 CISA Review Manual from the ISACA bookstore $105 (Member) / $135 (Nonmember). Please bring this manual to class.

 

What you will learn:

 

Schedule:

Chapter 1 - The Process of Auditing Information Systems| April 28th

Chapter 2 - IT Governance and Management of IT| April 29th

Chapter 3 - IS Acquisition, Development, and Maintenance | April 30th

Chapter 4 - IS Operations, Maintenance and Support | May 4th

Chapter 5 - Protection of Information Assets | May 5th

Practice Exam (Dependent on Interest) | May 6th

 

Your Instructor:

 

Diane DeLucia, M.S., PMP, CISA, CISM:

As a seasoned information technology management professional with more than 25 years of information technology experience across the enterprise, Diane has spent much of her career working within both the infrastructure and application arenas with emphasis on ITIL best practices. In addition, Diane is a college instructor, teaching at various accredited universities in the areas of computer security, project management, system design and analysis as well as healthcare informatics. An effective leader and community volunteer, Diane serves on the Financial Stability Council of the United Way and as well as the Planning Board for her city. She is also an active member of both ISACA and PMI.

 

Cost:

You will receive a CPE certificate for 18 CPEs, dinner and printed PowerPoint's for class.

 

$150 SC Midlands ISACA Members

$200 non-members

 

 

Pre-registration required. You may pay by credit card or check.

To Register go to: https://www.scisaca.org

 

CISM Review Course:

Plan to join us if you are taking the June 2015 certification exam or if you just need some CPEs!

 

Instructed by Diane Delucia, M.S., PMP, CISA, CISM

 

Hosted by the SC Midlands Chapter of ISACA�

 

Where:

BlueCross BlueShield of SC

2501 Faraway Drive, Columbia, SC 29223

The Tower Auditorium - free parking in white spaces only!

 

When:

Tuesday and Wednesday - May 12 - May 13, 2015

Monday through Thursday - May 18 - May 21, 2015

 

Time:

6 pm to 9 pm -Dinner included                                        

  

CPEs: 18

 

What to purchase and bring:

The New 2015 CISM Review Manual from the ISACA bookstore: 

Member cost is $85, Non-member cost is $115. Please bring this manual to class.

 

What you will learn:

The CISM certification has been developed specifically for experienced information security managers and those who have information security management responsibilities. The management focused CISM certification promotes international practices, and individuals earning the CISM become part of an elite peer network, attaining a one of a kind credential.

 

This is a CISM Review training course for the common Information Assurance and Computer Security component training needs and requirements to prepare students to take the Information Systems Audit and Control Association (ISACA) CISM examination. The ISACA CISM Certification is one of the few professional security certifications to attain ISO/IEC 17024 status. This course offers detailed instruction on the foundation concepts and technologies of all five areas of interest comprising the Security Management fundamentals for the CISM professional. These five areas are:

 

  • Information Security Governance,
  • Risk Management,
  • Program Management,
  • Information Security Management, and
  • Incident Response Management.

 

Your Instructor:

 

Diane DeLucia, M.S., PMP, CISA, CISM:

As a seasoned information technology management professional with more than 25 years of information technology experience across the enterprise, Diane has spent much of her career working within both the infrastructure and application arenas with emphasis on ITIL best practices. In addition, Diane is a college instructor, teaching at various accredited universities in the areas of computer security, project management, system design and analysis as well as healthcare informatics. An effective leader and community volunteer, Diane serves on the Financial Stability Council of the United Way and as well as the Planning Board for her city. She is also an active member of both ISACA and PMI.

 

Cost:

You will receive a CPE certificate for 18 CPEs, dinner and printed PowerPoint's for class.

 

Members - $150

Non-Members - $200

 

Pre-registration required. You may pay by credit card or check.

To Register go to:
https://www.scisaca.org

 

 

Techno Security & Forensics Investigations Conference / Mobile Forensics World 2015 Registration has Opened!

Join the industry in Myrtle Beach, May 31 - June 3, 2015, for the 17th Edition of Techno Security & Forensics Investigations Conference and the 8th edition of Mobile Forensics World.

Techno Security & Forensics Investigations Conference is the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security.

 

Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics.

 

These events have become known as a world-class training and networking resource bringing together the US market's elite stakeholders and decision makers and attracting more than fifty different nationalities. The aim is to raise international awareness of developments, teaching, responsibilities and ethics in the field of IT security.

 

Don't miss out!

 

For full details and to register, please visit www.TechnoSecurity.us

 

 

 

ISACA Webinars, Events, and Deadlines

 

 

Upcoming Events

21 April

Webinar: Mastering the Top 5 New Requirements in Access Management

23 April

Webinar: Innovative Risk & Digital Business Frameworks

27-30 April

Taking the Next Step: Advancing Your IT Auditing Skills San Francisco, CA, USA

 

 

1 CPE is offered to ISACA Members who take the CPE exam at the end of the webinar. Also these webinars are available on demand and the member can still take the CPE quiz at the end for a CPE credit. 

 

 

PLAN AHEAD FOR 2015.

KEEP AHEAD WITH ISACA'S WORLD-CLASS TRAINING.

 

READY YOUR SKILLS TODAY FOR TOMORROW'S CHALLENGES AND OPPORTUNITIES.

Gain new expertise or refresh your skills to align with current industry standards, protocols and best practices.

 

ISACA� Training Week offers invaluable tools, proven techniques and state-of-the-art thinking-something for professionals at every level-in information systems audit, security, cybersecurity, privacy, governance, and risk.

 

CLOUD COMPUTING: SEEING THROUGH THE CLOUDS-WHAT THE IT AUDITOR NEEDS TO KNOW

Chicago, Illinois | 9 - 12 November 2015

 

COBIT 5: STRATEGIES FOR IMPLEMENTING IT GOVERNANCE

Chicago, Illinois | 4 - 7 August 2015

Scottsdale, Arizona | 7 - 10 December 2015

 

FOUNDATIONS OF IT RISK MANAGEMENT

Chicago, Illinois | 4 - 7 August 2015

Scottsdale, Arizona | 7 - 10 December 2015

 

GOVERNANCE OF ENTERPRISE IT

Chicago, Illinois | 4 - 7 August 2015

Scottsdale, Arizona | 7 - 10 December 2015

 

HEALTHCARE INFORMATION TECHNOLOGY

Dallas, Texas | 20 - 23 July 2015

 

INFORMATION SECURITY ESSENTIALS FOR IT AUDITORS

Mexico City, Mexico | 15 - 18 June 2015 (in Spanish)

Miami, Florida | 21 - 24 September 2015 (in English)

 

INTRODUCTION TO INFORMATION SECURITY MANAGEMENT

Chicago, Illinois | 4 - 7 August 2015

Scottsdale, Arizona | 7 - 10 December 2015

 

AN INTRODUCTION TO PRIVACY AND DATA PROTECTION

Atlanta, Georgia | 5 - 8 October 2015

 

NETWORK SECURITY AUDITING

Miami, Florida | 11 - 14 May 2015

 

SOCIAL MEDIA IN YOUR ENTERPRISE:

MITIGATING THE RISK AND REAPING THE BENEFITS

Seattle, Washington | 24 - 27 August 2015

 

TAKING THE NEXT STEP-ADVANCING YOUR IT AUDITIING SKILLS

San Francisco, California | 27 - 30 April 2015

Boston, Massachusetts | 19 - 22 October 2015

 

 

EARN UP TO 32 CPE CREDITS!

 

REGISTER EARLY: $200 USD Early Bird discount available!

Register today or learn more at: www.isaca.org/trainingweekjv-6

 

 

 

CEH Study Materials

 

There is a full study kit of CEH-Certified Ethical Hacker (about 3 or 4 large books and Computer discs for lab practice). It requires a separate computer to load, because the software could harm the existing data, files or information in a computer. I believe the material is a lab intensive self-study course. The certification path immerses students into an interactive environment where they are shown how to scan, test, hack and secure their own systems. Other topics such as Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, and Buffer Overflows are also covered.

 

Please let me know if anyone is interested in this material. The kit is 3 to 4 years old but is still relevant.

 

Leonard Joseph, PMP, CRISC

[email protected] 

 

 

Join Our Mailing List
From the President

 

 

Upcoming Classes 

Check out our website for all our upcoming classes in the next few months.

 

May 14 - RSA and Accuvant will present "Processes, Risks and Controls: Establishing a Solid GRC Foundation", "Advanced Security: Security teams need more firepower!", and "Governance before Provisioning - The new approach to Identity Management projects" at the Ndoki Lodge at Riverbanks Zoo.   This will be a half day class followed by our annual social event from 6 - 8pm.   Register now for a great event and fun time in a brand new setting for our ISACA chapter.

 

June 8 - 10 - we are having a 3 Day Security/Audit conference with Ken Cutler.  Your Choice of � day sessions on Day 1, or attend Day 1, Day 2 & 3, or all 3 days.  Topics are:Winning the Great Shell Game: Auditing the Many Faces of Chg Cntl- � Day (4 CPEs);         Dancing With Penguins: Linux as an Audit Target and IT Audit Tool - � Day (4 CPEs)
Auditing in CyberSpace: Locating and Reducing Risks in Web Apps - 2 Days (16 CPEs)

 

July - We plan to have Stu Henderson return for a 1 day course.

August - our own member, Brian Kelley will present a class on ETL: Security & Auditing Across the Entire Data Flow. 

 

 

Membership     

It's the time of year to renew you membership if you haven't already done so.   ISACA has a grace period, so if December slipped by and you didn't renew for 2015, there's still time.  Being an ISACA member can save you over $1,000 on our local training so don't delay any longer.  

 

Social Media

    

 

 

Tom Hart

2014 - 2015 President

                                                       

 

 

Help Wanted!  Volunteers Needed!

 

 

Are you someone that loves the Social Media scene?  We need help in establishing our SC Midlands ISACA Chapter Brand in the social media!  We need someone who loves to learn a new way of doing things, is excited about helping us establish a presence online with Facebook, Twitter and LinkedIn to start.  Will require consistency, persistence, a great sense of humor and the ability to teach yourself how to use the tools to make it all happen.  Is that you?  If so, please contact Tom Hart at [email protected] to get started.

 

Are you someone that loves numbers, budgets, reports, and has some familiarly with QuickBooks?  Looking for the personality who dreams and thinks in numbers!  We have some automated tools to use and require monthly reporting and discussions about numbers.  If you have an eye and the heart for numbers and are eager to provide this valuable contribution to our SC Midlands Chapter of ISACA Board, please contact Tom Hart at  [email protected] to get started.

 

Are you someone who loves to blog, write, and express your thoughts on paper - we need you now!  We are looking for captivating thoughts to share with our followers in our newsletters.  Do you have a fantastic way of doing something at your place of work that others could learn from?  Write about it and publish in our newsletter and our emails.  Would you like to interview members and report on what great things they are up to?  Please submit your ideas ready to roll off the presses to [email protected] or let us know if you would love the job of news reporter!

 

Are you someone that loves to organize events, develop and keep tasks on track, conduct testing on products, establish and maintain communication with a variety of people, meet and greet people, create and write announcements, send thank you notes, or other tasks we could be doing as a chapter, please send your list of skills and talents and the amount of time you could volunteer to Tom Hart at [email protected] to get started.

 

 

 

  

SC Midlands ISACA Hosts:

"Establishing Solid Governance and Security"

Presented and Sponsored by RSA, and Accuvant/FishNet Security

To be followed by our Annual Social

                     

 

4 CPEs

DATE:                       Thursday May 14th, 2015

LOCATION:              Riverbanks Zoo and Gardens

                       500 Wildlife Parkway, Columbia, SC 29210

                                    Park on the Zoo Side

                      The Zoo is now a smoke-free environment!

 

TIME:                        

Registration      12:30 pm

Class:               1:00 pm to 5:30 pm in the Ndoki Lodge      
Social:              6:00 pm to 8:00 pm in the Aquarium and Reptile Center

 

 

Pre-Registration and payment required at http://www.scisaca.org/ Click on future events, and locate this date. Checks and credit cards accepted for pre-registration and payment. ISACA student members and Academic Advocates come for free! Please sign up using your ISACA ID number to let us know you are coming so that we can feed you!

 

 

Our new registration tool is also sending those on our mailing list a personal Invitation. Please register from there if at all possible. 

http://www.cvent.com/d/4rqq7r

Members, as always, please remember your discounts are mapped to your EMAIL address provided to ISACA International. Please use only this email address to register.

 

 

Pricing: 

Class Only: 

Early Bird Registration: Today to April 30, 2015

$32 - ISACA Members

$40 - Non-Members

 

Regular Registration: May 1 - May 7th, 2015

$40 - ISACA Members

$50 - Non-Members 

 

Class and Social:

Early Bird Registration: Today to April 30, 2015

$38.40 - ISACA Members

$48 - Non-Members

 

Social Only:

Members and their guests: $10

Non-members and their guests: $25 

 

 

What You Will Learn:

 

Increasing Executive Oversight Requires Focus, presented by Renee Guttmann,Accuvant Vice President, Information Risk

If 2014 was the year of the 'breach' and executive awakening about information security, what should we expect in 2015? According to one executive, the enormity of the breaches may actually reflect a failure on the part of information security professionals. There appears to be new interest but also tension between the business and security executives. During this presentation, Renee Guttmann, Vice President, Information Risk Management and member of the Accuvant Office of the CISO, will discuss how organizations can leverage increasing executive oversight to gain executive support for key initiatives including protection of the 'crown jewels'. Attendees will learn:

  • The high-level details of the National Association of Corporate Directors Cyber Risk Guidance and the implications to the information security program.
  • How to leverage threat intelligence and threat modeling to focus protection of the 'crown jewels.'
  • Ideas for addressing the changes in software security to address crowdsourcing, the Internet of Things.

 

"Processes, Risks and Controls: Establishing a Solid GRC Foundation" presented by Mark Hofberg, CISA, CRISC

One of the main challenges of adopting an enterprise-wide strategy for governance, risk, and compliance is the fragmentation of information and processes across the organization. According to Gartner*, "60% of enterprises use Word and Excel as their primary GRC management tools."

 

"Advanced Security: Security teams need more firepower!" presented by Carlos Bonet, Senior Solutions Architect, CISM, CISA, C|CISO, CIPP, CISSP, CEH

Attackers continue to use sophisticated, targeted techniques to infiltrate organizations, but many security teams don't have the staff and expertise to keep up with attacks, and the current monitoring tools are failing to meet their needs.  To raise their game, security teams need more effective threat detection to conduct investigations significantly faster.

 

"Governance before Provisioning - The new approach to Identity Management projects" presented by Gautam Shankar, Sr. Sales Engineer, CISSP, PMP

Information security teams realize that providing users with convenient access to enterprise information resources and managing the lifecycle of identity and access efficiently are critical to enabling the business agility that organizations need. But they also realize that meeting security and compliance goals and managing access-related business risk is a key business objective. All of this complexity is best tackled with a governance-centric approach,

 

Our speakers:

 

Mark Hofberg, CISA, CRISC

Mark is a Senior Sales Engineer for RSA where he drives Governance, Risk and Compliance solutions for clients leveraging the RSA eGRC Platform.  Prior to joining RSA, Mark spent 9 years with Bank of America working in a variety of senior roles in Corporate Audit, Risk Management and Business Controls for Technology and Operations, most recently as a Business Control Manager for Global Technology and Operations.  Mark was most recently responsible for the implementation and adoption of RSA Archer GRC capabilities including Policy, Compliance, Risk, and Audit Management within the organization.  Mark led stakeholders to ratify GRC requirements, drove configuration efforts, deployed changes, and led training of Archer users across Bank of America.  Prior to working for Bank of America, Mark was a management consultant in several industry groups leading large scale enterprise software initiatives for Accenture.

 

Gautam Shankar, Sr. Sales Engineer, CISSP, PMP

Gautam is a senior security professional with diverse technology background and sound educational foundation (MS Comp Eng., BS Comp Eng., CISSP, PMP) specializing in helping clients to solve business, security, and IT challenges.  Gautam has deep domain expertise in Security with specialization in Identity Management and Governance. In addition, Gautam has a strong information-technology consulting background with experience in working with numerous software vendor solutions in enterprise security, service management, infrastructure management, project and portfolio management, cloud and web-based applications development, systems integration and custom software development projects.

 

Carlos Bonet, Senior Solutions Architect, CISM, CISA, C|CISO, CIPP, CISSP, CEH

Carlos has over 18 years of Information technology and security experience, and has spent the last ten years exclusively in the information security field. Prior to coming to RSA, he was part of FishNet Security for 6 years, the last three as Director of Strategic Services and the first three as a Principle Consultant.  Carlos was also a Director of Information Security for a Fortune 1000 financial institution with responsibility for implementing an information security program. Carlos' experience ranges from information security governance implementation, incident response, data classification, policy development, Payment Card Industry, IT risk, privacy and control assessments to technical integration of security products.  He also has been a member of numerous security related organizations such as ISACA, ISSA, IAPP, Infragard, Baptie, NAC and ISC2.

 

Renee Guttmann, Accuvant Vice President, Information Risk

Renee Guttmann is an accomplished global information security and privacy executive with a proven track record of establishing internationally recognized information security programs for Fortune 500 companies. As vice president of information risk and member of the Office of the CISO for Accuvant, Guttmann is responsible for providing guidance to security leaders at enterprise-class organizations. Her council helps enable them to think differently about security strategies so they can change, innovate and be more successful.

 

Prior to joining Accuvant, Guttmann served as chief information security officer of Coca-Cola, where she established an enterprise-wide information risk management program to address information security, privacy and business continuity planning risks across the Coca-Cola systems. Guttmann previously held leadership positions for Time, Inc. and Time Warner, Inc., where she drove the global information security and privacy program as well as the application security program at the corporate head office. She also served in various security-related roles at Capital One, Glaxo Wellcome and Gartner, Inc.

 

Guttmann is internationally recognized within the information security community for knowledge, vision and leadership in the constantly evolving and complex area of information security and risk management. She is a prominent speaker at top industry conferences and has been honored with accolades such as the Compass Award from CSO Magazine and "Woman of Influence" by the Executive Women's Forum. Guttmann is a fellow of the Ponemon Institute. She serves on several technical advisory boards and is a board member of a non-profit organization that helps children in the Atlanta community. She received her honors bachelor's degree from Wilfrid Laurier University in Waterloo, Ontario, and holds multiple technical certifications.

 

 

 

Job Opportunity

 

 

Carolinas HealthCare System

Sr. Internal Auditor I

Location: Charlotte, NC

Requisition ID: 44200

 

Job Summary

Responsible for the timely execution of risk-based internal audits in accordance with the annual audit plan, as well as performing other department projects. Reviewing and appraising the soundness, adequacy, and application of accounting, financial and operational controls. Identification of opportunities to improve financial performance, operational efficiency and communicating the results of audit and consulting projects via written reports and oral presentations on a timely basis to management. This position will primarily focus on auditing the CHS Medical Group with a heavy emphasis on the revenue cycle. Areas of additional focus may include strategic investments, joint ventures, acquisitions and compensation plans. Much of our work is performed through data analytics. CHS is an EOE/AA employer.

 

Education, Experience and Certifications

Bachelor Degree from an accredited institution in accounting or related field is required. Five or more years of related work experience in internal auditing or a related field such as accounting. The ideal candidate will have Healthcare Internal Auditing experience and be certified with a CIA or CPA.

  

To join our team, please email your resume to:

Dave Pyland, Director of Audit Services, at [email protected]

 

 

 

 

 

 

  
::