ISACA San Diego

Welcome to the ISACA San Diego Website

IIA and San Diego chapter ISACA full-day joint session April 10 2013

Full Day Seminar - IIA and ISACA

Date: Wednesday, April 10, 2013, 7:30am to 5:00pm
Location: AMN Healthcare, Inc., 12400 High Bluff Drive, San Diego | California
Full Day Seminar Cost (Includes Luncheon Meeting): 125.00 Members | 140.00 Non-Members | 65.00 Students
REGISTER: To register for the full day seminar, please visit the IIA San Diego Chapter's training and events website at https://chapters.theiia.org/san-diego/Events/Pages/Full-Day-Seminar---IIA-and-ISACA.aspx

Luncheon Meeting ONLY

Date: Wednesday, April 10, 2013, 11:30am to 1:30pm
Location: AMN Healthcare, Inc., 12400 High Bluff Drive, San Diego | California
Cost: 35.00 Members | 40.00 Non-Members | 10.00 Students
REGISTER: To register for the full day seminar, please visit the IIA San Diego Chapter's training and events website at https://chapters.theiia.org/san-diego/Events/Pages/April-2013-Chapter-Event.aspx

JOINT IIA & ISACA ALL DAY SEMINAR

Event hosted by AMN Healthcare
This is the annual joint meeting for the San Diego IIA and ISACA chapters.
Note the change in location for this event.

EVENT SPONSORED BY:

Agenda/Speakers/Biographies and Additional Information:

8:00am – 08:45am: Franklyn Jones, VP at Bromium – "Micro-virtualization and Analysis of Zero Day Polymorphic Malware"

BIO: Franklyn is Vice President at Bromium, Inc. He has 20+ years of experience in marketing leadership positions in enterprise network security, data center, VOIP, and network infrastructure market segments. Franklyn was an early member of Palo Alto Networks and spent nearly 5 years helping the company grow its business in North America, then moved to London to replicate that success across EMEA in preparation for a successful IPO. Prior to joining Bromium, Franklyn also held senior marketing positions with 3Com, ShoreTel, Packeteer, BlueCoat, and Xsigo Systems. Franklyn holds a BA from Michigan Technological University.

8:45am – 10:00am: Jason Brucker, Protiviti, Director & Jon Bronson, Protiviti, Managing Director - "Enabling IT Performance & Value with Effective IT Governance"

BIO:

Jason Brucker
Jason is a Director within Protiviti’s IT Consulting practice in the San Francisco Bay Area and is a member of Protiviti’s global leadership team for IT governance and IT operations improvement solutions. With certifications in project management, IT governance, IT service management, and IT audit, he has over twelve years of experience in information technology and risk consulting spanning a variety of solutions and industries. His experience includes a broad range of projects, from short-term audits and assessments, to full-scale process re-engineering and system implementation programs.

Jon Bronson
Jon is a Managing Director in Protiviti's Los Angeles risk consulting practice. He is a key management resource in executing business continuity management (BCM), IT governance, IT process improvement and internal audit engagements. Jon is the leader of Protiviti’s West Region business continuity solution area and has provided risk management advisory assistance to over 100 organizations throughout the region. He is a Certified Business Continuity Professional (CBCP), Certified Project Management Professional (PMP) as well as a Certified Information Systems Auditor (CISA). Jon has over 16 years of large-scale project management experience complemented by an Engineering Master's degree from the University of Southern California.

Executive Summary and Learning Objectives:
Organizations often underestimate the impact and value of its IT governance function, resulting in IT strategies, processes and technology capabilities that are not appropriately aligned with business requirements. This presentation will focus on how factors such as customer perception and the effective management and execution of key foundational processes and controls within an IT function can enhance value at an organizational level.

Session attendees will gain insight into resources that are readily available to them as they work through their own IT governance assessment and improvement initiatives. These include leading frameworks and models from organizations like the IT Governance Institute as well as cross-industry research and benchmarking tools from organizations like the IT Process Institute (ITPI). Attendees will also hear about key lessons learned from other organizations that have successfully enhanced their own IT value chains through improved IT governance. The techniques presented will be readily applicable to the attendees and their organizations regardless of their background, experience, size, industry, or current state of maturity.

Session Benefits/Learning Objectives:

· Techniques for moving your organization beyond compliance-focused IT governance activities.
· Identifying and applying the “right” business-IT alignment model for your organization.
· Structuring the IT organization based on your business-IT alignment.
· Aligning your key IT decisions with the right IT decision-makers.
· Defining and implementing the key behaviors and practices to enable IT value delivery.
· Adopting a higher-value approach for IT governance auditing.

10:00am - 10:15am: Break

10:15am - 11:45am: Aaron Garcia - PWC, Director - "COSO IT Update"

BIO:

J. Aaron Garcia, CPA

Aaron Garcia is a Director at PricewaterhouseCoopers and is a Principal Contributor to the update of the Internal Control -- Integrated Framework originally issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). He is the Project Lead Director for the Internal Control over External Financial Reporting: A Compendium of Approaches and Examples document that is being released concurrently with the Framework. His experience spans over 12 years serving clients in the technology, communications, entertainment, and consumer products industries. He has extensive experience advising clients and reporting on the design and implementation of internal control environments, including addressing compliance aspects of Sarbanes-Oxley.

Aaron is currently assigned to the Risk Assurance practice in Southern California. Based in San Diego, he leads teams who conduct financial audits and consulting engagements to advise clients on effective means of managing risks related to internal controls over business processes and information technology.

11:45am - 12:00pm: Transition to Luncheon Meeting

12:00pm - 12:20pm: Lunch, Annoucements & Administrative matters

12:20pm - 1:30pm: Adam Brand, Proviti, Associate Director - "Contextual Vulnerability Rating for Effective Vulnerability Management"

BIO:

Adam Brand is an Associate Director with Protiviti's Information Security practice. He has been involved in a variety of areas in information security, from strategic planning and remediation activities, to audits and incident response. He holds the PCI QSA, CISSP, CISA, ITIL Foundations, and GIAC GREM (Reverse Engineering Malware) certifications. A current main focus of his is helping organizations redesign information security processes to be more effective and service-oriented.

Executive Summary and Learning Objectives:

The information security threat landscape has never been more hostile, and many organizations are struggling with how to find time to effectively defend against determined attackers when the odds seem so stacked against them. Unfortunately, many organizations are set back even further through over-reliance on the results of security scanning tools and the ratings those tools apply to discovered vulnerabilities. This presentation discusses the dangers of relying on these scanner risk ratings, and how a more contextually aware approach can result in improved results and less energy expended on low-value activities.

Session Attendees Will Learn How To:

· Identify inconsistencies in the scanner-centric model
· Clarify organizational objectives for risk ratings
· Develop and execute a contextual vulnerability rating program
· Improve credibility with IT Operations through accurate vulnerability ratings
· Communicate more clearly with Executive Management on Vulnerability Management

1:45pm - 2:15pm: Ken Carter, AIS VP Data Center Operations - "Network Security & Data Protection"

BIO:
Ken Carter. A professionally certified Data Center Design Electro-Mechanical engineer, Ken has over 15 years experience designing, building and maintaining Tier II-III data centers all over the country for companies such as LexisNexis and Fidelity Information Services. Meeting client expectations of ensuring continuous reliability, availability and productivity is the forte of up-time and is a key focus for Ken. During his five years with Fidelity and previous years at LexisNexis, his clients enjoyed an unprecedented level of continuous up-time without revenue generating load losses. There was not a singe revenue-impacting outage. Ken holds BS in Engineering from Notre Dame and an MBA from the University of Dayton.

2:15pm - 3:15pm: Brenda Piazza, Director of IT Audit Services - CBIZ; SSAE 16, "SOC 1, 2, & 3 Reports: What are they, how are they different, and when should I ask for one?"

3:15pm - 3:30pm: Break

3:30pm – 5:00pm: Noel Haskins-Hafer- Intuit - "Key Considerations of Regulatory Compliance in the Public Cloud"

BIO:
W. Noel Haskins-Hafer is the Compliance Program Manager for Intuit’s Financial Services division. Until recently, she was with Intuit’s internal audit department, where she developed Intuit’s roadmaps and audit programs for emerging technologies, including cloud computing and social media governance. Prior to joining Intuit, she assisted her Deloitte clients in developing their anti-fraud programs and controls frameworks, and was part of the firm’s National Fraud Training task force. She holds numerous professional designations, including Certification in Risk Management Assurance (CRMA), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified in Governance of Enterprise IT (CGEIT) and Certified Fraud Examiner (CFE). She serves on the board of the San Diego chapter of ISACA as well as on ISACA International’s review committees for certification study materials and the recently released COBIT 5 framework.

Learning Objectives: Improve knowledge and skills related to information technology auditing.
8 CPE hour
Method: Group-Live
Field of Study: Auditing (General)
Program Level: Intermediate
Prerequisites: None
Advanced Preparation: None

Please make your reservations by 4:00pm Friday, April 5, 2013.

Refund/Cancellation Policy: Refund requests must be received by Friday, April 5, 2013. No refunds will be granted afterwards.
Complaint Resolution Policy: Contact the Hospitality Chairperson, This e-mail address is being protected from spambots. You need JavaScript enabled to view it for refund, complaint or cancellation policies.

The Institute of Internal Auditors, San Diego Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors - Sponsor #109486. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org.

Last Updated on Tuesday, 09 April 2013 07:33

ISACA San Diego March 21, 2013 Meeting

Assessing Project Risks using Predictive Project Analytics

What if there was a way to predict which of your projects are going to fail to deliver their objectives - and what you should change to make them successful? Now there is a way. Most corporate executives understand that business growth hinges on an organization's ability to effectively manage major capital investment campaigns, changes to the business processes, and the adoption of new technologies. Yet, despite their inherent strategic importance, these very projects frequently experience cost overruns, run late or fail entirely. The reasons for project failure are diverse. Given the potential severity of repercussions of project failure, leading organizations have always searched for ways to keep their projects on track. So far, research studies provided insight into factors that contributed to success and failure, but could not predict the outcome of a particular project. Traditional risk assessments delivered expert opinions related to project outcomes, but could not pinpoint specific control gaps that could cause a project to go off track. Now: predictive project analytics can help organizations identify in advance which projects will fail and how to get them back on track.

Date: Thursday, March 21, 2013 from 12:00pm to 2:00pm.

Location:
Scripps Mende Well Being Center, 4305 La Jolla Village Drive,
Suite #L5 San Diego, CA 92122

Presentation Summary:

Speakers:

Steven Wakefield, Senior Manager, Deloitte (Enterprise Risk Services)

Steven has 20 years experience in IT project management, PMO leadership and systems implementations, spending the last eight years providing project risk advisory services to Deloitte clients. Prior to coming to Deloitte, he served as the Vice President of IT and Technical Operations for a Bay Area technology company where he oversaw the development and implementation of multiple IT projects and initiatives. Steven holds CGEIT and a PMP certifications.

Neetu Khilnani, Senior Manager, Deloitte (Enterprise Risk Services)

Neetu has 15 years of experience in business process and information systems audit and controls consulting experience, with a focus on such methodologies as CMMI, ITIL, and PMBOK. She provides project risk oversight services for clients in the Health Sciences and Technology industries. Neetu holds CISA, CRISC, CISSP certifications.

If you are planning to attend please confirm your participation via the registration link: http://sdisaca_mar2013.eventbrite.com

Special Note - Nominations for San Diego Chapter Officer and Director positions end on the day of the meeting.

Last Updated on Monday, 18 March 2013 20:45

Upcoming Spring Events from ISACA LA Chapter

Written by Administrator
Monday, 04 March 2013 00:00
ISACA LA Chapter Spring Conference April 27 – May 1, 2013 at Universal Hilton and Towers The conference program and registration is available for the L.A. ISACA chapter's annual spring conference http://isacala.org/conference and will be held on April 27 – May 1, 2013 at the Universal Hilton and Towers (Universal City). We are also offering a two-day CRISC Review Boot Camp. Last year the conference attracted over 325 IT assurance, security and governance professionals in the Southern California area. The Chapter is excited to have Mr. Eran Feigenbaum, Director of Security of Google Enterprise, as the keynote speaker, to present on "Cloud Computing Security" and Kaplan Mobray presenting "The 10Ks of Personal Branding: Creating a Better You". We will also have a variety of program presentations in the following tracks: Accelerating Your Fundamentals; Information Security Issues and Leading Practice; Emerging Issues, Tools & Techniques; and Managing Governance, Risk and Compliance. The pre-conference workshops include "Introduction to COBIT5 Workshop,” “Control and Security of Microsoft Exchange 2010,” and “Quick Start IT-Related Business Risk Management.” These education events will surely facilitate some great discussion around the conference theme, " Cyber Risks: Real and Credible Threats." We are also excited to offer a two-day CRISC Review Boot Camp with the instructor that offers the same workshop at ISACA's past GRC and CACS conference at a substantially reduced rate. This workshop will help you prepare for the CRISC certification. Finally, register early! Spaces in the workshops and conference sessions are limited. Each year, several popular sessions fill up quickly and late registrants have to select alternative sessions. An early registration discount is available if you register by April 5, 2013. Debbie Lew ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) Chair, 2013 LA ISACA Spring Conference
Last Updated on Monday, 04 March 2013 22:23