DATABYTE - isaca.org · Walk-in registration is available at an increased fee. ... This training...
Transcript of DATABYTE - isaca.org · Walk-in registration is available at an increased fee. ... This training...
October 18, 2017 ISACA Detroit Chapter Meeting
Pre-Dinner Topic: BeyondCorp. A New Approach to Enterprise Security Pre-Dinner Speakers: Jeff Peck, Technical Program Manager for Corp Eng in Google Justin McWilliams, Engineering Manager for Corp Eng in Google NYC After-Dinner Topic: Enabling BeyondCorp with Trusted Access After-Dinner Speakers: Jon Oberheide, Co-Founder and Chief Technology Officer of Duo Security Doug Copley, Principal Security Strategist with Duo Security
Date: Wednesday, October 18, 2017 Time: 4:30 - 5:00 Registration & Networking 5:00 - 6:00 Pre-Dinner Presentation 6:00 - 6:45 Dinner 6:45 - 7:45 After-Dinner Presentation Location: Michigan State University Management Education Center 811 W. Square Lake Road Troy, MI 48098-2831 Cost: Advance Online Registration Only: Walk-In Fees: $20.00 Member $40.00 Member $30.00 Non-Member $50.00 Non-Member $10.00 Student and Retiree $10.00 Student and Retiree
PRESIDENT Greg Boehmer, CISA, CIA, CFE, CGEIT CISSP, CISM, CRISC, CRMA, CSFX, PMP Deloitte & Touche
VOLUME 32 # 2 REGION 4 CHAPTER 8
DATABYTE
The Chapter must provide the number of reservations by 12:00 pm on the Friday prior to the Chapter meeting. Advance online registration closes at noon on Friday, October 13, 2017. If you have made a reservation and cannot attend, please contact Geralyn Jarmoluk at [email protected], or 248-762-7421 prior to the above noted deadline for refunds. Walk-in registration is available at an increased fee. Reservations not cancelled prior to the above-noted deadline cannot be refunded as we are committed to the caterer for the meals ordered.
DIRECTORS
Brad Barton, CISA 248-707-9372 Keith Cheresko, JD, CIPP, CIPT, FIP Privacy Associates International LLC 248-535-2819 Doug Copley, CISM, CISSP, CISA, CIPP, CIPT Duo Security 810-289-8243 Shannon Desjardins, CPA, CISA, CRISC Blue Cross Blue Shield of Michigan 586-201-1603 Michael A. Forrest, CISA, CGEIT Flagstar Bank 248-312-5435
Michele M. Haroon, CPA, CISA Lear Corporation 248-447-3001 Chris Johnson, CISA Lear Corporation 248-447-1066
Tammy Johnson, CISA Fiat Chrysler America 248-709-0427 Bhaskar Kakulavarapu, CISSP, CISM Comerica 248-371-7273 Linda Kearney, CISA, CISM, CIA, CIPP-US Fiat Chrysler Automobiles 248-512-3858 D. Robert Okopny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246 Sajay Rai, CPA, CISSP, CISM Securely Yours LLC 248-723-5224 Malini Sarma, CISA General Motors 313-667-2878 Carrie Schrader, CISA, CBM, CFE, CGEIT, CRISC GM Financial 313-989-4711 Melvin B. Taylor, CISA, CISM General Electric 248-761-5671 Doug Wahr, CFE, CISA, CRMA, CISSP Auto Club Group (AAA) 313-436-7277 Manish Zaveri, CISA, CPA FordDirect 248-888-9090
VICE PRESIDENT Juman Doleh-Alomary, MScE, CISA, CISM, CRISC, ISO27001 Wayne State University
Treasurer Ryan Hodges, CISA, CISSP CISM, CRISC, ISO27001 Deloitte & Touche
Secretary Charles Murray CPA, CISA KPMG
Please forward any ISACA questions to our Chapter Administrator at [email protected] and she will route your question to the appropriate ISACA Board member
2
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Hello Fellow ISACA Detroit Chapter Members! For those who attended the September membership meeting, I’m sure that you were pleased to see the large turnout and enjoyed our guest speaker Rob Clyde, Vice-Chair of ISACA’s Board of Directors and the Managing Director of Clyde Consulting LLC, an executive advisory firm. I heard from over five mem-bers how much they enjoyed Rob’s presentations. For those unable to attend, I encourage you to obtain his presentations from our Detroit Chapter ISACA website covering “Emerging Trends in Technology and Cyber-security” or “Leadership and ISACA International Board Perspective”. A few important items that I’d like to highlight, as they directly relate to our Board’s goal for the Detroit Chapter to provide you value for your membership:
Fall Seminar: John Tannahill will be delivering a two-day seminar on “Security and Audit of Cloud Computing” on
Wednesday, November 29th and Thursday, November 30th at VisTaTech Center in Livonia; so mark your calendars and look for the registration invite.
Spring Training: The Detroit Chapters of the IIA and ISACA are proud to co-sponsor the 19th Annual Spring Training Seminar Monday, March 26 through Wednesday, March 28, 2018 at Suburban Showcase in Novi, MI. Once again, the Spring Training Committee has contracted some of the top auditing trainers from around the country to share their personal expertise with our members. Some tracks fill up (we have twelve from which to choose); so please reserve your spot today.
The first five people that email our Chapter Administrator at [email protected] my Primary goal as President will receive a prize to be claimed at the October meeting. If at any time you have a question, curiosity or suggestion for improving the Chapter’s services, approach any of our Board members or send a direct message to me for a response. I can be reached in person at any of the Chapter events, or via email at: [email protected]. I look forward to seeing you at our October meeting and please read below for details on our speakers and topics! Respectfully, Greg Boehmer ISACA Detroit Chapter President
Before Dinner Topic - BeyondCorp. A new Approach to Enterprise
Security. BeyondCorp is an enterprise security model that builds
upon 6 years of building zero trust networks at Google, combined
with best-of-breed ideas and practices from the community. By
shifting access controls from the network perimeter to individual
devices and users, BeyondCorp allows employees to work more
securely from any location without the need for a traditional VPN.
Before Dinner Speakers Jeff Peck is a Technical Program Manager for Corp
Eng in Google. He previously worked at companies
large and small around Silicon Valley, doing soft-
ware engineering and program management for a
variety of projects in the telecom, server, and net-
work application domains. He has a BS in Computer,
Information, and Control Science from the University of Minnesota.
Justin McWilliams is an Engineering Manager for
Corp Eng in Google NYC. Since joining Google in
2006, he has held positions in IT Support and IT
Ops Focused Software Engineering. He holds a BA
from the University of Michigan, Ann Arbor.
After Dinner Topic - Enabling BeyondCorp with Trusted Access
Does BeyondCorp sound too difficult? Are you questioning whether
such a model is even viable for your organization? If so, listen to Jon
Oberheide and Doug Copley from Duo Security “put the rubber to
the road.” They will describe some of the technologies and capabili-
ties available today to reduce security complexity and help any or-
ganization migrate toward a BeyondCorp model. Think BYOD would
prevent you from adopting a BeyondCorp model? Think again. They
will discuss the ability to leverage BYOD in a zero trust model, and
how to leverage agentless device visibility to identify risk and priori-
tize mitigation efforts.
After Dinner Speakers Jon Oberheide is the co-founder and chief technology
officer of Duo Security based in Ann Arbor, Michigan.
In his role, Jon is responsible for leading product vi-
sion, the company’s security and the Duo Labs ad-
vanced research team. Jon is a well-known security
expert and researcher. While his research interests
span across the security domain, he has deep expertise in mobile
and cloud security and malware analysis. Jon was named to Forbes’
"30 under 30" list for his Android security research. Jon attended the
3
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
University of Michigan and holds a bachelor’s, master’s and PhD in
Computer Science, and has held positions at Merit Network and
Arbor Networks.
Doug Copley is a Principal Security Strategist with
Duo Security. A former CISO in Healthcare and Chief
Privacy Officer in Financial Services, Doug is a 25 year
veteran of IT, information security and data privacy.
Doug is a passionate advocate and evangelist for
effective information security and data privacy risk
management for both organizations and individuals. Doug is the co
-founder and past Chairman of the Michigan Healthcare Cyberse-
curity Council and remains active in various industry activities and
workgroups. Doug can frequently be found speaking or blogging
on information security, data privacy and leadership topics for eve-
ryone’s benefit.
Fall Seminar The Detroit Chapter of ISACA is happy to announce the upcoming fall seminar covering the important topic: “Cloud Computing Secu-rity & Audit”. This training will focus on the audit and security is-sues related to Cloud Computing environments The instructor for this topic will be John Tannahill. John is an inde-pendent Information Security and Audit Services Consultant who works in the areas of information security in large information sys-tems environments and networks. He has particular technical exper-tise with Windows 2008/2012; Unix/Linux; Oracle/Microsoft SQL Server and Internet security. This two-day seminar will be held on November 29 and November 30 (Wednesday and Thursday) at the VisTaTech Center, Schoolcraft College - 18600 Haggerty Road - Livonia, MI 48152. Class will begin at 8:30am and will conclude around 5:00 pm. A light break-fast and lunch will be served each day. Those attending will be awarded 15 hours of continuing professional education (CPE) cred-its. The cost of the two day seminar will be $100 for Professional ISACA members and Student ISACA members, $275 for Profes-sional non-ISACA members and $125 for Student non-ISACA members. Both non-ISACA member fees include a one year mem-bership in both ISACA International and the Detroit Chapter. En-rollment can be completed by visiting the Events section of the ISA-CA Detroit website at: http://www.isaca.org/detroit.
Seminar Outline
Cloud Computing Concepts • Overview of Cloud architectures • NIST Cloud Definitions
Cloud Service Models • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) Cloud Deployment Models • Public Cloud • Community Cloud • Private Cloud • Hybrid Cloud Security and Control Issues • Key Risk Issues • Key Governance Issues • Key Security Concerns • Control Requirements with CSA’s Cloud Controls Audit Tools & Techniques • Use of SOC Reports • Example Audit Programs • Case Study Exercise • Based on a given cloud usage scenario, development of Audit
Objectives and Program steps using the CSA Cloud Controls Matrix
Welcome New ISACA Detroit Chapter Members
Ryann Peyton Kelly Genzlinger Melissa Tews Emily Smith Tareq Falah Ronald Hillard Pamela Horner Jasmine Goryoka Steven Moltmaker Eric Munn Laura Sundt James Spatafora Travis Rosswurm Ginger Cullifer Vincent Choulagh James Daniels Chia-Yen Lee Melissa Krajewski Chris Alverez Diane Gallagher-Starr Veeresh Nama Pritam Mukherjee Samantha Alder Yogeesh Kunigal Gangaiah
September Chapter Meeting Raffle Winners
Deborah Gore Besi Ndakwah Dean Chandler Owen Ekechukwu Keith Cheresko Jianping Wang Jim Hanlon Anu Lohani Denise Kitchen Seetaram Ponugupati Doug Wahr Laurie Hepner Melvin Taylor Brenda Karl Kathleen Welch Michele Haroon Michael Steklac
The ISACA Detroit Chapter Certification Committee Wishes
to Congratulate the following Newly Certified CISA’s
Peng Zhang, CISA
Lang Le Pryor, CISA
The ISACA Detroit Chapter Certification Committee Wishes to Congratulate the following members who Passed the
August/September 2017 ISACA CISA Certification Exam
Ayaz Anwar
Nicholas Adams Hang Le Pryor
Karen Ben-Shahak Ilsar
4
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Social Committee The ISACA Social Committee held a fun and exciting event at Comerica Park this past August. The Tigers took on the LA Dodgers in an exciting game. The weather was great and a good time was had by all! If you missed the August event, we invite you to attend the fall event that will be held in October. Please be on the lookout for an invitation to the event. We hope to see you there!!
Thank you, The ISACA Social Committee
5
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Spring Training Chapter News
The Detroit Chapters of the IIA and ISACA are proud to co-sponsor the 19th Annual Spring Training Seminar March 26 through 28, 2018 at Suburban Showcase in Novi, MI. Once again, the Spring Training Committee has contracted some of the top auditing and IT trainers from around the country to share their personal expertise with our members. Don’t miss out on the opportunity to network with your peers, enhance your skills, learn about new products and services in the marketplace and get the training you need. A number of classes sell out each year! Please click the follow-ing link to view more information on this event, register, and/or download the Spring Training brochure: http://www.cvent.com/d/gtqj3z/1Q. ~The Spring Training Committee
TRACK
MON MARCH 26 TUES MARCH 27 WED MARCH 28
A Building an Effective Fraud Risk
Management Program Paul Zikmund
Conducting Investigations Boot Camp Paul Zikmund
B Building High Performing Team
Keith Levick
Social and Emotional Intelligence
Keith Levick
Decision Making and Problem Solving
Keith Levick
C Becoming a Person of
Influence Don Levonius
Gaining and Sustaining Credibility
Don Levonius
Everyone Communicates, Few Connect
Don Levonius
D
Agile/DevOps Controls
& Audit John Tannahill
Ethical Hacking (Hands-on Workshop)
John Tannahill
E Forensic Analytics: Methods & Techniques for Financial Investigations Mark J. Nigrini
F Successful Audit Data Analytics (Hands-On) Jim Tarantino
G Internal Audit University Hernan Murdock
H The Connection Between Data Governance, Privacy & Information Security Shawna Flanders
I Risk Based Auditing and
Reporting Jim Roth
Leadership and Supervision Skills for Auditors
Jim Roth
Audit Report Writing Jim Roth
J
How to Set Up and Administer an Effective Fraud
Awareness Program Mary Breslin
Root Cause Analysis Mary Breslin
K Linux as an Audit Target…
and as an IT Audit Tool Ken Cutler
CyberSecurity Audits of Modern Web Applications Ken Cutler
L CyberSecurity and Audits of
Payment Card Systems Roger Herbst
CyberAudits of Identity and Access & Control Management Roger Herbst
6
Photo Disclaimer: ISACA Detroit Chapter may capture images from meetings and events on film or digital media for publication and marketing purposes.
DATABYTE Geralyn Jarmoluk
ISACA Detroit Chapter Administrator P.O. Box 43
Romeo, MI 48065
[email protected] 248-762-7421
ADVERTISE IN THE DATABYTE
NEWSLETTER
¼ Page $50.00 ½ Page $100.00 Full Page $200.00
Contact Geralyn Jarmoluk at [email protected]
or Mike Forrest at [email protected]
October 18, 2017 Menu
Caprese Salad Caesar Salad
Antipasto Salad Meat Lasagna
Tuscan Chicken Bowtie Pasta with Pesto Sauce
Italian Green Beans Fresh Baked Bread
Chef’s Choice Dessert
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
2017-2018 ISACA Detroit Chapter Committee List
Committee Name Committee Members Committee Chair
Academic Relations
Sajay Rai Sajay Rai
Brad Barton
Doug Copley
Bhaskar Kakulavarapu
Bylaws, Policies & Procedures
Juman Doleh-Alomary Juman Doleh-Alomary
Greg Boehmer
Keith Cheresko
Linda Kearney
Certification
Charles Murray Charles Murray
Michael Forrest
Michele Haroon
Communications
Brad Barton Brad Barton
Keith Cheresko
Doug Copley
Chris Johnson
Bhaskar Kakulavarapu
Linda Kearney
Facilities
Carrie Schrader Carrie Schrader
Ryan Hodges
Tammy Johnson
Linda Kearney
Membership Michael Forrest Michael Forrest
Nominating & Audit Linda Kearney Linda Kearney
Keith Cheresko
Program
Doug Copley Doug Copley
Greg Boehmer
Keith Cheresko
Bhaskar Kakulavarapu
Seminar
Manish Zaveri Manish Zaveri
Brad Barton
Carrie Schrader
Doug Wahr
Social Melvin Taylor Melvin Taylor
Spring Training
Juman Doleh-Alomary Juman Doleh-Alomary
Bob Okopny
Malini Sarma
ISACA Detroit Smart Device App
The ISACA Detroit Chapter Communications Committee is happy to announce the availa-bility of a smart device App de-signed to provide current and important information on several membership benefits and activi-ties. This App is now available for both Apple and Android de-vices and can be installed by following the steps below. Mak-ing this App available to our membership is just one in a series of improvements being re-searched and planned by the Communications Committee. We are anxious to meet our
membership’s expectations for effective communications and any and all ideas are welcomed. If you have a suggestion, please send an email mes-sage to: Brad Barton, Chair of the Communications Committee, ([email protected]) or reach out to any of our Board members to submit your suggestion.
The ISACA Detroit Communications Committee
Attend up to 4 Chapter Meetings FREE
In these difficult times, the ISACA Detroit Chapter Board wants to help. If you are unemployed, laid-off, or are not currently receiving a paycheck, we have some good news. It’s during times such as these that maintaining a network of peers and maintaining your level of training is so very important. We are, therefore, offering to allow you to attend up to four (4) meetings FREE. You must register for each meeting through the Membership Chairman by sending an e-mail stating that you are currently out of work and wish to attend the meeting. The e-mail must be received prior to the meeting registration close for that meeting. Please send your email to Mike Forrest at: [email protected].
The October 18, 2017 ISACA Chapter Meeting
will be held at:
Michigan State University Management Education Center
811 W. Square Lake Road, Troy, MI 48098-2831 Phone: (248) 879-2456