October 18, 2017 ISACA Detroit Chapter Meeting

Pre-Dinner Topic: BeyondCorp. A New Approach to Enterprise Security Pre-Dinner Speakers: Jeff Peck, Technical Program Manager for Corp Eng in Google Justin McWilliams, Engineering Manager for Corp Eng in Google NYC After-Dinner Topic: Enabling BeyondCorp with Trusted Access After-Dinner Speakers: Jon Oberheide, Co-Founder and Chief Technology Officer of Duo Security Doug Copley, Principal Security Strategist with Duo Security

Date: Wednesday, October 18, 2017 Time: 4:30 - 5:00 Registration & Networking 5:00 - 6:00 Pre-Dinner Presentation 6:00 - 6:45 Dinner 6:45 - 7:45 After-Dinner Presentation Location: Michigan State University Management Education Center 811 W. Square Lake Road Troy, MI 48098-2831 Cost: Advance Online Registration Only: Walk-In Fees: $20.00 Member $40.00 Member $30.00 Non-Member $50.00 Non-Member $10.00 Student and Retiree $10.00 Student and Retiree

PRESIDENT Greg Boehmer, CISA, CIA, CFE, CGEIT CISSP, CISM, CRISC, CRMA, CSFX, PMP Deloitte & Touche

VOLUME 32 # 2 REGION 4 CHAPTER 8

DATABYTE

The Chapter must provide the number of reservations by 12:00 pm on the Friday prior to the Chapter meeting. Advance online registration closes at noon on Friday, October 13, 2017. If you have made a reservation and cannot attend, please contact Geralyn Jarmoluk at Administrator@isaca-det.org, or 248-762-7421 prior to the above noted deadline for refunds. Walk-in registration is available at an increased fee. Reservations not cancelled prior to the above-noted deadline cannot be refunded as we are committed to the caterer for the meals ordered.

DIRECTORS

Brad Barton, CISA 248-707-9372 Keith Cheresko, JD, CIPP, CIPT, FIP Privacy Associates International LLC 248-535-2819 Doug Copley, CISM, CISSP, CISA, CIPP, CIPT Duo Security 810-289-8243 Shannon Desjardins, CPA, CISA, CRISC Blue Cross Blue Shield of Michigan 586-201-1603 Michael A. Forrest, CISA, CGEIT Flagstar Bank 248-312-5435

Michele M. Haroon, CPA, CISA Lear Corporation 248-447-3001 Chris Johnson, CISA Lear Corporation 248-447-1066

Tammy Johnson, CISA Fiat Chrysler America 248-709-0427 Bhaskar Kakulavarapu, CISSP, CISM Comerica 248-371-7273 Linda Kearney, CISA, CISM, CIA, CIPP-US Fiat Chrysler Automobiles 248-512-3858 D. Robert Okopny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246 Sajay Rai, CPA, CISSP, CISM Securely Yours LLC 248-723-5224 Malini Sarma, CISA General Motors 313-667-2878 Carrie Schrader, CISA, CBM, CFE, CGEIT, CRISC GM Financial 313-989-4711 Melvin B. Taylor, CISA, CISM General Electric 248-761-5671 Doug Wahr, CFE, CISA, CRMA, CISSP Auto Club Group (AAA) 313-436-7277 Manish Zaveri, CISA, CPA FordDirect 248-888-9090

VICE PRESIDENT Juman Doleh-Alomary, MScE, CISA, CISM, CRISC, ISO27001 Wayne State University

Treasurer Ryan Hodges, CISA, CISSP CISM, CRISC, ISO27001 Deloitte & Touche

Secretary Charles Murray CPA, CISA KPMG

Please forward any ISACA questions to our Chapter Administrator at administrator@isaca-det.org and she will route your question to the appropriate ISACA Board member

2

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Hello Fellow ISACA Detroit Chapter Members! For those who attended the September membership meeting, I’m sure that you were pleased to see the large turnout and enjoyed our guest speaker Rob Clyde, Vice-Chair of ISACA’s Board of Directors and the Managing Director of Clyde Consulting LLC, an executive advisory firm. I heard from over five mem-bers how much they enjoyed Rob’s presentations. For those unable to attend, I encourage you to obtain his presentations from our Detroit Chapter ISACA website covering “Emerging Trends in Technology and Cyber-security” or “Leadership and ISACA International Board Perspective”. A few important items that I’d like to highlight, as they directly relate to our Board’s goal for the Detroit Chapter to provide you value for your membership:

Fall Seminar: John Tannahill will be delivering a two-day seminar on “Security and Audit of Cloud Computing” on

Wednesday, November 29th and Thursday, November 30th at VisTaTech Center in Livonia; so mark your calendars and look for the registration invite.

Spring Training: The Detroit Chapters of the IIA and ISACA are proud to co-sponsor the 19th Annual Spring Training Seminar Monday, March 26 through Wednesday, March 28, 2018 at Suburban Showcase in Novi, MI. Once again, the Spring Training Committee has contracted some of the top auditing trainers from around the country to share their personal expertise with our members. Some tracks fill up (we have twelve from which to choose); so please reserve your spot today.

The first five people that email our Chapter Administrator at Administrator@isaca-det.org my Primary goal as President will receive a prize to be claimed at the October meeting. If at any time you have a question, curiosity or suggestion for improving the Chapter’s services, approach any of our Board members or send a direct message to me for a response. I can be reached in person at any of the Chapter events, or via email at: gboehmer@deloitte.com. I look forward to seeing you at our October meeting and please read below for details on our speakers and topics! Respectfully, Greg Boehmer ISACA Detroit Chapter President

Before Dinner Topic - BeyondCorp. A new Approach to Enterprise

Security. BeyondCorp is an enterprise security model that builds

upon 6 years of building zero trust networks at Google, combined

with best-of-breed ideas and practices from the community. By

shifting access controls from the network perimeter to individual

devices and users, BeyondCorp allows employees to work more

securely from any location without the need for a traditional VPN.

Before Dinner Speakers Jeff Peck is a Technical Program Manager for Corp

Eng in Google. He previously worked at companies

large and small around Silicon Valley, doing soft-

ware engineering and program management for a

variety of projects in the telecom, server, and net-

work application domains. He has a BS in Computer,

Information, and Control Science from the University of Minnesota.

Justin McWilliams is an Engineering Manager for

Corp Eng in Google NYC. Since joining Google in

2006, he has held positions in IT Support and IT

Ops Focused Software Engineering. He holds a BA

from the University of Michigan, Ann Arbor.

After Dinner Topic - Enabling BeyondCorp with Trusted Access

Does BeyondCorp sound too difficult? Are you questioning whether

such a model is even viable for your organization? If so, listen to Jon

Oberheide and Doug Copley from Duo Security “put the rubber to

the road.” They will describe some of the technologies and capabili-

ties available today to reduce security complexity and help any or-

ganization migrate toward a BeyondCorp model. Think BYOD would

prevent you from adopting a BeyondCorp model? Think again. They

will discuss the ability to leverage BYOD in a zero trust model, and

how to leverage agentless device visibility to identify risk and priori-

tize mitigation efforts.

After Dinner Speakers Jon Oberheide is the co-founder and chief technology

officer of Duo Security based in Ann Arbor, Michigan.

In his role, Jon is responsible for leading product vi-

sion, the company’s security and the Duo Labs ad-

vanced research team. Jon is a well-known security

expert and researcher. While his research interests

span across the security domain, he has deep expertise in mobile

and cloud security and malware analysis. Jon was named to Forbes’

"30 under 30" list for his Android security research. Jon attended the

3

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

University of Michigan and holds a bachelor’s, master’s and PhD in

Computer Science, and has held positions at Merit Network and

Arbor Networks.

Doug Copley is a Principal Security Strategist with

Duo Security. A former CISO in Healthcare and Chief

Privacy Officer in Financial Services, Doug is a 25 year

veteran of IT, information security and data privacy.

Doug is a passionate advocate and evangelist for

effective information security and data privacy risk

management for both organizations and individuals. Doug is the co

-founder and past Chairman of the Michigan Healthcare Cyberse-

curity Council and remains active in various industry activities and

workgroups. Doug can frequently be found speaking or blogging

on information security, data privacy and leadership topics for eve-

ryone’s benefit.

Fall Seminar The Detroit Chapter of ISACA is happy to announce the upcoming fall seminar covering the important topic: “Cloud Computing Secu-rity & Audit”. This training will focus on the audit and security is-sues related to Cloud Computing environments The instructor for this topic will be John Tannahill. John is an inde-pendent Information Security and Audit Services Consultant who works in the areas of information security in large information sys-tems environments and networks. He has particular technical exper-tise with Windows 2008/2012; Unix/Linux; Oracle/Microsoft SQL Server and Internet security. This two-day seminar will be held on November 29 and November 30 (Wednesday and Thursday) at the VisTaTech Center, Schoolcraft College - 18600 Haggerty Road - Livonia, MI 48152. Class will begin at 8:30am and will conclude around 5:00 pm. A light break-fast and lunch will be served each day. Those attending will be awarded 15 hours of continuing professional education (CPE) cred-its. The cost of the two day seminar will be $100 for Professional ISACA members and Student ISACA members, $275 for Profes-sional non-ISACA members and $125 for Student non-ISACA members. Both non-ISACA member fees include a one year mem-bership in both ISACA International and the Detroit Chapter. En-rollment can be completed by visiting the Events section of the ISA-CA Detroit website at: http://www.isaca.org/detroit.

Seminar Outline

Cloud Computing Concepts • Overview of Cloud architectures • NIST Cloud Definitions

Cloud Service Models • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) Cloud Deployment Models • Public Cloud • Community Cloud • Private Cloud • Hybrid Cloud Security and Control Issues • Key Risk Issues • Key Governance Issues • Key Security Concerns • Control Requirements with CSA’s Cloud Controls Audit Tools & Techniques • Use of SOC Reports • Example Audit Programs • Case Study Exercise • Based on a given cloud usage scenario, development of Audit

Objectives and Program steps using the CSA Cloud Controls Matrix

Welcome New ISACA Detroit Chapter Members

Ryann Peyton Kelly Genzlinger Melissa Tews Emily Smith Tareq Falah Ronald Hillard Pamela Horner Jasmine Goryoka Steven Moltmaker Eric Munn Laura Sundt James Spatafora Travis Rosswurm Ginger Cullifer Vincent Choulagh James Daniels Chia-Yen Lee Melissa Krajewski Chris Alverez Diane Gallagher-Starr Veeresh Nama Pritam Mukherjee Samantha Alder Yogeesh Kunigal Gangaiah

September Chapter Meeting Raffle Winners

Deborah Gore Besi Ndakwah Dean Chandler Owen Ekechukwu Keith Cheresko Jianping Wang Jim Hanlon Anu Lohani Denise Kitchen Seetaram Ponugupati Doug Wahr Laurie Hepner Melvin Taylor Brenda Karl Kathleen Welch Michele Haroon Michael Steklac

The ISACA Detroit Chapter Certification Committee Wishes

to Congratulate the following Newly Certified CISA’s

Peng Zhang, CISA

Lang Le Pryor, CISA

The ISACA Detroit Chapter Certification Committee Wishes to Congratulate the following members who Passed the

August/September 2017 ISACA CISA Certification Exam

Ayaz Anwar

Nicholas Adams Hang Le Pryor

Karen Ben-Shahak Ilsar

4

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Social Committee The ISACA Social Committee held a fun and exciting event at Comerica Park this past August. The Tigers took on the LA Dodgers in an exciting game. The weather was great and a good time was had by all! If you missed the August event, we invite you to attend the fall event that will be held in October. Please be on the lookout for an invitation to the event. We hope to see you there!!

Thank you, The ISACA Social Committee

5

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Spring Training Chapter News

The Detroit Chapters of the IIA and ISACA are proud to co-sponsor the 19th Annual Spring Training Seminar March 26 through 28, 2018 at Suburban Showcase in Novi, MI. Once again, the Spring Training Committee has contracted some of the top auditing and IT trainers from around the country to share their personal expertise with our members. Don’t miss out on the opportunity to network with your peers, enhance your skills, learn about new products and services in the marketplace and get the training you need. A number of classes sell out each year! Please click the follow-ing link to view more information on this event, register, and/or download the Spring Training brochure: http://www.cvent.com/d/gtqj3z/1Q. ~The Spring Training Committee

TRACK

MON MARCH 26 TUES MARCH 27 WED MARCH 28

A Building an Effective Fraud Risk

Management Program Paul Zikmund

Conducting Investigations Boot Camp Paul Zikmund

B Building High Performing Team

Keith Levick

Social and Emotional Intelligence

Keith Levick

Decision Making and Problem Solving

Keith Levick

C Becoming a Person of

Influence Don Levonius

Gaining and Sustaining Credibility

Don Levonius

Everyone Communicates, Few Connect

Don Levonius

D

Agile/DevOps Controls

& Audit John Tannahill

Ethical Hacking (Hands-on Workshop)

John Tannahill

E Forensic Analytics: Methods & Techniques for Financial Investigations Mark J. Nigrini

F Successful Audit Data Analytics (Hands-On) Jim Tarantino

G Internal Audit University Hernan Murdock

H The Connection Between Data Governance, Privacy & Information Security Shawna Flanders

I Risk Based Auditing and

Reporting Jim Roth

Leadership and Supervision Skills for Auditors

Jim Roth

Audit Report Writing Jim Roth

J

How to Set Up and Administer an Effective Fraud

Awareness Program Mary Breslin

Root Cause Analysis Mary Breslin

K Linux as an Audit Target…

and as an IT Audit Tool Ken Cutler

CyberSecurity Audits of Modern Web Applications Ken Cutler

L CyberSecurity and Audits of

Payment Card Systems Roger Herbst

CyberAudits of Identity and Access & Control Management Roger Herbst

6

Photo Disclaimer: ISACA Detroit Chapter may capture images from meetings and events on film or digital media for publication and marketing purposes.

DATABYTE Geralyn Jarmoluk

ISACA Detroit Chapter Administrator P.O. Box 43

Romeo, MI 48065

administrator@isaca-det.org 248-762-7421

ADVERTISE IN THE DATABYTE

NEWSLETTER

¼ Page $50.00 ½ Page $100.00 Full Page $200.00

Contact Geralyn Jarmoluk at administrator@isaca-det.org

or Mike Forrest at m_forrest@wowway.com

October 18, 2017 Menu

Caprese Salad Caesar Salad

Antipasto Salad Meat Lasagna

Tuscan Chicken Bowtie Pasta with Pesto Sauce

Italian Green Beans Fresh Baked Bread

Chef’s Choice Dessert

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

2017-2018 ISACA Detroit Chapter Committee List

Committee Name Committee Members Committee Chair

Academic Relations

Sajay Rai Sajay Rai

Brad Barton

Doug Copley

Bhaskar Kakulavarapu

Bylaws, Policies & Procedures

Juman Doleh-Alomary Juman Doleh-Alomary

Greg Boehmer

Keith Cheresko

Linda Kearney

Certification

Charles Murray Charles Murray

Michael Forrest

Michele Haroon

Communications

Brad Barton Brad Barton

Keith Cheresko

Doug Copley

Chris Johnson

Bhaskar Kakulavarapu

Linda Kearney

Facilities

Carrie Schrader Carrie Schrader

Ryan Hodges

Tammy Johnson

Linda Kearney

Membership Michael Forrest Michael Forrest

Nominating & Audit Linda Kearney Linda Kearney

Keith Cheresko

Program

Doug Copley Doug Copley

Greg Boehmer

Keith Cheresko

Bhaskar Kakulavarapu

Seminar

Manish Zaveri Manish Zaveri

Brad Barton

Carrie Schrader

Doug Wahr

Social Melvin Taylor Melvin Taylor

Spring Training

Juman Doleh-Alomary Juman Doleh-Alomary

Bob Okopny

Malini Sarma

ISACA Detroit Smart Device App

The ISACA Detroit Chapter Communications Committee is happy to announce the availa-bility of a smart device App de-signed to provide current and important information on several membership benefits and activi-ties. This App is now available for both Apple and Android de-vices and can be installed by following the steps below. Mak-ing this App available to our membership is just one in a series of improvements being re-searched and planned by the Communications Committee. We are anxious to meet our

membership’s expectations for effective communications and any and all ideas are welcomed. If you have a suggestion, please send an email mes-sage to: Brad Barton, Chair of the Communications Committee, (bbarton424@gmail.com) or reach out to any of our Board members to submit your suggestion.

The ISACA Detroit Communications Committee

Attend up to 4 Chapter Meetings FREE

In these difficult times, the ISACA Detroit Chapter Board wants to help. If you are unemployed, laid-off, or are not currently receiving a paycheck, we have some good news. It’s during times such as these that maintaining a network of peers and maintaining your level of training is so very important. We are, therefore, offering to allow you to attend up to four (4) meetings FREE. You must register for each meeting through the Membership Chairman by sending an e-mail stating that you are currently out of work and wish to attend the meeting. The e-mail must be received prior to the meeting registration close for that meeting. Please send your email to Mike Forrest at: m_forrest@wowway.com.

The October 18, 2017 ISACA Chapter Meeting

will be held at:

Michigan State University Management Education Center

811 W. Square Lake Road, Troy, MI 48098-2831 Phone: (248) 879-2456