The Password - ISACA North Texas · Techniques for Segregation of Duties" Charles Broom BDO ... go...
Transcript of The Password - ISACA North Texas · Techniques for Segregation of Duties" Charles Broom BDO ... go...
-
1
Pre-Luncheon (10:30)
Measuring Cybersecurity Capabilities"
Matt Wilson
PwC
Luncheon (12:20)
"Third Party Risk: Finding your place on the
continuum"
Kirt Seale GrantThornton
Post-Luncheon (1:30)
"Computer Assisted Audit Techniques for Segregation
of Duties"
Charles Broom BDO
Letter from the President
I N S I D E T H I S I S S U E :
Letter from the President
1
January Meeting Agenda
1
News from ISACA International
2
Current Job Postings
6
Upcoming Events
6
Membership Renewal
4
SANS Training Opportunities
4
December Meeting
3
Upcoming Seminar
5
January Meeting Agenda When: January 9th Where: Renaissance Hotel in Richardson
The PasswordThe PasswordThe Password J A N U A R Y , 2 0 1 4
IhopeyouenjoyedyourChristmasholidayandarerestedandreadyfor2014!Januaryisourannualjointmee ngwiththeDallasIIAChapterandittakesplaceThursday1/9attheRenaissanceRichardsonHotel.Oursessionsthismonthcoverabroadselec onoftopics.Ma Wilson withPwCbeginsourprelunchsessiondiscussing MeasuringCybersecurityCapabili es.OurlunchsessionfeaturesKirt Seale withGrantThorntondiscussing"ThirdPartyRisk:Findingyourplaceonthecon nuum" and Charles Broom withBDOpresents ComputerAssistedAuditTechniquesforSegrega onofDu esduringourpostsession.BesuretojoinusandcatchuponyourCPEandnetworkwithfriendsandcolleaguesfromtheIIA.OurfirstSpringSeminarfor2014isAudi ngOracle'sEBusinessSuiteandisscheduledforMonday3/24throughWednesday3/26/14.Thisfounda onalthreedaycoursewilltakeyoufromabasicunderstandingtoan
intermediateunderstandingofapplica onrisksandcontrolsforthemostcommonlyimplementedapplica onsalongwiththeelementscommontoallOracleEBSimplementa ons.Thisclasswilldelvedeeplyintoapplica onsecurityandotherITgeneralcontrolsandprovideyouwithaseveralSQLqueriesfrequentlyusedinassessments.Costforthisseminaris$700,andincludesalltrainingmaterials,lunch,snacks,beveragesand24hoursofCPE.Pleasenotetheclasssizeislimitedto45personsbytheinstructor.Pleaseregisterforbothoftheseeventsonourwebsiteatwww.isacanorthtexas.org.BestwishestoeachofyouforaHappyNewYear!GregStreder,CISA,CISSPPresident
-
2
...and elsewhere
News from ISACA International
Did you enjoy CACS last year? This year its in Vegas! Be sure to get registered!
Time is running out! Get your colleagues to join ISACA by December 31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us know the right questions? Submit your certification exam questions to ISACA and get PAID!
Havent even taken that test yet? The June 2014 exams are now open for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of many of the hot topics in our field, taken from members around the world.
Have a passion for helping out your fellow IT geeks? Want to do more within the community? Become an ISACA volunteer!
T H E P A S S W O R D
How much is too much when it comes to IT risk management?
Microsoft has joined the FIDO (Fast IDentity Online) alliance in an attempt to move away from passwords to more secure means of authentication. Sounds great...but surely nobody will ever guess 123456 is your password?
...and elsewhere
News from ISACA International January 10 is the deadline to turn in your proposals to speak at the
joint ISACA/IIA conference in Palm Beach, FL, in August. Submit your proposal today!
Have a passion for helping out your fellow IT geeks? Want to do more within the community? Become an ISACA volunteer!
Free webinar on 1/23 looks at consolidating databases for better data security. Learn and earn free CPE!
Looking to get the hang of COBIT 5? As an ISACA member, you can download the eBook for free.
Did you enjoy CACS last year? This year its in Vegas! Be sure to get registered!
Many of us think we have all the right answers...but how many of us know the right questions? Submit your certification exam questions to ISACA and get PAID!
Havent even taken that test yet? The June 2014 exams are now open for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of many of the hot topics in our field, taken from members around the world.
How much is too much when it comes to IT risk management?
Microsoft has joined the FIDO (Fast IDentity Online) alliance in an attempt to move away from passwords to more secure means of authentication. Sounds great...but surely nobody will ever guess 123456 is your password?
Can your security gaps be closed with a shoestring budget? Colorado CISO is giving it a shot.
P A G E 2
http://www.isaca.org/Education/Conferences/Pages/North-America-CACS-2014.aspx?icid=1002920&Appeal=Banner-Adhttp://www.isaca.org/Education/Conferences/Pages/North-America-CACS-2014.aspx?icid=1002920&Appeal=Banner-Adhttp://www.isaca.org/membership/member-get-a-member/Pages/MGAM-Overview.aspx?icid=1001557&Appeal=Banner-Adhttp://www.isaca.org/Certification/Write-an-Exam-Question/Pages/default.aspx?cid=1002698&Appeal=Banner-Adhttp://www.isaca.org/Certification/Pages/June-2014-Exam-Information.aspxhttp://www.isaca.org/Pages/2013-Risk-Reward-Barometer.aspxhttp://www.isaca.org/About-ISACA/Volunteering/Pages/default.aspx?icid=1002386&Appeal=banner-adhttp://www.informationweek.com/security/risk-management/it-security-risk-management-is-it-worth-the-cost--/d/d-id/1112887http://www.darkreading.com/management/microsoft-joins-fido-alliance-board-of-d/240164719http://www.zdnet.com/just-how-bad-are-the-top-100-passwords-from-the-adobe-hack-hint-think-really-really-bad-7000022782/https:\na.theiia.org\training\conferences\Pages\Call-for-Speakers.aspx\training\conferences\Pages\Call-for-Speakers.aspx?icid=1003111&Appeal=Banner-Adhttp://www.isaca.org/About-ISACA/Volunteering/Pages/default.aspx?icid=1002386&Appeal=banner-adhttp://www.isaca.org/Education/Online-Learning/Pages/Webinar-Want-Better-Data-Security-Consolidate-Your-Databases.aspxhttp://www.isaca.org/COBIT/Pages/COBIT-5-Enabling-Information-product-page.aspx?icid=1002392&Appeal=Banner-Adhttp://www.isaca.org/Education/Conferences/Pages/North-America-CACS-2014.aspx?icid=1002920&Appeal=Banner-Adhttp://www.isaca.org/Education/Conferences/Pages/North-America-CACS-2014.aspx?icid=1002920&Appeal=Banner-Adhttp://www.isaca.org/Certification/Write-an-Exam-Question/Pages/default.aspx?cid=1002698&Appeal=Banner-Adhttp://www.isaca.org/Certification/Pages/June-2014-Exam-Information.aspxhttp://www.isaca.org/Pages/2013-Risk-Reward-Barometer.aspxhttp://www.informationweek.com/security/risk-management/it-security-risk-management-is-it-worth-the-cost--/d/d-id/1112887http://www.darkreading.com/management/microsoft-joins-fido-alliance-board-of-d/240164719http://www.zdnet.com/just-how-bad-are-the-top-100-passwords-from-the-adobe-hack-hint-think-really-really-bad-7000022782/http://www.csoonline.com/article/729218/how-colorado-s-ciso-is-revamping-the-state-s-information-security-on-a-6-000-budgethttp://www.csoonline.com/article/729218/how-colorado-s-ciso-is-revamping-the-state-s-information-security-on-a-6-000-budgethttp://www.csoonline.com/article/729218/how-colorado-s-ciso-is-revamping-the-state-s-information-security-on-a-6-000-budgethttp://www.csoonline.com/article/729218/how-colorado-s-ciso-is-revamping-the-state-s-information-security-on-a-6-000-budget
-
3
P A G E 3
John Dickson Denim Group, Ltd.
Inside Story Headline
Decembers chapter meeting
ThethemeforDecemberwasRiskManagement.Preluncheon,GrahamCameronandTuckGohofSantanderdefinedriskmanagementandtheimportanceofbeingproac veratherthanreac ve,definingrolesandresponsibili es,andavoidingstrictadherencetochecklistsinanaudit.A eraheartymeal,JohnDicksonoftheDenimGroupschooleduson
applica onrisk.Thebigtakeawayfromhissessionwastheneedtobuildarela onshipwiththedevteamsastheyknowwhattolookfor!Finally,weconcludedourmee ngwithapostluncheonsessioncoveringsocializingtheriskassessmentwiththeCsuite.MickieTateandSco Howi ofJCPenneystressedpartneringwithotherbusinessunitsbefore
be out of context.
Microsoft Publisher includes thousands of clip art images from which you can choose and import into your newslet-ter. There are also several tools you can use to draw shapes and symbols.
Once you have chosen an image, place it close to the
This story can fit 75-125 words.
Selecting pictures or graphics is an important part of adding content to your newsletter.
Think about your article and ask yourself if the picture sup-ports or enhances the message youre trying to convey. Avoid selecting images that appear to
article. Be sure to place the caption of the image near the image.
Caption describing picture or
graphic.
Decembersdoorprizewinners:
Theresa Grant, Leslie Norwood, Maurice Ballew, Mel Bodine and Melissa Krenek
presen ngtotheCsuiteandtheimportanceofavoidingtechnobabbleandgivingtoomuchdetail.Asalways,visitourpresenta onslibraryfordetails.
John Dickson Denim Group, Ltd.
Decembers Chapter Meeting ThethemeforDecemberwasRiskManagement.Preluncheon,GrahamCameronandTuckGohofSantanderdefinedriskmanagementandtheimportanceofbeingproac veratherthanreac ve,definingrolesandresponsibili es,andavoidingstrictadherencetochecklistsinanaudit.A eraheartymeal,JohnDicksonofthe
DenimGroupschooledusonapplica onrisk.Thebigtakeawayfromhissessionwastheneedtobuildarela onshipwiththedevteamsastheyknowwhattolookfor!Finally,weconcludedourmee ngwithapostluncheonsessioncoveringsocializingtheriskassessmentwiththeCsuite.MickieTateand
T H E P A S S W O R D
Decembersdoorprizewinners:
Theresa Grant, Leslie Norwood, Maurice Ballew, Mel Bodine and Melissa Krenek
Sco Howi ofJCPenneystressedpartneringwithotherbusinessunitsbeforepresen ngtotheCsuiteandtheimportanceofavoidingtechnobabbleandgivingtoomuchdetail.Asalways,visitourpresenta onslibraryfordetails.
Volunteers for the 8th annual UT Dallas fraud summit helped make it the best yet. This years organizers hope to make it even better.
Mark the Date! EarlyBirdDiscountEarlyBirdDiscountEarlyBirdDiscountRegisterby1/17/2014Registerby1/17/2014Registerby1/17/2014andpay$250fortheFridayConference!andpay$250fortheFridayConference!andpay$250fortheFridayConference!
http://isacantx.org/SitePages/Presentations.aspxhttp://isacantx.org/SitePages/Presentations.aspx
-
4
TanyaalsohastwoonlinecoursescomingupinFebruary,bothofwhichareexcellent.OneisherthreedayAc veDirectoryaudi ngclass,andtheotherisherthreedayOracleDatabaseaudi ngcourse.Tanyahasarrangeda10%discountonthesecourseswiththediscountcode"ISACA_CC2014".SeetheURLsbelowforclassdetailsandregistra on.h p://www.sans.org/event/cyberconspring2014/course/audi ngac vedirectorywindows
h p://www.sans.org/event/cyberconspring2014/course/auditoracledatabases
SANSinstructorsandchaptermembersClayRisenhooverandTanyaBaccamwantedtoletNorthTexasChaptermembersknowaboutsomediscountsonupcomingSANScoursesinFebruary.ThefirstistheFounda onsofAudi ngSecurityandControlsofITSystemsintroductorycoursewhichTanyaandClayjustfinishedwri ngandwillbecoteaching.It'sinbeta,andthefirstdeliveryofthisclasswillbeatWeaverLLPinDallasonFeb35,2014.Thebetaisofferedathalfprice($1,200)andwillprovide18CPEstoa endees.Seeh p://www.sans.org/course/founda onsaudi ngsecuritycontrolsitsystemsforclassdetailsandregistra on.
P A G E 4
SANS Training Opportunities in 2014
postedinthissec onofyourprofileandahardcopyreceiptwillbesenttoyourmailingaddressonfile. If you are required to report CPE, you may add up all (or a por on) of your 2013 CPE hours and report it as a SINGLE TOTALeventhoughthesystemenablesyoutoenterindividualCPErecords.AvideoandPDFdocument,whichprovidesanoverviewoftheCPErepor ngsystem,isavailablehere:www.isaca.org/cpe.Seepage8ofthePDFQuickTourforinstruc onsonhowtoenteracombinedCPEtotal(lumpsum).Ifyouhaveanyques onsregardingyourISACAmembershipand/ortheNorthTexaschapter,feelfreetocontactmeatmembership@isacanorthtexas.orgChrisJordanISACANorthTexasVPMembershipmembership@isacanorthtexas.org
Thankyouforbeingoneofmorethan1800membersoftheISACANorthTexaschapterin2013.Ifyouhavenotyetacteduponyour2014membershiprenewal,IencourageyoutodosotodaytomaintainyourlocalchapterandInterna onalbenefits.Renewalofyourmembershiponlineissimpleandsecure.Loginatwww.isaca.org/renew.Ifyouhaveforgo enyourpasswordorusername,clickontheForgotPasswordand/orUserName?link.A erremi ngyourpaymentbycreditcardyouwillreceiveapurchasereceiptonlineandviaemailinaddi ontoareceiptandupdatedmembershipcardissuedbypostalmail.Ifyouarenotpayingbycreditcardandwanttopaybycheckorbanktransfer,clickthePaybyCheckorBankTransferbu onwhenyoureachtheshoppingcart.YoumaydownloadacopyofyourinvoicebyloggingintoyourISACAprofileatwww.isaca.organdselec ngmyPURCHASESundertheMyISACAtab.Onceyourrenewalisprocessed,yourreceiptofpaymentwillbe
Membership Renewal
If you have not
yet acted upon
your 2014
membership
renewal, I
encourage you
to do so today
T H E P A S S W O R D
http://www.sans.org/event/cybercon-spring-2014/course/auditing-active-directory-windowshttp://www.sans.org/event/cybercon-spring-2014/course/auditing-active-directory-windowshttp://www.sans.org/event/cybercon-spring-2014/course/auditing-active-directory-windowshttp://www.sans.org/event/cybercon-spring-2014/course/auditing-active-directory-windowshttp://www.sans.org/event/cybercon-spring-2014/course/audit-oracle-databaseshttp://www.sans.org/event/cybercon-spring-2014/course/audit-oracle-databaseshttp://www.sans.org/event/cybercon-spring-2014/course/audit-oracle-databaseshttp://www.sans.org/event/cybercon-spring-2014/course/audit-oracle-databaseshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.isaca.org/cpemailto:[email protected]:[email protected]://www.isaca.org/renewhttp://www.isaca.org/
-
5
SPECIALUPCOMINGSEMINAR
Audi ng Oracles EBusiness Suite: An Introduc on to the Applica ons Architecture
This three day seminar is presented by Jeffrey Hale, a leading authority on Oracle E-Business Suite controls. It is a must for auditors and those involved in implementing and supporting Oracles E-Business Suite. The seminar is offered at a considerable saving over the publically offered class in addition to saving in travel and lodging expenses. Dont miss the opportunity to be part of this learning experience and earn valuable CPE credits.
Date: Monday, March 24 thru Wednesday, March 26, 2014
Time: 8:30 AM 4:30 PM Location: JCPenney 6501 Legacy Drive, Plano, TX 75024, Cost: $700 Members and Non-Members (Includes training materials, lunch, snacks and beverages)
Register at www.isaca-northtexas.org
Online registration closes on Friday, March 14, 2014 at 5:00 PM. No walk-ins. Prepay by Credit Card, PayPal or Check Only. Checks must be received by Friday, March 14, 2014.
Class size is limited to the first 45 registrants.
For any information regarding refunds, complaints, and program cancellation policies, visit www.isaca-northtexas.org/SitePages/ProgramPolicies.aspx.
PROGRAM DESCRIPTION Oracles E-Business Suite offers a wide variety of applications which require specific audit programs. Auditors and those implementing and supporting Oracles E-Business Suite need actionable information about the associated risks and controls. The program will be presented by Jeffrey Hare, CPA, CISA, CIA, CEO of ERP Risk Advisors, a leading thought leadership firm providing risk advisory services for organizations running Oracle Applications. In 2009 Mr. Hare published Oracle E-Business Suite Controls: Application Security Best Practices. LEARNING OBJECTIVES This foundational three-day course will take you from a basic understanding to an intermediate understanding of application risks and controls for the most commonly implemented Oracle applications along with the elements common to all implementations. It will delve deeply into application security and other IT general controls and provide you with a several SQL queries frequently used in assessments.
P A G E 5
http://www.isaca-northtexas.orghttp://www.isaca-northtexas.org/SitePages/ProgramPolicies.aspx
-
6
March 27 & 28, 2014
Dallas IIA Annual Fraud Summit
LOCATION UT Dallas
Thursday Workshop
($300/person) A endeeschooseoneofthree
workshops.Sam Antar: InsidetheMindofa
HardcoreFraudsterNicholas DiMola and Paul Flora: Targe ngFraudandCorrup oninContractandProcurement
Ac vi esJarre Kolthoff, Chris Mitchell,
and others: HowtoManageFraudfortheNext5Years
Friday Conference ($200300) Keynote Speaker: Sam Antar andlawenforcementofficials
TwoGeneralSessions
Choosefrom24breakoutsessions
Upcoming Events
Current Career Opportunities JobTitle Company Loca on JobCategory CareerLevel PostDate Expira onDate
Manager Technology Audit
Sabre Southlake, TX Permanent Non-Management
11/8/2013 1/10/2014
IT Audit, Associate Manager
Molkentine Professional
Dallas, TX Permanent Management 12/11/2013 2/28/2014
Sr GRC Systems Administrator - IT Services
GM Financial Arlington, Texas
Permanent Non-Management
12/26/2013 2/28/2014
January 9, 2014
Joint Mee ng with Dallas IIA
LOCATION
RenaissanceHotelRichardson900E.LookoutDriveRichardson,Texas
PREMEETING
MeasuringCyberSecurityCapabili es
Ma Wilson,PwC
Luncheon ThirdPartyRisk
KirtSeale,GrantThornton
POSTMEETING ComputerAssistedAudit
TechniquesforSoDCharlesBroom,BDO
March 4, 2014
Joint Mee ng with Fort Worth IIA
LOCATION
FortWorthPetroleumClub777MainSt#4000,FortWorth,Texas
PREMEETING TexasMedicalRecordsPrivacyActTexasHouseBill300
(HB300)
Luncheon ROIonITprojects
POSTMEETING
TheImpactofTechnologyonStewardship,Risk&Fraud
P A G E 6
The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August through June. It is an objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of
ideas. Statements of position or expressions of opinion appearing herein are those of the authors and not, by the fact of publi-cation, necessarily those of ISACA or the North Texas Chapter. Likewise, the publication of any advertisement is not construed
to be an endorsement of the product or service offered unless specifically stated.
Copyright 2014 ISACA North Texas Chapter all rights reserved
Space Limited Register Now!
Ques ons?Comments?Correc ons?Pleaseadviseusatnewsle [email protected]
http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=139http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=139http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=139http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=139http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=140http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=140http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=140http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=140http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://www.cvent.com/events/2014-annual-fraud-summit/event-summary-beecee7f1b87494ab4fe92442121547a.aspxmailto:[email protected]
Letter from the PresidentJanuary Meeting AgendaNews from ISACA InternationalDecember's Chapter MeetingSANS Training OpportunitiesMembership RenewalUpcoming SeminarCurrent Job PostingsUpcoming Events
/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False
/CreateJDFFile false /Description > /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ > /FormElements false /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /DocumentCMYK /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /UseDocumentProfile /UseDocumentBleed false >> ]>> setdistillerparams> setpagedevice