1

Pre-Luncheon (10:30)

Measuring Cybersecurity Capabilities"

Matt Wilson

PwC

Luncheon (12:20)

"Third Party Risk: Finding your place on the

continuum"

Kirt Seale GrantThornton

Post-Luncheon (1:30)

"Computer Assisted Audit Techniques for Segregation

of Duties"

Charles Broom BDO

Letter from the President

I N S I D E T H I S I S S U E :

Letter from the President

1

January Meeting Agenda

1

News from ISACA International

2

Current Job Postings

6

Upcoming Events

6

Membership Renewal

4

SANS Training Opportunities

4

December Meeting

3

Upcoming Seminar

5

January Meeting Agenda When: January 9th Where: Renaissance Hotel in Richardson

The PasswordThe PasswordThe Password J A N U A R Y , 2 0 1 4

IhopeyouenjoyedyourChristmasholidayandarerestedandreadyfor2014!Januaryisourannualjointmee ngwiththeDallasIIAChapterandittakesplaceThursday1/9attheRenaissanceRichardsonHotel.Oursessionsthismonthcoverabroadselec onoftopics.Ma Wilson withPwCbeginsourprelunchsessiondiscussing MeasuringCybersecurityCapabili es.OurlunchsessionfeaturesKirt Seale withGrantThorntondiscussing"ThirdPartyRisk:Findingyourplaceonthecon nuum" and Charles Broom withBDOpresents ComputerAssistedAuditTechniquesforSegrega onofDu esduringourpostsession.BesuretojoinusandcatchuponyourCPEandnetworkwithfriendsandcolleaguesfromtheIIA.OurfirstSpringSeminarfor2014isAudi ngOracle'sEBusinessSuiteandisscheduledforMonday3/24throughWednesday3/26/14.Thisfounda onalthreedaycoursewilltakeyoufromabasicunderstandingtoan

intermediateunderstandingofapplica onrisksandcontrolsforthemostcommonlyimplementedapplica onsalongwiththeelementscommontoallOracleEBSimplementa ons.Thisclasswilldelvedeeplyintoapplica onsecurityandotherITgeneralcontrolsandprovideyouwithaseveralSQLqueriesfrequentlyusedinassessments.Costforthisseminaris$700,andincludesalltrainingmaterials,lunch,snacks,beveragesand24hoursofCPE.Pleasenotetheclasssizeislimitedto45personsbytheinstructor.Pleaseregisterforbothoftheseeventsonourwebsiteatwww.isacanorthtexas.org.BestwishestoeachofyouforaHappyNewYear!GregStreder,CISA,CISSPPresident

2

...and elsewhere

News from ISACA International

Did you enjoy CACS last year? This year its in Vegas! Be sure to get registered!

Time is running out! Get your colleagues to join ISACA by December 31st to win a tablet or other prizes!

Many of us think we have all the right answers...but how many of us know the right questions? Submit your certification exam questions to ISACA and get PAID!

Havent even taken that test yet? The June 2014 exams are now open for registration.

The 2013 IT Risk/Reward barometer examines plans and perceptions of many of the hot topics in our field, taken from members around the world.

Have a passion for helping out your fellow IT geeks? Want to do more within the community? Become an ISACA volunteer!

T H E P A S S W O R D

How much is too much when it comes to IT risk management?

Microsoft has joined the FIDO (Fast IDentity Online) alliance in an attempt to move away from passwords to more secure means of authentication. Sounds great...but surely nobody will ever guess 123456 is your password?

...and elsewhere

News from ISACA International January 10 is the deadline to turn in your proposals to speak at the

joint ISACA/IIA conference in Palm Beach, FL, in August. Submit your proposal today!

Have a passion for helping out your fellow IT geeks? Want to do more within the community? Become an ISACA volunteer!

Free webinar on 1/23 looks at consolidating databases for better data security. Learn and earn free CPE!

Looking to get the hang of COBIT 5? As an ISACA member, you can download the eBook for free.

Did you enjoy CACS last year? This year its in Vegas! Be sure to get registered!

Many of us think we have all the right answers...but how many of us know the right questions? Submit your certification exam questions to ISACA and get PAID!

Havent even taken that test yet? The June 2014 exams are now open for registration.

The 2013 IT Risk/Reward barometer examines plans and perceptions of many of the hot topics in our field, taken from members around the world.

How much is too much when it comes to IT risk management?

Microsoft has joined the FIDO (Fast IDentity Online) alliance in an attempt to move away from passwords to more secure means of authentication. Sounds great...but surely nobody will ever guess 123456 is your password?

Can your security gaps be closed with a shoestring budget? Colorado CISO is giving it a shot.

P A G E 2

http://www.isaca.org/Education/Conferences/Pages/North-America-CACS-2014.aspx?icid=1002920&Appeal=Banner-Adhttp://www.isaca.org/Education/Conferences/Pages/North-America-CACS-2014.aspx?icid=1002920&Appeal=Banner-Adhttp://www.isaca.org/membership/member-get-a-member/Pages/MGAM-Overview.aspx?icid=1001557&Appeal=Banner-Adhttp://www.isaca.org/Certification/Write-an-Exam-Question/Pages/default.aspx?cid=1002698&Appeal=Banner-Adhttp://www.isaca.org/Certification/Pages/June-2014-Exam-Information.aspxhttp://www.isaca.org/Pages/2013-Risk-Reward-Barometer.aspxhttp://www.isaca.org/About-ISACA/Volunteering/Pages/default.aspx?icid=1002386&Appeal=banner-adhttp://www.informationweek.com/security/risk-management/it-security-risk-management-is-it-worth-the-cost--/d/d-id/1112887http://www.darkreading.com/management/microsoft-joins-fido-alliance-board-of-d/240164719http://www.zdnet.com/just-how-bad-are-the-top-100-passwords-from-the-adobe-hack-hint-think-really-really-bad-7000022782/https:\na.theiia.org\training\conferences\Pages\Call-for-Speakers.aspx\training\conferences\Pages\Call-for-Speakers.aspx?icid=1003111&Appeal=Banner-Adhttp://www.isaca.org/About-ISACA/Volunteering/Pages/default.aspx?icid=1002386&Appeal=banner-adhttp://www.isaca.org/Education/Online-Learning/Pages/Webinar-Want-Better-Data-Security-Consolidate-Your-Databases.aspxhttp://www.isaca.org/COBIT/Pages/COBIT-5-Enabling-Information-product-page.aspx?icid=1002392&Appeal=Banner-Adhttp://www.isaca.org/Education/Conferences/Pages/North-America-CACS-2014.aspx?icid=1002920&Appeal=Banner-Adhttp://www.isaca.org/Education/Conferences/Pages/North-America-CACS-2014.aspx?icid=1002920&Appeal=Banner-Adhttp://www.isaca.org/Certification/Write-an-Exam-Question/Pages/default.aspx?cid=1002698&Appeal=Banner-Adhttp://www.isaca.org/Certification/Pages/June-2014-Exam-Information.aspxhttp://www.isaca.org/Pages/2013-Risk-Reward-Barometer.aspxhttp://www.informationweek.com/security/risk-management/it-security-risk-management-is-it-worth-the-cost--/d/d-id/1112887http://www.darkreading.com/management/microsoft-joins-fido-alliance-board-of-d/240164719http://www.zdnet.com/just-how-bad-are-the-top-100-passwords-from-the-adobe-hack-hint-think-really-really-bad-7000022782/http://www.csoonline.com/article/729218/how-colorado-s-ciso-is-revamping-the-state-s-information-security-on-a-6-000-budgethttp://www.csoonline.com/article/729218/how-colorado-s-ciso-is-revamping-the-state-s-information-security-on-a-6-000-budgethttp://www.csoonline.com/article/729218/how-colorado-s-ciso-is-revamping-the-state-s-information-security-on-a-6-000-budgethttp://www.csoonline.com/article/729218/how-colorado-s-ciso-is-revamping-the-state-s-information-security-on-a-6-000-budget

3

P A G E 3

John Dickson Denim Group, Ltd.

Inside Story Headline

Decembers chapter meeting

ThethemeforDecemberwasRiskManagement.Preluncheon,GrahamCameronandTuckGohofSantanderdefinedriskmanagementandtheimportanceofbeingproac veratherthanreac ve,definingrolesandresponsibili es,andavoidingstrictadherencetochecklistsinanaudit.A eraheartymeal,JohnDicksonoftheDenimGroupschooleduson

applica onrisk.Thebigtakeawayfromhissessionwastheneedtobuildarela onshipwiththedevteamsastheyknowwhattolookfor!Finally,weconcludedourmee ngwithapostluncheonsessioncoveringsocializingtheriskassessmentwiththeCsuite.MickieTateandSco Howi ofJCPenneystressedpartneringwithotherbusinessunitsbefore

be out of context.

Microsoft Publisher includes thousands of clip art images from which you can choose and import into your newslet-ter. There are also several tools you can use to draw shapes and symbols.

Once you have chosen an image, place it close to the

This story can fit 75-125 words.

Selecting pictures or graphics is an important part of adding content to your newsletter.

Think about your article and ask yourself if the picture sup-ports or enhances the message youre trying to convey. Avoid selecting images that appear to

article. Be sure to place the caption of the image near the image.

Caption describing picture or

graphic.

Decembersdoorprizewinners:

Theresa Grant, Leslie Norwood, Maurice Ballew, Mel Bodine and Melissa Krenek

presen ngtotheCsuiteandtheimportanceofavoidingtechnobabbleandgivingtoomuchdetail.Asalways,visitourpresenta onslibraryfordetails.

John Dickson Denim Group, Ltd.

Decembers Chapter Meeting ThethemeforDecemberwasRiskManagement.Preluncheon,GrahamCameronandTuckGohofSantanderdefinedriskmanagementandtheimportanceofbeingproac veratherthanreac ve,definingrolesandresponsibili es,andavoidingstrictadherencetochecklistsinanaudit.A eraheartymeal,JohnDicksonofthe

DenimGroupschooledusonapplica onrisk.Thebigtakeawayfromhissessionwastheneedtobuildarela onshipwiththedevteamsastheyknowwhattolookfor!Finally,weconcludedourmee ngwithapostluncheonsessioncoveringsocializingtheriskassessmentwiththeCsuite.MickieTateand

T H E P A S S W O R D

Decembersdoorprizewinners:

Theresa Grant, Leslie Norwood, Maurice Ballew, Mel Bodine and Melissa Krenek

Sco Howi ofJCPenneystressedpartneringwithotherbusinessunitsbeforepresen ngtotheCsuiteandtheimportanceofavoidingtechnobabbleandgivingtoomuchdetail.Asalways,visitourpresenta onslibraryfordetails.

Volunteers for the 8th annual UT Dallas fraud summit helped make it the best yet. This years organizers hope to make it even better.

Mark the Date! EarlyBirdDiscountEarlyBirdDiscountEarlyBirdDiscountRegisterby1/17/2014Registerby1/17/2014Registerby1/17/2014andpay$250fortheFridayConference!andpay$250fortheFridayConference!andpay$250fortheFridayConference!

http://isacantx.org/SitePages/Presentations.aspxhttp://isacantx.org/SitePages/Presentations.aspx

4

TanyaalsohastwoonlinecoursescomingupinFebruary,bothofwhichareexcellent.OneisherthreedayAc veDirectoryaudi ngclass,andtheotherisherthreedayOracleDatabaseaudi ngcourse.Tanyahasarrangeda10%discountonthesecourseswiththediscountcode"ISACA_CC2014".SeetheURLsbelowforclassdetailsandregistra on.h p://www.sans.org/event/cyberconspring2014/course/audi ngac vedirectorywindows

h p://www.sans.org/event/cyberconspring2014/course/auditoracledatabases

SANSinstructorsandchaptermembersClayRisenhooverandTanyaBaccamwantedtoletNorthTexasChaptermembersknowaboutsomediscountsonupcomingSANScoursesinFebruary.ThefirstistheFounda onsofAudi ngSecurityandControlsofITSystemsintroductorycoursewhichTanyaandClayjustfinishedwri ngandwillbecoteaching.It'sinbeta,andthefirstdeliveryofthisclasswillbeatWeaverLLPinDallasonFeb35,2014.Thebetaisofferedathalfprice($1,200)andwillprovide18CPEstoa endees.Seeh p://www.sans.org/course/founda onsaudi ngsecuritycontrolsitsystemsforclassdetailsandregistra on.

P A G E 4

SANS Training Opportunities in 2014

postedinthissec onofyourprofileandahardcopyreceiptwillbesenttoyourmailingaddressonfile. If you are required to report CPE, you may add up all (or a por on) of your 2013 CPE hours and report it as a SINGLE TOTALeventhoughthesystemenablesyoutoenterindividualCPErecords.AvideoandPDFdocument,whichprovidesanoverviewoftheCPErepor ngsystem,isavailablehere:www.isaca.org/cpe.Seepage8ofthePDFQuickTourforinstruc onsonhowtoenteracombinedCPEtotal(lumpsum).Ifyouhaveanyques onsregardingyourISACAmembershipand/ortheNorthTexaschapter,feelfreetocontactmeatmembership@isacanorthtexas.orgChrisJordanISACANorthTexasVPMembershipmembership@isacanorthtexas.org

Thankyouforbeingoneofmorethan1800membersoftheISACANorthTexaschapterin2013.Ifyouhavenotyetacteduponyour2014membershiprenewal,IencourageyoutodosotodaytomaintainyourlocalchapterandInterna onalbenefits.Renewalofyourmembershiponlineissimpleandsecure.Loginatwww.isaca.org/renew.Ifyouhaveforgo enyourpasswordorusername,clickontheForgotPasswordand/orUserName?link.A erremi ngyourpaymentbycreditcardyouwillreceiveapurchasereceiptonlineandviaemailinaddi ontoareceiptandupdatedmembershipcardissuedbypostalmail.Ifyouarenotpayingbycreditcardandwanttopaybycheckorbanktransfer,clickthePaybyCheckorBankTransferbu onwhenyoureachtheshoppingcart.YoumaydownloadacopyofyourinvoicebyloggingintoyourISACAprofileatwww.isaca.organdselec ngmyPURCHASESundertheMyISACAtab.Onceyourrenewalisprocessed,yourreceiptofpaymentwillbe

Membership Renewal

If you have not

yet acted upon

your 2014

membership

renewal, I

encourage you

to do so today

T H E P A S S W O R D

http://www.sans.org/event/cybercon-spring-2014/course/auditing-active-directory-windowshttp://www.sans.org/event/cybercon-spring-2014/course/auditing-active-directory-windowshttp://www.sans.org/event/cybercon-spring-2014/course/auditing-active-directory-windowshttp://www.sans.org/event/cybercon-spring-2014/course/auditing-active-directory-windowshttp://www.sans.org/event/cybercon-spring-2014/course/audit-oracle-databaseshttp://www.sans.org/event/cybercon-spring-2014/course/audit-oracle-databaseshttp://www.sans.org/event/cybercon-spring-2014/course/audit-oracle-databaseshttp://www.sans.org/event/cybercon-spring-2014/course/audit-oracle-databaseshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.sans.org/course/foundations-auditing-security-controls-it-systemshttp://www.isaca.org/cpemailto:membership@isaca-northtexas.orgmailto:membership@isaca-northtexas.orghttp://www.isaca.org/renewhttp://www.isaca.org/

5

SPECIALUPCOMINGSEMINAR

Audi ng Oracles EBusiness Suite: An Introduc on to the Applica ons Architecture

This three day seminar is presented by Jeffrey Hale, a leading authority on Oracle E-Business Suite controls. It is a must for auditors and those involved in implementing and supporting Oracles E-Business Suite. The seminar is offered at a considerable saving over the publically offered class in addition to saving in travel and lodging expenses. Dont miss the opportunity to be part of this learning experience and earn valuable CPE credits.

Date: Monday, March 24 thru Wednesday, March 26, 2014

Time: 8:30 AM 4:30 PM Location: JCPenney 6501 Legacy Drive, Plano, TX 75024, Cost: $700 Members and Non-Members (Includes training materials, lunch, snacks and beverages)

Register at www.isaca-northtexas.org

Online registration closes on Friday, March 14, 2014 at 5:00 PM. No walk-ins. Prepay by Credit Card, PayPal or Check Only. Checks must be received by Friday, March 14, 2014.

Class size is limited to the first 45 registrants.

For any information regarding refunds, complaints, and program cancellation policies, visit www.isaca-northtexas.org/SitePages/ProgramPolicies.aspx.

PROGRAM DESCRIPTION Oracles E-Business Suite offers a wide variety of applications which require specific audit programs. Auditors and those implementing and supporting Oracles E-Business Suite need actionable information about the associated risks and controls. The program will be presented by Jeffrey Hare, CPA, CISA, CIA, CEO of ERP Risk Advisors, a leading thought leadership firm providing risk advisory services for organizations running Oracle Applications. In 2009 Mr. Hare published Oracle E-Business Suite Controls: Application Security Best Practices. LEARNING OBJECTIVES This foundational three-day course will take you from a basic understanding to an intermediate understanding of application risks and controls for the most commonly implemented Oracle applications along with the elements common to all implementations. It will delve deeply into application security and other IT general controls and provide you with a several SQL queries frequently used in assessments.

P A G E 5

http://www.isaca-northtexas.orghttp://www.isaca-northtexas.org/SitePages/ProgramPolicies.aspx

6

March 27 & 28, 2014

Dallas IIA Annual Fraud Summit

LOCATION UT Dallas

Thursday Workshop

($300/person) A endeeschooseoneofthree

workshops.Sam Antar: InsidetheMindofa

HardcoreFraudsterNicholas DiMola and Paul Flora: Targe ngFraudandCorrup oninContractandProcurement

Ac vi esJarre Kolthoff, Chris Mitchell,

and others: HowtoManageFraudfortheNext5Years

Friday Conference ($200300) Keynote Speaker: Sam Antar andlawenforcementofficials

TwoGeneralSessions

Choosefrom24breakoutsessions

Upcoming Events

Current Career Opportunities JobTitle Company Loca on JobCategory CareerLevel PostDate Expira onDate

Manager Technology Audit

Sabre Southlake, TX Permanent Non-Management

11/8/2013 1/10/2014

IT Audit, Associate Manager

Molkentine Professional

Dallas, TX Permanent Management 12/11/2013 2/28/2014

Sr GRC Systems Administrator - IT Services

GM Financial Arlington, Texas

Permanent Non-Management

12/26/2013 2/28/2014

January 9, 2014

Joint Mee ng with Dallas IIA

LOCATION

RenaissanceHotelRichardson900E.LookoutDriveRichardson,Texas

PREMEETING

MeasuringCyberSecurityCapabili es

Ma Wilson,PwC

Luncheon ThirdPartyRisk

KirtSeale,GrantThornton

POSTMEETING ComputerAssistedAudit

TechniquesforSoDCharlesBroom,BDO

March 4, 2014

Joint Mee ng with Fort Worth IIA

LOCATION

FortWorthPetroleumClub777MainSt#4000,FortWorth,Texas

PREMEETING TexasMedicalRecordsPrivacyActTexasHouseBill300

(HB300)

Luncheon ROIonITprojects

POSTMEETING

TheImpactofTechnologyonStewardship,Risk&Fraud

P A G E 6

The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August through June. It is an objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of

ideas. Statements of position or expressions of opinion appearing herein are those of the authors and not, by the fact of publi-cation, necessarily those of ISACA or the North Texas Chapter. Likewise, the publication of any advertisement is not construed

to be an endorsement of the product or service offered unless specifically stated.

Copyright 2014 ISACA North Texas Chapter all rights reserved

Space Limited Register Now!

Ques ons?Comments?Correc ons?Pleaseadviseusatnewsle er@isacantx.org

http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=139http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=139http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=139http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=139http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=140http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=140http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=140http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=140http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://isacantx.org/Careers/SitePages/JobDetail.aspx?JobID=141http://www.cvent.com/events/2014-annual-fraud-summit/event-summary-beecee7f1b87494ab4fe92442121547a.aspxmailto:newsletter@isacantx.org

Letter from the PresidentJanuary Meeting AgendaNews from ISACA InternationalDecember's Chapter MeetingSANS Training OpportunitiesMembership RenewalUpcoming SeminarCurrent Job PostingsUpcoming Events

/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False

/CreateJDFFile false /Description > /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ > /FormElements false /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /DocumentCMYK /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /UseDocumentProfile /UseDocumentBleed false >> ]>> setdistillerparams> setpagedevice