Languages
Pages
Legal
1
The Password D E C E M B E R , 2 0 1 6
I hope this letter finds you all doing well and having had a nice Thanksgiving. It is hard to believe it is December already and the holiday season has begun. This a good time to take stock of your CPE requirements and get some training before the end of the year. Of course, three CPE credits may be earned by attending our December meeting where we would be glad to see you! Our December meeting takes place Thursday, December 8th at the Dallas Marriott Las Colinas located at 223 West Las Colinas Blvd, Irving, TX 75039. We will have a special gift to celebrate the holiday season and thank our members for their support during 2016 so don’t forget to register and attend the December meeting! The presentations for the day will include:
10:30 AM (Pre-Luncheon Meeting) "Trust but Verify – A Guide to Testing Results in a Cost Effective Manner" presented by Eric Ballantyne Managing Principal of Information Security at General Datatech, L.P. (“GDT”) 12:20 PM (Luncheon Meeting) "Cybersecurity Threats and the Road Ahead " presented by John Ansbach, Executive Director and General Counsel of General Datatech, L.P. (“GDT”) 1:30 PM (Post-Luncheon Meeting) "Refining and Measuring Security Risk and Assurance" presented by Nitin Salvi, Manager Cybersecurity and Compliance.
Please take advantage of the opportunities your ISACA North Texas chapter membership offers you. Invest in yourself and your career. Whether attending monthly chapter meetings, educational seminars, certification reviews or networking events, I look forward to meeting YOU at one of these events this year! Brittany George, CISA, QSA Weaver President – ISACA North Texas Chapter [email protected]
Letter from the President
I N S I D E T H I S
I S S U E :
Letter from the
President
1
Next Meeting
Agenda:
Luncheon
2
Next Meeting:
Pre &
Post-Luncheon
3
In the News 4
Conferences &
Training
Opportunities
5
Certifications
Exam Updates
6
2016-2017
ISACA NTX
Board &
Coordinators
7
ISACA NTX
Events Policy
8
Career
Opportunities &
Payment Chart
9
Brittany George Chapter President
November Speakers Clay Risenhoover and Trip Hillman Austin Hutton
2
...and elsewhere
Did you enjoy CACS last year? This year it’s in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Haven’t even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
T H E P A S S W O R D
How much is too much when it comes to IT risk management?
Microsoft has joined the FIDO (Fast IDentity Online) alliance in an
attempt to move away from passwords to more secure means of
authentication. Sounds great...but surely nobody will ever guess “123456”
is your password?
P A G E 2
Scenes from our June meeting...
Pre & Post Luncheon on next page
December Meeting Agenda When: Thursday, December 8, 2016
Where: Marriott Dallas
223 West Las Colinas Boulevard
Irving, TX 75039
**Note about Presentations: ISACA North Texas can only post presentations from monthly meetings that are provided by the speaker with their permission. If a presentation is not on the website it either means we have not been granted permission or the speaker has not provided us the presentation to post yet.
Luncheon
Luncheon registration opens at 11:15 am
Lunch served no later than 11:45 am Speaker at 12:20 pm
Topic: “Cybersecurity Threats and the Road Ahead ” Presenter: John Ansbach, General Datatech (GDT) Description: In this session we will review current corporate cybersecurity threats and attacks and the growing impacts of the same. We’ll then discuss suggested responses to those threats and attacks (non-techincal, and a few technical) and how companies and their risk management professionals can prepare to defend against an increasingly insecure landscape. Emphasis will be placed on defending against insider threats, especially spear/phishing, BEC and other specially engineered cyber campaigns directed towards unsuspecting and untrained employees.
Speaker Bio: John Ansbach serves as Executive Director and General Counsel of General Datatech, L.P. (“GDT”), a global technology solutions provider that supports commercial enterprises with cybersecurity, cloud, managed services, Internet of Things, and networking, storage and compute solutions. In this role, John is responsible for all the legal affairs of GDT, as well as the company’s information security, internal IT, global operations and internal audit functions. John is a 1996 graduate of the University of Texas School of Law, and he is a Certified Information Privacy Professional for the U.S. Private Sector (CIPP/US). He also publishes his own technology blog (ansbachblog.com) focused on cybersecurity and the Internet of Things. Objectives - Attendees will learn about: The current state of cybersecurity threats The impacts of those threats Strategies and tactics that can be deployed to
resists and defend against cyber threats
Program Level: Basic Category: Specialized Knowledge & Applications Prerequisites/Advance Preparation: None Recommended CPE Hours: 1 per session
November Door Prize Winners
3
T H E P A S S W O R D
Pre-Luncheon 10:30 AM (Pre-Luncheon registration begins at 10:00 am)
Topic: “Trust but Verify - A guide to testing results in a cost-effective manner" Presenter: Eric Ballantyne, Managing Principal of Information Security at General Datatech (GDT) Description: We’ve all been there. A potential audit finding is in question or a remediation item is said to be complete; the ports are closed, the services are not set to respond to a request, segmentation is in place. The tools needed to test or verify this are often in the hands of those who are responsible for the work. Wouldn’t it be great to be able to spot check those tools and the work being done? But those tools are expensive and rarely does an audit team have a budget or infrastructure to run them. In this discussion we will cover tools that are open source, inexpensive and widely available that can help with your audit testing or remediation verification.
Speaker Bio: Eric Ballantyne, CISSP, CISA, CRISC, ISO 27K LA, CEH is the Managing Principal of Information Security at GDT. Eric has been in the Information Security field for the past 20 years focused on guiding organizations through the rigors of implementing and demonstrating the controls of PCI-DSS, PA-DSS and ISO 27001:2005 and ISO 27001:2013. He spent his early years working with three level one merchants in hospitality and DoD environments. He then went on to establish both compliance and incident response programs for three level one service providers, two banks, a marketing firm offering loyalty programs and a major retail organization. Eric was a former advisor and SIG contributor for the PCI Council as a representative of a member organization. Objectives - Attendees will learn about: What the latest tools are and where to get them. How to set yourself up for success when using the tools (aka the ground rules). Common tools and how to use them. When running the tools, the skill level and expertise need. Further reading and references.
-------------------------------------------------------------------------------------------------------------
Post-Luncheon 1:30 PM
Topic: “Refining and Measuring Security Risk and Assurance ” Presenter: Refining and Measuring Security Risk and Assurance Description: Improvising traditional security risk management practices by, adopting opportunity focused Risk-Architect for Complex Enterprise Environments and Applying Performance Measurement Framework to Assess Assets at Risk. Speaker Bio: Nitin has over 25 years’ experience across the fields of Information security; physical security; privacy; audit and risk management. Nitin is currently a Manager, Cybersecurity and Compliance with CHRISTUS Health and has worked for the GM Financial, Schlumberger; INS; Caremark and CVS. He currently holds the CISSP, TOGAF, SABSA, ITIL, PMP, CIPP/IT, CISA; CISM;. Nitin teaches CISA, CISSP and PMP certification class for Crescent foundation a nonprofit organization that supports unemployed community members to get jobs within IT and security. Objectives - Attendees will learn about: Performance Measurement Framework to Assess Assets at Risk Understanding and deploying Multi-tiered Control Strategy Defining & Populating Assurance Matrices
P A G E 3
4
Did you enjoy CACS last year? This year it’s in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Haven’t even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
T H E P A S S W O R D
News from ISACA International Registration is open to attend EuroCACS 2017. Stay on top of
the trends and opportunities of the dynamic technology
industry at EuroCACS/ISRM —the leading European
conference for IT audit, assurance, security and risk
professionals. Earn up to 32 CPE hours.
Upcoming CSX Asia Pacific Conference information is available
here .
P A G E 4
5
P A G E 5 T H E PA S S W O R D
Upcoming Conferences & Training Opportunities
ISACA Members Earn Free CPE at the following upcoming webinars:
S U G G E S T E D T I P S A U D I T O R S N E E D T O K N O W A B O U T C Y B E R S E C U R I T Y
Dr. Vilius Benetis Cyber security researcher, NRD CS
Martin Cullen BSc Informations & Systems
Richard Hollis CEO, Risk Factory Ltd.
Tuesday, 6 December 2016 12PM (EST) / 11AM (CST) / 9AM (PST) / 17:00 (UTC)
D E V O P S — A C C E L E R A T I N G Y O U R E N T E R P R I S E ’ S D I G I T A L A G I L I T Y
Rob Stroud Principal Analyst, Forrester Research.
Thursday, 15 December 2016 12PM (EST) / 11AM (CST) / 9AM (PST) / 17:00 (UTC)
Don’t miss ISACA’s new Cybersecurity Nexus (CSX) Webinar Series, which offers cutting-edge thought
leadership, research and advice on the current and emerging threat environment, and how you can be
better prepared to counter it!
Check out Tanya Baccam’s upcoming trainings : http://securityaudits.org/events.html
Additional CPE courses are available from ISACA on demand. Gain new understanding and earn
additional Continuing Professional Education (CPE) hours on your schedule—anywhere you have hi-
speed Internet access. Topics range across audit, privacy, cybersecurity, and governance — choose the
information systems subjects that best fit your role and goal to maximize your career potential:
6
P A G E 6
T H E P A S S W O R D
ISACA: 2017 Certification Exam Updates
As demands related to the management, design and assessment of information security programs are constantly
evolving, it is vital to maintain a pace-setting CISM certification program. To do so, ISACA has updated the task
and knowledge areas of the CISM job practice, exam specifications and exam format.
Effective in 2017, a new CISM job practice will be in place and the CISM exam will contain 150 questions. These
changes are the result of a recent job practice analysis. Results validated that decreasing the amount of questions
to 150 provides high reliability that the exam is a valid assessment of the knowledge outlined in the exam
specifications. At a recent CISM Certification Working Group meeting, the Working Group approved the testing of
150 items via a formal vote.
To update the job practice, ISACA conducted a nine-month assessment of the tasks performed by current CISMs.
In 2017, the CISM job practice will be restructured to reflect the latest responsibilities of information security
management professionals:
Domain 1—Information Security Governance will become 24 percent of the exam.
Domain 2—Information Risk Management will become 30 percent of the exam.
Domain 3—Information Security Program Development and Management will become 27 percent of the
exam.
Domain 4—Information Security Incident Management will become 19 percent of the exam.
The updated CISM job practice reflects the expertise of CISM Practice Analysis Task Force members and
independent subject matter expert reviewers. A validation survey was distributed to 5,000 CISMs worldwide,
with more than 1,400 information security professionals responding and validating the results.
This updated CISM job practice will be tested for the first time at globally located Computer-Based Testing (CBT)
centers starting in 2017. ISACA is excited that not only the CISM exam, but also the CISA, CRISC and CGEIT exams
will be administered via CBT because of the value it provides to test-takers:
The opportunity to take the exams will increase to three eight-week long testing windows in 2017. The
testing windows will follow a similar pattern on the calendar to the current testing cycle.
The transition to CBT should not affect the exam review courses chapters offer as the timing of the
testing windows are similar to the current exam administration dates.
CBT will decrease turnaround time for exam results. Preliminary pass/fail results will be available
immediately after the exam, with official exam results being sent within 10 business days.
The multiple-choice format of the exams will not change in 2017. In the future, however, CBT will allow
for the development of more dynamic methods of testing the content.
The first testing window is scheduled for 1 May through 30 June, 2017. Registrations for the first testing window
will open 15 November 2016. Details regarding the first window of CBT testing will be available on ISACA’s web
site when registration opens.
We appreciate the assistance of chapter leaders in communicating these changes to all exam candidates
within your chapter. If you have any questions regarding the updates to the CISM job practice or CBT,
please contact the certification department at [email protected].
7
2016-2017 ISACA North Texas Coordinators
P A G E 7
T H E P A S S W O R D
2016-2017 ISACA North Texas Board of Directors Position Volunteer E-mail Address President Brittany George [email protected]
Secretary Leigh Ann Montgomery [email protected]
Treasurer Chris Jordan [email protected]
VP Programs Eric Ballantyne [email protected]
VP Education Raveen Bhasin [email protected]
VP Facilities Robert Rubel [email protected]
VP Communications Ian Connors [email protected]
VP Membership Doug Gorrie [email protected]
VP Certification Dariel Dato-on [email protected]
1st Past President Laurie Flandrau [email protected] 2nd Past President Greg Streder [email protected] 3rd Past President Marvin Reader [email protected]
Position Volunteer E-mail Address
Assistant Treasurer Sowmitha Kalyan [email protected]
Education Coordinator Lewa Owolabi [email protected]
Education Coordinator Roshan Pulikkiel [email protected]
Education Coordinator David Friedenberg [email protected]
CSX Coordinator Kyle Wess [email protected]
CSX Coordinator Austin Browning [email protected]
Certification Coordinator Bob Nebel [email protected]
Certification Coordinator Linh Mai [email protected]
Certification Coordinator Sean McAloon [email protected]
Certification Coordinator Bo Han [email protected]
Academic Relations Coordinator Jose Lineros [email protected]
Academic Relations Committee Vijaya Kaza [email protected]
Reservation Coordinator Leslie Norwood [email protected]
Newsletter Coordinator Carol Barke [email protected]
Newsletter Coordinator Keri Chisholm [email protected]
Website Webmaster Garrett Wilson [email protected]
Website Administrator Roshan Sunny [email protected]
Website Administrator Jeff Kromer [email protected]
Programs Coordinator Mary Dunavant [email protected]
Marketing Coordinator Lisa Bartsch [email protected]
Marketing Coordinator Kyle Morris [email protected]
Marketing Coordinator Susan Pradhan [email protected]
Chapter Photographer Zac Taylor [email protected]
Jobs Coordinator Joe McKeman [email protected]
CPE Compliance Coordinator Greg Peterson [email protected]
Volunteer Coordinator Justice Rutanhira [email protected]
8
P A G E 8
T H E P A S S W O R D
ISACA North Texas Events Policy 1/1/2016
The ISACA North Texas Chapter offers three types of fee based programs: Chapter Monthly Meetings, CISA® and CISM® Review Courses, and Seminars. The chapter strongly encourages advance registration and payment for all events, as this reduces chapter expenses and the capacity for many of our events is limited due to the size of the event locations. Therefore, seats may not be available on the day of the event for walk-up registrants. The table on the final page of this newsletter summarizes the chapter's payment and cancellation policies. Payment Policy All advance, online event registration payments will be made through CVENT. For advance, online
registrations, payment is accepted via Visa, MasterCard, American Express, Discover and PayPal. Advance registrations will not be accepted after the time noted above unless otherwise noted in online event
details. For walk-in registrations, credit card via Cvent, check, cash or Paypal payment is required. Cancellation and Refund Policy The North Texas Chapter of ISACA (ISACA NTX) strives to provide appropriate facilities for meetings, seminars and certification review classes. Since facility providers and/or speakers require advance notice and financial commitment, ISACA NTX must balance those obligations against our members’ periodic need to cancel a reservation based on job requirements, illness or other circumstances. Upon receipt of e-mail notification to [email protected], ISACA NTX will refund prepaid fee according to the following deadlines: Monthly Program Meetings - cancellations must be received by 6:00 PM three days prior to the meeting. Certification Reviews - cancellations must be received at by 6:00 PM eight days before the first class. Seminars - cancellations must be received by at least one week prior to the first day of the seminar. If unusual
cancellation terms are required based on speaker and/or venue, details will be included in the online event details.
Attendee substitution is permitted at any time until the event by contacting the Registration Coordinator at [email protected] and is subject to any additional charge for non-member fees. Cancellations and refund for advance registrations are allowed if cancellations are submitted to [email protected] by the deadline noted in the table above. Advance registrants who do not attend the event or do not cancel by the date noted in the table above are not eligible for a refund. Attendee substitutions are permitted at any time until the event, subject to any additional charge for non-
member fees. Inquire with Chapter Registration Coordinator at [email protected].
-->Please see last page for table that summarizes payments & cancellations policy<--
9
Current Career Opportunities P A G E 9
T H E P A S S W O R D
The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August through June. It is objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of ide-as. Statements of position or expressions opinion appearing herein are those of the authors and not, by the fact of publica-tion, necessarily those of ISACA or the North Texas Likewise, the publication of any advertisement is not construed
to be an endorsement of the product or service offered unless specifically
Copyright 2016 ISACA North Texas Chapter all rights
Policy Chapter Monthly Meetings CISA or CISM Review Courses Seminars
Payments Advance registration payments accepted
Credit Card** (Visa/MC/AMEX/Discover) and PayPal**
Credit Card** (Visa/MC/AMEX/Discover), PayPal**, Check, or Purchase Order (Invoice payment must be received by the pre-registration deadline)
Credit Card** (Visa/MC/AMEX/Discover), PayPal**, Check, or Purchase Order (Invoice payment must be received one week prior to the first day of the seminar)
Advance registration cutoff date
6:00 PM three days before the event (May be earlier if a joint event with another organization that requires earlier registration counts)
6:00 PM eight days before the first class.
6:00 PM two weeks prior to the first day of the seminar.
Walk-in registration payments accepted
Credit Card** (Visa/MC/AMEX) and PayPal**
All attendees must pre-register for this event. Walk-in registration is not permitted.
All attendees must pre-register for this event. Walk-in registration is not permitted.
Cancellations
Cut-off date for cancellations
6:00 PM three days prior to the event.
6:00 PM eight days before the first class.
At least one week prior to the first day of the seminar.
Substitutions permitted for cancellations after cutoff date?
Attendee substitution is permitted at any time until the event, subject to any additional charge for non-member fees. Inquire with Chapter Registration Coordinator at [email protected]
Attendee substitution is permitted at any time until the event. Inquire with Chapter Registration Coordinator at [email protected]
Attendee substitution is permitted at any time until the event, subject to any additional charge for non-member fees. Inquire with Chapter Registration Coordinator at [email protected]
**Credit Card and Paypal only if you register electronically via Cvent on the chapter website
The following table summarizes the chapter's payment and cancellation policies:
ob Title Company Location Category Career Level Post Date Exp. Date
Engagement Based IT Audit Manager (Remote Position)
CHAN Healthcare Nationwide Permanent Non-Management
10/11/2016 1/1/2017
Risk Assurance - IT Audit Associate
CBIZ MHM, LLC Harrisburg, Pennsylvania
Temp/Contract
Non-Management
10/19/2016 6/30/2017
Risk Assurance - IT Audit Manager
CBIZ MHM, LLC Harrisburg, Pennsylvania
Temp/Contract
Management 10/19/2016 6/30/2017
Non-Tenure Track Faculty in Cybersecurity/IT Governance
University of Texas at Dallas
Richardson TX Permanent Non-Management
10/28/2016 1/31/2017
Top Related