Newsletter. Membership Survey Announcement

Transcription

1 October 2007 Newsletter Membership Survey Announcement...1 President s Message, New Committee Members...2 Membership Meeting Details /2008 Chapter Calendar...4 ISACA Sacramento Fall & Winter Seminars Chapter Committee Membership...7 Published Board Member...7 Job Opportunities, Exam Announcements, New Credential...8 ISACA International: Conference/Training Week Update...9 Chapter Board of Directors...10 Membership Survey Announcement Thank you to our chapter members for participating in the recent membership survey! Your participation and feedback is appreciated. Congratulations to Teresa Byrne, CISA, CIA, the winner of the ipod Nano contest, for completing the survey. 1

2 Greetings, President s Message Our newsletter committee has done it again they have put out an informative and attractive document that I m sure you all will enjoy reading. Please, take a few minutes and see what s here. Your board has been working hard to bring you some exciting opportunities. In fact, next month, we have three events for you to choose from: 1. Our free membership meeting on November 14 th includes a complimentary lunch and one CPE of training. See all the details on page Two-day COBIT Prep Course with Cert. Exam on November 8-9. See page 5 for details. 3. CISA Review Course on November 16 & 17. See our website for more details-- Then in January, we have Canaudit presenting a two-day network security seminar entitled, Penetration Testing: Preemptive Network Security. Members who register and pay by November 14 th will only pay $249. See p. 6 for more details. We have also launched a secure method for you to pay for your events online no more having to mail your check to us. Finally, I want to thank all those who are stepping up to participate on our committees to support our growing chapter. If any more of you are interested in joining our leadership team, feel free to contact any of the board members (see back page). In your surveys, many of you mentioned that you hope to benefit from professional networking opportunities within the chapter. If that is your goal, I strongly suggest you consider participating in one or more of our committees. It s a great way to develop relationships with others in our profession and community. With a time commitment of 2 to 5 hours per month, you will realize tremendous benefits. Please enjoy your newsletter and thanks again for your commitment to ISACA. Leonard Van Ryn, CISA, CIA New Committee Members Your ISACA Sacramento Chapter is pleased to welcome the following people who have volunteered to assist in the ISACA Sacramento Chapter Committees: Davies Ononiwu John Mellas Justin Yi Lu O C Ninan Jack Orlove Current committee members include Jennifer Patrick (Newsletter), Joseph Galan (Website), Cori Hoover (Academic) and Soula Moua (Academic). To all volunteers, on behalf of the ISACA Sacramento Chapter, we thank you for offering your time and we look forward to working with you in the future. 2

3 Membership Meeting Mark your calendars for November 14, 2007, 11:30 am - 1:00 pm! Please join us at the November lunch meeting where Suzanne Wiggins will briefly educate us on the application process for the Computer Security Auditor from the Electronic Recording Delivery System Program and Tim Bryan will present Computer Forensics & Electronic Data Recovery. Suzanne Wiggins Electronic Recording Delivery System Program 10 minutes; [email protected] The Attorney General has established the Electronic Recording Delivery System (ERDS) Program within the Department of Justice (DOJ), which is responsible for implementing the requirements of the Electronic Recording Delivery Act of This act authorizes a County Recorder to establish an ERDS for the delivery and recording of specified digitized electronic records or digital electronic records that are an instrument of real estate transactions. However, a county s ERDS can not become operational until the system has been audited by a Computer Security Auditor who has received prior approval from the ERDS Program to perform independent security audit services on an ERDS. The Computer Security Auditor approval is granted based on an individual s experience and having no disqualifying offense(s). An individual wanting to apply for approval as a Computer Security Auditor from the ERDS Program, may obtain form # ERDS 0002, by downloading it from the ERDS web page at Suzanne s Bio: "I have been employed by the Department of Justice for 19 years (1988) and have worked with various programs. I was hired as a Field Representative for the Applicant Agency Compliance and Training Section within the Field Operations Program in In 2004 the program was assigned the task of implementing Assembly Bill 578, enacting the requirements of the Electronic Recording Delivery Act of As a result, the Electronic Recording Delivery System (ERDS) Program was developed and resides in the Field Operations Program as well. At that time I was appointed to the ERDS Program and have maintained my title as a Field Representative. For the past three years the program has worked with various entities related to the real estate industry and the California County Recorders to establish regulations governing electronic recording in the State of California. On August 31, 2007 the regulations were adopted into the California Code of Regulations, Title 11, Division 1, Chapter 18, Articles 1 through 9. As a Field Representative for the ERDS Program I act as the liaison between the Department of Justice and outside entities related to the program." Tim Bryan Computer Forensics & Electronic Data Recovery 60 minutes; [email protected] The session will include defining Computer Forensics & Electronic Data Recovery and the evolving standards and tools used in the trade. An outline of the procedures and protocols that should be used in a computer forensics case will be provided and will highlight the governing standards. The session will be wrapped up by identifying the scenarios in which Computer Forensics can be used and will include a live demonstration of the EnCase forensic tool. Tim s Bio: Tim Bryan is a Senior Vice President with Perry-Smith LLP s Consulting Services Group. Tim is a Certified Public Accountant, a Certified Information Systems Auditor, and holds the Certified Information Technology Professional designation from the American Institute of Certified Public Accountants. Tim is a member of the American Institute of Certified Public Accountants and the California Society of Certified Public Accountants. Tim received an undergraduate degree from the University of Pacific, concentrating in accounting and information systems. Tim directs the Firm s IT Services practice which focuses on Computer Forensics, Data Analytics, Information Technology Auditing services, SAS 70 Service Bureau examinations and Fraud Investigations. Tim directs the Firm s IT Services practice which focuses on Computer Forensics, Data Analytics, Information Technology Auditing services, SAS 70 Service Bureau examinations and Fraud Investigations. In order to plan accordingly for the complementary catered lunch, please Adrian Bogdan at: [email protected] if you plan to attend. 3

4 2007/2008 Chapter Calendar Date Type of Meeting Time Location July 11, 2007 Board Meeting 11:30 am 1:00 pm Deloitte August 8, 2007 Board Meeting 11:30 am 1:00 pm Deloitte August 22, 2007 Publish Newsletter September 12, 2007 Membership Meeting 11:30 am 1:00 pm CalSTRS, Truckee River Training Room, Midway Building, 7801 Folsom Blvd, Sacramento, CA October 10, 2007 Board Meeting 11:30 am 1:00 pm Deloitte October 24, 2007 Publish Newsletter November 8-9, 2007 COBIT Seminar 8:00 am 5:00 pm November 14, 2007 Membership Meeting 11:30 am 1:00 pm Courtyard Marriott, Meeting Room: White Rock Road, Rancho Cordova, CA CalSTRS, Truckee River Training Room, Midway Building, 2781 Folsom Blvd, Sacramento, CA November 16-17, 2007 CISA Review Course 8:30 am 4:30 pm TBD January 10-11, 2008 Winter Seminar: - Canaudit presents: Penetration Testing: Preemptive Network Security 8:30 am 5:00 pm Franklin Templeton Investments, 1st floor auditorium, 3355 Data Drive, Rancho Cordova, CA February 13, 2008 Board Meeting 11:30 am 1:00 pm Deloitte February 27, 2008 Publish Newsletter March 12, 2008 Membership Meeting 11:30 am 1:00 pm CalSTRS, Truckee River Training Room, Midway Building, 7801 Folsom Blvd, Sacramento, CA April 9, 2008 Board Meeting 11:30 am 1:00 pm Deloitte April 23, 2008 Publish Newsletter May 14, 2008 Membership Meeting 11:30 am 1:00 pm CalSTRS, Truckee River Training Room, Midway Building, 7801 Folsom Blvd, Sacramento, CA June 11, 2008 Board Meeting 11:30 am 1:00 pm Deloitte 4

5 ISACA Sacramento Fall Seminar CoBIT Foundation Exam Prep Course with Certification Exam: November 8-9, 2007 This two-day seminar is designed to provide professionals with the information they need to effectively manage businesses processes and information systems. The seminar helps you to understand Enterprise and IT governance and the major frameworks and standards. You will learn about how COSO, SOX, CoBIT, ITIL, and ISO27002 work together. You will learn about IT governance issues that are affecting organizations globally and how COBIT (Control Objectives for Information and Related Technology) addresses this need with a globally accepted IT control and governance framework. You will learn about the major components of an IT governance and management framework. You will learn how to identify the most important actions for management in achieving control over the IT processes; to define target levels of performance; and to measure whether an IT control process is meeting its objective. The objective of this session is to learn a methodology, using COBIT, for implementing and improving IT governance. This course addresses the need for an IT control framework and explains how this is addressed by COBIT. The course prepares you for the official COBIT Foundation Exam organized under the umbrella of ISACA. The Foundation Exam is offered as part of this course. Location - Courtyard Marriott, Meeting Room, White Rock Road, Rancho Cordova, CA 95670, (916) Who Should Attend - CFO; CIO; IT Managers; IT Auditors; Information Security Managers and Analysts; and Systems Administrators; and Information Technology professionals. Course Materials - Students will receive a course book, but they should download the following additional reference materials from the ISACA website: Management Guidelines, COBIT Framework 4.1 and COBIT Executive Summary Who Will Present - Peter Davis (CISA, CISSP, CSP, CMA, ISP, CNA, CMC, CCNA, CWNA, CISM, COBIT Foundation Certificate, ITIL Foundation Certificate, Accredited COBIT Implementation Trainer, PMP, Accredited ITIL Foundation Trainer and Accredited CISSP Trainer) is the Principal of Peter Davis+Associates ( a management consulting firm specializing in the security, audit and control of information. Prior to founding PDA, Mr. Davis' private sector experience included stints with two large Canadian banks and a manufacturing company. He was formerly a principal in the Information Systems Audit practice of Ernst & Young. In the public sector, Mr. Davis was Director of Information Systems Audit in the Office of the Provincial Auditor (Ontario). A 26- year information systems audit and security veteran, Mr. Davis' career includes positions as security administrator, security planner, consultant, and information systems auditor. Mr. Davis also is the past President and founder of the Toronto ISSA chapter, past Recording Secretary of the ISSA s International Board and past Computer Security Institute Advisory Committee member. In addition, he was a member of the international committee formed to develop Generally Accepted System Security Principles (GSSP). Mr. Davis has written or co-written 11 books including Hacking Wireless Networks for Dummies, Wireless Networks for Dummies, Computer Security for Dummies, Securing Client/Server Computer Networks, Teach Yourself Windows 2000 Server in 21 Days, and Securing and Controlling Cisco Routers. Peter is listed in the International Who s Who of Professionals. He is a past Editor of EDPACS, a monthly publication for security and audit professionals. Registration: Please [email protected] to register or for more information. ISACA, IIA, and ISSA members are eligible for discounted registration rates. Cost $499 ISACA, IIA and ISSA members, $599 for non-members. 5

6 ISACA Sacramento Winter Seminar Penetration Testing: Preemptive Network Security January 10 11, 2008 Provided by Canaudit, Inc. CPE HOURS: 16 LEVEL: Intermediate PREREQUISITES: None This two-day seminar is designed for audit and security professionals. It teaches the necessary skills required for effective penetration testing. Participants will gain valuable insight into the most significant and common vulnerabilities and exploits that threaten their systems. The instructor will demonstrate the use of software tools and specialized techniques by conducting penetration tests on live sites and by analyzing past data. As corporate networks are linked together, preemptive security testing is a necessary protective mechanism. The Internet enables hackers to readily share new tools and exploits that threaten corporate security. Therefore it is essential that auditors and security professionals discover the network exposures before the hackers do. This seminar will provide the participants with a step-by-step approach that they can use to identify their vulnerabilities. See complete course outline at Who Should Attend This course is targeted towards auditors, system administrators, Information Technology personnel, and all others interested in the security of their company networks. This class is designed to increase the knowledge and awareness of participants of all levels. Canaudit s Instructor Chris Schroeder, CISM Chris Schroeder is the Senior Manager of Technical Audits at Canaudit and a team leader of the Canaudit Penetration Team. Chris has been with Canaudit for over seven years. Chris is a published author on many security-related topics including network security. He has an impressive track record in his chosen specialties of network penetration and vulnerability assessment, operating systems audits, network audits and forensic investigations. Since joining Canaudit, Chris has developed new audit and security techniques that have enabled Canaudit to become one of the preeminent audit consulting and security firms in the United States. His pioneering work in wireless LAN security has set the standard for others to follow. As a former United States Marine, Chris has a unique insight when performing physical security audits. In fact, Chris, along with Canaudit President, Gordon Smith, has written a physical security guide, which is available at the Canaudit website As an experienced seminar leader and conference speaker, Chris draws on his vast experience with network security, penetration audits, and electronic commerce to easily translate complex technical issues into language readily understood by participants at all levels. He enjoys the security field, particularly the rapidly changing environment and the challenges it poses. He is constantly adapting and testing new security exploits in his efforts to further the audit and security professional body of knowledge. 6

7 Location Franklin Templeton Investments 1st floor auditorium 3355 Data Drive Rancho Cordova, CA Registration Registration fee is only $249 for members and $349 for non-members if you register by November 14 th. After November 14 th the fee will go to $299 for members and $399 for non-members. For more information and to register, please visit our chapter website at: Seeking Chapter Committee Members Are you interested in getting more involved with your local chapter? We are seeking interested members to serve as Academic Liaisons to local area colleges: California State University, Chico California State University, Stanislaus University of California, Davis California State University, Sacramento Los Rios Community Colleges University of the Pacific If you re interested in participating, please contact Nancy Gonzales at Published Board Member Our very own Sacramento Chapter Board Member, Francis Bueb, wrote an article for Internal Auditor magazine to be staged for the December 2007 issue. Francis article will cover topics such as: Amendments to the Federal Rules of Civil Procedure (in this case, specifically addressing recent laws enacted around electronic discovery), Why the rules may be important for an internal auditor, Similar laws enacted in other countries, The effect on data retention and related controls, Legal requirements and attributes, Challenges for the organization and the internal auditor, and The potential results of non-compliance. For questions around the upcoming article, please contact Francis Bueb at 7

8 Job Opportunities The California State Board of Equalization has an opening for a Business Taxes Specialist II position. Job details may be viewed at the following link: The McClatchy Company, the third-largest newspaper publisher in the country, seeks an IT Audit Supervisor to join its corporate audit team. Responsibilities include supervision of IT audit staff as well as performing reviews of computer systems in the areas of general controls, application controls, and system security. This individual will also work cooperatively with the internal audit department by acting as a consultant and by assisting in the completion of audit assignments which involve IT systems. Qualified applicants will have either a degree in Accounting, Computer Science, Business or related field and 5 years of combined audit and IT experience or equivalent education and experience. Professional certification such as CPA, CIA or CISA is preferred. High ethical standards, excellent verbal/written communication skills and customer service skills are required. Proficient computer skills are a must. This position requires 30% travel. All offers of employment are contingent upon successful completion of post-offer physical and drug screen. EOE We offer a competitive benefits/compensation package. Please send resume with salary history to [email protected]. New Credential Announced ISACA is proud to announce its newest certification, which is supported by the IT Governance Institute (ITGI ) and is built on its intellectual property. The new credential is intended for a wide range of professionals who wish to be recognized for their knowledge and application of IT governance principles and practices. It will also: Support the growing business demands related to IT governance Increase the awareness and importance of IT governance good practices and issues Define the roles and responsibilities of the professionals performing IT governance work The initial exam for the new credential is expected to be administered in December A grandfathering program will be announced shortly, through which highly experienced IT governance professionals may apply for certification without taking the exam. For more information about the CGEIT certification, visit News about the CEGIT program is also available at Exam Announcements Program Evaluator and Associate Program Evaluator exams for the California Public employees Retirement System (CalPERS) are open for Sacramento County. Program Evaluator - sacramento.org/documents/information/ ProgramEvaluator7PA16.pdf Associate Program Evaluator - sacramento.org/documents/information/ AssociateProgramEvaluator7PA17.pdf Applications must be submitted in person or by mail and post marked (U.S. mail) no later than the final filing date, November 15, Interested applicants should find details on the Sacramento Chapter website. 8

9 ISACA International: Conference/Training Week ISACA Training Week 5-9 November San Antonio, Texas, USA 3-7 December Scottsdale, Arizona, USA Training Week provides a unique educational experience. The courses use a combination of lecture, case study, class discussion and group exercises to explore all of the topics covered. The IT Audit Practices course has been aligned with the CISA job practice areas. Presented at the intermediate level, the course builds upon the information and case studies presented in the fundamentals course to explore in greater depth the concepts, principles and practices of IT auditing. The Information Security Management course is aligned with the CISM job practice areas. The course provides a strong base for building a successful career in information security management and focuses on the development and implementation of best security practices that protect enterprise information management systems. CISMs and those preparing to attain the CISM certification will benefit from this course. For more information on additional events and to register, please visit Additional 2007 ISACA Conference Schedule November 2007 Information Security Management Conference, Frankfurt, Germany November 2007 Network Security Conference, Frankfurt, Germany November 2007 IT Governance and Compliance Conference, Boston, Massachusetts, USA December 2007 IT Audit Management Forum, Scottsdale, Arizona, USA December 2007 Information Security Management Forum, Scottsdale, Arizona, USA January 2008 Asia-Pacific CACS, Muscat, Sultanate of Oman January 2008 Information Security Conference, Panama City, Panama 9-12 March 2008 EuroCACS, Stockholm, Sweden 27 April May North America CACS, Las Vegas, Nevada, USA 9

10 Chapter Board of Directors President Leonard Van Ryn Franklin Templeton Investments Vice President, CISA/CISM Coordinator Mark Schmidt Systematics Technology Group Secretary Lynette Jones Deloitte & Touche LLP Treasurer Barbara Owens Department of Child Support Services Program Chair Adrian Bogdan Intel Immediate Past President Michael Stanford IntelliQuote Membership Directors Vivienne Nicol Interplan Health Group Vivienne Loretta Hall Franklin Templeton Investments Academic Relations Coordinator Nancy Gonzales Health Net, Inc. Auditor Francis Bueb Ueltzen & Company LLP Newsletter Editor Hilary Schuler Deloitte & Touche LLP Webmaster David J. Blackburn Health Net, Inc. Seminar Chair Jack Leidecker Security Asylum PO Box 2025 Rancho Cordova, CA