d e c e m b e r , 2 0 1 7 letter from the president password - 2017-12.pdf · "yber fraud: the...
TRANSCRIPT
1
The Password D E C E M B E R , 2 0 1 7
I hope this letter finds you all doing well and having had a nice Thanksgiving. It is hard to believe it is December already and the holiday season has begun. This a good time to take stock of your CPE requirements and get some training before the end of the year. Of course, three CPE credits may be earned by attending our December meeting where we would be glad to see you – and don’t forget we will have our annual Christmas presents to give out as well!
Our December meeting takes place Thursday, December 14th at the Dallas Marriott Las Colinas located at 223 West Las Colinas Blvd, Irving, TX 75039. The presentations for the day will include:
10:30 AM (Pre-Luncheon Meeting) "Disaster Recovery & Business Continuity – NO EXEMPTIONS" presented by Jim Roché, CBCP, Technologent 12:20 PM (Luncheon Meeting) "Cyber Fraud: The Equifax Hack and Steps to Prevent Widespread Fraud" presented by Norman Comstock, Managing Director @ UHY Advisors TAP, Inc. 1:30 PM (Post-Luncheon Meeting) "Third-Party Assurance" presented by Eric Moriak – HITRUST Director, Assurance Services
Our January joint meeting with the Dallas IIA is also coming up on Friday morning January 12th from 8am to noon at UTD – stay tuned for more details! Please take advantage of the opportunities your ISACA North Texas chapter membership offers you. Invest in yourself and your career. Whether attending monthly chapter meetings, educational seminars, certification reviews or networking events, I look forward to meeting YOU at one of these events this year! Wishing you a Merry Christmas and Happy Holidays, Brittany George, CISA, QSA Weaver President – ISACA North Texas
Letter from the President
I N S I D E T H I S
I S S U E :
Letter from the
President
1
Next Meeting
Agenda: Luncheon
2
Next Meeting: Pre &
Post-Luncheon
3
In the News 4
Upcoming
Opportunities
5
CPE Signature
Process Reminders
6
2017-2018
ISACA NTX Officers
tors
7
ISACA NTX Events
Policy
8
Career
Opportunities &
Payment Chart
9
Brittany George Chapter President
2
...and elsewhere
Did you enjoy CACS last year? This year it’s in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Haven’t even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
T H E P A S S W O R D
How much is too much when it comes to IT risk management?
Microsoft has joined the FIDO (Fast IDentity Online) alliance in an
attempt to move away from passwords to more secure means of
authentication. Sounds great...but surely nobody will ever guess “123456”
is your password?
P A G E 2
Scenes from our June meeting...
Pre & Post Luncheon on next page
December Meeting Agenda When: Thursday, December 14, 2017
Where: Marriott Las Colinas
223 West Las Colinas Boulevard
Irving, TX 75039 Luncheon Luncheon registration opens at 11:15 am Lunch served no later than 11:45 am Speaker at 12:20 pm
Topic: “Cyber Fraud: The Equifax Hack and Steps to Prevent Widespread Fraud ” Presenter: Norman Comstock, Managing Director @ UHY Advisors TAP, Inc. Description: The hits keep coming on data breaches. Just when you thought you’d heard it all, a new record it set by Equifax and the impacts may be far reaching and yet to manifest. Personal and professional introspection on this matter, coupled with some follow through steps could help minimize frustration and mitigate potential losses. Bio: Norman is president of UHY Advisors TAP, Inc. a subsidiary of UHY Advisors, bringing over 25 years of experience in strategic consulting services. He has an extensive information technology background. Norman advises clients on enterprise risk management, information technology governance, technology assurance, program management, and cybersecurity.
Objectives - Attendees will learn about: 2017’s top 3 cyber risks and what to watch for in 2018 A 7 Step Personal Action Plan to Prevent Fraud and Protect Yourself from the Equifax Breach Why cyber fraud is not a technology risk but rather a business risk that must be understood and mitigated
by employees in all disciplines - sales, HR, operations, finance, accounting, etc.
Program Level: Basic Category: Specialized Knowledge & Applications Prerequisites/Advance Preparation: None
**Note about Presentations: ISACA North Texas can only post presentations from monthly meetings that are provided by the speaker with their permission. If a presentation is not on the website it either means we have not been granted permission or the speaker has not provided us the presentation to post yet.
November Meeting—Door Prize Winners
3
T H E P A S S W O R D
Pre-Luncheon 10:30 AM (Pre-Luncheon registration begins at 10:00 am)
Topic: “Disaster Recovery & Business Continuity - NO EXEMPTIONS” Presenter: Jim Roché, CBCP / Disaster Recovery & Business Continuity, Technologent Description: This session will discuss the current state-of-the-union regarding disasters of many types, and how organizations prepare themselves by developing Business Continuity and Disaster Recovery Programs. These programs are not finite projects, and involve practice and repetition to achieve a real-life state of preparedness.
Speaker Bio: Based in Dallas/Ft Worth, Jim Roché currently heads up the Business Continuity/Disaster Recovery practice for an Irvine-based solution provider named Technologent. Jim has 26 years of technical, financial, and business consulting experience in information technology infrastructure design, management, and operations. Jim’s experience spans continents with footprints in Europe, Asia, Australia, and Latin America, in addition to the US. Recognized globally for a strong business acumen and profound technical knowledge, Jim has served as a direct advisor to the executive leadership of numerous Fortune 100 Companies. Jim is committed to excellence and delivering unparalleled customer service. Jim’s current role includes the management of Technologent’s Disaster Recovery/Business Continuity Practice, as well as GDPR initiatives for global clients. He transitioned into IT from Honeywell, where he worked as an optical R&D engineer in 1991. He cut his IT teeth in the Financial Services Industry, where he held many roles such as: UNIX Admin, Oracle DBA, C++ programmer, Storage and Backup/Recovery Manager, amongst others. He has worked for several IT Integrators and consulting companies as well.
Objectives - Attendees will learn about: Real-World terminology in the BC/DR Arena Types of disasters in today’s world and how they rank How an organization prepares itself – where do we start? Who plays a role in BC/DR? Challenges faced when developing these programs (DIY vs Outsourced) What is DRaaS and how will it benefit organizations?
Real-World scenarios and how these companies weathered their last major disruptive event
Post-Luncheon 1:30 PM
Topic: “Third-Party Assurance ” Presenter: Eric Moriak – HITRUST Director, Assurance Services Description: Model Approach to Efficient and Cost-Effective Third-Party Assurance
Speaker Bio: Eric Moriak has over 35 years of experience in Application Development, Systems Programming, IT Audit, Security, Privacy and Compliance. He is CISA, CISM, CGEIT, CIA, CISSP and CCSFP certified and has worked in the Oil & Gas, Computer Services, Heavy Manufacturing, Construction and the Healthcare fields. He has authored articles in Compliance Today (an HCCA publication) and spoken at a number of universities, conferences and professional organizations. He is also a member of the North Texas ISACA Chapter and is pleased to return here again.
Objectives - Attendees will learn about: Challenges with Third-Party Assurance How HITRUST Facilitates Third-Party Assurance Key Elements in Approaching Third-Party Assurance Common Questions When Implementing Third-Party Assurance
P A G E 3
Great Speakers and CPEs
4
“topic” March
Did you enjoy CACS last year? This year it’s in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Haven’t even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
T H E P A S S W O R D
P A G E 4
In the News
NiceHash suffers security breach, around $70 million in
Bitcoin stolen
“NiceHash, one of the most popular crypto-mining marketplaces,
has apparently suffered a breach that resulted in the theft of the
entire contents of the NiceHash Bitcoin wallet.” Read more
Five key trends to watch in 2018 as Cyber criminals continue
to innovate
“The McAfee Labs 2018 Threats Predictions Report identifies five
key trends to watch in 2018.” Read more
NIST published second draft of proposed update to NIST
Cyber Security Framework
On December 5th, NIST published the proposed update. Read more
Microsoft issues emergency windows security update for a
critical vulnerability
“Microsoft has just released an emergency security patch to
address a critical remote code execution (RCE) vulnerability in its
Malware Protection Engine (MPE) that could allow an attacker to
take full control of a victim's PC.” Read more
...and in other news Android Flaw allows attackers to poison signed apps with malicious
code
New IcedID Trojan targets US Banks
Global security spending to reach $96 billion in 2018
Pre-Installed Keylogger found on over 460 HP laptop models
Security expert discovered severe flaws in most popular program-
ming languages
5
P A G E 5 T H E PA S S W O R D
Upcoming Opportunities
ShmooCon | January 19—21 2018| Washington DC ShmooCon is a yearly east coast hacker event
that provides three days of an interesting atmosphere for demonstrating technology inventive
software and hardware solutions, exploitation and open discussions of critical infosec issues. Click here
to register.
CACS 2018 North America | 30 April —2 May 2018 | Chicago IL Registration is open! The North
America CACS Conference is the premier conference for Audit/Assurance, COBIT, Compliance, Risk,
Security, and Strategy/Governance professionals. Click here to register.
RSA Conference 2018 | April 16—20 2018| San Francisco CA Discover the latest technology, learn
about new approaches to info security, and interact with top security leaders and pioneers at one of
the world’s leading info security conferences. Stop by ISACA booth #200 and ask about our Training
Platform. Click here to register. $150 discount off Full Conference pass for ISACA members.
CSX 2018 North America | 15—17 October 2018 | Las Vegas NV Registration is open! Stay on top of
the latest cyber security trends, further your cyber security career, and make new connections with
cyber security professionals around the world. Click here to register.
Please note upcoming ISACA training and event opportunities online here
ONLINE EVENTS UPCOMING EVENTS RECENT RESEARCH
CISA Exam Prep course Virtual Instructor-Led Training | 19—22 February 2018
19 December 2017 Auditing Agile in Agile Time Webinar
How Enterprises are calcu-lating Cloud ROI
CRISC Exam Prep course Virtual Instructor-Led Training | 12—15 March 2018
Identifying security weakness-es in your Enterprise
CISM Exam Prep course Virtual Instructor-Led Training | 19—22 March 2018
Understanding smart Con-tracts
6
CPE Signature Process Reminders
At our September meeting, we began collecting signatures electronically for each meeting session, seminar and certification review.
Sign in when you arrive at the December meeting. Your morning session signature will count for the morning and lunch session CPE if you arrive on time (by 10:40 am). For late arrivals and those that arrive at lunch, your initial signature will apply for luncheon CPE only. Please note you must provide your signature at check-in, else we can’t record your participation, and no CPE can be issued.
All CPE certificates will be issued a week after the meeting
Sign in for the post-lunch afternoon session. We will again pass iPads around the room to collect your signatures. Just select your name from the list of attendees, sign with your finger, click OK, then pass the iPad to your neighbor.
Thank you for signing in, which helps reduce our volunteer’s time, and speed up
the issuance of CPE certificates to you and to your ISACA account when
applicable.
P A G E 6 T H E PA S S W O R D
November Meeting Speakers - Donald Simmons, Jason Robohm and Eric Ballantyne
7
2017-2018 ISACA North Texas Coordinators
P A G E 7
T H E P A S S W O R D
2017-2018 ISACA North Texas Board of Directors Position Volunteer E-mail Address President Brittany George [email protected]
Secretary Leigh Ann Montgomery [email protected]
Treasurer Leslie Norwood [email protected]
VP Programs Sean McAloon [email protected]
VP Education Raveen Bhasin [email protected]
VP Facilities Robert Rubel [email protected]
VP Communications Ian Connors [email protected]
VP Membership Doug Gorrie [email protected]
VP Certification Dariel Dato-on [email protected]
1st Past President Laurie Flandrau [email protected] 2nd Past President Greg Streder [email protected] 3rd Past President Marvin Reader [email protected]
Position Volunteer E-mail Address
Certifications Coordinator I Bo Han [email protected]
Certifications Coordinator II Ibrahim Badaru [email protected]
Certifications Coordinator III Aman Tara [email protected]
Certifications Coordinator IV Aisha Hydara [email protected]
Program Coordinator I Morgan May [email protected]
Asst. Treasurer Paul Smith [email protected]
Academic Relations Coordinator Jose Lineros [email protected]
Academic Relations Committee Vijaya Kaza [email protected]
Reservations Coordinator Mary Anderson [email protected]
CPE Compliance Coordinator Madhavi Lokireddy [email protected]
Jobs Coordinator Joe McKeman [email protected]
Volunteer Coordinator Justice Rutanhira [email protected]
Marketing Coordinator I KJ Wilson [email protected]
Marketing Coordinator II Kyle Morris [email protected]
Website Webmaster Jeff Kromer [email protected]
Website Administrator I Garrett Wilson [email protected]
Website Administrator II Indrajit Atluri [email protected]
Education Coordinator I Roshan Pulikkiel [email protected]
Education Coordinator II David Friedenberg [email protected]
Newsletter Coordinator I Carol Barke [email protected]
Newsletter Coordinator II Kishore Vankayalapati [email protected]
Membership Coordinator Keri Chisolm [email protected]
Networking Coordinator LeThuy Jacob [email protected]
Chapter Photographer Roshan Sunny [email protected]
8
P A G E 8
T H E P A S S W O R D
ISACA North Texas Events Policy 1/1/2016
The ISACA North Texas Chapter offers three types of fee based programs: Chapter Monthly Meetings, CISA® and CISM® Review Courses, and Seminars. The chapter strongly encourages advance registration and payment for all events, as this reduces chapter expenses and the capacity for many of our events is limited due to the size of the event locations. Therefore, seats may not be available on the day of the event for walk-up registrants. The table on the final page of this newsletter summarizes the chapter's payment and cancellation policies. Payment Policy All advance, online event registration payments will be made through CVENT. For advance, online
registrations, payment is accepted via Visa, MasterCard, American Express, Discover and PayPal. Advance registrations will not be accepted after the time noted above unless otherwise noted in online event
details. For walk-in registrations, credit card via Cvent, check, cash or Paypal payment is required. Cancellation and Refund Policy The North Texas Chapter of ISACA (ISACA NTX) strives to provide appropriate facilities for meetings, seminars and certification review classes. Since facility providers and/or speakers require advance notice and financial commitment, ISACA NTX must balance those obligations against our members’ periodic need to cancel a reservation based on job requirements, illness or other circumstances. Upon receipt of e-mail notification to [email protected], ISACA NTX will refund prepaid fee according to the following deadlines: Monthly Program Meetings - cancellations must be received by 6:00 PM three days prior to the meeting. Certification Reviews - cancellations must be received at by 6:00 PM eight days before the first class. Seminars - cancellations must be received by at least one week prior to the first day of the seminar. If unusual
cancellation terms are required based on speaker and/or venue, details will be included in the online event details.
Attendee substitution is permitted at any time until the event by contacting the Registration Coordinator at [email protected] and is subject to any additional charge for non-member fees. Cancellations and refund for advance registrations are allowed if cancellations are submitted to [email protected] by the deadline noted in the table above. Advance registrants who do not attend the event or do not cancel by the date noted in the table above are not eligible for a refund. Attendee substitutions are permitted at any time until the event, subject to any additional charge for non-
member fees. Inquire with Chapter Registration Coordinator at [email protected].
-->Please see last page for table that summarizes payments & cancellations policy<--
9
Current Career Opportunities P A G E 9
T H E P A S S W O R D
The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August through June. It is objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of ideas. Statements of
position or expressions opinion appearing herein are those of the authors and not, by the fact of publication, necessarily those of ISACA or the North Texas Likewise, the publication of any advertisement is not construed to be an endorsement of the prod-
uct or service offered unless specifically
Copyright 2017 ISACA North Texas Chapter all rights
Policy Chapter Monthly Meetings CISA or CISM Review Courses Seminars
Payments Advance registration payments accepted
Credit Card** (Visa/MC/AMEX/Discover) and PayPal**
Credit Card** (Visa/MC/AMEX/Discover), PayPal**, Check, or Purchase Order (Invoice payment must be received by the pre-registration deadline)
Credit Card** (Visa/MC/AMEX/Discover), PayPal**, Check, or Purchase Order (Invoice payment must be received one week prior to the first day of the seminar)
Advance registration cutoff date
6:00 PM three days before the event (May be earlier if a joint event
with another organization that requires earlier registration counts)
6:00 PM eight days before the first class.
6:00 PM two weeks prior to the first day of the seminar.
Walk-in registration payments accepted
Credit Card** (Visa/MC/AMEX) and PayPal**
All attendees must pre-register for this event. Walk-in registration is not permitted.
All attendees must pre-register for this event. Walk-in registration is not permitted.
Cancellations
Cut-off date for cancellations
6:00 PM three days prior to the event.
6:00 PM eight days before the first class.
At least one week prior to the first day of the seminar.
Substitutions permitted for cancellations after cutoff date?
Attendee substitution is permitted at any time until the event, subject to any additional charge for non-member fees. Inquire with Chapter Registration Coordinator at [email protected]
Attendee substitution is permitted at any time until the event. Inquire with Chapter Registration Coordinator at [email protected]
Attendee substitution is permitted at any time until the event, subject to any additional charge for non-member fees. Inquire with Chapter Registration Coordinator at [email protected]
**Credit Card and Paypal only if you register electronically via Cvent on the chapter website
The following table summarizes the chapter's payment and cancellation policies:
Job Title Company Location Category Career Level Post Date Exp. Date
Senior Manager, Internal Audit Robert Half Technology Westlake, TX Permanent Management 11/8/2017 12/11/2017