Newsletter

2013 isacala.org Newsletters (current first)

 

icon
  • September 2013 new
    IT Security, Emerging Threats

    On behalf of the ISACA Los Angeles Chapter, I want to welcome you to the 2013 to 2014 Chapter year and hope you all had a nice restful summer break.

    The 2013 to 2014 Chapter year also marks the 45th Anniversary of the Chapter.  Our theme of the year is “Excel ISACA LA to a new level beyond the 45 years of excellence”.   

    The chapter year will kick off with a dinner meeting on September 10, 2013.  Glenn Haddox, the Director of Cybersecurity and IT Compliance at Southern California Edison, will speak.  As usual, the event will take place at the Monterey Hill restaurant in Monterey Park, CA. 

(link to PDF of 1.1 MB)

icon
  • June 2013 
    Annual General Meeting and Forum on IT Trends – Big Data and Small Devices

    At the June 11, 2013 dinner meeting and AGM we will announce new Board members and officers for the 2013-2014 chapter year.  We will also recap this year’s accomplishments and present the 2013 Founders Award. The dinner meeting starts at 5:30 PM with a panel discussion on the IT Trends – Big Data and Small Devices, moderated by Cheryl Santor, Information Security Manager of Metropolitan Water District of Southern California. The IT Audit Directors Forum will take place just before the dinner meeting from 4:00 to 5:30 pm. Janice Riblet, IT Audit Director of Southern California Edison, will moderate the session.

(link to PDF of 1MB)

icon
  • March 2013 
    IT Security and Cloud Computing

    On March 12, 2013, we are pleased to have Debbie Lew, Senior Manager, Ernst & Young, LLP, present “An Introduction of COBIT 5.0”.  COBIT is a globally accepted business framework for the governance and management of enterprise IT and COBIT 5 is the latest release

(link to PDF of 1.1 MB)

icon
  • February 2013 
    IT Security and Cloud Computing

    On February 12, 2013, Todd Barnum, of Tatum LLC, will discuss “IT Security and Cloud Computing”. Todd is a former Director at KPMG LLP and former Vice President of Information Security and Enterprise Architecture at Warner Brothers.    Please plan on taking advantage of this great educational and networking opportunity!

(link to PDF of 939KB)

icon
  • January 2013 
    Information Governance and Downstream e-Discovery

    On January 8, 2013, Shannon Smith, Director of Information Governance and General Counsel at Globanet, will be presenting the topic, "Information Governance and Downstream e-Discovery" – a discussion on the risks and challenges relating to data security, compliance and e-Discovery.  The pre-meeting CISO Forum will be meeting again in January, to be moderated by Richard Chew.   

(link to PDF of 1,070KB)

 

2012 isacala.org Newsletters (current first): 

icon
  • October 2012 new Career NightThe theme for the upcoming ISACA LA monthly dinner meeting on October 9th at Monterey Hill Restaurant will be “Career Night.” We welcome students and those who are interested in entering the security, audit or compliance fields to join us. We will provide an opportunity for attendees to obtain hands on coaching from professionals and hiring managers on resume writing and interviewing techniques.

(link to PDF of 444KB)

icon
  • September 2012 Embedded Hacking the World of Tiny
     

    Stuart will delve into the world of “embedded” and how the bad guys will take advantage of this world in the future.Stuart McClure, is the CEO/President of Cylance, Inc., an elite global security services and products company solving the world’s most difficult security problems for the most critical companies around the globe. Prior to Cylance, Stuart was EVP, Worldwide CTO and General Manager of the Management Business Unit for McAfee/Intel. In 1999, Stuart was also the original founder of Foundstone, Inc., a global consulting and products company, which was acquired by McAfee in 2004. Widely recognized for his extensive and in-depth knowledge of security, Stuart is one of the industry’s leading authorities in information security today. His first book was “Hacking Exposed: Network Security Secrets and Solutions.”

(link to PDF of 513KB)

icon
  • June 2012 IT Audit Panel

    Is your organization honoring its privacy commitments? Do you know where all of your organization’s sensitive data is stored? Is your company at risk for regulatory investigations or enforcement actions? Are you involved in helping your company manage their privacy and security risks as part of your compliance program? If you are unsure of these answers, you are not alone. Reputable companies are constantly in the news announcing a data breach or privacy concern. Consumers have raised their expectations and assume that organizations will keep their personal information private and secure. At the same time, members of Board and Audit Committees are now asking questions of their internal audit functions how they are addressing their organization’s privacy risk.

(link to PDF of 538KB)

icon
  • May 2012Operations Risk Management

    The Security and Risk Management Special Interest Group will hold a pre-meeting discussion on Operations Risk: Maturity Levels, Available inexpensive tools and how these may affect banking relative to BASEL requirements. Information security risks are subsets to operations risk. See how IT fits into Ops Risk.

(link to PDF of 430KB)

icon
  • March 2012 Soaring Through The Clouds

    Cloud services and technology are among the hottest topics in IT today. A central focus of the discussions and debates revolves around the security of the cloud solutions. ISACA recently issued “Control Objectives for Cloud Computing” to help with the understanding of the issues faced when one chooses the various cloud platforms. This presentation will provide an overview of how to approach cloud migrations from the standpoint of security, controls and contractual items for consideration.

(link to PDF of 392KB)

icon
  • February 2012 Computer Forensics Case Study:
    Victor Stanley, Inc. v. Creative Pipe, Inc.
    A First Hand Account of a Landmark Case


    Victor Stanley. Two words that are on lips of just about everyone that deals with electronic discovery and digital forensics. The internet is plastered with blogs, tweets, and presentations, all being given by people FAR removed from the actual case. In reading Judge Grimm’s Victor Stanley I and II landmark legal decisions, you will note that as a basis for many of his points he references the testimony and forensic work of one person, Andy Spruill of Guidance Software. In this session you will get to hear Andy’s firsthand account of how a small Intellectual Property theft case spawned not one, but two, landmark legal decisions in the world of digital forensics and eDiscovery.

(link to PDF of 627KB)

2011 isacala.org Newsletters (current first):   Warning — may take a few minutes to load!

icon
  • December 2011 Leveraging Governance, Risk and Compliance Technology to Enable Your Risk Management Program

    • Governance, Risk and Compliance (GRC) technology has been maturing both from a product offering perspective as well as through organizational implementations. Organizations that use technology to enable their GRC processes have the potential to reduce the cost of IT risk management, compliance and audit, streamline reporting, better manage risk, and deliver insight for better decision making.

(link to PDF of 512KB)

 

 

icon
  • November 2011 Disaster Recovery (Planning, audit, best practice) and for virtualization environment (including case studies)

    • Technology recovery in the cloud is a relatively new talked about concept. Just as with traditional DR, there isn’t a single blueprint for technology recovery in the cloud. Every company is unique in the applications it runs, and the relevance of the applications to its business and the industry it’s in. Does your cloud provider meet regulatory, Recovery Time Objectives (RTOs) requirements for your business?

(link to PDF of 443KB)

 

 

icon
  • October 2011 Career Night Panel Discussion 

    • Thomas Phelps IV, Director, PwC — Panel Moderator
    • Jennifer Terrill, Vice President of IT, True Religion Brand Jeans
    • Jenai Marinkovic, Director of Information Security, DIRECTV
    • Richard Schmidt, CISA, CISSP, Senior Vice President, IT Audit Director, Union Bank
    • Jerry Sto. Tomas, CISM, CISSP, Global Information Security Manager, Allergan

(link to PDF of 519KB)

 

 

icon
  • September 2011 Database Security, Risk & Compliance in the Cloud 
    In their research document “The Cloud Wars: $100+ billion at Stake,” Merrill Lynch predicts that this year the cloud computing market will reach $160 billion in revenue. Some say that the unprecedented hype surrounding this new paradigm stems from the disruptive departure cloud computing represents from traditional computing and operational processes. Cloud computing offers important on-demand computing benefits including pay-as-you-go and self-service where capacity is elastic and applications are deployed without regard to underlying architecture.

(link to PDF of 438KB)

 

 

icon
  • May 2011 Anatomy of Phishing 
    The past several years have witnessed a significant increase in the number and sophistication of Phishing attacks launched for financial gain. Advances in attack methodologies and techniques, and new attack vectors have led to increasingly sophisticated attacks – with more advanced scams seeming to appear almost daily. Many of the new attacks aim to lure corporate users into revealing sensitive information – information that can ultimately yield perpetrators sensitive customer data.

(link to PDF of 897KB)

 

 

icon
  • April 2011 No Dinner Meeting. Thank You For Your Support
    Our Next Dinner Meeting is Scheduled for Tuesday, May 10th. We look forward to seeing you there.
     In April, we are having our annual Spring Conference.

(link to PDF of 348KB)

 

 

icon
  • March 2011 CISO Forum
    Information Security teams have a normal course of business to ensure the digital assets of any organization. With recent regulations over information security, has the normal course of business benefited from information security responsibilities or has the workload increased where it is difficult to comply? As information security managers, what regulations affect your organization? Is management in tune with your processes or do they expect more from information security than what regulation mandates? We invite you to come to listen and ask questions to the Information Security Managers in this panel discussion as to what effect has occurred in their areas and what they foresee with SOX, HIPAA, California Privacy Laws, etc.

(link to PDF of 879KB)

icon
  • January 2011Control and Security of Web Applications
    January’s Dinner topic helped teach auditors and security officers how to audit and control web applications. It focused on introduction to web applications, then covered:

    • Types of Web applications
    • Auditing Web applications
    • Authentication
    • Encryption
    • Security
    • New Technology

(link to PDF of 743KB)


2010 isacala.org Newsletters (current first):   
Warning — may take a few minutes to load! 
  • December 2010Conducting Risk Assessments – Linking ERA with IT
    As Audit Committees, Board members, and executive management demand greater insight into how risk is managed throughout their organization, internal audit functions are expected to take a broader view on an organization’s risk profile. Performing an effective risk assessment will facilitate the ability to identify where risks are, the significance of these risks and whether they should be considered for inclusion in the annual audit plan. (link to PDF of 528KB)
  • November 2010 Proactively Manage Risk In A SAP Environment
    Are you missing SAP high risk areas in your audit plan? Is it too late to minimize your risk before the next SAP project or major upgrade goes live? In our next ISACA meeting, discover how you can help your company mitigate SAP compliance risks. You will learn how to better identify and focus your audit plan on high risk areas and how to proactively manage risk in an SAP environment. (link to PDF of 294KB)
  • October 2010 Career Night
    Would you like to improve your resume and learn what questions to ask in an interview? Would you like to network with senior executives from Fortune 1000 companies? Are you interested in getting a job at leading companies who may be hiring right now? This meeting will be an interactive discussion covering topics of interest to the audience (please bring your questions!). (link to PDF of 568KB)
  • September 2010 Cloud Computing and Security
    Cloud computing services provide dynamically scalable and often virtualized resources as a service over the Internet on an as-needed basis. Users do not have to know how the services and resources work, nor do cloud customer organizations have to set up and control technology infrastructures needed to support cloud services. Although cloud computing offers substantial cost savings, improved computing and network performance, and other advantages, cloud computing also introduces a plethora of security-related risks, many of which are serious and also presently not well-understood.(link to PDF of 584KB)
  • June 2010 IT Audit Rountable Panel Discussion and Annual General Meeting
    IT Audit Directors’ from the Los Angeles area’s most prominent companies will discuss emerging trends in internal audit and leading practices that have been influential to their success. We invite you to come to listen and ask questions to the IT Audit Directors’ in this panel discussion as to what effect has occurred in their areas and what they foresee in IT Audit.(link to PDF of 888KB)
  • May 2010 Myths and Realities of Data Security and Compliance: The Risk-based Data Protection Solution 
    This month’s session will review data protection methods that enable organizations to achieve the right balance between cost, performance, usability, compliance demands, and real-world security needs. This session will also guide you through a process for developing, deploying, and managing a risk-adjusted data security plan.(link to PDF of 450KB)
  • April 2010 No Dinner Meeting. Thank You For Your Support
    Our Next Dinner Meeting is Scheduled for Tuesday, May 11th. We look forward to seeing you there.(link to PDF of 829KB)
  • March 2010 Preventing Data Breaches in Privileged Accounts Using Access Control
    It is critical that organizations are proactive in their approach to mitigating insider threats. Week-after week there are disturbing, déjà vu-like stories of significant data breaches, arrests connected to insider attacks, or investigation reports emphasizing the necessity to control privileged accounts that hold highly sensitive data. This presentation explores insider attacks/threats, intentional, accidental misuse of privileges and the risks involved across every enterprise. Lastly, it will recommend sound, cost-saving solutions to prevent a disaster from happening to a company’s financial assets and reputation using access control. (link to PDF of 338KB)
  • February 2010 The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks
    The purpose of the presentation is to demonstrate how application threat modeling can be used as part of a nouveau age form of security risk mitigation and overall application security. Data flow diagrams and application walkthroughs will enable audience members to witness how application threat modeling is an evolved form of security process engineering for improved application design and overall application security. The presentation will also demonstrate how threat modeling is capable of delivering critical business functions as well as in mitigating current and future cyber attacks, such as distributed denial of service, botnet driven-malware, spear phishing techniques, and more attacks that ultimately lead to identity and credit card fraud. (link to PDF of 374KB)
  • January 2010 Finding the Needle in the Haystack – Using Computer Forensics In Your Investigation
    Today we are faced with the increasing burden of sifting through electronic evidence that could be relevant to our investigations. We will speak about how to identify and preserve digital evidence. What type of story can we tell from data that has been deleted from a computer? It is common for us to bypass simple clues that may reside on computers that can aid us in our investigation interviews. Strategies will be discussed on how in the field triage of computers can aid investigators in their interviews. How to use metadata from various documents and what story they can tell us. (link to PDF of 441KB)

2009 isacala.org Newsletters (current first):   Warning — may take a few minutes to load!

  • December 2009 Trends in IT Risk Management and Governance, Risk & Compliance (GRC) Technology Enablement
    Come join us at our joint meeting with IIA on December 8, 2009. We will have a complimentary Pre-Meeting on an Introduction to CobiT. Our dinner meeting will be on Trends in IT Risk Management and Governance, Risk & Compliance (GRC) Technology Enablement. (link to PDF of 435KB)

 

 

  • November 2009 Addressing Compliance and Audit in Virtualization Environments
    Virtualization has become an increasingly mainstream solution to reduce cost through consolidation of hardware while bringing efficient application delivery environment, more business continuity and automation to organizations. While virtualization makes it easier than ever to create new servers and other infrastructure components, it also makes it easier than ever for people to introduce risk into the enterprise. This session will explain the benefits of virtualization, identify the top challenges enterprises face when it comes to deploying, managing and auditing the virtual infrastructure and outline the latest best practices to control and audit changes in the virtual infrastructure. (link to PDF of 553KB)
  • October 2009 Career Night
    Would you like to improve your resume and learn what questions to ask in an interview? Would you like to network with senior executives from Fortune 1000 companies? Are you interested in getting a job at leading companies who may be hiring right now? This meeting will be an interactive discussion covering topics of interest to the audience (please bring your questions!). (link to PDF of 568KB)

 

 

  • September 2009 Cyber Crime Law & Investigations
    Cyber crime is a global issue of growing importance. Types of cyber crime are increasing, including computer-based fraud, theft of trade secrets, network attacks, online identity theft, and credit card fraud. Cyber criminals have become better organized, and more technically sophisticated. To combat cyber crime requires understanding current laws and investigative techniques. Coordination between auditors, law enforcement and the legal profession is critical to the success of cyber crime investigations. A panel representing audit, legal, law enforcement and e-discovery will discuss issues, approaches, and recommendations for addressing this important area.(link to PDF of 1284KB)
  • June 2009 The Evolution of Controls for Compliance – Controls Automation and Monitoring
    Come join us for our CobiT User Pre-Meeting with the topic “COBIT as an Organizational Framework in Technology Risk Management”. Stay for our Annual General Meeting and our guest Speaker Robert Liu on the topic of “Evolution of Controls for Compliance”. We are just about a month away from celebrating our 40th Anniversary. We look forward to seeing you there.(link to PDF of 583KB)

 

  • May 2009 CISO Roundtable Panel Discussion
    Information Security teams have a normal course of business to ensure the digital assets of any organization. With recent regulations over information security, has the normal course of business benefited from information security responsibilities or has the workload increased where it is difficult to comply? As information security managers, what regulations affect your organization? Is management in tune with your processes or do they expect more from information security than what regulation mandates? We invite you to come to listen and ask questions to the Information Security Managers in this panel discussion as to what effect has occurred in their areas and what they foresee with SOX, HIPAA, California Privacy Laws, etc. We look forward to seeing you there.(link to PDF of 533KB)
  • April 2009 Governance Program with Balanced Approach to Business Performance and Risk Management
    These turbulent times call for IT executives to take bold,yet sensible actions to drive value. A thoughtful governance program with balanced approach to business performance and risk management mayenable IT executives to achieve tactful improvements without damaging service levels, or harming critical development programs. IT Governance, Risk and Compliance is the key to achieving this balance. We look forward to seeing you there.(link to PDF of 519KB)
  • March 2009 No Dinner Meeting. Thank You For Your Support
    Our Next Dinner Meeting is Scheduled for Tuesday, April 14th. We look forward to seeing you there.(link to PDF of 2683KB)
  • February 2009 Effective Strategies for Conducting eDiscovery
    Electronic discovery (also called eDiscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. In the process of electronic discovery, data of all file types can serve as evidence. Electronic discovery and litigation concerns are serious responsibilities for IT staff members. Learn how to tackle them appropriately with this presentation. (link to PDF 971KB)
  • January 2009 Data Privacy & Automation of Compliance 
    Many compliance regulations have the objective of protecting private data. But how can organizations effectively navigate compliance objectives and most effectively reduce risk? This presentation will explore how to assess compliance regulations and map these regulations against organizational risk, how to employ automation to address issues most effectively, and how to truly reduce risk rather than adhere to compliance for the sake of compliance. (link to PDF 623KB)

2008 isacala.org Newsletters (current first):   Warning — may take a few minutes to load!

  • December 2008 IT Implications of IFRS
    On 27 August 2008, the SEC approved for release its proposed Roadmap for the mandatory adoption of IFRS by US public companies. IFRS is the single most important initiative in the financial reporting world. Its impact stretches far beyond accounting to affect every key business decision, not just how it is reported. Access to up-to-date knowledge, insights and timely advice is essential. As IFRS becomes the financial reporting language in many more countries, consistent interpretation and application becomes ever more vital. The Ernst & Young IFRS Champions (Cheryl Moersen and Andy Sale) will provide an overview on IFRS and how it impacts your organization focusing on the IT implications, discuss the SEC Roadmap for adoption, and explore the cost of compliance. Additionally, Clive Waugh will be our pre-meeting guest speaker on our CobiT Case Study. (link to PDF 609KB)
  • November 2008 Creating an ROI for IT Compliance
    This month’s guest speaker Steven Helwig will take alook at IT GRC spending trends over the past 5 years (based largely on AMR’s research). The discussion will include what is “Integrated IT GRC” and how can companies move towards a more “integrated GRC” approach rather than a silo-ed approach to SOX, GLBA, HIPAA, Basel II etc. (link to PDF 615KB)
  • October 2008 Meeting Topic: Career Panel Discussion – The Effects of a Slow Economy
    This month the Los Angeles ISACA Chapter is holding a panel discussion on “The Effects of a Slow Economy.” It will be an interactive discussion covering how a slow economy changes things, such as hiring practices, promotions, transfers, compensation, etc.. The panelist include VP & General Auditor, SVP & CIO, VP Human Resources, and Director of a Big 4 Public Accounting Firm. The panelist will talk about how they moved up the career ladder (how long at each level, strategies they used, helpful hints, things they would caution against, etc.) and answer questions from the attendees about advancing careers, quality of life / work considerations and whatever other career related topics and issues the audience wants to discuss.(link to PDF 728KB)
  • September 2008 Meeting Topic: Data Leakage Protection
    These days, it seems like there is one news report after another on data security breaches at your retailer, hospital, university and other businesses. In response, consumers are demanding more protection from data leakage risks and, in some cases, filing lawsuits. Regulators and other organizations have stepped up their focus on enforcing compliance with data privacy regulations such as the Payment Card Industry (PCI) Data Security Standard, HIPAA, GLBA, EU Data Directive, and state privacy laws among others. This session will discuss the impact on data breaches, data protection strategies, and five elements to a successful data protection program. (link to PDF of 675K)
  • June 2008 Meeting Topic: Identity & Access Management Governance & Oversight
    The objectives of the session are to explain the importance of establishing a formal governance and oversight model for an organization’s Identity and Access Management (IAM) environment. The presentation will cover the key areas to address and the activities necessary to establish a formal Governance model to effectively maintain and operate the IAM environment over time.(link to PDF of 593KB)
  • May 2008 No Dinner Meeting. Thank You For Your Support
    Our Next Dinner Meeting is Scheduled for Tuesday, June 10th. We look forward to seeing you there.(link to PDF of 484KB)
  • April 2008 Meeting Topic: Building an Enterprise Security Program
    Security has moved from an IT function to an enterprise initiative. Security is a tops-down strategic business issue and requires executive involvement and endorsement. This discussion will provide both strategic and tactical advice for both well establish security programs and organization just starting a formal security program. Steve will discuss what frameworks to use, the assessment process, risk prioritization and mediation estimates. Steve will also discuss how to save cost by governance over what is built and how to maintain security. (link to PDF 620KB)
  • March 2008 Meeting Topic: CISO Roundtable Panel Discussion
    This month’s CISO Roundtable Panelists include CISOs James Tu, CB Richard Ellis, Boulton Fernando, IndyMac, Bently Au, Toyota Motor, and Bob Justus, Union Bank of California. Ryan Harper, Senior Manager, KPMG, will be the moderator. Have the recent regulations concerning information security benefited businesses from defining information security responsibilities, or has the workload increased where it is difficult to comply? As Chief Information Security Officers, what regulations affect your organization? Is management in tune with your processes or do they expect more from information security than what regulation mandates? The panel will discuss how they have been affected and what has occurred in their areas, and what they foresee with SOX, HIPAA, California Privacy Laws, etc. (link to PDF 881KB)
  • February 2008 Meeting Topic: Web Security
    This month’s guest speaker is Paul Castillo, 1st Vice President, Countrywide Bank. This dinner meeting discussion will walk participants through current exposures when dealing with the web in the office, home and while on a mobile device. It will touch on significant and new exposures and how to protect against them. Some new technologies and devices will be discussed and of course open discussion always welcome. (link to PDF 655KB)
  • January 2008 Meeting Topic: Outsourcing Risk
    This month’s guest speakers are Matt Alderman, CTO, ControlPath and Isabelle Theisen, CSO, First Advantage Corporation. Risk that is inherited from third-party service providers is becoming a top concern for many IT audit professionals and security professionals. As many corporations are driven to outsourcing or off-shoring due to marketplace and internal pressures to reduce costs, service providers add a new level of risk to organizations. This presentation will address the kinds of risks that are created from third- party relationships, and the methodologies used to assess and mitigate these risks. (link to PDF 286KB)

2007 isacala.org Newsletters (current first):   Warning — may take a few minutes to load!

  • December 2007 Meeting Topic: Continuous Controls Monitoring – The Holy Grail of Maintaining Compliance?
    This month’s guest speaker is Mike Artner, Senior Manager, Ernst & Young LLP. Organizations today are feeling increased pressure to reduce the costs of compliance and yet want early warning if something is not right. Continuous Controls Monitoring (CCM) solutions are being touted as a way for organizations to reduce their compliance costs, automate controls, automate control assessments, improve the quality of controls and drive value to the business. This presentation will share with you if CCM can live up to that expectation, what the pitfalls may be, and share some lessons learned. (link to PDF 331KB)
  • November 2007 Meeting Topic: Intellectual Property Technical Hacking
    This month’s guest speakers are Regina (Reggie) Canale-Miles, Special Agent, F.B.I., Richard Jones, CEO, Management 2000, and Mark Alcock, Sr. Computer Forensic Examiner, Management 2000. The team will discuss FBI efforts to mitigate Cyber Terrorism concerns both nationally and within the central and southern regions of California. Additionally, the team will describe current activities to formally integrate intelligence and analysis-based efforts between the private sector, FBI, LA Sheriff’s Department, LA Police Department and the U.S. Secret Service. You will have the opportunity to learn the appropriate response when facing such potentially devastating events as the theft of corporate intellectual property or the unauthorized access to trade secrets. (link to PDF 800KB)
  • October 2007 Meeting Topic: Career Strategies for professionals in IT governance, risk management, security, compliance and assurance
    This month the Los Angeles ISACA Chapter is holding a panel discussion on successful career building strategies. Five Industry professionals (CIO, VPs and Senior Manager Internal / IT Audit, Director Public Accounting) will talk about how they moved up the career ladder (how long at each level, strategies they used, helpful hints, things they would caution against, etc.) and answer questions from the attendees about advancing careers, quality of life / work considerations and whatever other career related topics and issues the audience wants to discuss. (link to PDF 458KB)
  • September 2007 Meeting Topic: Forensic Analysis & Investigations: The changing landscape of computer forensics and electronic discovery
    This month’s guest speakers Dyan A. Decker – Partner, Technology Audit Services, PricewaterhouseCoopers LLP & Beth Hannemann – Manager, Technology Audit Services, PricewaterhouseCoopers LLP present the ways in which corporations and their employees create and retain documents electronically today is drastically different than it was even 5 years ago. The fields of computer forensics and electronic discovery are constantly evolving to keep in pace with these changes. (link to PDF 804KB)
  • June 2007 Meeting Topic: Anti-Fraud Programs: Tools and Techniques that work
    June is our Annual General Meeting. This month’s guest speakers Noel Haskins-Hafer – Manager, Audit & Enterprise Risk Services Deloitte & Touche LLP present fraud prevention and detection tools and techniques that have worked for Deloitte clients, and give you some new ideas for ferreting fraud from your organization. Kenny Lee, CobiT User Group Chair, will present and facilitate a discussion regarding the differences between 4.0 and 4.1 at the pre-meeting. He will also review the new CobiT publications available. (link to PDF 544KB)
  • May 2007 Meeting Topic: Case Studies in Implementing & Sustaining Continuous Controls Monitoring Programs Across Diverse IT Environments
    This month’s guest speakers Jeff Skelly from Approva will discuss an overview of approaches that can be used to automate controls monitoring. Using a case study approach, you will learn how companies have implemented continuous auditing programs to reduce their cost of compliance, streamline audit preparation and realize substantial business benefits in the process.
    (link to PDF of 399KB)
  • April 2007 No Dinner Meeting. Thank You For Your Support
    Our Next Dinner Meeting is Scheduled for Tuesday, May 8th. We look forward to seeing you there.(link to PDF of 213KB)
  • March 2007 Meeting Topic: Converge, or Not to Converge? The Evolution of Security Governance 
    This month’s guest speakers Art Poghosyan, CISSP, ISSAP, GCFW, GSEC –
    Manager and Tushar Padhiar, CISA, CISM – Senior Manager, Technology & Security Risk Services (TSRS) – Ernst and Young LLP will discuss a practical approach for evaluating appropriateness of security convergence for an organization. (link to PDF of 332KB)
  • February 2007 Meeting Topic: The Potential Impact of Auditing Standard 5 (AS5)
    This month’s guest speaker Debbie Newman, CISA, Senior Manager, PricewaterhouseCoopers LLP will discuss the proposed standard (AS-5) and preliminary reaction to the guidance by audit firms and public companies.
    (link to PDF of 264KB)
  • January 2007 Meeting Topic: Assessment and Audit of the Program/Project Management Office (PMO)
    This month’s guest speaker Mike Beard, PMP, Managing Partner, Value Based Project Management LLC will discuss critical assessment and auditing areas of the PMO and their alignment to project, portfolio, and enterprise success.
    (link to PDF of 377KB)

2006 isacala.org Newsletters (current first):   Warning — may take a few minutes to load!

  • December 2006 Meeting Topic: Recent Trends in Cybercrimes and Related Disruption and Disaster Responses
    This month’s guest speaker Kenneth G. McGuire, Special Agent, Cyber Crime Squad, Federal Bureau of Investigation – Los Angeles Field Office 
    will discuss recent trends in cyber crime and related disruption and disaster responses. (link to PDF of 298KB)
  • November 2006 Meeting Topic: Career Strategies for Experienced IT Audit & Security 
    This month’s the Los Angeles Chapter will hold a panel discussion on successful career building strategies. Come share and learn ideas for successful hiring of IT Audit and Security Professionals, building your current career, and moving into new competencies available to those with IT control knowledge and experience. Panel members will represent industries such as: public accounting firms, public utility companies, finance and banking, and government agencies. (link to PDF of 201KB)
  • October 2006 Meeting Topic: Foundational Controls: What controls really improve IT Operations, Security and Audit?
    This month’s guest speakers Gene Kim, Chief Technology Officer and Michael Reznick, Senior Systems Engineer at Tripwire, Inc. presents how the existence of foundational IT controls provides organizations with a way to focus on controls to improve their performance.
     (link to PDF of 415KB)
  • September 2006 Meeting Topic: Compliance Optimization Process
    This month’s guest speakers Matt Alderman, Chief Technology Officer and Kathleen Lim, Compliance Sales Engineer at ControlPath presents a session that will provide a practical approach toward automating the compliance process. (link to PDF of 501KB)
  • June 13, 2006 Meeting Topic: Conducting an IT Governance Assessment 
    This month’s guest speakers Ed Chavannes – Senior Manager and Debbie Lew – Manager, Ernst & Young LLP presents information on how to conduct an assessment of an IT governance program. Included in the presentation will be a Capability Maturity Model (CMM) based diagnostic tool (COBIT4) which will assist in assessing the “risk management” focus area of IT governance.
    (link to PDF of 1.16MB)
  • March 14, 2006 Meeting Topic: FFIEC Challenge – A Call for Reliable Authentication
    This month’s guest speaker Jonathan Moore, Senior Manager, KPMG LLP presents a discussion on 
    The FFIEC Challenge. In October 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance on risk management controls to authenticate the identity of customers accessing Internet-based financial services. The guidance was issued to provide financial institutions direction in complying with provisions of the Gramm-Leach-Bliley Act and the USA PATRIOT Act, and replaces guidance issued in 2001.(link to PDF of 1.35MB)

2005 isacala.org Newsletters (current first):   Warning — may take a few minutes to load! 

  • December 13, 2005 Meeting Topic: Hacking Live: An Introductory Demonstration to Hacker Tools and Techniques
    This month’s guest speaker Dan Henage, CISSP, MCSE, CCNA, SCJP, Linux+, Grant Thornton LLP presents an introductory course that will focus on providing you with a hacker’s view into your IT systems. The presentation utilizes live systems to demonstrate several of the most popular hacking tools and techniques, including port scanners, wireless network security tools, web application hacking, and more. (link to PDF of 1.37MB)
  • September 14, 2005 Meeting Topic: The Impact of Security Breach Notication Laws on Information Security Policies
    This month’s guest speaker Brian Craig, Cybertrust Corporate Counsel, will provide an overview of the security breach legal notification requirements and how they are impacting (and how they will impact) organizations’ information security policies. This presentation will also examine how security policies and oversight responsibilities should be modified to address the evolving legal breach notification requirements.(link to PDF of 1.03MB)
  • June 14, 2005 Meeting Topic: Hardening Web Application Code
    This month’s guest speaker Mike Villegas, CISA, CISSP, Manager – Technology Risk Services at Wells Fargo, will describe the risks associated with unsecure code, what to look for, some tools in the market place used for secure code reviews, suggested training for developers and recourse in the event of security incidents occurring due to unsecure code written by outside contractors or outsourced to development firms.(link to PDF of 2.29MB)
  • March 9, 2005 Meeting Topic: Integrated Auditing, XBRL, and Enterprise Risk Management – Integrated Framework
    This month’s newsletter featured the ISACA-IIA Joint meeting featuring Glen L. Grey of California State University at Northridge, David McKenzie and Lyn Takemura of Wells Fargo, and Gerald C. Riss of Metropolitian Water District of Southern California. Also featured is ISACA LA’s announcement of the 2004 K Wesley Snipes Award, ASIS/ISACA/ISSA Alliance, Spring Conference, and CISA/CISM Review Courses. (link to PDF of 1.2MB)

2004 isacala.org Newsletters (current first):   Warning — may take a few minutes to load! 

  • December 7, 2004 LA Chapter’s 35th Anniversary Reception
    This month’s newsletter featured an article by Dr. Gray, Professor in Accounting & IS Department at California State University at Northridge, entitled Upcoming XBRL Filings with the SEC. What is XBRL? Read the article and find out
    learn how this XML standard could impact your company. (link to PDF of 1.075MB)
  • September 14, 2004 Meeting Topic: Security Future Shock
    This month’s featured speaker is Erik Laykin, Founder of OnlineSecurity. Mr. Laykin will lead a discussion on emerging technologies and geopolitical trends which will influence information security technology and it’s application in private and business lives. 

2003 isacala.org Newsletters (current first):   Warning — may take a few minutes to load! 

  • September 9, 2003 Meeting Topic: IT Risk Management From Cradle to Grave This month’s featured speaker is Richard Knapp, Director of Business Development, VIGILANTe. Mr. Knapp will present “IT Risk Management From Cradle to Grave – A Preemptive Approach to Vulnerability Assessment for Computer Networks.” 
  • June 10, 2003 Meeting Topic: Identity Theft
    Thomas Peltier, President, Peltier & Associates, will explain why you need to take precautions to protect yourself from identity theft, what steps you can take to make your identity more secure, and what to do if you become a victim.  
  • May 13, 2003 Meeting Topic: Web Application Security
    Mr. Pettit will discuss the importance of testing the security of
    applications at every stage of the application lifecycle, starting with
    development, rather than waiting until the costliest stage – deployment.
    Sanctum will also discuss methods developers and QA departments can use to develop secure web applications from the start – saving their companies
    time and money.
     
  • April 9,2003   Meeting topic on “Control Self-Assessment: Another Perspective” by Fred Stevens and Michelle Gayigan, Kaiser Permanente.(526KB) 
  • March,2003   Meeting topic on “Understanding Statutes and Regulatory Requirements Understanding the Prosecution (LA County High Tech Crimes Unit) Perspective Understanding the Consulting Perspective” 


  • February,2003   Meeting topic on “Microsoft’s Secure Connected Infrastructure” by Chris Johnston, Senior Technology Specialist.Microsoft will provide an overview of security initiatives within the company to improve the security of the Windows server environment and Office Suite of productivity applications(189KB) 
  • January, 2003   Meeting topic on “Risk Assessment and Risk Management
    ” by Alan B. Phillips-Partner of Business Risk Services (BRS) & 
    Troy Snyder Partner of Technology Security Risk Services (TSRS) (189KB). 


2002 isacala.org Newsletters (current first):   Warning — may take a few minutes to load!

  • October 8,2002   Meeting topic on “Forensics” by Cheryl Santor of Bay View Capital and a product review on “Using EnCase in Computer Forensics” by Bob Sheldon, Guidance Software(190KB). 
  • September 10, 2002   Pre-Meeting topic on “Identity Management” by Jeff Kovach of PricewaterhouseCoopers and the main Dinner Meeting topic on “Securing the Virtual Enterprise Network” by Gerry Gebel of the Burton Group(189KB). 
  • June 11, 2002   Dinner Meeting on “Windows 2000 & Active Directory Security Best Practices and Using Tools to Help Audit” by Taha Raja, Senior Systems Engineer at Bindview Corporation. (279KB). 
  • May 14, 2002   Dinner Meeting on “Cisco Router Security” by Martin Mazor, Network Security Engineer at Fluor Corporation, and Dr. Woody Weaver, Security Practice Lead at Callisma. (265KB). 
  • April 9, 2002   Dinner Meeting on “Web Governance” by Patricia Benoit, Web Governance Program Manager at Southern California Edison. (187KB). 
  • March 21, 2002   Joint Meeting with IIA-LA: Pre-Meeting on “Audit Directors’ Roundtable” and Lunch Meeting on “IT Governance: An Important Topic for Board of Directors, Management and Auditors” by Robert Roussey, Professor of Accounting at USC and ISACA International President. (211KB). 
  • February, 2002:  Tuesday, February12, “Digital Defense – In-Depth” by William Tang, Founder & Lead Consultant, Digital Defender. 
  • January, 2002: TWO Joint Meetings! On Wednesday, January 9, ISACA & IIALos Angeles will have a LUNCH Meeting on “Control & Security of E-Commerce” by Chris Schroeder, Canaudit, Inc. Lunch is free if you attend the all-day seminar (see flyer that follows). Then on Wednesday, January 16, ISACA & IIA San Fernando Valley will have a DINNER Meeting on “Update: Privacy vs. Security” by Miguel (Mike) Villegas & John Van Borssum, iSecurePrivacy, Inc. (172KB)

Leave a Reply