May 2012 - GRC Symposium

Session 1: Trust In and Value From Information Technology

Topic

In 2009, ISACA® changed its tagline to “trust in, and value from, information systems.” This presentation will examine 2012 enterprise, technology, and business trends, as well as one priority that never changes, the critical need to ensure trust in, and value from, information systems. The session will explore what organizations need to do to ensure they are getting value from their information systems and what users expect of trusted information systems. Embedded throughout the session will be a discussion on the evolution of ISACA and the Kettle Moraine Chapter, how ISACA can add value to both your career and your enterprise, and how ISACA’s certifications align with its tagline.


Speaker

Ken Vander Wal, CISA, CPA
Ken is the international president of ISACA of the IT Governance Institute® (ITGI). He is also a member of ISACA’s Strategic Advisory Council and Governance Advisory Council. He was a co-author of IT Control Objectives for Sarbanes-Oxley, 2nd Edition, published by ITGI, and chaired the development team responsible for ISACA’s publication Monitoring Internal Controls Systems and IT.

Ken was a national partner with Ernst & Young, until he retired, where he was responsible for the firm’s IT quality and risk management program. With more than 40 years of IT experience, he has understanding of multiple areas of information systems in a variety of industries, including IT auditing and assurance, systems security, quality assurance, systems development, systems programming, and project management.

Before joining Ernst & Young in 1979, Ken worked at the Pentagon, where he developed systems to support the Department of Army staff, and for a computer software company in a systems technical support role.

He received his bachelor of arts in mathematics from the University of Iowa and his MBA in Information Technology from George Washington University, Washington, DC.


Materials



Session 2: COBIT® 5 - What's New and Innovative and of Extreme Value

Topic

Building on more than 15 years of practice in the business, IT, risk, security and assurance communities, the COBIT 5 framework will deliver the basis for governing and managing enterprise IT. COBIT 5 is a “business framework for the governance and management of enterprise IT.” COBIT 5 will empower executives to make better decisions regarding their information and technology assets. COBIT 5 is a "top down" framework, which is principle-based, powered by enablers, separating governance and management, and is delivered with a powerful implementation guide to direct the practitioner in ensuring value from their IT-enabled business investments. This session will discuss the critical aspects of COBIT 5, what is available and when, and will allow time for your questions. After this session, you will:

  1. Understand the positioning of governance and management.
  2. Be able to articulate the principles and enablers that deliver the business governance of enterprise IT.
  3. Communicate the value proposition of COBIT 5.

Speaker

Robert E. Stroud, CGEIT
Robert serves as a vice president of Innovation and Strategy within the Service & Portfolio Management team at CA Technologies. Following a four-year term as an ISACA International vice president, Robert serves on the ISACA Strategic Advisory Council, is Chair of the INSIGHTS 2012 World Congress, and serves on the ISACA ISO Liaison Taskforce. He formerly served on the itSMF International Board as Treasurer and Director of Audit, Standards, and Compliance, the itSMF ISO liaisons to multiple working groups. He is a social media leader, author, blogger, and highly regarded public speaker.

Robert is dedicated to the development of industry trends, strategy, and communication of industry best practices. He acts as a strong advocate for the governance, security, risk, and assurance communities – working closely with users, industry organizations, government agencies, and IT luminaries to author, develop, and communicate standards and best practices. He is a mentor to many individuals and organizations, advising them on their implementations to ensure they drive maximum business value from their investments in IT enabled Business Governance.

An industry veteran, Robert has significant practical industry experience and is a recognized industry thought leader. He is also a global authority on governance with contributions to industry knowledge in multiple publications, including COBIT 4.0, 4.1, and COBIT 5, Guidance for Basel II and multiple ISO standards.

Robert is considered a global authority in governance management, and he has provided strong leadership with the ITIL Update Project Board, ITIL v3 Advisory Group, ITIL v3 mentor, and reviewer of the itSMF movement in the US and Internationally and has contributed to several titles on ITSM.

Robert has spent more than 15 years in the finance industry successfully managing multiple initiatives in both the IT and retail banking sectors related to security, service management, and process governance.


Materials



Session 3: Cybercrime

Topic

The 21st Century brings with it entirely new challenges in which criminal and national security threats strike from afar through computer networks with potentially devastating consequences. In the last decade, the FBI has assembled a team of hundreds of cyber experts with diverse and highly skilled information technology backgrounds. They are committed to serving the public by meeting cyber-challenges head on and imposing consequences on those who victimize American interests through the misuse of computers and networks. In this session, you will learn of trends and how the FBI is working to address cyber-based threats to local and national security.


Speaker

FBI Intelligence Analyst
An Intelligence Analyst from the Cybersquad Division of the Federal Bureau of Investigation will present on CyberSecurity. Intelligence Analysts (IAs) at the FBI are on the frontline of protecting America's national security. They piece together disparate bits of information to form integrated views on issues of national security and public safety by:

  • Utilizing language, cultural, and historical knowledge to combat international threats by working within specifically defined geographical and / or functional areas (e.g., China program, Weapons of Mass Destruction program, al-Qa'ida program, etc.).
  • Discover domestic threats by leveraging local and national intelligence databases, analyzing intelligence collected in the field offices, and developing fact-based conclusions and intelligence reports.
  • Shaping intelligence policies by maintaining extensive networks and partnering with local, national, and international contacts within the intelligence and law enforcement communities and leverage them to prepare briefings, reports, and communications for senior FBI executives and other Intelligence Community and Law Enforcement entities.

IA's address cyber threats in a coordinated manner, working with law enforcement agencies, intelligence community partners, and the private sector. This cooperation allows the FBI to stay ahead of adversaries that threaten the technological infrastructure of the United States. The Cyber Division also simultaneously supports FBI priorities across division lines when aggressive technological investigative assistance is required.


Materials

  • Due to the sensitive nature of the topic and presentation materials, we are unable to provide copies of the presentation slides.


Session 4: Identity and Access Management with a Future...Innovate or Perish

Topic

Successful Practices of Identity and Access Management. Learn about “Successful” (not-necessarily “Best”) practices to drive your Identity and Access Management program forward. This event will provide actionable steps, tips, and learnings from an IAM expert who has delivered multiple IAM projects. Along with providing general IAM knowledge, the event will highlight key areas of focus during each phase of an IAM program (i.e., pre, during, and post).

  1. Past, Present, and Future of IAM - Approaches to IAM
  2. RBAC – Rest in Peace - Role Based Access Control is not a reality anymore.
  3. IAM technology is a commodity - All major vendors can connect to systems and grant access.
  4. IAM Program Execution - Real-world, no-fluff, successful practices for running an effective IAM program.

Speaker

Ryan Ward, Avatier Chief Innovation Officer
Ryan brings over 20 years of varied IT leadership, security, networking, systems, and operations experience to Avatier as their Chief Information Security Officer and Chief Innovation Officer. This includes over 10 years of direct leadership roles in the Information Security arena alone.

Prior to Avatier, he was responsible for all Information Security initiatives at MillerCoors, including their multi-million dollar Identity and Access Management program, which focused on replacing several legacy IAM deployments with the Avatier AIMS Suite. He is an Information Security innovator who delivers technology-focused strategies and processes that lower the risk profile of organizations.


Materials



Session 5: Risk Management: What Works and What Doesn't

Topic

One of the cornerstones of effective enterprise governance, risk, and compliance is the management of risk in IT. In this session, Mark will present a practical approach to risk management, innovative methods to simplify it, and leveraging our security and compliance roots to evaluate, manage, and document a risk profile and control environment.


Speaker

Mark Chapman, CISSP, CISM, President and CEO of Chapman Technology Group, Inc.
Mark holds a Masters Degree in Computer Science from the University of Wisconsin, Milwaukee in the area of Cryptography and Data Security. He has over 19 years of experience providing information security, information technology, and risk management solutions to a wide variety of organizations from community banks to multinational institutions.

He is the president and founder of Chapman Technology Group, Inc., a Wisconsin-based information security and data analysis solution provider specializing in risk management methods and tools.


Materials