May 2013 - 3rd Annual ISACA Kettle Moraine Spring Symposium

Topics and Speakers

Introduction and Welcome
Presenter(s): Matt Johnson - ISACA Kettle Moraine Chapter President
Time: 8:00 AM to 8:30 AM

Recap the previous year for the chapter, perform annual general meeting business, and announce election winners.

Session 1: Better Auditable Application Security
Presenter(s): Rick Janezic - Vice President, TBG Security
Time: 8:30 AM to 10:00 AM

Session 2: Megatrend: Intellectual Property Theft – The China Equation (45 minutes) and
A Spy’s Guide to the Kennedy Assassination (45 minutes)
Presenter(s): Edward "Bruce" Held - Director Office of Intelligence and Counterintelligence (retired) and Senior Advisor, MorganFrankin
Time: 10:00 AM to 11:30 AM

Gain real life insight into the breadth and depth of China’s cyber attacks and successful exploits on Corporate America’s security networks and become familiar with how counter intelligence methods are used to strengthen security postures.

Former CIA agent, E. B. Held, uses declassified documents from the CIA and KGB to trace through some of the nation’s most notorious spying events surrounding the Kennedy assassination. His work guides modern visitors through the history of events leading up to Kennedy’s death. Held provides background material as well as modern site locations to allow Kennedy assassination enthusiasts the opportunity to explore in a whole new way the settings for this historical event.

Session 3: Corporate Espionage via Compromised Mobile Device
Presenter(s): Ted Eull - Vice President of Mobile Services, viaForensics
Time: 12:30 PM to 2:00 PM

Multiple reports from government and industry have shown a clear increase in corporate cyber espionage. Mobile phones are increasingly targeted by attackers and can be a powerful tool to gain entry to your company and exfiltrate your intellectual property or other sensitive data.

We will examine how the ability of the mobile device to operate on either side of corporate boundaries exposes the company to risk. With its extensive connectivity and extreme portability, viaForensics will demonstrate how a smartphone can be turned into the perfect espionage tool, bypassing an organization’s perimeter and desktop security solutions.

Session 4: Chaos vs. Order – Auditing an Incident Management Program
Presenter(s): Paul Rozek - Associate Director of Risk Services, Schenck SC
Time: 2:00 PM to 3:30 PM

Who really thinks about it until that “information security incident” happens at your company? When it does, will management immediately look for “someone to blame?” This low-tech session will provide insights that you can use to assess your intrusion detection and incident response programs. And because ‘practice makes perfect,’ the session will include an interactive role-playing exercise – you will work in teams, consider the pressure of dealing with a security incident, and gain knowledge of practices used in your peers’ companies.

After attending this session, participants will be able to:

  • Understand why incident management is critical in today’s business environment
  • Name the major components of an incident management program
  • Communicate common terminology relative to security events
  • Assess the four key activities associated with handling a security incident
  • Construct and lead a table-top exercise that reinforces incident management processes
  • Anticipate challenges associated with incident response teams
  • Visit Internet links to obtain guidance materials for further research

Session 5: Program Diagnostic and Turnaround - Getting Out of the Risk Ditch
Presenter(s): Andrew McCarthy and Tom Keyes, Affinity IT
Time: 3:30 PM to 5:00 PM

Are you receiving the optimal benefits from your programs? What are those benefits, and at what stage should the benefits be realized? How do you measure and report as to the value delivered?

Whether you are responsible for IT governance, risk or compliance, your organization makes significant investments in initiatives to realize specific benefits. When programs get off track they are not just jeopardizing the investment, but the delivery of the benefits that caused the program to be initially funded. Program Diagnostic is a methodology that gives organizations a transparent and independent measurement of a program’s current state and its ability to deliver the business value the program is chartered to deliver. This will enable the organization to make informed decisions on the resources, scope and actions needed to reach their desired business strategy, objectives and benefits.

This session will walk you through a Program Diagnostic approach and how it can help you evaluate all aspects of a program; from methodology and planning, to cultural and organizational alignment to ensure the variables and controls influencing the program’s delivery are right-sized and on track.

Speaker Biographies

Please follow this link to read the biographies of the speakers.