2020 January Training Session
When: January 08, 2020 - 1300-1630
Where: RTP HQ
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $25
All Others: $40
CPEs: Upto 3
Handouts: Will Be Uploaded When available
Session I Public Speaking - The 5 Step Program
Our next topic is about public speaking whether it is for informative or persuasive occasions. Teresa will provide tips and tricks regarding the preparation and delivery for speaking engagements. This is a great opportunity to enhance your comfort level when engaging in group discussions or presentations.
Speaker: Teresa McCauley, CISA, CBCP, Senior IT Risk Analyst II
Teresa works at First Citizens Bank in IT Risk Governance within the Information Security department in IT. She has 15 years of IT Audit experience and 22 years of Business Continuity/Crisis experience. She has been with First Citizens Bank since June, 1989. She is a 1981 graduate of East Carolina University with a double major in Computer Science and Mathematics. She has been a member of MoneyTalks Toastmasters since 2010 and has served in several officer roles; President, Past President, Vice President of Public Relations, Vice President of Membership.
Session II Cloud Access Security Broker (CASB)
Auditors need to investigate this technology whether their companies are using them or not and how the CASB can help support an audit program in large organizations. We will discuss use cases that would interest auditors as well as introduce them and show them the data that exists in a CASB. We will educate and have everyone go back to their organization with a better understanding of the capabilities.
Use Case 1: Shadowed IT which shows what cloud services the company is using and what are the risks with that service. While not specifically an audit tool, it eases in the decision making process of vendors and it also helps drive policy creating decisions for the company. Maybe the company policy becomes they will only use companies with a risk score of 5 or less. Business decision but at least the auditors and others know what to shoot for.
Use Case 2: From a third party risk assessment perspective you can look at the group of cloud vendors being used and look at their security posture. So maybe if a vendor is a risk score of 1 to 3 with a current SOC 2 you move on to others where you can focus your energy on the higher risk cloud companies. Again having the business driving these decisions and opening up dialogues.
Speaker: Chip Moore, CISSP-ISSMP, CCSP, CISA, CISM, CRISC - Chief Information Security Officer, North Carolina Department of Information Technology
Chip Moore, Chief Information Security Officer, State of North Carolina Department of Information Technology. Over 20 years in information security, almost 40 years of information technology experience. Numerous industry certifications. I have worked the last 15 years with the State of North Carolina. Responsible for all aspects of information security for the state’s data center. Prior to working for the state, I was the Regional Chief Information Officer for the Waste Management for over a decade.
For more information and to register for the training session, please visit the ISACA RTC website.