2019 June Training Session

2019 June Training Session

When: June 5, 2019, 1300-1600 EST
Where: RTP HQ
Registration: Website
Cost
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35
All Others: $50
CPEs: Upto 3
Handouts: Will Be Uploaded When available

Session I: Factor Analysis Information Risk (FAIR Methodology)

Coming Soon:

Short Description of Session I

Speaker: <Name> <Certifications> <Company>

Short Bio

Session II: SOC for Cybersecurity

Coming Soon:

Short Description of Session II

Speaker: <Name> <Certifications> <Company>

Short Bio

 For more information and to register for the training session, please visit the ISACA RTC website.

 

 

2019 May Training Session

2019 May Training Session

When: May 1, 2019 - 1300 -1600 EST
Where: RTP HQ
Registration: Website
Cost
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35
All Others: $50
CPEs: Upto 3
Handouts: Will Be Uploaded When available

Session I - Cybersecurity Risk Management and Network Security Auditing

Cybersecurity threats are becoming more prevalent and breaches are highly publicized.  Board of Directors and Audit Committees alike are continuing to ask how management is addressing this threat and how they are managing the risk of a data breach. Leveraging the NIST Cybersecurity Framework and approaches to cybersecurity risk quantification via the Factor Analysis of Information Risk (FAIR) Methodology, we have helped clients simplify the concepts of cybersecurity, show members how their organization ranks amongst their peers in relation to InfoSec maturity, and provide management targeted recommendations on how to prioritize and address gaps within their controls to ultimately mitigate risks to the company.

We will discuss this approach, and leading practices to effectively audit and assess technical network security controls, such as logging and monitoring, configuration management, and incident response.

Speaker:  Daniel Stone, CISA, CPA

Daniel is a Senior Manager within the Internal Audit and Financial Advisory (IAFA) practice focused on Technology Audit. Daniel has 6 years of experience in leading and performing IT general and application controls assessments for SOX compliance. Daniel also has significant experience with Cybersecurity Risk Assessments, primarily using the NIST Cybersecurity Framework, and audits of technical security controls including hardware and network device configuration management, encryption, vulnerability management, and identity management.

Session II - Topic: Robotic Process Automation, Process Mining and Next Generation Auditing

The objectives of "Next Gen" IA functions may be straightforward, but the means by which they achieve these objectives include a range of innovative approaches and tools, that must be tailored to specific organizations and their needs.  Process mining tools can fundamentally change the way that we analyze processes and perform audits with automation in walkthroughs, revealing process variants and complexities, and identifying areas that do not comply with intended process design.  Along with potential areas for Robotic Process Automation (RPA) within internal audits own activities, the audit function should have a role in identifying risks and providing guidance around control and design enhancements across the adoption of RPA in the business.

Speaker: Gregg Wishna, CISA

Gregg is an Associate Director in Protiviti’s Internal Audit and Financial Advisory group.  Gregg has over 13 years consulting and audit experience with Protiviti; leading projects and working closely with Senior Management on Internal Audit and Data Analytics initiatives.  In addition to Internal Audit, Gregg has led several Data Management consulting projects, with a focus on Data Governance, Business Intelligence, and Process Improvement.  In this capacity, Gregg has helped to develop strategy and new programs to enhance the overall use of organization data through new technologies and processes to produce impactful reporting and analytics capabilities for the business and internal audit.

For more information and to register for the training session, please visit the ISACA RTC website.

 

 

2019 April Training Session

2019 April Training Session

When: April 3, 2019 - 1300 PM-1600 PM
Where: RTP HQ
Registration: Website
Cost
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35
All Others: $50
CPEs: Upto 3
Handouts: Will Be Uploaded When available

Session 1: Evolving Defense - Keep Pace with New Cyber Threats

Threat Intelligence, evolving threats and emerging technology can steal a lot of the limelight and publicity within the cybersecurity field. Emphasis on the evolution of cyber defenses can be glossed over or left out, but it is equally important. This session explores new cybersecurity threats and how organizations must continually evolve their cyber defense strategies and implementations to protect their data. The presenter will elaborate on why success is dependent on effective support and engagement at all levels of the organizations - Leadership, Governance, Operations, and each and every employee. The importance of establishing an organization’s risk profile, conducting threat modeling exercises, and recurring reviews are key elements for effective cybersecurity management and technology implementation. The session will dive into each of these topics to give the audience a comprehensive perspective of what it takes to continually adapt and evolve cyber defense.

Session 2: Access AND Management Case Study

Part 1: A Deep Dive into Implementing Microsoft’s Active Directory Administrative Tier Model

Part 2: Effective Management of Understaffed Cybersecurity Teams

Microsoft Active Directory is a foundational component of nearly every organization’s technology infrastructure. Chances are when it was originally designed and built, functionality was often the main objective, leaving comprehensive security controls to be applied later. This session takes the audience through the transition and transformation needed to implement Microsoft’s Active Directory Administrative Tier Model to enforce stronger access controls organization wide. Real world examples and experiences are detailed to uncover pain points and highlight successes. The challenges associated with the extensive nature of the project and the importance of effective management along the way is emphasized to dovetail into the second part of the session.

The cybersecurity skills and workforce shortage is becoming more pronounced every day. Organizations are forced to make do with less. Cybersecurity teams often go through prolonged periods of time understaffed or under resourced. These challenges make effective and supportive management even more important to successful projects, business goals, and preventing future attrition. The second half of this session focuses on effective and creative management techniques to maintain positive morale, support employees, and accomplish organizational goals.

Jason Yakencheck, Senior Manager in IBM’s Global Business Services’ Cybersecurity and Biometrics Practice. 

Jason Yakencheck is a Senior Manager in IBM’s Global Business Services’ Cybersecurity and Biometrics Practice. Jason has extensive experience managing complex solution implementation. His strong background in project management enables clients to identify optimal approaches to increase security posture through secure architecture, workflow automation, and alignment of cybersecurity with core business processes. He's led security operations teams and guided many clients successfully through successful transformation efforts and external audits. Jason currently serves as the President of ISACA’s Greater Washington, D.C. Chapter. He is a featured writer for Govloop, an ISACA Expert Speaker, and is an active contributor to CISA and CISM review course material. Jason holds the following certifications: CISSP-ISSAP, CISA, CISM, and PMP.

For more information and to register for the training session, please visit the ISACA RTC website.

 

 

2019 March 20 Training Session - All Day

2019 March (All Day) Training Session

When: March 20, 2019 - 0800-1600 EST
Where:  RTC HQ
Registration: Website
Cost
ISACA-RTC Members - $75
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $100
All Others: $125
CPEs: Up to 8
Handouts: Will Be Uploaded When available

Adopting GRC program for digital transformation using COBIT2019

 The primary purpose of using a Governance, Risk and Compliance (GRC) system is to deliver value to stakeholders.  Implementing GRC can yield benefits realization, risk optimization and resource optimization as well as assist in the proper alignment with compliance requirements based on risk.  

 In today’s high velocity and heavily compliant environments, digital transformation is key, and while business goals should be at the center of any digital transformation effort, these initiatives will require new I&T investments.  Adopting advanced technology can be an enabler or distractor, but all have risk.  These include areas such as big data, analytics, cloud computing, APIs, artificial intelligence (AI), internet of things (IoT), and so on.  Therefore, a proven GRC framework will permit the identification of the steps that are needed to perform value delivery and effective balancing of performance and conformance. 

 There are multiple frameworks, models and standards to choose from.  A challenge for most organizations is simply understanding what all of these are, and which ones are applicable or appropriate for them.  In this insightful workshop on adopting a meaningful GRC system, we will explore the many models that are available today:  what they are, how they fit, why choose them, and most importantly, how to create an overall GRC system in your organization that can govern and manage a digital transformation initiative. 

 Objectives:

  • Understand what it means to be digital, and recognize the benefits and risks of these technologies.
  • Recognize the various frameworks in the GRC ecosystem and how they can be collectively used to align with enterprise needs in a digital transformation effort.
  • Learn tools and techniques to developing a body of assurance measures (control objectives) to ensure the proper deployment of a GRC system for the various digital technologies and deployment techniques.

Agenda:

  1. 1. Introduction
  2. Digital Transformation
    • Description
    • Trends and technologies
      • Trends (Agile, DevOps, outsourcing/3rd parties)
      • Compliance (privacy, cybersecurity, global standards)
      • Technologies (big data, analytics, cloud computing, APIs, artificial intelligence, internet of things)
    • The need for GRC in digital transformation
  3. GRC Frameworks
    • GRC description and purpose
    • The GRC ecosystem
      • Applicable frameworks, standards and bodies of knowledge
      • The GRC domains: Strategic Alignment, Benefits Realization, Risk Optimization, Resource Optimization, Performance Measurement
  1. COBIT 2019 Primer
    • Background on COBIT
    • Principles, components, governance/management objectives
    • How COBIT 2019 addresses digital transformation
      • Design factors and focus areas
      • Designing a tailored governance system for digital transformation
  1. Providing assurance in digital transformation
    • Applying GRC
    • Understanding risk
    • Key risks and suggested treatments/responses
    • Balancing performance and conformance (risk vs. reward)
  2. Putting it all together – a case study in digital transformation and GRC
  3. Closing and questions

 

Speaker: Mark Thomas CGEIT, CRISC,  IT GRC and digital transformation expert

Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT risk, IT strategy, service management and digital transformation. As a former Army officer with over 28 years of professional experience, Mark has a wide array of industry experience including government, health care, finance/banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO  standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor of the year. Mark also holds the CGEIT (Certified in the Governance of Enterprise IT) and CRISC (Certified in Risk and Information Systems Control) certifications.
 
Noted Experience:
 
Typical engagements include digital transformation governance, maturity assessments, hands‐on implementation, and consultative training and coaching in the service management, enterprise governance/risk and cybersecurity domains. Acted as interim leadership for clients with a specific focus of organizational design, operational processes, risk, cybersecurity and governance models including ITIL, COBIT, NIST and TOGAF.  Provided training services for major training firms and consulting clients in several disciplines including Business Analysis, ITIL, COBIT, MOF, ISO, NIST Cybersecurity and IT strategy areas.

For more information and to register for the training session, please visit the ISACA RTC website.

 

 

2019 March 13 Training Session

2019 March Training Session

When:  March 13, 2019 - 1300-1600 EST
Where: RTP HQ
Registration: Website
Cost
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35
All Others: $50
CPEs: Upto 3
Handouts: Will Be Uploaded When available

Session I

Are you struggling on how to conduct a Business Continuity / Disaster Recovery Audit?  Do you need to learn how to improve your current auditing capabilities?  Come learn how the MetLife Global Resiliency (GR) and MetLife Internal Audit (IA) Teams have collaborated to ensure IA is reviewing GR Business Continuity and Disaster Recovery plans for design, completeness, and overall adequacy according to the GR Framework and Policy & Standards.

Please join us as we welcome Margaret Millett (Global Resiliency) and Stacy Thomas (Internal Audit) from MetLife in Cary, NC.

Margaret Millett, MSc Business Continuity, MBCP, MBCI

Assistant Vice President

MetLife, Raleigh, North Carolina

Margaret Millett is an Assistant Vice President at MetLife responsible for their Global Resiliency Program.  She has been actively involved in the business continuity field since 1993 and worked for financial services companies in Boston, Massachusetts and Dublin, Ireland. She spent six years working for eBay in California prior to moving to North Carolina in 2014. Margaret has held board levels positions with business continuity organizations, written publications and spoken at business continuity management conferences in North America, Europe, Asia and the Middle East.

In 2011, Margaret was awarded a Master of Science in Business Continuity from Norwich University in Northfield, Vermont with honors. She has been certified as a Member of the Business Continuity Institute (MBCI) and a Master Business Continuity Professional (MBCP).

Affiliations include: The Business Continuity Institute (BCI), Continuity Insights (CI) Editorial Advisory Board, Business Continuity Professionals of the Carolinas (BCPC), DRI International and a member of the US Technical Advisory Group to ISO Technical Committee 292.

In 2015, Margaret was named the head of the Eastern North Carolina Alzheimer’s Association Board of Directors.

In 2018, she was nominated for a global award within her profession by The Business Continuity Institute (BCI).

 

Stacy J. Thomas, CISA, CIA, CISSP, CIPP-US, CIRM

Information Risk Management Geek

IT Audit Director, MetLife

Stacy is an IT Audit Director focusing on cybersecurity, business continuity/disaster recovery, privacy, data protection, and technical reviews for MetLife.  Her 20+ year career in financial services includes information security, privacy, and IT Audit. 

 As Information Security Officer, she developed and implemented a comprehensive risk-based information security program while managing the balance between organizational needs and information security requirements.  Her responsibilities included oversight of the Business Continuity recovery program, which included performing quantitative and qualitative risk assessment to identify critical areas and processes.

 While Privacy Officer, she designed and implemented a system to capture regulations and the associated inherent risk, business unit residual risk, testing/monitoring, and issue tracking.  She also developed a method to provide a remediation cost profile to compare an incident cost against the cost of preventing occurrences.  This cost profile led to reimbursement from vendors for data loss incidents.  She also led the development and implementation of the Identity Theft Red Flags program resulting in a comprehensive and proactive approach to the requirements.

During her audit role, she used her analytical skills to uncover the single, largest embezzlement in company history - $2 million.  She was instrumental in developing a repeatable process to identify, document, and test key IT controls over financial reporting.

Stacy’s unique perspective and experience allows her to communicate technology risks and concepts clearly and convincingly to business leaders and stakeholders.

For more information and to register for the training session, please visit the ISACA RTC website.