If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2009 November - IT Audit-Current Trends/Securing Large Enterprise Databases

Cost: Members – Free (must use RTC logon) / Affiliates - $25 (must select affiliation organization) / Non-Member/Non-Affiliate - $40

Topic: Securing Large Enterprise Databases

Time: 1 - 3 PM

Emergence of the borderless enterprise with worldwide mobile workforce, applications and data hosted outside the traditional enterprise boundaries (SaaS, Cloud), creates unique security and audit challenges for large enterprises. Network boundary controls are no longer effective. In addition, regulatory compliance needs (SOX, PCI, HIPAA, etc.,) are driving stronger internal security requirements. This shift creates a lot more reliance on the "Data Centric Security".

In this presentation, speakers will share their first-hand experiences on how they designed and implemented database security controls to help business satisfy the regulatory and internal security requirements, balancing it with the operational efficiencies.  Presenters will share with the audience various case studies, including data-breach risks, customer privacy concerns, challenges faced and lessons learned over the last 8-10 years on building database security practices within Cisco IT.

Speakers: Vinay Bansal and Srini Kolathur

Vinay K. Bansal (CISSP, CISA, GIAC) works as a Senior Information Security Architect in Cisco System's Corporate Security Programs Office. He is the global technical lead for Cisco's "Web and Application Security Architecture Team" that focuses on doing architectural assessments and improving security of Cisco's IT Web Applications, databases and mobile services. Most recently he presented in iFront Conference in Belgrade.

Srini Kolathur (MBA, CISSP, CISA, and CISM) works as a project manager at Cisco System's Application Technology Services group. Srini has several years of experience in compliance, privacy, security, audit and risk management. Srini's major focus is in the database and ERP applications implementation, support and administration. Srini is passionate about building and managing best practices by connecting technology community.

Topic:  IT Audit – Current Trends

Time: 3 - 4 PM

Historically, the IT Assurance professions (IT Audit, Compliance, Security, Risk Management, and Governance) have provided most practitioners with a high degree of career stability and mobility.  The current economy has everyone asking questions about the future.  How long will it take to recover from the recession?  What can I do to help ensure continued career stability and growth?  It was hard to imagine that the SOX “boom” would be followed by the biggest economic slump most of us have endured in our professional careers.  So where does that leave us now? 




Sarbanes-Oxley fueled the growth of the IT Assurance world, and brought the heightened attention of Executive Management (C-Suite), Audit Committees, and IT Management.  This has created opportunities for the profession to become more dynamic…but also more demanding.  Due to subsequent staff and budget cutbacks, everyone is feeling the pressure to accomplish more with the same or fewer resources.  The bottom line is that because visibility is higher, the stakes are higher.  To react and adjust to new expectations, you must be proactive about your own professional development. 


This Q&A session will address the current forces affecting IT Assurance careers; provide participants with insight into specific actions to take (and avoid) to ensure continued visibility and impact; discuss the technical, business, and communication skills in highest demand by IT Assurance departments; and provide practical takeaways about how to navigate your career successfully through any economy.


Speaker: Derek Duval


Derek Duval is the President of Duval Search Associates, a search firm specializing in career guidance and placement for IT Audit & Assurance professionals.  He has 15 years of experience working closely with client companies in nearly every industry, from Fortune 500 to start-ups, and keeps his finger on the pulse of what today’s IT Assurance leaders look for when hiring new team members.  Derek has presented at dozens of ISACA conferences and seminars on career trends and issues, providing relevant insight about how to position oneself for success amidst the dynamic changes in the world of IT Assurance.  Derek earned a Master's Degree in Communication from the University of North Carolina at Chapel Hill.  He also holds the CPC (Certified Personnel Consultant) Certification, the premiere designation for the recruiting industry. 


Location: RTI Dreyfuss Auditorium

Cornwallis Rd to East Institute Drive, go past security gate, turn right into parking lot, white building, through lobby to courtyard and Auditorium.

CPEs: 3 (for both sessions combined)

 Session Handouts: icon November 4 2009 - Securing Large Databases at Cisco