If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2019 May Training Session

2019 May Training Session

When: May 1, 2019 - 1:00 PM - 4:00 PM EST
Where: RTP HQ
Registration: Website
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35
All Others: $50
CPEs: Upto 3


Session I - Cybersecurity Risk Management and Network Security Auditing

Cybersecurity threats are becoming more prevalent and breaches are highly publicized.  Board of Directors and Audit Committees alike are continuing to ask how management is addressing this threat and how they are managing the risk of a data breach. Leveraging the NIST Cybersecurity Framework and approaches to cybersecurity risk quantification via the Factor Analysis of Information Risk (FAIR) Methodology, we have helped clients simplify the concepts of cybersecurity, show members how their organization ranks amongst their peers in relation to InfoSec maturity, and provide management targeted recommendations on how to prioritize and address gaps within their controls to ultimately mitigate risks to the company.

We will discuss this approach, and leading practices to effectively audit and assess technical network security controls, such as logging and monitoring, configuration management, and incident response.

Speaker:  Daniel Stone, CISA, CPA

Daniel is a Senior Manager within the Internal Audit and Financial Advisory (IAFA) practice focused on Technology Audit. Daniel has 6 years of experience in leading and performing IT general and application controls assessments for SOX compliance. Daniel also has significant experience with Cybersecurity Risk Assessments, primarily using the NIST Cybersecurity Framework, and audits of technical security controls including hardware and network device configuration management, encryption, vulnerability management, and identity management.

Session II - Topic: Robotic Process Automation, Process Mining and Next Generation Auditing

The objectives of "Next Gen" IA functions may be straightforward, but the means by which they achieve these objectives include a range of innovative approaches and tools, that must be tailored to specific organizations and their needs.  Process mining tools can fundamentally change the way that we analyze processes and perform audits with automation in walkthroughs, revealing process variants and complexities, and identifying areas that do not comply with intended process design.  Along with potential areas for Robotic Process Automation (RPA) within internal audits own activities, the audit function should have a role in identifying risks and providing guidance around control and design enhancements across the adoption of RPA in the business.

Speaker: Gregg Wishna, CISA

Gregg is an Associate Director in Protiviti’s Internal Audit and Financial Advisory group.  Gregg has over 13 years consulting and audit experience with Protiviti; leading projects and working closely with Senior Management on Internal Audit and Data Analytics initiatives.  In addition to Internal Audit, Gregg has led several Data Management consulting projects, with a focus on Data Governance, Business Intelligence, and Process Improvement.  In this capacity, Gregg has helped to develop strategy and new programs to enhance the overall use of organization data through new technologies and processes to produce impactful reporting and analytics capabilities for the business and internal audit.

For more information and to register for the training session, please visit the ISACA RTC website.