2019 June Training Session
When: June 5, 2019, 1:00 PM - 4:00 PM EST
Where: RTP HQ
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35
All Others: $50
CPEs: Upto 3
Handouts: Will Be Uploaded When available
1. Annual general meeting and election of officers - 10 Minutes
2. Hannelore Murray will discuss CISA and CISM - 10 Minutes
Have you ever said or heard some say, “I’m not a Risk Analyst so I do not need the CRISC” or “I do not perform IT Audits, so I do not need to take my valuable time to study for the CISA”; or “I’m a Security Manager, so my experience is only applicable to the CISM”? If you’ve said this or heard and believed someone who said this, then this session is for you! What are the similarities and differences between the certifications? What can the CRISC, CISA and/or CISM provide, who should consider taking them and why. We’ll be engaging some members of the ISACA chapter who can attest to the importance of the certifications and how they may have benefitted by taking the time to take the classes and earning the certification(s). Audience participation is requested.
Session I: Factor Analysis Information Risk (FAIR Methodology)
FAIR is a standard risk taxonomy and risk quantification model by The Open Group, a global standards consortium, that can express cyber risk in financial terms. It provides information risk, cybersecurity and business executives with the standards and best practices to help organizations measure, manage and report on information risk from the business perspective.
Speaker: Keith Stouder, IT Risk Officer, Duke University
Keith joined Duke's Office of Audit, Risk and Compliance as the IT Risk Officer in 2018. In this role he is responsible for understanding and promoting IT risk awareness and technology risk management strategy for the university, health system, and their wholly-owned subsidiaries and affiliated entitites. He leads a team responsible for designing and implementing assessment and assurance strategies for IT risk management and monitoring risk mitigation plans across the entire Duke enterprise. Keith holds an M.P.A. and M.S. from Ball State University along with several IT certifications including CISM and CISA.
Session II: SOC for Cybersecurity
SOC reports have been around for years. In 2017 the AICPA came out with a SOC for Cybersecurity. What is this? Who is it for? Why ANOTHER type of SOC report? Why should we get one? How will it help our companies? All these questions and more will be answered on June 5th!
Speaker: Ben Hunter, Risk Advisory Manager, Bernard Robinson & Co.
Ben Hunter is a Risk Advisory Manager at Bernard Robinson & Co. He began his career at RSM, the 5th largest public accounting firm in the US, spent 3 years in industry and moved back to public accounting at BRC in Nov of 2017. He specializes in Cybersecurity and Information Technology Audits and Assessments.
Ben began his cybersecurity career in the US Marine Corps. After his service, Ben went to UNC Greensboro and earned his Master of Science in Accounting. After becoming a Certified Public Accountant (CPA), he continued his cybersecurity and IT Audit training by obtaining the ISACA certifications: Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC). Ben also obtained the AICPA Certified Information Technology Professional (CITP) and is a Certified Fraud Examiner (CFE).
At BRC, Ben is leading the Cybersecurity Risk and IT Audit consulting practice. Ben has years of experience performing Cybersecurity Risk and Control Assessments, HIPAA Audits, Phishing/Ransomware awareness and security training, Business Continuity Planning / Disaster Recovery (BCP/DR) planning and testing, IT Internal Audits, Sarbanes-Oxley (SOX) Control Testing, Systems Vulnerability Scanning Assessments, and System and Organization Control reports (SOC). He speaks at a variety of organizations, including rotary clubs, professional organizations, universities and CPE events.
Ben is a member of the AICPA, the NCACPA, the ACFE, and ISACA.
Ben’s unique perspective into the financial and information technology worlds allows him to communicate the technology risks in clear language for the decision makers.
For more information and to register for the training session, please visit the ISACA RTC website.