If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2011 April - Enabling the Risk Management Function Through GRC Technology

Date: April 6 2011 1:00 p.m. to 4:30 p.m.
Material: Handouts to be available the day before the session on the website
Registration: Through our website
Location: Building 08 Multi Purpose  Room, RTI International
ISACA Member - Free
ISACA Partners(IIA, ISSA, Infragard etc.,) - $25
Non-Members - $40
Handounts (need to be logged in): Session 1 Session 2
CPEs: Upto 3

Session I (1 pm - 2:30 pm) - Enabling the Risk Management Function Through GRC Technology

Michael Stanziale, Senior Manager, Dan Casciano, Principal, Brian Stowe, Manager & Matt Sulkey, Manager - Ernst & Young

Summary: The objective is to provide members with insight into the way organizations have invested in and integrated technology to assist in managing IT risk processes across the enterprise in an effort to address business risks, align to business objectives, achieve key goals, create efficiencies and reduce the overall cost of IT risk management.  Ultimately you'll learn how these people, process and technology improvements provide a holistic view of risk across the organization.

Today's IT risk management function has become increasingly complex.  Organizations tend to manage risk in silos, increasing costs and diminishing value, which in turn has a negative impact on business performance.  In fact, 73% of companies report seven or more risk functions - all of which operate as individual business units.  In addition to more effectively aligning people and processes, technology is a key component in realizing the value of an effective IT risk management process.

We will share with you what we are hearing in the market related to IT Risk Management and what companies are doing to align IT risk with the overall enterprise.  Finally, we will explore several of the leading technologies in the market that can be used to enable various aspects of IT Risk Management.

Session II (245 pm - 415 pm)- Cisco CSIRT - Tools, Technology & Processes

Summary: Overview of the Cisco Computer Security Incident Response Team, the tools technologies and processes needed to manage enterprise security.

Gavin Reid , Sr. Manager &  Martin Nystrom, InfoSec Investigations Manager Cisco

Speaker Bios

Michael Stanziale, Senior Manager, Advisory Services, Ernst & Young

Michael serves as the Americas Oracle Application Risk and Controls and GRC practice leader. His professional career has revolved around business process and control transformation, ERP risk management and the integration of Oracle Governance, Risk and Compliance (GRC) applications. He has more than 9 years of experience in the advisory and professional services industry.

Gavin Reid, Sr. Manager, Cisco CSIRT, Computer Security Program Office

As an IT security specialist with more than two decades of experience, Gavin Reid works with some very interesting people – from leaders in the vanguard of information security to hackers in the computer underground.  Gavin leads the Computer Security Incident Response Team at Cisco Systems – a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cyber security incidents.  As an active member of the computer security community, he also supports FIRST  and chairs the working group responsible for the Common Vulnerability Scoring System.  Gavin joined Cisco in 1999 from the National Aeronautics & Space Administration where he oversaw IT Security at the Johnston Space Center. He lives in North Carolina (USA), and counts guitar and skateboarding among his personal interests.

Martin Nystrom, InfoSec Investigations Manager, Cisco

Martin Nystrom is an InfoSec Investigations Manager for the Computer Security Incident Response Team (CSIRT) at Cisco Systems. He leads the global security monitoring team and provides guidance for incident response and security initiatives. Prior to joining Cisco's CSIRT, he was responsible for designing and consulting on secure architectures for IT projects. Martin worked as an IT architect and a Java programmer for 12 years prior, where he built his experience in the pharmaceutical and computer industries. He received a bachelor's degree from Iowa State University in 1990, a master's degree from NC State University in 2003, and his CISSP certification in 2004. He is the author of O'Reilly's SQL Injection Defenses, and co-author of Security Monitoring. He is a frequent conference speaker, and was honored on the Java One Rock Star Wall of Fame. He enjoys speaking at FIRST and Cisco Networkers conferences, and providing security guidance to customers via Cisco's Executive Briefing Program. Most of Martin's papers and presos can be found on his web site at xianshield.org