Third Party Risks November Meeting Details

November 2014
Volume 7, Issue 4
2014 - 2015 Officers:
November Meeting Details
President
Dan Sterba
Third Party Risks
Vice President
Steve Kerns
Secretary
Avanti Sulakhe
Date:
Time:
Location:
November 13, 2014
Registration 11:30 AM | Lunch 12:00—1:00 PM | Presentation 1:00 - 3:00 PM
Lidia’s Italy | 101 West 22nd Street | Kansas City | MO | 64108
CPE:
2 Credits
NOTE: Actual CPE hours granted are dependent upon duration of the speaker’s
presentation and may differ from the advertised number of CPE hours.
Treasurer
Anthony Canning
Director
Ted Combs
Brian Howell
BJ Smith
2
CPEs
Price:
$35 members | $50 guests | $5 students
Menu:
Insalata Caesar alla Lidia | The Pasta Trio | Tiramisu | Coffee, Tea
Please denote any dietary restrictions when registering and accommodations
will be made.
Registration:
www.isaca-kc.org by 5:00 p.m. on Monday, November 10th.
Presentation Overview:
What should organizations consider when evaluating third-party providers for services? With
organizations evaluating resources and capabilities internally and out-sourcing services to third
parties, it is important to evaluate the possible impacts to data, security, personnel, and service
levels. The presentation will cover topics for consideration when using out-sourced services and
third-party providers and possible risks.
In This Issue:
November Meeting 1
Details
Chapter News
2
December Meeting 3
Details and Events
Calendar
KC Fall Training
Update
4
Career
Opportunities
5
Speaker: Greg Schu
Greg Schu is a partner with McGladrey's technology risk advisory services practice. He provides
organizations with IT risk management, compliance and risk advisory services and solutions,
assists them with business process analysis and evaluates business and systems controls. Greg
brings his experience as a consultant for financial audit and compliance requirements for
Sarbanes-Oxley (SOX), Payment Card Industry (PCI), Service Organization Controls (SOC), and
Health Insurance Portability and Accountability Act (HIPAA) standards. Greg is a CPA and
CISA, based in the Minneapolis office.
The information presented and included in accompanying materials (if any) is of a general nature and is
not intended to address the circumstances of any particular individual or entity. Although the speaker
and content authors endeavor to provide accurate and timely information, there can be no guarantee that
such information is accurate as of the date it is received or that it will continue to be accurate in the
future. No one should act upon such information without appropriate professional advice after a
thorough examination of the particular situation.
News from ISACA 6
1
Membership Renewal and CPE Submission Deadlines Coming Up
It’s that time of year again and the deadlines are coming up fast. Here are the deadlines that you need to be
aware of:
December 31, 2014:
Deadline for certificate holders to submit CPEs for the 2014 reporting year
January 15, 2015:
Deadline for membership renewals
Still need CPEs?
Don’t worry! You still have lots of ways to earn them before the deadline. Attending the November and
December monthly chapter meetings will net you 4 more CPEs. And, in addition to the “Upcoming Events”
list on page 3, there are over 30 CPEs available for viewing webinars in ISACA’s webinar archive.
Not an ISACA member yet?
If you purchase a 2015 membership now, you’ll receive the remainder of 2014 for FREE as well as discounts on
local meetings and training events, ISACA publications and national conferences. You can find more information
about the great benefits of an ISACA membership and apply online at www.isaca.org/Membership/JoinISACA. We’d love to have you be a part of the Kansas City chapter!
Congratulations, Exam Passers
Welcome to Our Newest Members!
The Chapter would like to congratulate
Shogo Cottrell on successfully passing the
CISM Certification Exam in September.
Great job!
We’re growing! The Chapter would like to welcome its
newest members, Mansoor Haq and Justin Lin. If you
run into them at an upcoming Chapter event, please
introduce yourself and give them a warm welcome.
Meet Steve Kerns, ISACA-KC Vice President
Steve Kerns is our chapter’s Vice President and leads the Program Committee in
the development and delivery of our chapter meetings and educational programs.
Steve is the Director Enterprise Risk Management at YRC Worldwide where he
works closely with management in the identification and mitigation of top risks
facing the Corporation. Steve is also the interim Director IT Audit. Steve is a
seasoned risk management, audit, technical and financial professional with over
30 years of experience (e.g., enterprise risk management, auditing, financial
systems, and accounting). Steve maintains multiple certifications, including
CISA, CRMA, CIA and CFE. His interests and hobbies include his family,
bowling, reading, home brew and wine making, bicycling, and nature.
2
Upcoming Events Calendar
Other Events
Mark Your Calendar! Joint Meeting with ISSA in December
November 6, 2014
Webinar on
Securing Servers in a Hybrid
Data Center
(1 CPE)
DATE CHANGE: Please note that the December meeting
will be held on the 1st Thursday of the month.
November 11, 2014
Webinar on
Data Breaches: A Risk-Based
Approach to Identification,
Impact Estimation, and
Effective Remediation
(1 CPE)
November 12, 2014
Webinar on
Cyber Assurance—What
Should the IT Auditor Focus
On
(1 CPE)
November 19, 2014
Innotech Kansas City
Business and Technology
Innovation Conference
& Expo
(Use discount code ISACA4C
for free admission!)
November 20, 2014
Webinar on
Collaborating, Communicating
and Making Friends
(1 CPE)
December 4, 2014
Webinar
Want to Avoid Security
Breaches? Leveraging the
NIST Framework for
Improved CyberSecurity
(1 CPE)
December 9, 2014
Virtual Conference
Evolving Security for a
Maturing Cloud
(5 CPEs)
December 13, 2014
CISA, CISM, CRISC and
CGEIT Exams
2015 Security and Privacy Headlines
2
CPEs
(joint meeting with ISSA)
Date:
Time:
Location:
December 4, 2014
Registration 11:30 AM | Lunch 12:00—1:00 PM | Presentation 1:00 - 3:00 PM
Hereford House | 5001 Town Center Drive | Leawood | KS | 66211
CPE:
2 Credits
NOTE: Actual CPE hours granted are dependent upon duration of the speaker’s
presentation and may differ from the advertised number of CPE hours.
Price:
$35 members | $50 guests | $5 students
Menu:
Kansas City Classic BBQ Buffet—Grilled Boneless Chicken Breast, Sliced Brisket
and Pork Ribs | Coleslaw | Cheddar Ranch Potatoes | Sauteed Green Beans | Chef’s
Dessert Selection | Coffee, Tea
Registration:
Will be available on www.isaca-kc.org starting on November 11th.
Presentation Overview:



Latest trends/threats in the industry in regards to Security and Privacy; how are companies
dealing with these threats
Issues that companies are facing in regards to Security and Privacy; companies approach to
dealing with Security and Privacy issues
Future topics of interests for Security and Privacy
Speaker Bio:
Chris Crevits is a Senior Manager in the Infor mation Secur ity Advisor y Ser vices pr actice of
Ernst & Young LLP. Chris has more than ten years of experience at EY in IT auditing and
information security and four years in IT operations prior to joining the firm. Chris specializes in
cyber threat management, security program management including transformation strategies and data
protection. Chris is the leader of EY Advanced Security Center SOC / CSIRT services including
managed and co-source Security Monitoring services and the Lead Subject Matter Resource (SMR)
on several SOC / CSIRT program assessments, strategy and road map engagements. Chris is a
Contributing author to ISACA publication, “Responding to Targeted Cyber Attacks” (May 2013) and
Presenter at ISACA 2013 North America CACS on developing an effective cyber security plan.
Tori Tripp is a Senior in the Advisor y Ser vices pr actice at EY. She has exper ience wor king with
clients in privacy, information security, auditing, and business and IT processes. Tori is responsible
for reviewing and assessing privacy programs for compliance with the EU-US Safe Harbor
framework, EU Data Protection Directive, Health Insurance Portability and Accountability Act
(HIPAA), and assessing privacy programs for alignment with the Generally Accepted Privacy
Principles (GAPP). Tori has also assisted in multiple SOC 2 for privacy pre-assessments and audits
for her clients. Tori has experience in a variety of industries including consumer products,
biotechnology, specialty and agriculture chemicals, healthcare, telecommunications, software, and
consumer electronics.
3
Fall Training Registration Now Closed
Registration for ISACA-KC’s 2-day fall seminar is now closed. We have received an overwhelming
response to attend the seminar and all available spots are now taken. If you would like to be added to
the wait list, please email treasurer@isaca-kc.org.
Evaluating IT Security Management
16
Date & Time:
November 11, 2014 and November 12, 2014 (8:30 am to 4:30 pm)
Location:
Sprint Nextel World Headquarters – Overland Park, KS
CPE’s:
16 CPEs
Price:
ISACA Regular Members: $480 (from November 1st through November 7th)
Non-Members: $640 (through November 7th)
Registration:
Registration fees include course materials, lunch and morning\afternoon drink service.
Fees must be paid promptly following registration to secure your seat and course
materials if you are paying by check. Credit Card payment must be made at the time
of registration.
CPEs
Course Description:
A good percentage of internal and external IT auditors’ scope relates to information security. The assurance
function must either place reliance on the management of the information function or perform extensive
substantive procedures to satisfy compliance requirements. Where reliance is placed, the auditor must
depend on their assertions and records of the information management function. A mature information
security function will translate into reduced fieldwork. The internal auditor also is responsible for evaluating
the effectiveness and efficiency of the information security function as part of their audit universe. ISO
31000 is the new standard (2009) for managing and assessing risk. But what is the risk associated with IT
security management itself?
An inadequate level of skill or competence in IT security management can lead to serious negative
consequences for the enterprise, including:
 Inability to comply with statutes and regulations, such as Sarbanes Oxley, HIPAA, FISMA, PCI
DSS, GLBA, Basel II, and governmental entities
 Lack of preparedness for security incidents and/or inability to execute a timely recovery
 Higher audit and insurance costs
During this course, we will discuss organizational security, best-in-class security management, objectives
and scope of an IT security management assessment, evaluation approaches, metrics for measuring risk
associated with IT security management’s performance, and reporting approaches for maximum impact with
senior management and stakeholders.
For the speaker bio and more information on the course, please view the training flyer.
4
IT, Finance & Compliance Auditor - BlueCross BlueShield of Kansas
Job Summary: Information Systems, Compliance and Financial Auditing requires a
combination of knowledge and skills that include information systems auditing, financial
auditing and the determination of compliance with relevant policies, procedures,
regulations and laws. This progressive and challenging approach to auditing requires
broad and unique business and technical knowledge, business and auditing experience,
auditing skills and extensive training and education in order to successfully perform.
Apply online at www.bcbsks.com/careers.
Updated 9/29/2014.
Internal Auditor - American Century Investments
Job Summary: The primary responsibility of an internal auditor is to review operational
and systems aspects of the company and assess the adequacy and effectiveness of
internal controls. Read more and apply online.
Updated 10/20/2014.
Sr. IT Security Analyst - Capitol Federal
Job Summary: The Sr. IT Security Analyst is responsible for assessing information risk
and facilitates remediation of identified vulnerabilities for IT security and IT risk across
the enterprise. Assesses information risk and facilitates remediation of identified
vulnerabilities with the Bank network, systems and applications. Reports on findings and
recommendations for corrective action. Performs vulnerability assessments as assigned
utilizing IT security tools and methodologies. Performs assessments of the IT security/
risk posture within the IT network, systems and software applications, in addition to
assessments within the Vendor Management Program. Identifies opportunities to reduce
risk and documents remediation options regarding acceptance or mitigation of risk
scenarios. Facilitates and monitors performance of risk remediation tasks, changes
related to risk mitigation & reports on findings. Maintains oversight of IT and vendors
regarding the security maintenance of their systems and applications. Provides weekly
project status reports, including outstanding issues. The IT Security Analyst assists in all
IT audits, IT risk assessments and regulatory compliance. View the full description and
apply online.
Updated 10/24/2014.
IT Audit Manager - H&R Block
Job Summary: The IT Audit Manager will play a key role in the development and
execution of the IT audit strategy and should possess a strong understanding of
information technology, finance, operational and compliance related risks and controls.
This individual will interact on a regular basis with all levels of management and will be
responsible for developing a strong strategic partnership with the Information
Technology function. In addition, this position will directly supervise two direct reports
and will be responsible for coaching and developing associates in preparation for new
roles and additional responsibilities.
More information and applications accepted at the H&R Block website.
Updated 10/27/2014
5
Are you looking
for the next step
in your career?
Social media can
be a valuable tool
in your search.
It’s a great
place to
...
rub elbows
with peers
...
research
employers
...
and find new job
opportunities.
Join the
discussion with
ISACA-KC at:
www.linkedin.com/
groups?gid=2863242
News from ISACA
2014-2015 Board Members
2015-2016 ISACA Volunteers Sought
President
Dan Sterba
president@isaca-kc.org
Vice President
Steve Kerns
vp@isaca-kc.org
Secretary
Avanti Sulakhe
Secretary@isaca-kc.org
Treasurer
Anthony Canning
treasurer@isaca-kc.org
Directors
Ted Combs
Brian Howell
BJ Smith
directors@isaca-kc.org
Programs Committee
Shaun Miller
Molly Coplen
Dennis Keglovits
programs@isaca-kc.org
Membership Director
TBD
membership@isaca-kc.org
Research Director
Chester Smidt
research@isaca-kc.org
Webmaster
Chester Smidt
webmaster@isaca-kc.org
Newsletter Editor
Sherry Callahan
newsletter@isaca-kc.org
Volunteers who are willing to share their time and talent are critical to the success of
ISACA. Apply to become an ISACA volunteer—contribute to your profession and
earn free continuing professional education (CPE) hours. ISACA’s annual volunteer
application period is now open.
Members interested in volunteering with ISACA at the international level can find
information on available opportunities and the process for submitting an application
for consideration on the 2015-16 Invitation to Participate page of the ISACA web
site. In addition to the invitation to participate brochure, members can learn more
about the boards, committees and subcommittees that support the association.
Interested members should review the information contained in the brochure and
online, identify those volunteer opportunities that are of most interest, and complete
the online application. Volunteer applications for the 2015-16 administrative term
are due by 12 February 2015.
In addition to the annual volunteer appointments, there are a number of volunteer
opportunities available throughout the year. For more information, visit the
Additional Volunteer Opportunities page of the ISACA web site.
Two Months Remain in Member-Get-A-Member Program
There are only 2 months remaining in the 2014 Member Get a Member program.
Follow up with your colleagues to ensure they join ISACA before 31 December
2014. Remember, newly recruited members need to register with your member ID
number and be paid in full by 31 December 2014 for you to receive credit under the
campaign.
With every member you recruit, you move closer to earning rewards. There is still
time to earn a checkpoint-friendly computer backpack by recruiting 3-4 new
members. You have the opportunity to earn a personal wireless activity and sleep
tracker by recruiting 5-6 new members, a portable mini-Bluetooth® speaker by
recruiting 7-9 new members or noise-canceling headphones by recruiting 10 or more
new members.
Learn more on the Member Get a Member page of the ISACA web site.
Changed jobs or email addresses? Be sure to update your
profile on ISACA’s website so that you can continue to receive the
monthly newsletter, notices of upcoming training and seminars, and other
chapter information. As a reminder, the Kansas City chapter considers email
addresses to be private and confidential. Your email address will not be shared
with or sold to third parties.
6