PRESIDENT VICE PRESIDENT TREASURER SECRETARY Michele Haroon CPA, CISA Sajay Rai CPA, CISSP, CISM Linda Kearney CISA Brad Barton CISA Federal-Mogul Corporation Securely Yours LLC Chrysler Group, LLC Lear Corporation

VOLUME 27 #7 REGION 4 CHAPTER 8

DATABYTEDATABYTE

DIRECTORS

Greg Boehmer, CISA, CIA, CFE, CGEIT, CISSP, CISM, CRISC, PMP

Deloitte & Touche 313-394-5524

Derrick Buckingham, CISA, CISSP, CISM, CRISC 313-729-8816 Juman Doleh-Alomary, MSc.E, CISA, CISM, CRISC Wayne State University 313-577-6406 Michael A. Forrest, CISA, CGEIT TCS

586-292-4740

Ryan Hodges, CISA Deloitte & Touche 248-953-1151

M. Siobhan Jordan 734-891-5082 Brenda Karl, CISA, CGEIT, CRISC, QSA Accretive Solutions 248-633-2347

D. Robert Okopny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246

Rajesh Patel Plante & Moran PLLC 248-223-3428 Brandy Pfeiffer, CISA Federal-Mogul Corporation 248-354-2602

Carrie Schrader, CISA, CBM, CFE, CGEIT CRISC GE 734-727-5436

Jason Sist, CISA Cooper Standard Automotive 248-946-1771 Doug Wahr, CISA, CRMA, CISSP Auto Club Group (AAA) 313-436-7277 James M. Watson, CISSP, CISA, CIA Ford Motor Company 313-594-0609

Susan A. Yamin, CPA Ally

734-619-8425 Manish Zaveri, CISA, CPA Delphi Corporation 248-888-9090

Monthly MeetingMonthly MeetingMonthly Meeting Wednesday, April 17, 2013Wednesday, April 17, 2013Wednesday, April 17, 2013

Pre-Dinner Topic: SSAE 16 Robert B. Brenis CGEIT, CISA, CRISC, MCP, PMP,

After-Dinner Topic: SOC 2 Joseph Comptom CISSP, CISA

Date: Wednesday, April 17, 2013

Time: 4:30 – 5:00 Registration & Networking

5:00 – 6:00 Pre-Dinner Presentation 6:00 – 6:45 Dinner 6:45 – 7:45 After-Dinner Presentation

Location: University of Michigan – Dearborn Fairlane Center North

Quad E Room, North Building. (It’s the 1st room to the right in the 1st aisle

past the reception desk. See map and directions on page 7) 19000 Hubbard Dearborn MI 48126 313-583-6511

Cost: Advance Registration: $20.00 Members $30.00 Non-Members $10.00 Students and Retirees

Reservations can be made at www.isaca-det.org

Advance registration ends at midnight Saturday, April 13, 2013. Members & Non-Members making reservations after the reservation deadline will be charged an additional $10. Walk-ins, excluding Students and Retirees, are subject to the late charge. To make better use of your membership dollars, we will NO LONGER accept credit cards at the DOOR for walk-ins and unpaid pre-registrations. We WILL continue to accept credit cards for pre-registrations in Cvent. We encourage you to register and pay via Cvent for all ISACA Chapter activities.

2

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Dear Detroit Chapter Members,

March was a busy month for our Chapter. The 14th annual IIA/ISACA Spring Conference was fantastic, with attendance around 300! For those who attended, I hope the confer-ence was enjoyable and informative. Thank you to all the attendees, volunteers, sponsors, and trainers who contributed to the success of this event and thank you to the many em-ployers who see the value in their staff attending it! Even though the program year is coming to a close, there’s a still lot going on so don’t miss out!

You should have received an email for the upcoming Cyber Security Seminar to be held on April 23rd and 24th (16 CPEs). The last day to register is April 17th and the price is the same as the fall seminar, $225 for Members and $475 for Non Members, which includes a one year enrollment in the Detroit Chapter of ISACA and all associated member benefits. During April, we will also be holding elections for several Board positions, so keep an eye out for the ballot in your inbox. However, there are many ways to get involved besides the Board commitment. Let me know if you’re inter-ested in helping out. Also, as a reminder, the 4th Annual IIA/ISACA Dinner Cruise social event will be Friday, May 17th and the price per person is $28, whether member or non-member. You will receive an email invite for this event shortly. Purchase tickets for as many people as you want (by May 10th) and dance the night away on the Detroit River! Please contact me if you have questions, suggestions, concerns, or ideas to serve you better. I look forward to seeing you at the Chapter meeting on Wednesday, April 17! Warm regards, Michele M. Haroon, President ISACA Detroit Chapter

March Speaker Adam Keagle and Sajay Rai, ISACA Detroit Chapter Vice President

March Speakers Paula Walworth, Greg Boehmer, and Carolyn Hafner, with

Dr. Okopny, ISACA Detroit Chapter Director

3

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

CALL FOR PAPERS To make the Databyte more meaningful, we would like to publish articles

of interest to the membership. We need your help!!! Have you written a

paper, article, whitepaper, etc., for your company newsletter, website, etc.,

that you can share? If so please submit it to Mike Forrest at

m_forrest@wowway.com for publication in a future Databyte.

Welcome New ISACA Detroit Chapter Members

Allison Mikulec Amy Jo Davidson Wilma Babb

Sumanth Anapalli Jonathan Mills Daniel Faber

Kasi Viswanathan Denise Kitchen Gregory Lewis

Phil Miltenberger, II Michael Dennis Paul Matusik

February Chapter Meeting Raffle Winners

Michael Stolarczyk Sakinah Tanzil Christopher Johnson

Adam Keagle Paul Jones Ryan Hodges

Laurie Hepner Mary Ellison

William Bialkowski Mary Colleen Rowley

.

IIA and ISACA Chapters Partner for FUN!!

Network, dine and dance the night away. Join us for the Fourth Annual Cruise Aboard the

Detroit Diamond Jacks.

You and any number of guests you would like to bring are invited to a Private Chartered Dinner Cruise on the Detroit River with

Diamond Cruises Friday May 17, 2013

Non-Refundable Cost for Members and their Non-Member Friends only $28.00 per person!

3 Hour Cruise – Boarding 6:00pm, Launch from Dock 6:30pm, Return to Dock 9:30pm

Your cost includes the following; Prime Rib of Beef with Au Jus (chef to carve)

Vegetable Lasagna Mostaccioli w/ Marinara Sauce

Michigan Salad: Mixed Greens, Sliced Pears, Crumbled Blue Cheese, Dried Cherries, Toasted Walnuts & Cherry Vinaigrette

Parsley Baby Carrots, Red Skin Potatoes Rolls and Butter, Cake Coffee and Soft Drinks

Entertainment with Cosmic Groove & Cash Bar

Additional details will be provided upon registration

Detroit Chapter of ISACA – Scholarship Contest

Welcome to the 2013 Spring Scholarship Contest of the De-troit Chapter of ISACA. We will be offering three (3) scholar-ships of $1,000 each. In addition, all full-time students who participate in the contest will receive a 1 year student member-ship to ISACA. The scholarship contest consists of a submission of an essay. The submission must include a one page resume and a four page paper on: How can ISACA make better use of social media to attract increased participation of students? Please include at least three examples of the social media sites which ISACA can use (Facebook, Twitter etc.). Also, provide examples of content ISACA can publish on these social media sites which will get students’ attention. Please feel free to include screen shots and screen captures in your essay. A cover page can also be added. Applicants from all schools are welcome. Resumes should include GPA, outside activities, and may include any involvement in ISACA or other profes-sional or university organizations. Please follow these formatting rules: Double space, Times New Roman 12 font, 1' margins, use section headings, 4 page maximum, must include references on separate page, not part of the four. The papers will be evaluated on content and editing. This should not be a cut and paste exercise. Priority will be given to, but not limited to, full-time students and those who will be graduating in spring 2013 or later. Students must not be em-ployed in their post-graduation professional career, so as to limit the scholarships to students who need the funds the most. If you have returned to school to change professions, you are eligible. There are usually good odds of earning the scholar-ship when submitting. The deadline is April 30, 2013. Submis-sions are to be sent to: Administrator@isaca‐det.org. Contest winners will be announced at the ISACA Chapter May meeting (May 15, 2013).

4

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

planning, project management, and compliance testing, Jo-seph’s insights help management improve their business re-sults. As both a CISA (Certified Information Systems Auditor) and a CISSP (Certified Information Security Professional), Joseph provides Strategic Planning Services and Assurance Services for his clients which include: Business Planning and Consult-ing, Risk Management, IT Strategic Planning, IT Security Plan-ning, IT Security Testing, IT Audit (SSAE 16, SOC 2, SOC 3), Fraud Investigation, Forensic Accounting, and BCP Planning with his partners at Skoda Minotti. Both Certifications are ANSI and ISO accredited, and each require 40 hours of con-tinuing education each year to remain in good standing. His national consulting practice includes work for financial institutions of every size. Joseph conducts an average of 40 IT security audits a year, as well as numerous SOX testing en-gagements. Other projects that Joseph leads are IT security program development projects, Business Continuity Planning projects, IT strategic planning, and IT Infrastructure Assess-ments. Clients appreciate Joseph’s ability to make complex IT issues clear so that nontechnical managers can own and manage compliance programs with confidence. Joseph is an active speaker at state and national bank con-ventions, national training seminars, and colleges. Most re-cently, Joseph developed an online Business Continuity Plan-ning seminar for Bankinfosecurity.com, a leading source of regulatory information and training for community bankers. He stays current in the field with coursework from the SANS Institute and ISACA, both are recognized internationally as providers of world class IT security and IT audit training. He is also an active member of the Northeast Ohio ISACA chapter (the Information Systems Audit and Control Association), a member of the SANS Institute’s advisory board, and a mem-ber of the Cleveland Chapter of Infragard. Finally, Joseph is a Senior Analyst in Wikistrat’s Analytic Community – “A Global Marketplace of Geopolitical Analysis”. He is involved in the community and serves as the head of the technology committee for the Cleveland Jewish Federation, he is on the Board of Lake Catholic High School, and is a member of several business and social clubs in the Cleveland Area including: The Union Club of Cleveland, The Cleveland City Club, Beechmont Country Club, and The Deep Springs Trout Club. A 1989 graduate of John Carroll University with a B.A. in Eng-lish and History, Joseph lives in Moreland Hills, OH with his wife and 5 children.

Before Dinner Topic

We will cover the nuts and bolts of performing an SSAE 16 audit. 1. Where to Start 2. What to look for in a Business Description 3. How to Devise Tests 4. Reporting Formats

Before Dinner Speaker

Robert B. Brenis CGEIT, CISA, CRISC, MCP, PMP Principal is an information technology auditor with Skoda Minotti. He has over 18 years of experience working with financial systems and business applications. He specializes in helping clients ascertain their current strengths and

weaknesses while guiding them to a stronger position in their industry and market. Robert’s business process and information technology experience is heavily focused around internal controls and business functions. He also has experience auditing to FFIEC and GLBA compliance standards. Robert has also performed numerous SSAE 16 audits (Type I and Type II) and AT 101 engagements. He has worked in a wide variety of industries including banking, non-profit, manufacturing, service and telecommuni-cations. Prior to joining the firm, he spent eight years in the private sector and four years with a Big-4 accounting firm. Robert is a member of the Project Management Institute and the Infor-mation Systems Audit and Control Association. He earned his MBA from John Carroll University and a Bachelors of Business Administration in Accounting from Kent State University. He is a board member of the Northeast Ohio American Red Cross and the treasurer for Young Israel of Greater Cleveland. Robert is also a member of both the American Red Cross Finance and Hospital Partnerships sub-committees.

After Dinner Topic

We will cover the nuts and bolts of performing a SOC 2 audit 1. Where to Start 2. Answering the Questions 3. Setting up tests 4. Our Proprietary Database

After Dinner Speaker

Joseph Compton CISSP, CISA is a principal at Skoda Minotti, a full service CPA and Business Advisory firm headquartered in Cleveland, Ohio. With over 26 years of Technology and Business Consulting Experience, he has spent the past 15 years helping banks manage their risk, while growing their core businesses. Through strategic

5

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Cyber Security Seminar

Introduction The Detroit Chapter of ISACA is proud to sponsor this two-day training event. Chapter members and non-members are invited to partici-pate in this timely seminar to develop, or refresh, their understanding of current cyber security threats and contemporary threat man-agement techniques. One of the key objectives of the Chapter is to promote the education of, and help expand the knowledge and skills of its members. The Seminar Committee of the Chapter Board believes this offering strongly supports that objective. We hope that you will take advantage of this opportunity by joining us on April 23 and 24.

Course Description Data security and cyber security are important issues for all organizations. Almost every line of business depends on good, clean data. Until fairly recently, however, cyber security did not receive all that much attention, since most firms had traditionally put in place pro-tection mechanism against cyber attacks. This course is designed to provide the learner with an understanding of IT security and the pos-

sible solutions available for the protection of corporate information and technology assets.

Course Outline

• Historical evolution of IT security technology and solutions, where we are today and what the future holds.

• Investigate and analyze emerging information technologies as they relate to data protections and security.

• Identify critical security issues associated with new information technologies, threats, risks and vulnerabilities.

• Review cryptography concepts.

• Overview of cyber warfare and advancements in malware attacks in the mobile market.

• Trends in compliance and how to implement the security standards necessary to ensure compliance with government, law and

regulations.

About the Instructor—Ken Kousky

Ken Kousky is President / CEO of IP³, Inc., an information security training company, continuing a career as a world renowned speaker, entrepreneur, and infrastructure visionary.

A sought-after speaker on topics such as national cyber security, corporate risk management and enterprise network security, Ken is able to bridge the gap between the "C's" and their focus on financial outcomes and the operational and technical professionals. From "Bits to Budgets", he is able to cut through the noise factors surrounding today's critical technology, business and security issues to provide clear and concise insight into the most pressing IT Security issues.

Ken was the lead investigator for a U.S. Department of Defense, STTR Research Grant. As a technologist, Ken holds professional certifica-tions as a CISSP, CISA, CGEIT and CRISC, (Certified Information Systems Security Professional; Certified Information Systems Auditor; Cer-tified in the Governance of Enterprise IT; and Certified in Risk and Information Systems Control).

Course Details

Mark your calendars for this event! Date: April 23 and 24, 2013 (2-Day course) CPE: 16 Hours Location and enrollment details to be announced, so watch for more details soon, or visit the Detroit Chapter website at: www.isaca-det.org

6

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

2012/13 ISACA-Detroit Chapter Committee Members

Committee Directors

Academic Relations

Sajay Rai (Chair)

Siobhan Jordan

Susan Yamin

Robert Okopny

Certification

James Watson (Chair)

Brad Baron

Derrick Buckingham

Brenda Karl

Michael Forrest

Facilities

Carrie Schrader (Chair)

Greg Boehmer

Ryan Hodges

Linda Kearney

Internet Brandy Pfeiffer (Chair)

Ryan Hodges

Membership

Michael Forrest (Chair)

Brenda Karl

Siobhan Jordan

Sajay Rai

Nominating & Audit Doug Wahr (Chair)

Siobhan Jordan

Programs

Juman Doleh-Alomary (Chair)

Raj Patel

Greg Boehmer

Sajay Rai

Robert Okopny

Spring Conference

Doug Wahr (Chair)

Susan Yamin

Jason Sist

Juman Doleh-Alomary

Seminars

Brad Barton (Chair)

Carrie Schrader

Manish Zaveri

Doug Wahr

Bylaws, Policies and Procedures

Sajay Rai (Chair)

Michael Forrest

Linda Kearney

Social Committee

Derrick Buckingham (Chair)

Susan Yamin

Greg Boehmer

Flora Du

Jason Sist

Ad Hoc Committees

Siobhan Jordan Research Director

Ryan Hodges Social Media

Linda Kearney Webcast Meetings

Brad Barton 3

rd Party Coordinator

BCBSM is looking for highly qualified individual

to join the Blues team

Some of the areas where BCBSM provides exciting careers are:

Blue Cross Blue Shield of Michigan/Detroit/Michigan - Auditor II

This position assists management with general supervision in mitigat-

ing corporate risk exposures by conducting corporate control assess-

ments of, providing risk education and consulting services to

BCBSM, its subsidiaries, vendors, supplier and contractors of the

company. Candidate must be able to perform audits and reviews

which include identifying risks and controls to mitigate risk, testing of

controls, writing audit reports and conducting exit conference meet-

ings. Financial audit experience, knowledge of data analytic tools

(i.e. ACL, SAS) and continuous auditing is preferred. B.A. required

and advanced degree preferred. Four years related work experience

required, which includes two years of auditing experience.

Blue Cross Blue Shield of Michigan/Detroit/Michigan - IT Auditor I

This position assists management with general supervision in mitigat-

ing corporate risk exposures by conducting IT control audits and IT

advisory services. Candidate must be able to perform IT audits and

reviews on information security, applications, operating systems, net-

works, and IT governance controls. Knowledge of data analytic tools

(i.e. ACL, SAS) and continuous auditing is preferred. Must have

strong communication skills. Two years of experience in IT Auditing

or related IT experience required.

Blue Cross Blue Shield of Michigan/Detroit/Michigan – IT Auditor I

and II, Project Risk and Advisory Services

These positions assists management with general supervision in miti-

gating corporate risk exposures by conducting IT control and project

implementation assessments. Candidates must be able to function as

skilled project advisors able to identify, assess, and effectively com-

municate risks affecting large corporate implementations and initia-

tives as well as provide recommendations for mitigation. Knowledge

of traditional IT audit, project management, and IT governance re-

lated to large scale project system implementations is preferred. Must

have strong communication skills. Three plus years of related work

experience preferred.

Blue Cross Blue Shield of Michigan/Detroit/ - IT Audit Manager

Functions as a highly skilled internal control consultant responsible

for conducting, leading, and managing internal information technol-

ogy (IT) audits/reviews, providing risk education and project consult-

ing services on behalf of the corporation to mitigate risk and assess

the control environment of each auditable unit. Directs and supervises

auditors. Plan and supervise the day-to-day audit function to ensure

that work is aligned with the goal of improving the risk management

and control environment at BCBSM. Develop and maintain frame-

works/models/criteria for assessing proposed or existing controls,

structures, or systems.

- Bachelor's Degree in Business Administration, Accounting, Finance,

Management Information Systems, or a closely related field required.

- Five (5) to seven (7) years of business experience.

- Three (3) to four (4) years of IT audit and review experience evalu-

ating compliance with CoBIT related goals and objectives.

Experience in governance risk and compliance implementations a

plus.

7

ADVERTISE IN YOUR DATABYTE NEWSLETTER

¼ Page $50.00

½ Page $100.00

Full Page $200.00

Contact Geralyn Jarmoluk at administrator@isaca-det.org

or Mike Forrest at m_forrest@wowway.com

Dinner Menu April 17, 2013

Salads: Pasta and Ceasar Salad

Entrees: Baked Salmon; Chicken Park Place; Italian Sausage with Rotini

Side Dishes: Whole Kernel Corn and Buttered Parsley Potatoes

Optional Vegetarian Selection: Pasta Primavera (available only with pre-registration)

Dessert: Walnut Torte

All dinners include rolls, butter, relish tray and coffee. One alcoholic drink limit (beer and wine only); no other liquor available.

The Chapter must provide the number of reservations by 8:00 a.m. on the Monday before the meeting. To ensure that we can accommodate those who wish to attend and the facility can provide the best service possible, please make your reservations prior to midnight Saturday, April 13, 2013. If you have made a reservation and cannot attend, please contact Geralyn Jarmoluk at Administrator@isaca-det.org, or 248-762-7421 prior to the above noted deadline for refunds. Your cooperation is greatly appreciated.

We are very sorry, but reservations not cancelled prior to the above noted deadline (midnight Saturday prior to the meeting) cannot be refunded as we are committed to the caterer for the meals ordered.

DATABYTE

Geralyn Jarmoluk, Editor

P.O. Box 99385

Troy, MI 48099-9938

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Attend up to 4 Chapter Meetings FREE. In these difficult times, the ISACA Detroit Chapter Board wants to help. If you are unemployed, laid-off, or are not currently receiving a paycheck, we have some good news. It’s during times such as these that maintaining a net-work of peers and maintaining your level of training is so very impor-tant. We are, therefore, offering to allow you to attend up to four (4) meetings FREE. You must register for each meeting through the Membership Chairman by sending an e-mail stating that you are currently out of work and wish to attend the meeting. The e-mail must be received prior to the meeting registration close for that meeting. Please send the e-mail to Mike Forrest at m_forrest@wowway.com.

Directions to University of Michigan – Dearborn Fairlane Center North

Located at 19000 Hubbard, Dearborn MI 48126

From the West Take I-94 East to Southfield (M-39) North. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.

From the East Take I-94 West to Southfield (M-39) North. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The Univer-sity of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.

From the South Take Southfield (M-39) North to the Michigan Avenue exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the Following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.

From the North Take Southfield (M-39) South to the Ford Road exit. Stay on the Ford Road Service Drive to Hubbard Drive and turn right. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.