ddaattaabbyyttee - information security · csc 248-853-4860 henry danowski, cisa, cism, cgeit, ......
TRANSCRIPT
DIRECTORS
Edward R. Barszcz, CIA, CFE Consultant 313-278-3915
Greg Boehmer, CISA, CFE, CIA, CGEIT,
CISSP, CISM Deloitte & Touche 313-394-5524
Derrick Buckingham, CISA, CISSP, CISM CSC 248-853-4860 Henry Danowski, CISA, CISM, CGEIT,
CRISC, CISSP, Security+ Visteon 313-399-2662
Michael A. Forrest, CISA, CGEIT Jefferson Wells 586-292-4740
Brenda L. Karl, CISA, CGEIT, CRISC Accretive Solutions 248-633-2347
Donald K. Ledwith, CISA, CISSP HOV Services, Inc. 248-837-7375
Richard A. Morris Comerica Bank 248-371-4505
D. Robert Okopny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246
Brandy Pfeiffer, CISA Federal-Mogul Corporation 248-354-2602
Sajay Rai, CPA, CISSP, CISM Securely Yours LLC 248-723-5224
Jamshid Sadaghiyani, CISA, CPA Delphi Corporation 248-813-3258
Carrie Schrader, CISA, CBM, CFE, CGEIT Ally Financial Services 313-656-67621
Charles A. Silva, CISA General Motors Corporation 313-665-3738
Jason A. Thompson, CISA, CIA, CISSP Blue Cross Blue Shield 313-225-7598
James M. Watson, CISSP, CISA, CIA Ford Motor Company 313-594-0609
Susan A. Yamin, CPA Consultant 248-225-3039
VOLUME 25 #3 REGION 4 CHAPTER 8
April
2010
PRESIDENT VICE PRESIDENT TREASURER SECRETARY Douglas S. Wahr, CISA, CISSP M. Siobhan Jordan Manish Zaveri, CPA, CISA Michele Haroon, CPA, CISA The Auto Club Group Accretive Solutions Delphi Corporation Accretive Solutions 313-436-7277 734-891-5082 248-813-6820 734-637-9270
DDAATTAABBYYTTEE
MMMooonnnttthhhlllyyy MMMeeeeeetttiiinnnggg
WWWeeedddnnneeesssdddaaayyy,,, NNNooovvv... 111777,,, 222000111000
Pre-Dinner Topic: Tips and Tricks of Using ACL Strategically in Audits Susan A. Yamin, CPA
After-Dinner Topic: Stemming the Tide of Information Leakage John Townsend, CISSP, CSSLP
Date: November 17, 2010
Time: 4:30 – 5:00 Registration & Networking 5:00 – 6:00 Pre-Dinner Presentation 6:00 – 6:45 Dinner 6:45 – 7:45 After-Dinner Presentation
Location: University of Michigan – Dearborn Fairlane Center North
Quad E Room, North Building. (It’s the 1st room to the right in the 1st aisle past the receptionist desk. See map and directions on page 9.)
19000 Hubbard Dearborn MI 48126 (248) 356-5602
Cost: Advance Registration: $20.00 Members $30.00 Non-Members $10.00 Students and Retirees
Reservations can be made at www.isaca-det.org Advance registration ends at midnight Saturday, November 13, 2010 Members & Non-Members making reservations after the reservation
deadline will be charged an additional $10. Walk-ins, excluding Students and Retirees are subject to the late charge.
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
2
A Word from the President Dear Detroit Chapter Members, In October, we made a change to our meeting schedule after receiving feedback through our post- meeting survey. Our goal is to start our after dinner presentation at 6:45, ending the evening around 7:45 (vs. 8:00). Also, we have implemented some steps to help ensure that speakers don’t run over and leave time for questions. Those who attended October’s meeting enjoyed two informative and interactive presentations. Our Chapter partnered with and had a vendor table at the Secure World Expo, October 6-7 at the Ford Conference Center. I want to thank all of the board members (Brenda Karl, Mike Forrest, Henry Danowski, Derrick Buckingham, Jason Thompson, and Don Ledwith) who volunteered their time to staff our Expo table, with special thanks to Derrick (new to the board this year) who also stepped in to help coordinate, setup and take down our Expo materials. Way to go Derrick! Maybe the economy is turning around and people see the ROI of being an ISACA member. Whatever the reason, our chapter has grown since June by around 50 members and we now have just over 800 members. A growing membership helps our chapter sustain and expand our educational and social events. We are also making a number of efforts to introduce ISACA to local universities (thank you, Academic Relations Committee). I especially want to thank Henry Danowski who has contacted many universities, informing them about our chapter and providing information regarding our scholarship program. Great job Henry! If you have any university contacts, please let us know. I want to apologize to those of you that have been frustrated by our Chapter website. It has been difficult to maintain our current website; therefore, we are focusing our efforts on building a new website, working with ISACA International. I believe you will really like the new site. Thank you for your patience. We hope to go live with the new website towards the
end of November. Please contact me with questions, concerns, or your great ideas to make our Chapter even better at [email protected]. Come to our November 17th meeting and improve your ACL knowledge and skills. In addition, you will learn how one local company addressed an important area of concern that every company must deal with, data leakage of sensitive information. Be sure to invite your colleagues (audit, security, governance, risk) to come and check out our monthly meetings. I look forward to seeing you there. By now you should have received information regarding our next seminar: ‘Audit and Security of Virtualized Environments - Cloud Computing Workshop’ which will be held on Dec. 1-2. Also, the annual IIA/ISACA spring conference brochure and registration will be available in the coming weeks. Have a great Thanksgiving! Best Regards, Douglas S. Wahr, CISA, CISSP ISACA Detroit Chapter President
Oct. 2010 Speakers Carla Perrotta and William Wayland with ISACA Detroit Chapter President Doug Wahr
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
3
PRE-DINNER INFORMATION Tips and Tricks of Using ACL Strategically in Audits
We will discuss how to strategically utilize ACL in an audit. The presentation will include the following:
When is it beneficial to use ACL in an audit?
What auditors need to know and capture while planning an audit that will use ACL.
How you can and should organize the information being captured during the audit and ACL usage.
Tricks on loading data into ACL.
Tips on using the simple commands within ACL, data validation, sample selection, and joining tables.
Potential for automating and continuous auditing with ACL.
During the lecture we will demonstrate ACL with example data along with a power point that will be available on the ISACA-Det.org website.
Pre Dinner Speaker
Susan A. Yamin, CPA is an Integrated Internal Audit Specialist. Susan has more than 12 years in the internal audit profession focused on Fortune 500 companies and the Health Care industry. She is currently working on the development and deployment of a Basel II Data Quality Control Assessment methodology for a large Bank Holding Company. Recently she provided Data Mining expertise as a consultant for Accretive Solutions. In her previous position as a Professional Practices Audit Manager with Comerica Corporation, she was a leader in the development of audit methodologies, data-mining, quality assurance programs, Sarbanes Oxley testing and reporting procedures, and infrastructure reporting mechanisms to improve the internal audit function. As a former Principal Auditor with Blue Cross Blue Shield of Michigan she was heavily involved in creating audit consulting methodologies for large software development projects, teaching Business Risk and conducting risk assessments for annual audit planning and individual integrated audits. Susan has been a part of the ISACA Detroit Chapter Board for more than 7 years and currently holds a Past President position. She also serves on the Board of the IIA Detroit Chapter as their Secretary. Susan holds a Bachelors of Accounting degree from Walsh College with a concentration in Information Technology
AFTER-DINNER INFORMATION
Stemming the Tide of Information Leakage
This presentation tells the true life story of DTE Energy’s journey to a comprehensive DLP program. Topics covered include: Program Goals, Ownership, Governance, Metrics, Incident Monitoring, Employee Education, Technical Implementation, and Lessons Learned.
After Dinner Speaker:
John Townsend is the Manager of Information Protection and Security at DTE Energy. This group is responsible for securing the electronic perimeter of the corporation, which includes network and application security, security risk assessments, and the future direction of information security. This role ensures the confidentiality, integrity, and availability of information assets. It also includes working closely with business units that are tasked with securing our critical infrastructure assets. In addition to these responsibilities, John works in close partnership with the Legal organization on electronic discovery (eDiscovery) matters.
Prior to assuming this role in April of 2006, John was the Manager of Enterprise Applications.
Previous leadership assignments at DTE Energy include: Manager of Infrastructure and Software Group within the DTE2 project, Manager of Telecommunications Operations, and Manager of Technology Planning and Consulting. John also played a key role on the DTE Energy/MCN Information Technology Merger Team. He has worked at DTE Energy for 16 years, has a BS in Business from Central Michigan University, and has completed post-graduate work at Wayne State University and the University of Michigan. In 2007, John obtained the professional credentials of a Certified Information Systems Security Professional (CISSP) and in 2009 of a Certified Secure Software Lifecycle Professional (CSSLP).
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
4
Your chance to attend the IIA/ISACA Spring Conference for FREE
At our February meeting, a drawing will be held for free attendance at the IIA/ISACA Spring Conference. SO, how you might ask do you get in on this drawing? Simple – attend meetings from September through February. Each person attending a meeting from September through February will get a chance for the drawing. But wait, you want more chances to win? Bring a non-member friend. Anyone bringing a non-member to a meeting will get an additional chance entry. BUT, just like the RONCO commercials, I’m not done yet. Get a non-member to join, and earn still another chance. (Membership Applications will be available at each meeting.). See you all at the meetings!
Call for Articles - Databyte is looking for articles to
publish from local authors. Share your knowledge
and experience with your peers. Submit your
articles to [email protected].
Attend up to 3 Chapter Meetings FREE
In these difficult times, the ISACA Detroit Chapter Board wants to help. If you are unemployed, laid-off, or are not currently receiving a paycheck, we have some good news. It’s during times such as these that maintaining a network of co-workers and maintaining your level of training is so very important. We are, therefore, offering to allow you to attend up to three (3) meetings for FREE. You must register for each meeting through the Membership Chairman by sending an e-mail stating that you are currently out of work and wish to attend the meeting. The e-mail must be received prior to the meeting registration close for that meeting. Please send the e-mail to Mike Forrest at [email protected].
Did You Know… The new isaca.org helps personalize members’ online experiences. Enhancements to the web site include:
• RSS feeds—Select topical feeds from various knowledge and news sections of the site to keep up with the latest from ISACA International Headquarters and thought leading members. • Bookmarks—Bookmark pages, sections, documents and ongoing conversations for easy access, sharing and reference. • Saved searches—Adding to robust search and content classification enhancements, maintain frequent searches, along with targeted suggestions based on a user’s interests and browsing behavior. • Certification verification—Online employer verification of certification holders will allow employers and potential employers to verify certification status. This enhancement builds on the prestige and accessibility of current certification holders while also helping to grow interest in becoming a certified professional.
ISACA Detroit Chapter Members -- We do not release, publish, sell, or otherwise distribute member names or e-mail addresses. Our mailings are limited to our monthly newsletter DataByte, Chapter-sponsored educational opportunities, and essential Chapter news. If you would prefer that your name not be published, please notify our Chapter Administrator at [email protected].
ADVERTISE IN YOUR DATABYTE
NEWSLETTER
¼ Page - $50.00
½ Page - $100.00
Full Page - $200.00
Contact Geralyn Jarmoluk at
[email protected] or Mike Forrest
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
5
This year, the Detroit Chapter of ISACA will
sponsor two separate scholarship contests for
students. In the fall of 2010, two (2) $1,000
scholarships are available for local college
students. Again in the spring of 2011, three (3)
$1,000 scholarships will be available.
Additionally, all full-time students will receive a
1 year student membership to ISACA, just for
participating.
Submission requirements include a one page resume and a four page paper on:
How can ISACA better prepare students to enter the IT audit profession? Please include at least three skills you consider key to being a successful IT auditor. A cover page may also be added. Applicants from all schools are welcome. Resumes should include GPA, outside activities, and may include any involvement in ISACA or other professional or university organizations. Please follow these formatting rules: Double space, Times New Roman 12 font, 1' margins, use section headings, 4 page maximum, and must include references on a separate page, not part of the four. The papers will be evaluated on content and editing. This should not be a cut and paste exercise. Priority will be given to, but not limited to, full‐time students and those who will be graduating in spring 2011 or later. Students must not be employed in their post‐graduation professional career, so as to limit the scholarships to students who need the funds the most. If you have returned to school to change professions, you would be eligible. There are usually good odds of earning the scholarship when
submitting. Fall deadline is November 29, 2010 at 12 midnight. Submissions are to be sent to: Administrator@isaca‐det.org. Fall contest winners will be announced at the joint meeting held with the Internal Auditors Association (IIA) held on December 7th, 2010.
Welcome New ISACA Detroit Chapter Members
Zhen Fu Anthony Dennis
Akinpelu Omoniyi Demuren Ellen M. Hanlon
Sheila Marie Depoorter Michele A. Brown
Viktoria E. Kamenova Paul Robert Jorgensen, Jr.
Daniel David Best Ali Rana
Srinivas Kasula Swapna Chada
Richard Bertoncin Praveen Kumar
Atul Goyal Humberto De Gyves
Gary Lechner Afia S. Phillips
Gregory Allen Ewert Catherine Boussie
Joseph Louis Garfola Zishan Siddiqui
Sabri Zhuli Dawne Sawka Jason Philips
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
6
Adam Keagle Richard Morris Linda Kearney Deborah Gore Joseph Piazza Michael Stolarczyk Peggy Moore Christine Lydick
Melvin Taylor Mike Yaskanin
ISACA Detroit Chapter 2010 - 2011 Programs Schedule
Date Topic Speaker Company
November 17th
Pre Dinner How to Prepare and Utilize ACL in an Audit Susan Yamin Ally Bank
After Dinner Stemming the Tide of Information Leakage John Townsend
DTE Energy
December 14th (Tuesday)
(Joint Meeting with IIA)
Pre Dinner GTAG 13: Fraud Prevention and Detection in an Automated World (IIA Speaker)
Jay Taylor GM
(Our Location) After Dinner Securing Social Networks (ISACA Speaker) Sajay Rai Securely Yours LLC
January 13th
(Joint Meeting with ACFE)
Pre Dinner Exact Fraud Topic and Time (Pre or Post Dinner) are TBD
Bill Hardin Protiviti
(Our Location) After Dinner ACFE to Provide ACFE to provide
February 16th
Pre Dinner Tips and Tricks to get the Most out of ISACA’s New Website (flexible on pre or post
Susan Yamin Ally Bank
After Dinner TBD
March 16th
Pre Dinner TBD
After Dinner TBD
April 20th
Pre Dinner SAP GRC for Process Controls Steve Rose and Cleberson Siansi
PwC
After Dinner TBD
May 18th
Pre Dinner TBD
After Dinner TBD
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
8
ISACA Detroit Chapter 2010 – 2011 Committee Members
Committee Directors
Academic Relations
Susan Yamin (Chair)
Robert Okopny
Greg Boehmer
Henry Danowski
Siobhan Jordan
Certification Jamshid Sadaghiyani (Chair)
James Watson
Brenda Karl
Michele Haroon
Facilities
Ed Barszcz (Chair)
Carrie Schrader
James Watson
Siobhan Jordan
Charles Silva
Internet Brandy Pfeiffer (Chair)
Don Ledwith
Membership
Michael Forrest (Chair)
Brenda Karl
Sajay Rai
Dick Morris
Henry Danowski
Jason Thompson
Nominating & Audit Jamshid Sadaghiyani (Chair)
Susan Yamin
Program
Greg Boehmer (Chair)
Jamshid Sadaghiyani
Carrie Schrader
Charles Silva
Spring Conference
Susan Yamin (Chair)
Juman Doley-Alomary
Doug Wahr
Derrick Buckingham
Carrie Schrader (Chair)
Seminars Susan Yamin
Doug Wahr
Bylaws, Policies and Procedures Siobhan Jordan (Chair)
Michele Haroon
Michael Forrest
Linda Kearney
Social Committee
Siobhan Jordan (Chair)
Jason Thompson
Susan Yamin
Doug Wahr
.
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
9
University of Michigan – Dearborn
Fairlane Center North 19000 Hubbard
Dearborn MI 48126
From the West Take I-94 East to Southfield (M-39) and exit North. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.
From the East Take I-94 West to Southfield (M-39) and exit North. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.
From the South Take Southfield (M-39) North to the Michigan Avenue exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the Following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.
From the North Take Southfield (M-39) South to the Ford Road exit. Stay on the Ford Road Service Drive to Hubbard Drive and turn right. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
10
Dinner Buffet
Salads Caesar Salad Pasta Salad
Entrees Swedish Meatballs & Mushroom Gravy Baked White Fish Mostaccoli with Meat Sauce
Side Dishes
Green Beans Almondine Au Gratin Potatoes
Optional Vegetarian Selection (available Only with pre-registration)
Pasta Primavera
Dessert
Assorted Torts and Whipped Cream
Open Bar
Beer and Wine only. Two alcoholic drink limit. No other liquor available. Unlimited coffee, tea, soda pop and rolls included with the meal.
DATABYTE
Geralyn Jarmoluk, Editor
P.O. Box 99385
Troy, MI 48099-99385
MMeennuu NNoovveemmbbeerr 1177,, 22001100
The Chapter must provide the number of reservations by 8:00 a.m. on Monday before the meeting. To ensure that we can accommodate those who wish to attend and the facility can provide the best service possible, please make your reservations prior to midnight Saturday, Nov. 13, 2010. If you have made a reservation and cannot attend, please contact Geralyn Jarmoluk at [email protected], or 248-762-7421 prior to the above noted deadline for refunds. Your cooperation is greatly appreciated.
We are very sorry, but reservations not cancelled prior to the above noted deadline (midnight Saturday prior to the meeting) cannot be refunded as we are committed to the caterer for the meals ordered.