ddaattaabbyyttee - information security · csc 248-853-4860 henry danowski, cisa, cism, cgeit, ......

DIRECTORS

Edward R. Barszcz, CIA, CFE Consultant 313-278-3915

Greg Boehmer, CISA, CFE, CIA, CGEIT,

CISSP, CISM Deloitte & Touche 313-394-5524

Derrick Buckingham, CISA, CISSP, CISM CSC 248-853-4860 Henry Danowski, CISA, CISM, CGEIT,

CRISC, CISSP, Security+ Visteon 313-399-2662

Michael A. Forrest, CISA, CGEIT Jefferson Wells 586-292-4740

Brenda L. Karl, CISA, CGEIT, CRISC Accretive Solutions 248-633-2347

Donald K. Ledwith, CISA, CISSP HOV Services, Inc. 248-837-7375

Richard A. Morris Comerica Bank 248-371-4505

D. Robert Okopny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246

Brandy Pfeiffer, CISA Federal-Mogul Corporation 248-354-2602

Sajay Rai, CPA, CISSP, CISM Securely Yours LLC 248-723-5224

Jamshid Sadaghiyani, CISA, CPA Delphi Corporation 248-813-3258

Carrie Schrader, CISA, CBM, CFE, CGEIT Ally Financial Services 313-656-67621

Charles A. Silva, CISA General Motors Corporation 313-665-3738

Jason A. Thompson, CISA, CIA, CISSP Blue Cross Blue Shield 313-225-7598

James M. Watson, CISSP, CISA, CIA Ford Motor Company 313-594-0609

Susan A. Yamin, CPA Consultant 248-225-3039

VOLUME 25 #3 REGION 4 CHAPTER 8

April

2010

PRESIDENT VICE PRESIDENT TREASURER SECRETARY Douglas S. Wahr, CISA, CISSP M. Siobhan Jordan Manish Zaveri, CPA, CISA Michele Haroon, CPA, CISA The Auto Club Group Accretive Solutions Delphi Corporation Accretive Solutions 313-436-7277 734-891-5082 248-813-6820 734-637-9270

DDAATTAABBYYTTEE

MMMooonnnttthhhlllyyy MMMeeeeeetttiiinnnggg

WWWeeedddnnneeesssdddaaayyy,,, NNNooovvv... 111777,,, 222000111000

Pre-Dinner Topic: Tips and Tricks of Using ACL Strategically in Audits Susan A. Yamin, CPA

After-Dinner Topic: Stemming the Tide of Information Leakage John Townsend, CISSP, CSSLP

Date: November 17, 2010

Time: 4:30 – 5:00 Registration & Networking 5:00 – 6:00 Pre-Dinner Presentation 6:00 – 6:45 Dinner 6:45 – 7:45 After-Dinner Presentation

Location: University of Michigan – Dearborn Fairlane Center North

Quad E Room, North Building. (It’s the 1st room to the right in the 1st aisle past the receptionist desk. See map and directions on page 9.)

19000 Hubbard Dearborn MI 48126 (248) 356-5602

Cost: Advance Registration: $20.00 Members $30.00 Non-Members $10.00 Students and Retirees

Reservations can be made at www.isaca-det.org Advance registration ends at midnight Saturday, November 13, 2010 Members & Non-Members making reservations after the reservation

deadline will be charged an additional $10. Walk-ins, excluding Students and Retirees are subject to the late charge.

http://www.isaca-det.org/

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

2

A Word from the President Dear Detroit Chapter Members, In October, we made a change to our meeting schedule after receiving feedback through our post- meeting survey. Our goal is to start our after dinner presentation at 6:45, ending the evening around 7:45 (vs. 8:00). Also, we have implemented some steps to help ensure that speakers don’t run over and leave time for questions. Those who attended October’s meeting enjoyed two informative and interactive presentations. Our Chapter partnered with and had a vendor table at the Secure World Expo, October 6-7 at the Ford Conference Center. I want to thank all of the board members (Brenda Karl, Mike Forrest, Henry Danowski, Derrick Buckingham, Jason Thompson, and Don Ledwith) who volunteered their time to staff our Expo table, with special thanks to Derrick (new to the board this year) who also stepped in to help coordinate, setup and take down our Expo materials. Way to go Derrick! Maybe the economy is turning around and people see the ROI of being an ISACA member. Whatever the reason, our chapter has grown since June by around 50 members and we now have just over 800 members. A growing membership helps our chapter sustain and expand our educational and social events. We are also making a number of efforts to introduce ISACA to local universities (thank you, Academic Relations Committee). I especially want to thank Henry Danowski who has contacted many universities, informing them about our chapter and providing information regarding our scholarship program. Great job Henry! If you have any university contacts, please let us know. I want to apologize to those of you that have been frustrated by our Chapter website. It has been difficult to maintain our current website; therefore, we are focusing our efforts on building a new website, working with ISACA International. I believe you will really like the new site. Thank you for your patience. We hope to go live with the new website towards the

end of November. Please contact me with questions, concerns, or your great ideas to make our Chapter even better at [email protected]. Come to our November 17th meeting and improve your ACL knowledge and skills. In addition, you will learn how one local company addressed an important area of concern that every company must deal with, data leakage of sensitive information. Be sure to invite your colleagues (audit, security, governance, risk) to come and check out our monthly meetings. I look forward to seeing you there. By now you should have received information regarding our next seminar: ‘Audit and Security of Virtualized Environments - Cloud Computing Workshop’ which will be held on Dec. 1-2. Also, the annual IIA/ISACA spring conference brochure and registration will be available in the coming weeks. Have a great Thanksgiving! Best Regards, Douglas S. Wahr, CISA, CISSP ISACA Detroit Chapter President

Oct. 2010 Speakers Carla Perrotta and William Wayland with ISACA Detroit Chapter President Doug Wahr

mailto:[email protected]


3

PRE-DINNER INFORMATION Tips and Tricks of Using ACL Strategically in Audits

We will discuss how to strategically utilize ACL in an audit. The presentation will include the following:

When is it beneficial to use ACL in an audit?

What auditors need to know and capture while planning an audit that will use ACL.

How you can and should organize the information being captured during the audit and ACL usage.

Tricks on loading data into ACL.

Tips on using the simple commands within ACL, data validation, sample selection, and joining tables.

Potential for automating and continuous auditing with ACL.

During the lecture we will demonstrate ACL with example data along with a power point that will be available on the ISACA-Det.org website.

Pre Dinner Speaker

Susan A. Yamin, CPA is an Integrated Internal Audit Specialist. Susan has more than 12 years in the internal audit profession focused on Fortune 500 companies and the Health Care industry. She is currently working on the development and deployment of a Basel II Data Quality Control Assessment methodology for a large Bank Holding Company. Recently she provided Data Mining expertise as a consultant for Accretive Solutions. In her previous position as a Professional Practices Audit Manager with Comerica Corporation, she was a leader in the development of audit methodologies, data-mining, quality assurance programs, Sarbanes Oxley testing and reporting procedures, and infrastructure reporting mechanisms to improve the internal audit function. As a former Principal Auditor with Blue Cross Blue Shield of Michigan she was heavily involved in creating audit consulting methodologies for large software development projects, teaching Business Risk and conducting risk assessments for annual audit planning and individual integrated audits. Susan has been a part of the ISACA Detroit Chapter Board for more than 7 years and currently holds a Past President position. She also serves on the Board of the IIA Detroit Chapter as their Secretary. Susan holds a Bachelors of Accounting degree from Walsh College with a concentration in Information Technology

AFTER-DINNER INFORMATION

Stemming the Tide of Information Leakage

This presentation tells the true life story of DTE Energy’s journey to a comprehensive DLP program. Topics covered include: Program Goals, Ownership, Governance, Metrics, Incident Monitoring, Employee Education, Technical Implementation, and Lessons Learned.

After Dinner Speaker:

John Townsend is the Manager of Information Protection and Security at DTE Energy. This group is responsible for securing the electronic perimeter of the corporation, which includes network and application security, security risk assessments, and the future direction of information security. This role ensures the confidentiality, integrity, and availability of information assets. It also includes working closely with business units that are tasked with securing our critical infrastructure assets. In addition to these responsibilities, John works in close partnership with the Legal organization on electronic discovery (eDiscovery) matters.

Prior to assuming this role in April of 2006, John was the Manager of Enterprise Applications.

Previous leadership assignments at DTE Energy include: Manager of Infrastructure and Software Group within the DTE2 project, Manager of Telecommunications Operations, and Manager of Technology Planning and Consulting. John also played a key role on the DTE Energy/MCN Information Technology Merger Team. He has worked at DTE Energy for 16 years, has a BS in Business from Central Michigan University, and has completed post-graduate work at Wayne State University and the University of Michigan. In 2007, John obtained the professional credentials of a Certified Information Systems Security Professional (CISSP) and in 2009 of a Certified Secure Software Lifecycle Professional (CSSLP).


4

Your chance to attend the IIA/ISACA Spring Conference for FREE

At our February meeting, a drawing will be held for free attendance at the IIA/ISACA Spring Conference. SO, how you might ask do you get in on this drawing? Simple – attend meetings from September through February. Each person attending a meeting from September through February will get a chance for the drawing. But wait, you want more chances to win? Bring a non-member friend. Anyone bringing a non-member to a meeting will get an additional chance entry. BUT, just like the RONCO commercials, I’m not done yet. Get a non-member to join, and earn still another chance. (Membership Applications will be available at each meeting.). See you all at the meetings!

Call for Articles - Databyte is looking for articles to

publish from local authors. Share your knowledge

and experience with your peers. Submit your

articles to [email protected].

Attend up to 3 Chapter Meetings FREE

In these difficult times, the ISACA Detroit Chapter Board wants to help. If you are unemployed, laid-off, or are not currently receiving a paycheck, we have some good news. It’s during times such as these that maintaining a network of co-workers and maintaining your level of training is so very important. We are, therefore, offering to allow you to attend up to three (3) meetings for FREE. You must register for each meeting through the Membership Chairman by sending an e-mail stating that you are currently out of work and wish to attend the meeting. The e-mail must be received prior to the meeting registration close for that meeting. Please send the e-mail to Mike Forrest at [email protected].

Did You Know… The new isaca.org helps personalize members’ online experiences. Enhancements to the web site include:

• RSS feeds—Select topical feeds from various knowledge and news sections of the site to keep up with the latest from ISACA International Headquarters and thought leading members. • Bookmarks—Bookmark pages, sections, documents and ongoing conversations for easy access, sharing and reference. • Saved searches—Adding to robust search and content classification enhancements, maintain frequent searches, along with targeted suggestions based on a user’s interests and browsing behavior. • Certification verification—Online employer verification of certification holders will allow employers and potential employers to verify certification status. This enhancement builds on the prestige and accessibility of current certification holders while also helping to grow interest in becoming a certified professional.

ISACA Detroit Chapter Members -- We do not release, publish, sell, or otherwise distribute member names or e-mail addresses. Our mailings are limited to our monthly newsletter DataByte, Chapter-sponsored educational opportunities, and essential Chapter news. If you would prefer that your name not be published, please notify our Chapter Administrator at [email protected].

ADVERTISE IN YOUR DATABYTE

NEWSLETTER

¼ Page - $50.00

½ Page - $100.00

Full Page - $200.00

Contact Geralyn Jarmoluk at

[email protected] or Mike Forrest

at [email protected]






5

This year, the Detroit Chapter of ISACA will

sponsor two separate scholarship contests for

students. In the fall of 2010, two (2) $1,000

scholarships are available for local college

students. Again in the spring of 2011, three (3)

$1,000 scholarships will be available.

Additionally, all full-time students will receive a

1 year student membership to ISACA, just for

participating.

Submission requirements include a one page resume and a four page paper on:

How can ISACA better prepare students to enter the IT audit profession? Please include at least three skills you consider key to being a successful IT auditor. A cover page may also be added. Applicants from all schools are welcome. Resumes should include GPA, outside activities, and may include any involvement in ISACA or other professional or university organizations. Please follow these formatting rules: Double space, Times New Roman 12 font, 1' margins, use section headings, 4 page maximum, and must include references on a separate page, not part of the four. The papers will be evaluated on content and editing. This should not be a cut and paste exercise. Priority will be given to, but not limited to, full‐time students and those who will be graduating in spring 2011 or later. Students must not be employed in their post‐graduation professional career, so as to limit the scholarships to students who need the funds the most. If you have returned to school to change professions, you would be eligible. There are usually good odds of earning the scholarship when

submitting. Fall deadline is November 29, 2010 at 12 midnight. Submissions are to be sent to: Administrator@isaca‐det.org. Fall contest winners will be announced at the joint meeting held with the Internal Auditors Association (IIA) held on December 7th, 2010.

Welcome New ISACA Detroit Chapter Members

Zhen Fu Anthony Dennis

Akinpelu Omoniyi Demuren Ellen M. Hanlon

Sheila Marie Depoorter Michele A. Brown

Viktoria E. Kamenova Paul Robert Jorgensen, Jr.

Daniel David Best Ali Rana

Srinivas Kasula Swapna Chada

Richard Bertoncin Praveen Kumar

Atul Goyal Humberto De Gyves

Gary Lechner Afia S. Phillips

Gregory Allen Ewert Catherine Boussie

Joseph Louis Garfola Zishan Siddiqui

Sabri Zhuli Dawne Sawka Jason Philips

mailto:Administrator@isaca‐det.org


6

Adam Keagle Richard Morris Linda Kearney Deborah Gore Joseph Piazza Michael Stolarczyk Peggy Moore Christine Lydick

Melvin Taylor Mike Yaskanin

ISACA Detroit Chapter 2010 - 2011 Programs Schedule

Date Topic Speaker Company

November 17th

Pre Dinner How to Prepare and Utilize ACL in an Audit Susan Yamin Ally Bank

After Dinner Stemming the Tide of Information Leakage John Townsend

DTE Energy

December 14th (Tuesday)

(Joint Meeting with IIA)

Pre Dinner GTAG 13: Fraud Prevention and Detection in an Automated World (IIA Speaker)

Jay Taylor GM

(Our Location) After Dinner Securing Social Networks (ISACA Speaker) Sajay Rai Securely Yours LLC

January 13th

(Joint Meeting with ACFE)

Pre Dinner Exact Fraud Topic and Time (Pre or Post Dinner) are TBD

Bill Hardin Protiviti

(Our Location) After Dinner ACFE to Provide ACFE to provide

February 16th

Pre Dinner Tips and Tricks to get the Most out of ISACA’s New Website (flexible on pre or post

Susan Yamin Ally Bank

After Dinner TBD

March 16th

Pre Dinner TBD

After Dinner TBD

April 20th

Pre Dinner SAP GRC for Process Controls Steve Rose and Cleberson Siansi

PwC

After Dinner TBD

May 18th

Pre Dinner TBD

After Dinner TBD


7


8

ISACA Detroit Chapter 2010 – 2011 Committee Members

Committee Directors

Academic Relations

Susan Yamin (Chair)

Robert Okopny

Greg Boehmer

Henry Danowski

Siobhan Jordan

Certification Jamshid Sadaghiyani (Chair)

James Watson

Brenda Karl

Michele Haroon

Facilities

Ed Barszcz (Chair)

Carrie Schrader

James Watson

Siobhan Jordan

Charles Silva

Internet Brandy Pfeiffer (Chair)

Don Ledwith

Membership

Michael Forrest (Chair)

Brenda Karl

Sajay Rai

Dick Morris

Henry Danowski

Jason Thompson

Nominating & Audit Jamshid Sadaghiyani (Chair)

Susan Yamin

Program

Greg Boehmer (Chair)

Jamshid Sadaghiyani

Carrie Schrader

Charles Silva

Spring Conference

Susan Yamin (Chair)

Juman Doley-Alomary

Doug Wahr

Derrick Buckingham

Carrie Schrader (Chair)

Seminars Susan Yamin

Doug Wahr

Bylaws, Policies and Procedures Siobhan Jordan (Chair)

Michele Haroon

Michael Forrest

Linda Kearney

Social Committee

Siobhan Jordan (Chair)

Jason Thompson

Susan Yamin

Doug Wahr

.


9

University of Michigan – Dearborn

Fairlane Center North 19000 Hubbard

Dearborn MI 48126

From the West Take I-94 East to Southfield (M-39) and exit North. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.

From the East Take I-94 West to Southfield (M-39) and exit North. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.

From the South Take Southfield (M-39) North to the Michigan Avenue exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the Following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.

From the North Take Southfield (M-39) South to the Ford Road exit. Stay on the Ford Road Service Drive to Hubbard Drive and turn right. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.


10

Dinner Buffet

Salads Caesar Salad Pasta Salad

Entrees Swedish Meatballs & Mushroom Gravy Baked White Fish Mostaccoli with Meat Sauce

Side Dishes

Green Beans Almondine Au Gratin Potatoes

Optional Vegetarian Selection (available Only with pre-registration)

Pasta Primavera

Dessert

Assorted Torts and Whipped Cream

Open Bar

Beer and Wine only. Two alcoholic drink limit. No other liquor available. Unlimited coffee, tea, soda pop and rolls included with the meal.

DATABYTE

Geralyn Jarmoluk, Editor

P.O. Box 99385

Troy, MI 48099-99385

MMeennuu NNoovveemmbbeerr 1177,, 22001100

The Chapter must provide the number of reservations by 8:00 a.m. on Monday before the meeting. To ensure that we can accommodate those who wish to attend and the facility can provide the best service possible, please make your reservations prior to midnight Saturday, Nov. 13, 2010. If you have made a reservation and cannot attend, please contact Geralyn Jarmoluk at [email protected], or 248-762-7421 prior to the above noted deadline for refunds. Your cooperation is greatly appreciated.

We are very sorry, but reservations not cancelled prior to the above noted deadline (midnight Saturday prior to the meeting) cannot be refunded as we are committed to the caterer for the meals ordered.


ddaattaabbyyttee - information security · csc 248-853-4860 henry danowski, cisa, cism, cgeit, ......

Documents