september 14 meeting notice - ISACA – Los Angeles Chapter

ISACALA.org
LA Chapter
Inside
Meeting Notice ..........1
President’s Message ...2
Academic Relations ....3
Spring Conference......3
News Update ............4
Information Systems Audit and Control Association
September 2005
SEPTEMBER 14 MEETING NOTICE
MEETING TOPIC:
The Impact of Security Breach Notification Laws on Information Security Policies
SPEAKER:
Brian Craig
Corporate Counsel and Privacy Officer Cybertrust
Industry News ..........7
Active Directory ........8
Monthly Article .........9
New Members .........16
Employment ...........18
Board ....................23
Chapter Officers
President
Cheryl Santor
CISSP, CISM, CISA
CCNA, CNE
Metropolitan Water District
of Southern California
[email protected]
(213) 217-6081
Vice President
Anita Montgomery
CISA, CIA
Countrywide Financial
Corporation
[email protected]
(805) 520-5482
Secretary
Amanda Xu, CISA
KPMG LLP
[email protected]
(213) 955-8552
Treasurer
Martin Rojas
PricewaterhouseCoopers LLP
[email protected]
(213) 217-3309
ABSTRACT:
Congress and more than 15 states have adopted or are considering legislation requiring
notification in the event of a data loss. Brian Craig, Cybertrust Corporate Counsel, will provide
an overview of the security breach legal notification requirements and how they are impacting
(and how they will impact) organizations’ information security policies. This presentation
will also examine how security policies and oversight responsibilities should be modified to
address the evolving legal breach notification requirements. Mr. Craig’s discussion will be
a valuable session for those individuals who are responsible for managing an organization’s
IS policy as well as anyone who provides their organizations with compliance oversight at
a policy level.
ABOUT THE SPEAKER:
Brian Craig, J.D., is Corporate Counsel and Privacy Officer for Cybertrust, Inc. Mr. Craig
focuses on information security and privacy law matters including HIPAA, Sarbanes-Oxley
and Gramm-Leach-Bliley compliance and PKI issues. He has more than 10 years of experience
in computer, network and information security legal matters. Mr. Craig previously provided
counsel to network security companies as General Counsel for TruSecure Corporation and
Assistant General Counsel for Axent Technologies. Mr. Craig is a former U.S. Army Artillery
officer and has completed the Hawaii Ironman Triathlon.
AGENDA:
5:00 PM to 5:30 PM Registration and Pre-Meeting
5:30 PM to 6:30 PM Dinner
6:30 PM to 8:30 PM Program (2 hours CPE)
LOCATION
Monterey Hills Steak House
3700 West Ramona Blvd.
Monterey Park, CA. 91754
(323) 264-8426
Rates
Reserved
Walk-Ins or
After Sept 8th
ISACA
Members
$25
$35
NonMembers
$30
$40
Full-Time
Students
$15
$25
Payment Methods: Cash and Checks (made payable to
ISACA-LA) only. Reserve A.S.A.P.
President’s Message
September 2005
President’s
Message
BY
CHERYL
SANTOR
I
would like to thank the membership
who voted to elect me as your
President, but whether you voted,
I am pleased to represent the Los
Angeles Chapter of ISACA. Those of
you who know me personally know
my passion for this organization and I
look forward to serving you. I would
like to thank Thomas Phelps for an
outstanding job as our President for
the past two years.
A busy year is ahead of us; we are
now providing CISA and CISM
exams twice a year which means we
will be presenting the CISA Review
Course in Spring and Fall. Those
who are candidates for the CISA
exam, look out for announcements of
the next CISA Review Course. If you
have questions, contact cisa@isacala.
org. We would also like to present
the CISM Review Course two times
a year if there is a need. We had
a number of candidates attend the
course held for two days after the
Spring Conference. Please contact
[email protected] if you would like
us to hold the CISM Review Course
this fall before the exam.
We are pleased that our retiring
Presidents continue to be active in
our chapter. Debbie Lew has been
appointed to the ISACA International
Audit Committee, a position of more
responsibility. She will be a good
representative for Los Angeles. Larry
Hanson is continuing on as our Chief
Technology Officer, to which we
owe much gratitude in providing us
methodologies to expedite processes
and use information more efficiently.
Thomas Phelps is transitioning to our
Chief Operations Officer and Liaison,
which will assist us in fine tuning our
efforts to provide membership value.
Other past presidents are performing
volunteer work behind the scenes and
we are grateful for their efforts.
Page 2
your calendars and plan for this
annual event. ISACA Los Angeles
strives to bring quality and value to
its membership.
Our first meeting is September 13th.
We look forward to seeing you there.
The program committee is working
This past year, at the Global diligently to provide subjects of
Leadership Conference, we won interest for your careers. They have
the International K. Wayne Snipes plans to present timely information
award as the Best Very Large Chapter at our monthly meetings and to
in North America. Our volunteers collaborate with peer organizations
are the reason we excel and gain in joint seminars and events.
recognition. We would like you
to be part of achieving goals and One last note, if there is something you
recognition, please contact chapter wish to discuss with me personally or
leaders and put your name in as want to suggest an idea for the chapter
someone that wants to participate, to entertain, please do not hesitate to
remember even small tasks add up contact me. I will continue to send
out the meeting reminders to keep in
to large achievements.
touch with all of you.
The Spring Conference for 2006 is
April 3-5, 2006, with workshops Take care and let’s have a Great
on April 2, 2006. We are booking Year!
a CISM Review Course for the
two days immediately after the Sincerely,
conference, April 6-7, 2006. We Cheryl Santor
have already begun scheduling Los Angeles Chapter President
topics, speakers and vendors. Mark [email protected]
ISACA Global Leadership Conference, April 2006.
From Left to Right: Frank Yam (Vice President, ISACA Board of Directors), Debbie Lew (Membership Board and Conference Speaker), Iwan
Atmawidjaja (Director, Indonesia Chapter), Susanna Chiu (President, Hong
Kong Chapter and COO, DVN Ltd), Vincent Chan (Vice President, Hong
Kong Chapter and Partner, Ernst & Young, Technology & Security Risk
Services).
Academic Relations
September 2005
Academic Relations and
Research
S TUDENT V OLUNTEERS N EEDED FOR
ISACA 2006 SPRING CONFERENCE
BY
AMANDA XU
UPCOMING EVENT
Dinner Meeting for November will be
held at Cal Poly Pomona. Pre-meeting
topic will be “How to sell yourself in
today’s job market” presented by Sandy
Geffner. Sandy will discuss how the job
market has been much slower these last
few years, and even though there has
been more activity recently, it is still
tough obtaining a good position. How
can you best represent yourself and
increase your odds of not only finding
but also winning that “right” position?
Following the pre-meeting will
be the panel discussion on Career
Development. Representatives from
Big 4 and senior management from local
companies will share their experiences
on career development and answer
questions.
ISACA LA Chapter is very excited that
one of the three 2005 best paper winner
was selected by the ISACA International
Journal to be published in the IS Audit
& Control Journal. This year’s best
paper winners will be announced in the
November’s dinner meeting to be held
at Cal Poly Pomona.
FOR
ISACA LA is looking for student
volunteers to assist with forming of the
ISACA Student Chapter at Cal Poly
Pomona and USC. Anyone interested
should contact the academic relations
at [email protected] or
[email protected].
waived for the Los Angeles Chapter. To
facilitate the 58% reduction in dues, the
benefits that student received by mail
will now be available electronically.
Most notably, the IS Control Journal
will be made available exclusively
online via the web site. Please visit
ISACA’s student site at http://www.
isaca.org and click on the link “Students
& Educators” for more information.
2006
Spring
Conference
FREE DINNER MEETING
Students have the opportunity to publish
an article in our local newsletter and
attend our dinner meeting for free.
Submit a short article on an emerging
technology emphasizing audit, security,
and/or controls to Stephen Shar at
[email protected] or academicrelation
[email protected]. If the article is selected
and published, the student will receive
a complementary dinner meeting.
Newsletters are published quarterly and
up to three articles may be selected.
STUDENT LIAISON PROGRAM
BEST PAPER CONTEST WINNER
S TUDENT V OLUNTEERS N EEDED
ISACA STUDENT CHAPTER
ISACA LA is looking for student
volunteers for the Spring Conference.
This is an excellent opportunity to
attend a professional conference for
free and to network with working
professionals. The dates are April 2
- 5. Anyone interested should contact
the academic relations at academicre
[email protected] or sshar@kpmg.
com, as we are currently in the process
of finalizing all plans. The deadline for
submission will be March 1, 2006.
Page 3
ISACA-LA is searching for one to
two student representatives from
each local college and university to
promote ISACA-LA events (dinner
meetings, spring conference, CISA
Review, summer picnic, etc.) Academic
Relations offers free student membership
for the selected student representatives.
Contact [email protected]
for more information.
ISACA STUDENT MEMBERSHIP (ONLY
$25)
Two years ago, the ISACA International
Board of Directors approved the reduction
of ISACA Student Membership Dues.
The International dues for students
have reduced from US $60 to US
$25 annually. Also, student fees are
T
BY
DEBBIE LEW,
CISA
he 2006 Spring Conference
has been scheduled!!! Circle
April 2 to 5, 2006 on your
calendars and plan to be at the Universal
Hilton and Towers for another quality
educational event offered by the chapter.
We will be holding our pre-conference
workshops on April 2, and the multitrack, concurrent sessions during April
3 to 5. The CISM review program
will be offered for 2 days after the
conference. The conference committee
is in the process of developing the
program to provide you with affordable
quality speakers and emerging topics
on IT Auditing, security concepts,
and emerging technology risks. If
you’re interested in speaking or want
to see a topic included, please go
to the website www.isacala.org to
complete the “Call For Papers” or email
[email protected]. Check the
website periodically for current updates
on program/workshop and speaker
details.
News Update
September 2005
CISA/CISM
UPDATE
CERTIFICATION UPDATE
SECOND EXAM ADMINISTRATION
2005
IN
A second annual administration of the
CISA and CISM exams will take place
for the first time on December 10,
2005. Exam locations and languages
for the December administration will
be limited and have been determined
based upon current demand for the
June administration.
The December CISA exam will be the
last using the current CISA job practice
areas. The Los Angeles Chapter will
be offering a CISA review program
this fall - please email CISA@isacala.
org with your interest and questions.
The CISM review program will be
offered subsequent to the annual spring
conference in April 2006. Registration
for the December exam will open on
July 1. To view additional details, a list
of test sites and a series of frequently
asked questions (FAQs), please visit
www.isaca.org/certification.
Page 4
BOOKSTORE
If you are sitting for either the CISA or
CISM exam to be held December 10,
2005 you should prepare using the 2005
editions of the study aids. Candidates
sitting for the 2006 exams should
prepare using the 2006 editions of the
study aids, which will be available in
the fourth quarter of 2005.
For more information on the CISA and
CISM study aids, please visit www.
isaca.org/cisabooks and www.isaca.org/
cismbooks, respectively. Please contact
the Bookstore at [email protected]
or +1.847.253.1545, ext. 401 or 478,
with any questions.
CISA
CONTENT
EFFECTIVE 2006
AREAS
Content-Based Area
% of Exam
1 IS Audit Process
10
2 IT Governance
15
NEW CISM JOB PRACTICE ANALYSIS
CONTINUES
3 Systems and Infrastructure
Lifecycle Management
16
A CISM job practice analysis study to
update the criteria used to certify and
examine CISM candidates continues.
A task force of security management
experts revised the current delineation,
which was then submitted for review
and comment to two panels of security
managers. The resulting document has
been sent to a team of international
subject matter experts for another
level of review. Following this, the
task force will integrate the comments
and submit the completed document to
security managers and CISMs around
the world. The final specification will
be incorporated into the CISM exam in
2007.
4 IT Service Delivery
and Support
14
5 Protection of
Information Assets
31
6 Business Continuity
and Disaster Recovery
14
CONTENT AREA 1: IS AUDIT PROCESS
Provide IS audit services in accordance
with IS audit standards, guidelines, and
best practices to assist the organization
in ensuring that its information
technology and business systems are
protected and controlled.
CONTENT AREA 2: IT GOVERNANCE
To provide assurance that the
organization has the structure,
policies, accountability, mechanisms,
and monitoring practices in place to
achieve the requirements of corporate
governance of IT.
CONTENT AREA 3: SYSTEMS
INFRASTRUCTURE LIFECYCLE
AND
To provide assurance that the
management
practices
for
the
development/acquisition,
testing,
implementation, maintenance, and
disposal of systems and infrastructure
will meet the organization’s objectives.
CONTENT AREA 4: IT SERVICE DELIVERY
AND SUPPORT
To provide assurance that the IT service
management practices will ensure the
delivery of the level of services required
to meet the organization’s objectives.
CONTENT AREA 5: PROTECTION
INFORMATION ASSETS
OF
To provide assurance that the security
architecture
(policies,
standards,
procedures, and controls) ensures
the confidentiality, integrity, and
availability of information assets.
CONTENT AREA 6: BUSINESS CONTINUITY
AND DISASTER RECOVERY
To provide assurance that in the event
of a disruption the business continuity
and disaster recovery processes will
ensure the timely resumption of IT
services while minimizing the business
impact.
See News Update, page 5
News Update
September 2005
News Update,
continued from page 4
NEWS BRIEFS
DAMIANIDES FEATURED
OXLEY WEBCAST
IN
SARBANES-
Marios Damianides, CISA, CISM, CPA,
CA, 2004-05 international president
of ISACA, was recently featured as
a panelist in an Information Week
webcast titled “The Road Ahead: Living
With Sarbanes-Oxley...Forever.” The
webcast is available for viewing until
November 12, 2005 at https://www.
cmpnetseminars.com/BTG/default.
asp?K=3IK6A&Q=244. The panelists
discussed how companies performed in
year one of Sarbanes-Oxley, additional
reporting requirements, techniques for
improving compliance, how to justify
budgets for ongoing compliance and
looking to the future.
RESEARCH
SPOTLIGHT
PROJECT
IT GOVERNANCE DOMAINS PRACTICES
AND COMPETENCIES
In 2004, the IT Governance Institute®
(ITGI), in conjunction with Lighthouse
Global, surveyed 200 IT professionals
from 14 countries in the Americas,
Asia-Pacific and Europe. In-depth
personal interviews were conducted
for feedback on the five domains.
These executive briefings are based on
the results of this survey, along with
additional research for the five areas of
IT governance.
Optimising Value Creation From
IT Investments and Information
Risks: Whose Business Are They?
are currently available in the ISACA
Bookstore. The remaining three books
will be released in the second half of
2005.
Once released, each book will be
available as a free download (www.
isaca.org) to members exclusively for
a limited period. Then they will be
made public through the ISACA and
ITGI sites, and the ISACA Bookstore
(www.isaca.org/bookstore).
RESEARCH UPDATE
INFORMATION RISKS: WHOSE BUSINESS
ARE THEY?
This volume focuses on information
risk management, which is a key IT
governance area and a top management
concern, and examines:
• Why information risk management is
important
• Potential risks
• Information risk management best
practices
• Responsibility for the management
of IT risks
• A suggested action plan
This publication is also available.
GOVERNANCE OF OUTSOURCING
This volume focuses on outsourcing
IT activities, which has become
common practice around the world as
organizations strive for more effective
and efficient IT services. The research
examines the best practices for the
governance of outsourcing, including:
• Asset management
• Contract management
• Relationship management
Page 5
•
Service level agreements
outsourcing level agreements
and
• Due diligence
• Baselining and benchmarking
• Governance processes
• Governance organization
• Scope reviews
• Roles and responsibilities
This book will be available in July
2005.
MEASURING AND DEMONSTRATING
VALUE OF IT
THE
This volume focuses on performance
measurement issues, including:
•
Importance of governing
performance management
IT
• Current IT performance management
governance approaches
• Best practices for IT performance
management
• IT governance roles, responsibilities
and activities relating to IT performance
management
• Likely future trends
• Generic steps
This book will be available in August
2005.
See News Update, page 6
News Update
September 2005
News Update,
continued from page 5
IT
ALIGNMENT—IT
COMMITTEES
STRATEGY
This volume focuses on ensuring IT
alignment with business objectives and
examines the effectiveness of an IT
strategy committee or IT “council” in
helping achieve IT alignment. It looks
at the following questions:
• What is the best role of an IT strategy
committee?
• Who is best to chair the committee?
• Who should be the constituents?
• To whom does the committee report?
• What areas should it direct and
monitor?
Members are encouraged to act now
to be among the first to post their
résumés in the members-only résumé
database, which is actively reviewed
by employers each day. Members have
the added advantage of being able to
receive e-mail notification when new
jobs are posted. The résumé posting
and e-mail notification services are
reserved for ISACA members only.
For those seeking to hire, the ISACA
Career Centre is the source for IT
audit, control, security and assurance
professionals. The Career Centre
highlights the Certified Information
Systems AuditorTM (CISA®) and
Certified
Information
Security
Manager® (CISM®) designations,
providing a special opportunity for
those interested in hiring CISA or
CISM holders. Please visit www.isaca.
org/careercentre to explore this exciting
new offering.
Page 6
INFORMATION SECURITY MANAGEMENT
CONFERENCE
19-21 SEPTEMBER 2005
LAS VEGAS, NEVADA, USA
This conference is designed for
experienced information security
managers and those who have
information security management
responsibilities. This event will feature
a combination of high-level and
detailed sessions to provide attendees
with an opportunity to customize their
conference learning experience to
specific interests and professional needs.
Those holding the CISM designation
and those aspiring to become CISMs
will find great value in this conference.
Visit www.isaca.org/infosecurity for
additional details.
• Which techniques work, and which OTHER CONFERENCES
do not work?
This book will be available in the fourth
quarter of 2005.
ISACA’S CAREER CENTRE IS
NOW ONLINE!
The ISACA Career Centre is now
available for enterprises seeking to
hire and IT professionals searching
for employment. The Career Centre is
dedicated exclusively to information
systems audit, control, security and
assurance professionals, and it is free
for job seekers. Job seekers can look
for jobs online and specify criteria to
limit each search. The search can be by
geography, professional certification,
experience level and a number of other
factors.
NETWORK SECURITY CONFERENCE
COBIT® USER CONVENTION
19-21 SEPTEMBER 2005
1-2 DECEMBER 2005
LAS VEGAS, NEVADA, USA
LOCATION TBD
The Network Security Conference
is designed to meet the education
and training needs of the seasoned IS
security professional as well as the
newcomer. Topics will include physical
security, web application security
environments, application security,
hacking concepts and tools, encryption
concepts and techniques, intrusion
detection and prevention systems,
wireless network security, and database
security. Additional information is
available at www.isaca.org/nsc.
This two-day event features case
studies and facilitated discussion
groups exclusively designed for users
of CobiT®. Participants will learn how
other organizations are successfully
implementing and using CobiT. In
addition, CobiT users can seek answers
in a facilitated environment and share
their solutions to common and unique
implementation problems. Additional
information can be found on the
ISACA web site at www.isaca.org/
cobituserconvention.
September 2005
CISA CONTINUES TO BE THE
HIGHEST PAYING TECH
CERTIFICATION, ACCORDING
TO NEW FOOTE PARTNERS’
STUDY
For the second time in a row, the
Certified Information
Systems Auditor (CISA) certification
has been named the highest paying
technical certification by a Foote
Partners LLC study.
Industry News
certifications to watch over the next
12 months.
COBIT FOUNDATION COURSE
LAUNCHED
The IT Governance Institute® (ITGI)
and ISACA recently released the
COBIT® Foundation Course, a selfpaced, electronic tutorial developed
by ITpreneurs, a leading provider
of training solutions in the area of
IT management and control best
The study, part of the Foote Partners’ practices, to help IT professionals
“Hot Technical Skills & Certifications become skilled at using Control
Pay Index” research series, examined Objectives for Information and
the market values for more than related Technology (COBIT®)
170 skills; 48,000 IT professionals within their organizations.
from 1,860 organizations in North
America and Europe were surveyed
The COBIT Foundation Course
from January to April 2005.
features case studies, real-world
Overall pay for certified skills grew
examples, an overview of COBIT’s
0.6 percent in the first three months
control objectives, control practices,
of 2005, according to the study.
management guidelines and audit
guidelines, and 40 sample questions
“We projected this continued growth
that help prepare users for the
earlier this year due to
COBIT Foundation exam. Additional
several factors now in play,” said
information is available at www.
David Foote, the cofounder, president
isaca.org/cobitcampus.
and chief research officer of Foote
Partners, a management consultancy
and IT research firm. “Probably the A S I S I N T E R N A T I O N A L
most obvious has been the economy D R A F T G U I D E L I N E S O N
and the return of hiring and concerns WORKPLACE
VIOLENCE PREVENTION AND
about retention of talent.”
RESPONSE
A February 2005 study by the Foote As a member of the security
Partners also named CISA the alliance, ISACA is being offered an
highest paying tech certification. A opportunity to review and comment
late 2004 study named CISA and on a draft guideline that has been
the Certified Information Security released by the Commission on
Manager (CISM) certification “hot” Guidelines of ASIS International. The
Page 7
draft guideline, Workplace Violence
Prevention and Response, outlines
prevention strategies and procedures
for detecting, investigating, managing
and following up on threats or violent
incidents that occur in the workplace.
The guideline covers the following
topics:
Workplace Violence—A Broad
Concern for Employers; The Need
for a Multidisciplinary Response;
Preparedness and Prevention; Threat
Response and Incident Management;
Incorporating Domestic Violence
Into
Prevention Strategies; and The Role
of Law Enforcement.
Anyone wishing to view the draft
guideline or to share it with his/her
organization’s security or human
resources management can go to
www.asisonline.org/guidelines/
guidelines.htm to download a
copy. Comments can be submitted
using an online form available at
www.asisonline.org/guidelines/
guidelinescomments.xml.
As items of interest become available
from the security alliance, ISACA
will share them with members.
September 2005
Securing and Auditing Active Directory
COURSE DESCRIPTION
from just one. You’ll learn how to
use resource kit utilities, shareware
SECURING AND AUDITING programs, as well as how to analyze
results and identify risks. You’ll
ACTIVE DIRECTORY - ASO402
master techniques for assessing
Proven Strategies for Maximizing administrative authority in AD;
identifying arcane risks associated
the Results of Your Windows
with the forest root domain; and
Audits
assessing forest,tree domain,
organizational unit structure, and
LOCATION
group policy.
October 11 to 13, 2005, New Horizons
Computer Learning Center, Culver
You will gain an understanding
City, CA
of how Active Directory relates to
Windows Server security and how
SEMINAR FOCUS AND FEATURES
AD’s Group Policy technology
In this three-day, hands-on seminar makes it possible to control Windows
you will gain the skills you need Server security settings centrally. You
to perform a detailed audit of a will learn how to determine whether
Windows® 2000/2003 and Active crucial best practice techniques
Directory network. You’ll be guided were followed in the design of your
through each step of the review, organization’s forests and domains.
from scope and planning through You’ll discover crucial features
evidence extraction and analysis, to
of Active Directory’s monitoring
writing up your findings. You’ll learn
capabilities that facilitate compliance
how to collect as much information
with Sarbanes-Oxley requirements.
as possible from the network so
you don’t have to rely on interview
questions, and learn how to efficiently In this detailed seminar you
determine which computers in the will discover how to tell if your
administrators are really reviewing
network should be reviewed.
security logs as often as they say
You will discover secrets for quickly they are and get pointers on detecting
extracting the evidence you need lax account management. At the
without wearing out your computer’s conclusion of the course you will
print-screen button or monopolizing perform an audit of a network.
your administrator’s time. You’ll
determine which controls are PREREQUISITE
important to review at each level, Securing and Auditing Windows
starting with forests down through Server 2000 or Windows Server 2003
trees to domains, domain-controllers or equivalent knowledge.
and finally member servers. You’ll
cover time-saving tips, including
which kinds of trust relationships LEARNING LEVEL
are important to assess and which Advanced
aren’t; which pieces of evidence BONUS
you need to extract for each domain You will receive four evidence
controller; and which you can extract checklists for each level of the
Page 8
Windows environment detailing the
reports, screen prints, and commands
you must run.
INSTRUCTOR PROFILE
Randy Franklin Smith, president of
Monterey Technology Group, is an
internationally known speaker and
writer on Windows, Active Directory
and Internet Information Server
security topics. Mr. Smith serves
as contributing editor for Windows
IT Pro and as technical editor for
Security Administrator. The winner
of the APEX Award of Excellence
for his writing, his articles have also
appeared in Information Security
Magazine. He is the primary
instructor and course developer for
MIS Training Institute’s Windows
platform security programs.
Mr. Smith also performs security
reviews for clients ranging from
small, privately held firms, to
Fortune 500 companies. In addition,
he regularly trains internal audit
staff and “Big 4” accounting firm
consultants on how to audit Windows
2000 and Active Directory. He is
a member of the ISSA, ISACA,
Technology Association of Georgia,
and Center
for Internet Security, and was recently
granted Microsoft MVP status.
REGISTRATION
Go to www.isacala.org or
email [email protected].
September 2005
Page 9
September 2005
Welcome New Los Angeles Members
Page 10
Name
Company
Name
Company
Gary Dimesky
Northrop Grumman
Corporation
Pem Dem
Jann Segal
Don Tran
Greg Wilson
Pem Dem
JFS Consulting
TranGEN
Pamela Taylor
Charles Matthews
Robert Hubbard
Doan Vinh
Martin Resnick
Manish Bhansali
Rigo Bedoya
Tammy Duong
Deloitte & Touche, LLP
Cybertrust
Parsons Corporation
BDO Seidman
Norman’s Nursery, Inc.
CSC
Shyam Bhagat
Karthikeyan
Nagarajan
Shirley Tcheng
Patrick Baba
Los Angeles County
Auditor Controller
Peter Kondis
Mark Kawakami
Fayneshia Nunn
Daniel Bochner
Erin Erin Cohen
Meenakshi
Renganathan
Aditya Garg
Eric Higgins
Devon Arsenault
Akash Tayal
Eric Woltz
Madras
Chandrasekaran
Michael Kim
Steve Liu
Rick Gehringer
Jackie Cruz
Paul De Guzman
Mark Flannery
Lawrence
Gonzales
Abby Huang
Paul Lopez
David Ringe
Anurag Saxena
Max Solonski
Brandon Teel
Deloitte & Touche, LLP
Countrywide Financial
PricewaterhouseCoopers,
LLP
Ernst & Young, LLP
Mario Guerrero
Cherilyn Mationg
Calif. State Polytechnic
University Pomona
Marshall & Swift
Deloitte & Touche, LLP
Canaudit Inc.
Charles Chu
Dave Edwards
Jung Son
Nitin Agale
Antoni Hadi
Kevin Erlandson
Protiviti Inc
Deloitte & Touche, LLP
Westwood College
Ernst & Young, LLP
Citizens Business Bank
County of Los Angeles,
Auditor-Controlle
PricewaterhouseCoopers
Protiviti
Deloitte & Touche, LLP
Exobase Corporation
The Walt Disney Company
City of Hope National
Medical Center
City of Hope National
Medical Center
City of Hope National
Medical Center
BDO Seidman, LLP
Medtronic Minimed
Chauncey Tse
Patricia Cascione
Conrad Smith
Josie Beauchamp
Xin Fan
Joe Dunton
Patrick Kang
Dee Davidson
Charles Lu
Hyunji Kim
Brian Newbegin
Michael Lee
Jang-Yu Wu
Pioneer Strategic Business
Services
WellPoint Inc.
City of Hope
Kaiser Permanente
University of Southern
California
GXP Biopharm
The Macerich Company
CFAS
Northrop Grumman
Welcome New Los Angeles Members
September 2005
Page 11
Name
Company
Name
Company
Stephen Weltman
Florian Gador
Michele Burke
Absolute Networks
Anthony Ramirez
Steven Busco
Joseph Clark
Ventura County - Resource
Management Age
American Honda Motor co.,
Inc.
Metropolitan Transit
Authority
PricewaterhouseCoopers,
LLP.
Zenith Insurance Company
Bruce Roton
American Honda Finance
Corp.
RemedyIT Services Inc.
Superior Industries
International, Inc.
The Walt Disney Company
Ernst & Young
PricewaterhouseCoopers,
LLP
Pelican Products
Tetra Tech, Inc.
Telelogic NA Inc.
Washington Mutual Bank
Homestead Studio Suites
James Merideth
Sangeeta Patel
Ivan Ivanov
Linda Carmody
Bruce Roton
Michiko
Suzumoto
Herbalife International of
America
Your knowledge
is your power.
IT Auditor
Rosemead, CA
Job Description
While your day-to-day responsibility will be to ensure
overall IT infrastructure viability, your continuing
focus will be to assess business/management implications of control issues in relation to broader strategic
concerns.This will entail auditing computer applications/operations, information security and continuity
processes; performing fieldwork including risk assessment, program development testing and controls
evaluations; writing summary reports and following
through on evaluations.
Drew Maness
Tresno Santoso
James Koh
Steve Hochheiser
Callistus Lucien
John Carrillo
Haidi Harieg
LaTonya Meanus
Hocine Souane
Job Experience
The qualified candidate will have a B.A. in IT or
Business Administration; 3-6 years’ experience each
in IT and internal auditing plus relevant in-depth
knowledge; strong understanding of mainframe or
multiplatform, networked computing environments;
and proven project management and risk analysis/
evaluation skills. Requires approximately 30%
domestic travel. CIA, CISA or CISSP certification
preferred.
To learn more about this opportunity and/or to apply,
visit us at:
www.edisonjobs.com
Equal Opportunity Employer
September 2005
Employment Opportunities
Employment Ads
ACS
IT Auditor
Long Beach, CA
Job Description:
• Under minimal supervision, evaluates
complex information systems controls
and environments, participate in system
development/implementation projects
and provide technical assistance to
financial and external auditors.
• Opportunity to work with HP
Alpha mainframes, Stratus Continuum
midrange, HP-UX, Windows Server
2003, Cisco PIX firewalls, Cisco
routers, LANs, IDS, and a range of
applications.
• Responsible for performing General
Computer Controls and application
Reviews, under limited supervision.
• Performing Sarbanes-Oxley section
404 IT Controls reviews, documentation,
etc
• Ad hoc audits, testing, documentation,
etc. Audit assignments and monitor
controls to ensure that all controls are
maintained, that the operations are
functioning efficiently, and that the
various systems/areas are operating
according with corporate policies,
procedures and standards.
Experience:
• Two to five years of experience
as an IT Auditor working with a
public accounting firm or Fortune 500
Corporation.
• Bachelors Degree in Accounting/
Information Systems/Computer
Science.
• CISA/CISSP desirable.
• The ability to work at a detailed
technical level in order to access
compliance with policies, procedures,
standards and guidelines.
• Must have excellent interpersonal
and communication skills.
• Full Benefits package.
Salary Range: $60-70K
Contact Name: http://acsg.recruitmax.
com/candidate/JobOpps.cfm?szTempla
te=3&szOrderID=37011&szCandidateI
D=0&szSearchWords=
Contact Email: [email protected]
===========================
AVERY DENNISON
Internal Audit - IT Auditor
Pasadena, CA and Cleveland, OH
Job Description:
• Execute IT audit work plan as
developed by others
• Assess risk and develop audit
programs
• Identify and communicate (written
and verbally) audit findings
• Document audit work performed
with clear and concise work papers
• Identify improvements to audit
processes
Experience:
• Bachelors Degree required
• 2-3 years relevant business
experience
• Working knowledge of GAAP, IT
controls concepts and some of: NT,
Novell, AS/400, RS/6000 PeopleSoft,
Mfg. Pro.
• Understanding of operational audit
objectives and methods, system/
Page 12
process documentation techniques,
manufacturing concepts, and data
retrieval techniques
• Good team work skills, high level of
motivation, and good communications
skills
Contact: Please apply via our website:
averydennison.com and select career
opportunities.
===========================
CHINATRUST BANK
Senior Internal Auditor
Torrance, CA
Job Description:
• Conduct the day to day supervision
of one or more audit projects
• Update and understand the Bank’s
internal control system, operations
and applicable audit procedures by
reviewing policies and procedures,
internal audit manuals, background
information files and other reference
materials.
• Ensure that the bank and its
departments are in compliance with
bank policies, procedures and regulatory
requirements.
• Maintain a client relationship with
all operational areas of the Bank.
Experience:
• Five to eight years of bank internal
auditing, public accounting or bank
regulatory experience; CISA certification
is a plus.
• M us t have s trong analytical
and problem solving skills and be
knowledgeable of banking regulations,
products, operations, information
& technology and internal control
concepts.
• Basic knowledge of AS/400,
September 2005
Employment Opportunities
Windows NT, Novell Netware4.X/5X
is a plus.
• Must possess excellent verbal written
communication and interpersonal skills,
and have the ability to interface with all
levels of management, external auditors
and bank regulators.
Contact: All highly motivated and
interested professionals in the Los
Angeles and South Bay areas, please
send your resume via email or fax.
We offer competitive compensation
packages & benefits. Please forward
your resume in confidence or apply via
our web site at www.chinatrustusa.com,
and click on ‘Career Opportunities.’ We
are an Affirmative Action Employer
MFDV.
Contact Email: lienlenh@chinatrustusa.
com
Contact Fax: 310-791-2850
===========================
EDISON INTERNATIONAL
IT Auditor
Rosemead, CA
While your day-to-day responsibility
will be to ensure overall IT infrastructure
viability, your continuing focus will
be to assess business/management
implications of control issues in relation
to broader strategic concerns. This will
entail auditing computer applications/
operations, information security and
continuity processes; performing
fieldwork including risk assessment,
program development testing and
controls evaluations; writing summary
reports and following through on
evaluations. The qualified candidate
will have a B.A. in IT or Business
Administration; 3-6 years’ experience
each in IT and internal auditing plus
relevant in-depth knowledge; strong
understanding of mainframe or
multiplatform, networked computing
environments; and proven project
management and risk analysis evaluation
skills. Requires approximately 30%
domestic travel.
CIA, CISA or CISSP certification
preferred.
To learn more about this opportunity
and/or to apply, visit us at:
www.edisonjobs.com
===========================
EDISON INTERNATIONAL
Senior IT Auditor (JP20013)
Rosemead, CA
Job Description:
• Conduct or lead audits and special
project s o f c o m p a n y c o m p u t e r
applications, information security,
computer operations, or business
recovery processes.
• Perform all phases of an audit
engagement including risk assessment,
program development, testwork and
controls evaluation, report writing, and
follow-up.
• Assess business and management
implications of IT control issues
and place observations in proper
perspective.
• When leading a team, responsible
for reviewing and editing work papers,
synthesizing the audit team’s work, and
interfacing with audit department and
business unit management.
Experience:
• BA/BS in Information Technology,
Business Administration, or related field
Page 13
with relevant experience.
• 3 - 6 years of experience in IT and
3-6 years of experience in internal
auditing.
• May require up to 30% domestic
travel.
• Comprehensive understanding
of internal controls, information
technology, information security, and
auditing.
• Demonstrated ability to communicate
with various levels of management both
orally and in writing. Strong project
management and leadership skills.
Ability to evaluate business and technical
risks, analyze business operations, and
present recommendations that are
practical and relevant. Demonstrated
ability to effectively resolve issues.
• Sound understanding of controls
in mainframe and multi-platform,
networked computing environments.
• Experience auditing UNIX, NT,
Oracle, IBM mainframe OS, ERP
systems, or wireless technology is a
plus. Experience using audit software
tools and performing retrievals is also
a plus.
• Certifications: CIA, CISA, CISSP,
etc., a plus.
Contact: If you are interested in this
position, please submit your resume in
confidence by visiting www.edisonjobs.
com.
Position reference number JP20013:
Rosemead, CA (IT Auditor)
Edison International is an Equal
Opportunity Employer
===========================
FREMONT INVESTMENT AND
LOAN
September 2005
Employment Opportunities
Senior IT Auditor
Brea, CA
Description:
• Plan and perform complex IT audits.
Assist in IT testing during integrated
audits.
• Consult with system implementation
project teams to provide guidance on
internal controls.
• Assist in performing company-wide
and process specific risk assessments.
Experience:
• Bachelor Degree in Accounting, MIS
or Computer Science
• Minimum of 3 year IT audit
experience
• CISA, CIA, CPA preferred
• Big 4 experience preferred
Salary Range: Extremely competitive
with exceptional benefits, matching
401K, ESOP program.
Contact Name: Pete Mitchell at
[email protected]
===========================
J2 GLOBAL COMMUNICATIONS
IT Audit Consultant
Hollywood, CA
Job Description:
• Solid understanding of CobiT and its
relation to the COSO risk framework.
• Conduct interviews, build narratives,
update control matrices and test plans.
• Conduct testing, identify deficiencies
and suggest remediation.
• Update all control files and manage
the IT audit files as released to auditor.
Page 14
• OS: Windows Active Directory.
position performing or assisting with
audit assignments.
Experience:
• 2 to 5 years experience in enterprise
level IT security and/or audit.
• CISA or CISM desired.
• Understanding of financial accounting
software applications process flow.
• eCommerce and web based
application servers experience a plus.
• Unix, Windows, Active Directory,
and Citrix Server.
• Deputy Auditor II is a semi-senior
level position performing audit
assignments & evaluate findings.
Application Deadline: August 31st,
2005
4 yr degree in accounting or business
administration &
Salary Range: Contract Rates
Competitive
Contact: Scott Gregor, Human
Resources or Anthony Ghosn, VP
Internal Controls
[email protected]
Contact Phone: 323 860 9273
Contact Fax: 323 843 9745
===========================
M E T R O P O L I T A N WA T E R
DISTRICT OF SOUTHERN
CALIFORNIA
Deputy Auditor I – II
Downtown Los Angeles, CA
Job Description:
• Seeking to fill two (2) Deputy Auditor
positions in the Audit Department.
• Job offer may be made at Deputy
Auditor I or Depudy Auditor II
depending on the qualifications.
• Deputy Auditor I is an asst-level
Experience:
• Minimum Requirements for the
Deputy Auditor I include:
4 yr degree in accounting or business
administration &
1 yr professional audit experience
• Minimum Requirements for the
Deputy Auditor II include:
2 yr professional audit experience
including supervision of audit
assignments.
Salary Range:
Deputy Auditor I, $3,300 - $4,349 per
month
Deputy Auditor II, $3,791 - $4,987
Application Deadline: September 7,
2005
Contact:
For more details and an application,
visit our website at
www.mwdh2o.com and refer to job
code 5066 BS
(Deputy Auditor I – II) or call 1-800540-6311.
======================
PRICEWATERHOUSECOOPERS
Manager – Security Controls Practice
SAP – NY City; Oracle – Los Angeles
Description:
• Join our Security Controls
September 2005
Employment Opportunities
practice, which is part of the Global
Risk Management Solutions (GRMS)
group.
• Business Process and Controls /
Security Reviews of SAP or Oracle.
• Lead controls and/or Security
Reviews in SAP or Oracle
Experience:
• 5-7 Years professional service
/ consulting experience, including
working knowledge of functional
business processes and resources;
participation complete SAP or Oracle
controls/reviews implementation; deep
knowledge of controls.
• Proven track record in revenue
generating functions or $500k +
(presentations, proposals, add on business
and/or business development).
• Experience directing, supervising, and
reviewing work of others is required.
• Plus to have Big 4 experience, and/or
Security Concepts of SAP or Oracle
(Authorization, Authentication, Access
Controls).
• Minimum of 4-year degree required
- prefer MIS or MIS/Accounting
Contact: Kelly Cochran at Kelly.
[email protected]
======================
PRICEWATERHOUSECOOPERS
Sr. Associate – Threat & Vulnerability
Management
• Participate in penetration testing,
system security assessments, incident
response and forensic analysis, privacy
policy development, training and
awareness program development,
security strategy development, and IT
security and privacy risk assessments.
• Support internal audit and external
financial audit projects involving
focused security and controls reviews
of information systems.
• The position carries a wide range
of responsibilities in performing IT
audits, with emphasis on assessing
business/technology risks and controls
and providing practical, value-added
recommendations.
Qualifications:
Qualifications:
• BA/BS degree required with an
emphasis in MIS/CS. CISA/CISSP a
plus.
• A BS degree in Business, Computer
Science, Information Systems, or a
related field.
• Mainframe, Unix, Windows NT/2000,
Netware, firewalls, Cisco routers,
intrusion detection
• Experience in identifying and linking
business risks to the relevant IT audit
procedures.
• Experience in security policy
development and risk assessments a
plus
• Strong oral and written communication
skills
• Ability to travel at least 50% or
greater
Contact:
Please submit resumes to our website at:
http://search.pwcglobal.com/extweb/
jobsrch.nsf/search?openform&languag
e=eng~country=us~interest=
===========================
SONY
Senior IT Auditor
Culver City, California
Job Description:
• Develop work plans and lead core
security projects
California.
• Minimum three years of IT audit
experience, with CISA, CISSP or other
related certifications
San Francisco, San Jose, Los Angeles
Job Description:
Page 15
• Sony Corporate of America seeks
a Senior IT Auditor primarily for our
entertainment operations in Culver City,
• Experience with IT general controls,
system development and integrated
audits.
• Experience in performing network,
web, Windows, Novell, UNIX, or
database audits.
Contact:
Go to IT_
[email protected] .
PLEASE REFER TO ITSA2914 IN
YOUR SUBJECT LINE. NO AGENCY
REFERRALS.
Contact Fax: (310) 244-1919.
===========================T
ECHNICAL CONNECTIONS
SOX Auditors
Los Angeles, CA
Job Description:
• Looking for SOX auditors with an
IT applications background. Auditors
September 2005
Employment Opportunities
V
will be responsible for walking through,
ALACON, INC.
“We Practice Quality”
looking at the design effectiveness
and controls and then will make
recommendations for key controls.
• These are contract positions, and may
be open-ended.
Experience:
• Must have been through multiple
SOX Application Audits.
• Finance or Banking experience is
highly desirable.
• SOX Auditors must have IT/
Applications background.
Page 16
The job market is now very active. As new opportunities arise, are you prepared to
take advantage? Call us now so that we know what you are looking for, and we
can alert you when “your” position is available.
Outstanding career moves and outstanding candidates don’t usually just appear
out of the blue. They are a result of effort and careful screening and matching. In
addition to his 13 years of recruiting experience, Sandy Geffner was an IS Audit
director and manager for eight years and a Big 4 consultant prior to that. He has
passed the CISA and CPA exams.
If you are looking for an opportunity that’s right for you, or a person who’s right for
your opening, let him put his 20+ years of experience to work on your behalf.
• This is not for general controls
PARTIAL LIST OF JOB POSTINGS
auditors.
• They want someone who has done
•
Senior IT Audit Manager - Entertainment Company. Diverse environment.
Experienced management skills. Strong IT/Business/Risk understanding.
Combo of Big4/Private exp. Need excellent communication skills.
•
Senior / Staff IT Auditor - Full range of IT Audits (applications, general controls,
systems development, technical, audit software). Oracle, UNIX +. Strong
communications skills. Big 4 exp +. Travel to 20%, including International. Salary
to $60s - $80s DOE.
Salary Range: 90/hour +
•
IT Audit Senior / Manager – Entertainment Company. Wide range of IS
audits. SDLC, Applications, General Controls. Solid IT Audit exp. Client
Server, AS400, Mainframe. Limited Travel. Salary $60s to $100s DOE.
Contact:
•
IT Audit Senior Manager / Seniors – Big 4. Diversified skillsets needed. Good
interpersonal/communications skills necessary. Salary $70s - $100s.
•
IT Audit Manager – Billion Dollar Company. Oversee staff and cosource /
contract personnel. Perform applications reviews, general controls, some
technical, Sarbanes, etc. Domestic / International travel to 25 or 30%. Self
starter with management experience. Salary $100s.
•
Call for additional oportunities.
•
IT Audit openings in Northern California, Pacific Northwest and Texas - call
for details.
SOX audits multiple times, and who can
do both pre- and post-implementation
application audits.
Application Deadline: ASAP
Jennifer Carlson
Phone: 310.479.8830 x. 212
Fax: 310.445.8726
[email protected]
Sandy Geffner
Phone: (626) 296-2751
Fax:
(626) 296-2760
Email: [email protected]
Valacon, Inc., P.O. Box 6136, Altadena, CA 91003-6136
www.valacon.com
Information Systems Audit
and Control Association
Los Angeles Chapter
PO Box 712726
Los Angeles, CA 90071
www.isacala.org
ISACA LOS ANGELES CHAPTER
BOARD OF DIRECTORS
Thomas Phelps IV, CISA
PricewaterhouseCoopers
[email protected]
(626) 590-9995
Debbie Lew, CISA
Spring Conference Chair Director
Ernst & Young LLP
[email protected]
(818)703-4728
Larry Hanson
CPA, CISA, CIA
Past-President - Director &
Chief Technology Officer
Southern California Edison
[email protected]
(626) 302-9956
David Lowe
CISA, CISSP
Seminars Chair - Director
Sony Pictures
Entertainment
[email protected]
(310) 665-6630
Greg Ash, CISA
CISA Review Course
Chair - Director
Southern California
Edison
[email protected]
(626) 302-9959
Edson Gin
CISA, CFE, SSCP
Co-Webmaster ChairDirector
City National Bank
[email protected]
ASSOCIATE DIRECTORS & VOLUNTEERS
Roger Lux
Employment Chair
Farmers Insurance
[email protected]
Constance Slack
Membership Committee
Ingram Micro
[email protected]
Chauncey Tse
Co-Webmaster
WellPoint
[email protected]
John Barger
Newsletter Editor
Countrywide
[email protected]
Luke Kwo
Seminar Chair
Don Kuo
Newsletter Layout Editor
Cal Poly Pomona
[email protected]
Sandy Geffner
Registrations Chair Associate Director
Valacon, Inc.
[email protected]
(626) 296-2751
Frank Ness, CISA
Spring Conference and
Marketing - Associate
Director
Honda North America
[email protected]
(310) 781-4673
Mark Stanley, CISA
Membership Chair - Associate
Michelle Quan, CPA
Director
Audit Chair
Toyota Financial Services
PricewaterhouseCoopers
[email protected]
[email protected]
(310) 468-8587
Stephen Shar
Jane Hu
Academic Relations Chair
Marketing Committee Chair
KPMG LLP
PricewaterhouseCoopers academicrelations@isacala.
org
[email protected]