2004 K. Wesley Snipes Award - ISACA – Los Angeles Chapter
Transcription
2004 K. Wesley Snipes Award - ISACA – Los Angeles Chapter
ISACALA.org LA Chapter Information Systems Audit and Control Association March 2005 Inside ISACA-IIA Joint Meeting .............1&3 President’s Message ...2 2004 K Wesley Snipes Award .........2 Security Alliance ........5 Spring Conference .....6 Academic Relations ...7 Call for Papers ..........7 News Update ...........8 New Members .........11 Employment ...........12 Spring Conference Board ....................22 Celebrating the chapter’s 35th anniversary included (left to right): Mario Damianides, International President; ISACA and IT Governance Institute; Gerald Conroy, Partner, PricewaterhouseCoopers; Howard “Bud” Friedman, Founder and Past International President (1973-1974); Debbie Lew, Past Los Angeles Chapter President (19992000); Thomas Phelps, Los Angeles Chapter President; Eugene Frank, Founder and Past International President (1971-1972); and, Robert Roussey, Immediate Past International President; ISACA and IT Governance Institute Chapter Officers MARCH 9 MEETING NOTICE Schedule/Form .....17 CISM Exam Prep Workshop .....20 CISA Exam Review Courses ...21 President Thomas Phelps IV, CISA PricewaterhouseCoopers LLP [email protected] (626) 590-9995 Vice President Cheryl Santor CISSP, CISM, CISA Metropolitan Water District of Southern California [email protected] (805) 795-2057 Secretary Anita Montgomery CIA, CISA Countrywide Financial Corporation [email protected] (805) 520-5482 Treasurer Martin Rojas PricewaterhouseCoopers LLP [email protected] (213) 217-3309 The Los Angeles Chapter of the Institute of Internal Auditors proudly presents: Integrated Auditing, XBRL, and Enterprise Risk Management - Integrated Framework A Joint Full-Day Seminar and Luncheon with LA-ISACA Wednesday, March 9, 2005 Featuring: Glen L. Gray of California State University at Northridge David McKenzie and Lyn Takemura of Wells Fargo Gerald C. Riss of Metropolitan Water District (MWD) of Southern California March 2005 President’s Message/Calendar President’s Message BY THOMAS PHELPS IV V alentine’s Day has always been my favorite holiday. It’s a day when we are reminded of what is important – and we give our hearts to the special people in our lives. On February 14, 2005, the Los Angeles Chapter received a Valentine’s Day gift. ISACA International notified us about earning the 2004 K. Wayne Snipes award for the Best Very Large Chapter in North America. Cheryl Santor, Vice President, and I will be accepting this award on behalf of our chapter at the 2005 Global Leadership Conference in Las Vegas on April 23, 2005. Megan Maynard, ISACA Chapter Relations Coordinator, said in her email, “The competition was very intense this year, and you should be extremely proud of the hard work your chapter put forth in order to earn this distinction.” I am immensely grateful and humbled to serve with the outstanding volunteers who comprised the 2003-2004 Board of Directors and Volunteers. Please join me in thanking these individuals. They spent their lunch hours and Saturdays to passionately devote their time to the chapter. It seems appropriate to be notified of earning the 2004 K. Wayne Snipes award on Valentine’s Day. I know you’ll agree that these warm and fun-loving people have a lot of heart. Page 2 2004 K. Wesley Snipes Award ISACA Los Angeles Chapter 2003-2004 Board of Directors and Volunteers In special recognition of receiving the 2004 K. Wesley Snipes Award, the 2004-2005 ISACA Los Angeles Chapter Board of Directors would like to thank the following volunteers. 2003-2004 Officers • Thomas Phelps IV, President • Cheryl Santor, Vice President and Programs Chair • Anita Montgomery, Secretary • Andrea Daverio, Treasurer 2003-2004 Directors • Larry Hanson, Past-President and Chief Operations Officer • Debbie Lew, Spring Conference Chair • David Lowe, Seminars Chair and Spring Conference Committee • Greg Ash, CISA Review Chair • Edson Gin, Academic Relations Chair • Frank Ness, Spring Conference Vice-Chair and Newsletter Editor 2003-2004 Associate Directors • Mark Stanley, Membership Committee Chair • Sandy Geffner, Reservations Chair and Spring Conference Committee 2003-2004 Other Volunteers • Chris Chung, Spring Conference Committee • Fred Gallegos, Marketing Committee • Peter.C.Hewitt, Webmaster • Bruce Hoffman, Marketing Committee Chair • Lisa Kinyon, Spring Conference Committee • Roger Lux, Employment Chair • Mike Mauro, Elections • Michelle Quan, Audit Chair and Layout Editor • Carin Ruiz, Hospitality Chair • Constance Slack, Membership Committee • Gary Wong, Academic Relations and Spring Conference Committee • Amanda Xu, Academic Relations and Spring Conference Committee ISACA-IIA Joint Meeting March 2005 Page 3 Registration Procedures: 1) You may register online at http://www.theiia-la.org/html/events.htm or via email at [email protected] or contact James Borella at (310) 228-1319 or Kevin Trainor at (310) 228-1312 2) You may register for the half-day seminar (price includes lunch) or luncheon only 3) Provide the following: Name, Organization, Membership status, Meal choice (prime rib, salmon or vegetarian) Location: Lawry’s The Prime Rib 100 North La Cienega Blvd. Beverly Hills, CA (310) 652 - 2827 Time: 7: 3 0 a.m. - 5:0 0 p.m. ( Registration starts at at 7:30 for seminar and 11:00 for luncheon) Rates Members Non-Members Full-time Students Full Day* $150 $160 $80 Half Day* $80 $90 $45 Luncheon Only** $35 $40 $15 * Lunch is included ** $30 Price per person for five or more members from the same organization Payment Methods: Cash and Checks (made payable to LA-IIA) only. 7:30am - 8:00am 8:00am - 9:40am 9:50am - 11:30am 11:30am 12:00pm - 1:00PM 1:15pm - 3:00pm 3:15pm - 5:00pm Registration and Breakfast Integrated Auditing – Once More Back to the Drawing Board, presented by David McKenzie and Lyn Takemura of Wells Fargo Integrated Auditing (continued) Lunch Served XBRL: What does it all mean? presented by Glen L Gray, PhD - California State University of Northridge A Parallel Course - SOX/ERM, presented by Gerry Riss of Metropolitan Water District of Southern California A Parallel Course (continued) Topic Descriptions : Integrated Auditing - Once More Back to the Drawing Board at Wells Fargo Technology audits, especially those focused on business applications, have changed dramatically over the last 15 years. From a time when it was completely separate from other audit disciplines to a time when it was so integrated with business auditing that it almost disappeared, application auditing continues to evolve. In response to trends of the time, Wells Fargo adopted “integrated auditing” only to find limitations with this approach in large and complex technical environments. Current technology trends and the realities of a highly incongruent technology environment also had their impacts. The presentation outlines the strategies and tools recently developed to help business auditors identify and quantify technology risks, and it emphasizes how the business perspective should be leveraged. The processes outlined result in a workable inventory of business applications that inherently include higher technology risks and demonstrate sufficient coverage of general computer controls. The presentation goes on to discuss current risk analysis strategies that make strong distinctions between risks associated with technology management organizations and risks associated with business applications. It explains why such distinctions are useful and result in an efficient definition of audit scope. Throughout, the presentation shows how application auditing can be engineered to leverage the increasing expertise and specialization that both technology and business auditors must process. The presentation will cover the following: • Evolution of Integrated - Auditing Autonomy and bliss. - Helping your pals. - This ain’t so tough. - Oh-oh, back to the future. • Annual Planning Strategies - Isn’t everything technology risk? - This hurts my head! - A rose by any other name. . . - Did someone steal the machine? • Technology Risk Analysis - There are two sides to every risk. - We make the magic happen. - So buddy, what’s it do? - All together now. • Conclusions and discussion See ISACA-IIA, page 4 March 2005 ISACA-IIA continued from page 3 XBRL: What does it all mean? The SEC is allowing companies to file supplementary XBRL documents with their 10-Qs and 10-Ks. Next year, the FDIC will require banks file their quarterly call reports using XBRL. Major software companies are incorporating XBRL into their software. XBRL International, which promotes and supports XBRL adoption, includes approximately 250 companies and agencies worldwide working together to build the XBRL language. Today’s presentation will help answer the questions: What is XBRL? What does it mean to my organization? What does it mean for internal auditors? A Parallel Course - SOX/ERM Mr. Riss will navigate us through historical events shaping the current business environment. Mr. Riss will provide an overview of the Sarbanes Oxley 2002 Act (SOX), its impact on corporate governance, and identify corporate governance participants. Mr. Riss will discuss SOX implications on publicly traded entities, as well as non-profit agencies. He will also take us through components of the COSO Enterprise Risk Management (ERM) Integrated Framework and discuss internal audit’s role in ERM and how it relates to the rest of the organization, as well as its stakeholders. Speaker Profiles: David McKenzie, CISA, CIA, CPA David is a Vice President and IT Audit Manager at Wells Fargo, and is responsible for managing audits of its core business applications. His team develops and executes audits of business applications, focusing on systems and business applications managed by the Chief Information Officers supporting each of Wells Fargo’s major businesses. David joined Wells Fargo in 2002 from PricewaterhouseCoopers (PwC) where he was a senior manager in the firm’s financial services practice in San Francisco, Brussels and Los Angeles. ISACA-IIA Joint Meeting Between 1998 and 2001, David managed PwC’s engagement with Euroclear, the world’s largest cross-border securities clearing organization, where he evaluated risks and controls associated with several strategic projects, including European Monetary Union, mergers with securities clearing organizations in France, Belgium and the Netherlands and the establishment of Euroclear Bank, as an independent European institution. David received his bachelor’s degree in economics from the University of California at Davis, his MBA in industrial operations from the University of Wyoming and his master’s of science degree in information systems from the University of Colorado at Boulder. Speaking with David is his colleague, Lyn Takemura. Lyn Takemura, CISA Lyn is a Senior Audit Project Leader responsible for conducting audits of the core business applications. Lyn re-joined Wells Fargo in 2000 from a consulting position with Visa, International Systems, now known as Inovant. Prior to Inovant, she was with Wells Fargo from 1990 to 1997, as information Systems Auditor. Lyn has over 30 years experience in the banking industry. She started her career in computer operations and systems development, which led to what was then called EDP Auditing. She has worked for small community banks as well as major banks such as Bank of America. Glen L. Gray, PhD, CPA Glen L. Gray, PhD, CPA, is a professor in the Accounting and Information Systems Department of the College of Business and Economics at California State University at Northridge. He has been a member of the XBRL International consortium since January, 2000. He was a member of the FASB Electronic Delivery Working Group, which published “Business Reporting Research Project: Electronic Distribution of Business Information.” He was a co-author of the IASC’s publication, “Business Reporting on the Internet.” He has authored four research reports published by the Institute of Internal Page 4 Auditors Research Foundation, including: “Changing Internal Audit Practices in the New Paradigm: The Sarbanes-Oxley Environment” (2004), “Assurance Services within the Audit Profession” (2000), “Enhancing Internal Auditing through Innovative Practices”(1996), and “Business Management Auditing: Promoting of Consulting Auditing”(1994). Before joining the academic world, Dr. Gray was a consultant with national CPA firms and an engineer at an aerospace company. He has a BSEE from Michigan Technological University; an MBA from the University of California, Los Angeles; and a Ph.D. from the University of Southern California. Gerry Riss, CFE Gerry Riss is the General Auditor for Metropolitan Water District (MWD) of Southern California, the region’s major water importer and wholesaler. Mr. Riss brings over 25 years of audit, accounting and risk management experience to Metropolitan. His responsibilities include reviewing internal controls, financial records and reports, developing a flexible annual audit plan, determining compliance with bond covenants and applicable laws and regulations, ascertaining that assets and resources are properly accounted for and safeguarded against waste, loss or misuse, and administering Metropolitan’s contract for audit services. Mr. Riss reports to the Board of Directors and is accountable to the Audit Committee. Prior to Metropolitan, Mr. Riss was Vice President and Assistant Division Head for the Risk Management Administration at United California Bank/Bank of the West. He also served as Senior Vice President, Director of Risk Management and General Auditor of Tokai Bank of California. Mr. Riss earned a bachelor’s degree in accounting and a MBA in financial accounting from Wayne State University in Detroit, Michigan. He is certified as a fraud examiner, financial services auditor, risk professional and has completed the certified public accountant examination. March 2005 ISACA and Security Alliance Page 5 Important Announcement about ISACA and Security Alliance A s an ISACA member/ CISM/CISA, you will be interested to learn of an exciting new initiative ISACA is pursuing on behalf of the security profession. Late in 2004, ISACA began discussing with Information Systems Security Association (ISSA) and ASIS International the possibility of a joint effort to address the increasing convergence of the information and physical security roles. Those discussions have progressed to a formal agreement, with the result that ISACA, ASIS International and ISSA will form a global alliance to lead the convergence of security and protection functions within enterprises. Taking an integrated approach to security, the Alliance will bring together more than 80,000 global security professionals and draw on the collective strength and experience of organizations that have actively supported security professionals for a combined total of more than 100 years. The Alliance’s primary objectives are to: 1. Define the capability requirements of the converged security manager role. The Alliance believes that security should be a board-level concern and an enterprisewide function. That level of responsibility requires leadership by qualified professionals who embody the converged security approach. We can help ensure that level of qualification by creating a road map to define the qualification and training requirements for the CISO/CSO role. Once those requirements are defined, the Alliance will focus on developing, delivering and facilitating the necessary training programs and resources. 2. Enable more effective management of enterprise security risks. The alliance will help businesses address security challenges by defining models that encompass qualitative and quantitative aspects of risk, enabling a more effective understanding of business impact. We plan to devise methods to quantify security performance, to ensure that the value of security efforts are measured and communicated. And, we will support information sharing among members so that the best and most current security solutions can be made available. 3. Promote a common security management voice to legislators and government agencies. The Alliance believes that it takes the combined efforts of legislators, regulators, business and security management to develop effective solutions to security problems. Each group has unique needs. Legislators and regulators need insight into business risk and remedies; we can provide that. Security management needs to speak with a unified voice to ensure that all aspects of regulatory requirements and legislative enactments are considered; we can facilitate that through our combined worldwide memberships. We believe ISACA members, CISMs and CISAs will benefit in a very direct way from the research, education, legislative influence, business solutions and other activities undertaken by the Alliance. The creation of the Alliance was announced February 16 at the RSA Conference in San Francisco (California, USA). ISACA is very excited to have this opportunity to work with two other respected organizations in this field, and we look forward to the support the Alliance will provide the security profession. If you have any questions, please feel free to contact Ron Hale, ISACA’s director of security initiatives, at [email protected]. Spring Conference March 2005 2005 Spring Conference BY DEBBIE LEW, CISA SOUTHERN CALIFORNIA’S LEADING CONFERENCE FOR IT GOVERNANCE, CONTROL, SECURITY AND ASSURANCE Make plans now to attend the 31st annual Spring Conference. This conference will provide affordable quality training on fundamental I.S. Auditing concepts and emerging technology risks, and an opportunity to network with other auditing and security professionals. The Spring Conference will address the complex issues facing professionals responsible for information assurance, IT risk management, security and governance. Industry experts will be on hand to provide solutions and practical approaches to enable and equip you to meet the challenges ahead. The conference features enhanced coverage of compliance issues involving HIPAA, GLBA, SarbanesOxley and the California Privacy Law; controls issues including applications of COBIT; and information security issues including Intrusion detection and protection, wireless network security, and cybercrime. In addition, an entire track is devoted to tools and techniques to provide practitioners an opportunity to help each other solve real problems and develop best practices. The opening keynote Page 6 panel profiles senior management from various industries discussing their experience with Sarbanes-Oxley and their thoughts for post SarbanesOxley. An insert of the program schedule and registration is included in this newsletter. You should have received a full brochure in the mail. Don’t be disappointed. Register early! Register online! www.isacala.org. Places in the pre-conference workshops and conference sessions are limited. For information or questions please email [email protected]. Debbie Lew Los Angeles, ISACA 2005 Spring Conference Chair www.isacala.org Many leaders from various associations came out to celebrate and provide good wishes for the chapters anniversary including (left to right): Dan Manson, President, ISSA Inland Empire; Ray Bejerano, President, IIA San Gabriel Valley, Stan Stahl, Vice President, ISSA Los Angeles, Lou Breckenridge, President, IIA, Orange County; Steve Hudoba, President, IIA Los Angeles; and Todd Weinman, Past President, ISACA San Francisco Chapter March 2005 Academic Relations and Research BY AMANDA XU STUDENT VOLUNTEERS NEEDED FOR ISACA 2005 SPRING CONFERENCE ISACA LA is looking for student volunteers for the Spring Conference. This is an excellent opportunity to attend a professional conference for free and to network with working professionals. Many student volunteers have found full-time positions as a result of contacts made at past conferences. The dates are April 10 - 13. Anyone interested should contact Academic Relations at [email protected] or [email protected], as we are currently in the process of finalizing all plans. The deadline for submission is March 14, 2005. Academic Relations STUDENT LIAISON PROGRAM ISACA-LA is searching for one to two student representatives from each local college and university to promote ISACA-LA events (dinner meetings, Spring Conference, CISA Review, summer picnic, etc...) Academic Relations offers free student membership for the selected student representatives. Contact [email protected] for more information. ISACA STUDENT MEMBERSHIP (ONLY $25) Two years ago the ISACA International Board of Directors approved the reduction of ISACA Student Membership Dues. The International dues for students have been reduced from US $60 to US $25 annually. Also, student fees are waived for the Los Angeles Chapter. To facilitate the 58% reduction in dues, the benefits that students Page 7 receive by mail will now be available electronically. Most notably, the IS Control Journal will be made available exclusively online via the web site. Please visit ISACA’s student site at http://www.isaca.org and click on the link “Students & Educators” for more information. VOLUNTEERS NEEDED FOR 2005 SUMMER PICNIC ISACA Los Angeles would like to have a summer picnic for students, volunteers, and members for networking and fun in the sun. We are inviting students from local colleges and universities to participate. We are looking for ISACA members and students of LA and Orange County colleges and universities to promote and assist with the 2005 Summer Picnic planning event. Please join our volunteer committee by contacting Amanda Xu at [email protected] or [email protected]. CALL FOR PAPERS FREE DINNER MEETING Students have an opportunity to publish an article in our local newsletter and attend our dinner meeting for free. Submit a short article on an emerging technology emphasizing audit, security, and/or controls to Amanda Xu at [email protected] or academicrela [email protected]. If the article is selected and published, the student will receive a complimentary dinner meeting. Newsletters are published quarterly and up to three articles may be selected. Dear ISACA-LA members, We are seeking articles to include in future editions of our newsletter. The newsletter provides a forum for you to contribute to the continuing education of our members. This is an excellent opportunity to receive recognition for your areas of expertise among the ISACA family and to raise your profile among the professionals in your field. Our readers have expressed interest in the following areas: IT security and governance, audit and controls, information assurance, compliance issues, tools and technologies, and emerging issues. Please send your submissions to [email protected]. We really look forward to hearing from you! Mary Ma ISACA-LA Newsletter Editor March 2005 COBIT ONLINE An online version of COBIT, brought to you by ISACA and the IT Governance Institute®. ISACA members have Basic Subscriber access, which includes the ability to browse all of COBIT (except the IT control practices), search, download PDFs, secure access to survey results and gain access to the discussion area. It is available at www.isaca.org/ cobitonline. INTERNATIONAL CONFERENCE 19-22 June 2005 Oslo, Norway The International Conference is celebrating its 33rd year as the world’s leading executive and management forum for IT governance, control, security and assurance professionals. This highly interactive three-day conference focuses on the IT challenges that can impact organizations today and in the future. For additional information, please visit www.isaca.org/international. RESEARCH PROJECT SPOTLIGHT Security Harmonization— Classification of Guidance The role of the information security manager has evolved over the past few years from an essentially ITfocused role to that of a business/IT hybrid. At the same time, numerous security standards, codes of practices, methodologies, etc., have been News Update developed and published, all with the purpose of providing some level of direction or support for security objectives. The purpose of this technical study is to provide the CISM holder with a guide to the better-known and more widely available information security documents. In all, more than 17 standards/guidance were evaluated across a number of criteria, enabling information security managers to identify those that may be most appropriate for improving their own skills and knowledge or most useful within their organizations. The full study includes insights learned from a global survey of CISMs. The results are targeted for release in the first quarter of 2005. Managing Enterprise Information Integrity: Security, Control and Audit Issues The IT Governance Institute (ITGI) has completed a research project on information integrity. Professional and academic literature addressing information integrity was used to develop a framework, which was validated by practitioners. The resulting publication summarizes the findings of the project and provides recommendations that will be of most interest to data/information quality managers, assurance providers and educators. The publication is available in the ISACA Bookstore, www.isaca. org/bookstore. Page 8 COBIT Mapping: Mapping of ISO/ IEC17799:2000 With COBIT This new publication demonstrates how these two standards are interrelated and how the detailed information requirements of ISO/ IEC17799:2000 can be integrated with COBIT. Almost 1,000 information requirements were mapped to 318 COBIT control objectives. The document is a profound source of information for all stakeholders responsible for, and interested in, IT governance and information security management and their respective controls. It is especially useful for IT and information security managers who hold the responsibility to address these issues, especially when implementing COBIT, ISO/IEC17799 or both. This detailed mapping document is posted for complimentary download at www.isaca.org/research. It is available along with the previously released high-level publication COBIT Mapping: Overview of International IT Guidance. COBIT SECURITY BASELINE COBIT Security Baseline is now available for purchase at the ISACA Bookstore, www.isaca.org/bookstore, and is available as a free PDF download from www.isaca.org. The pre-release version of Security Baseline was made available to ISACA members and CISMs only. See News Update, page 9 March 2005 News Update, continued from page 8 This guide is based on Control Objectives for Information and related Technology (COBIT), which covers security in addition to all the other risks that can occur with the use of IT. This guide focuses on the specific risk of IT security in a way that is simple to follow and implement for the home user or the user in small to medium enterprises, as well as executives and board members of larger organizations. As a result of feedback from the recipients of the pre-release version, the publication has been slightly refined, including minor improvements in the cross-referencing of COBIT to ISO17799 and the addition of points to the survival kits. The publication includes the survival kits on separate cards for easy access and use. These cards are also available separately from the ISACA Bookstore in packets of five for each user category to provide flexibility in ordering material to support organizational needs. STUDY NAMES CISA AND CISM “HOT” CERTIFICATIONS According to a recent study conducted by Foote Partners LLC, the CISA and CISM certifications are among the hot certifications to watch over the next 12 months.CISA is also listed in the study as a strong certified skill and was named by Foote Partners in September 2004 as the certification that gained the most News Update value in the past 12 months. Results of the study, published in “IT Insider Compensation Benchmarks and Employment Trends,” were compiled from direct interviews with 45,000 North American and European IT workers in 1,860 private and public sector organizations. INFORMATION SECURITY GOVERNANCE—TOP ACTIONS FOR SECURITY MANAGERS Information Security Governance: Guidance for Boards of Directors and Executive Management, published by ITGI in 2001, provides background on why information security is important. Its focus is on what the board and senior management should do to fit information security within the governance framework. Information Security Governance—Top Actions for Security Managers furthers that research by taking the list of questions that appeared in the original book and creating a list of specific actions for information security managers and CISOs. It addresses: • Uncovering the information security issues in an enterprise from a business and management perspective • Dealing with management’s perception of information security and security risk management issues • Positioning information security as a component of IT and business governance Page 9 • Establishing requirements to ensure that information security governance is successfully implemented within the enterprise The research report is targeted for release in the second quarter of 2005. IT GOVERNANCE DOMAINS PRACTICES AND COMPETENCIES The IT Governance Institute is conducting a survey of executives around the globe. An in-depth personal interview is being held with 200 IT directors and managers for feedback on the following five domains: • Obtaining a return on IT investments • Performance management • Risk management • IT alignment—IT strategy committees • Managing IT resources— outsourcing The results of this survey, along with the research for the five areas of IT governance, are expected to be complete during the first quarter. Release will be toward the end of the first quarter of 2005. See News Update, page 10 March 2005 News Update, continued from page 9 ISACA MODEL CURRICULUM FOR IS AUDIT AND CONTROL In September 2004, ISACA released this new edition of its model curriculum. If you are aware of a school that offers such a program or class, or is thinking of offering one, please take a look at the comprehensive model, which is posted at www.isaca.org/modelcurricula. COBIT IN ACADEMIA A new ISACA deliverable has been created for the university setting. This robust package contains a: • Student Book • PowerPoint deck of 80 slides for professors • Comprehensive case study • Several smaller caselets COBIT in Academia is being announced to as many university professors as possible, including well-recognized business schools, the American Accounting Association (AAA) and the European Accounting Association (EAA). Many additional schools focused on information systems management, information security management, auditing or information systems auditing, that do not have an accounting focus, would also benefit from these materials. News Update Academics can receive this complimentary electronic publication by completing a questionnaire at www.isaca.org/cobitinacademia. Page 10 BOOKSTORE UPDATE Please remind those preparing for the CISA exam of the CISA study aids available through the ISACA Bookstore: • CISA Review Manual 2005 (Available in English, Italian, Japanese and Spanish) NORTH AMERICA CACS 24-28 April 2005 Las Vegas, Nevada, USA North America CACS is well known for addressing the complex issues facing professionals responsible for information assurance, security and governance. The 2005 conference will offer more than 70 sessions and eight optional workshops all designed to increase your knowledge and technical proficiency. For additional information or to download the preliminary brochure, please visit www.isaca.org/nacacs. LISTSERVS OR DISCUSSION FORUMS: ISACA and ITGI have established several listservs to enable interested parties to find the group most suited to their professional interests. Each of the six listservs offers excellent opportunities to share advice, seek assistance and raise pertinent questions. Please visit www.isaca. org/listservfor more information. • CISA Review Questions, Answers & Explanations CD-ROM 2005 (Available in English and Spanish) • CISA Review Questions, Answers & Explanations Manual 2005 (Available in English, Japanese and Spanish) • CISA Review Questions, Answers & Explanations Manual 2005 Supplement (Available in English, Italian, Japanese and Spanish) For those preparing for the CISM exam, ISACA offers: • Certified Information Security Manager (CISM) Review Manual 2005 (Available in English) • CISM Review Questions, Answers & Explanations Manual 2005 (Available in English) • CISM Review Questions, Answers & Explanations Manual 2004 (Available in English and Japanese) • Certified Information Security Manager (CISM) Review Manual 2004 (Available in Japanese) For more information or to place an order, please visit www.isaca. org/cisabooks or www.isaca.org/ cismbooks. New Los Angeles Members March 2005 Page 11 Welcome New Members! Name Company Winnie Qiu Name Company Duane Doucette Amgen Robin Byon Ernst & Young LLP Brian Garcia Amgen Peter Papaioannou Deloitte & Touche, LLP Sonia Luna SOX Solutions Alin Gharapetian Syed Peeran Mohammad Nayeri Deloitte & Touche LLP Cheng-Wei Cheng Neostone International Chris Stoneley Treasury Bank Gerald Conroy PricewaterhouseCoopers LLP Jennifer Kuo Farmers Insurance Group, Inc. Joanne Nhan California State University, Los Angeles David Melnick David Melnick Carlo Bayani Washington Mutual Eric Rasmussen Ernst & Young LLP Bonnie Saxe Washington Mutual Keith Walk-Green KPMG LLP Sevan Irmak Aida Avanessian KPMG LLP Carolyn McGrath Amgen Mark Jimmerson San Francisco State University Marilu Surma Nissan North America, Inc Jena Lee WellPoint, Inc. Bob Cancilla IGNITe/400 Joan Wong KPMG LLP Christopher Wu Donna Boswell Deloitte & Touche LLP Charmaine Heather Geovane Sandoval Mattel, Inc Edward Sommer Charles Buresh Bottom Line Consulting, Inc. Brian Li Ernst & Young LLP Ricardo Linder Ministério da Defesa Kevin Thoeng Ernst & Young LLP Hungchih Liu Red Chamber Co. Joaquin Licea ITT Technical Institute Rick Dukhovny DTS Dori Daniel The Siegfried Group, LLP Ka-Yu Fung Cal Poly Pomona Lisa Garay City of Hope National Medical Center Jason Ho Ernst and Young LLP Joseph Reddy WEB3M Incorp. Anthony Reyes PricewaterhouseCoopers LLP Anne Moore University of Phoenix Steven Gin BDO Seidman, LLP Deanne Herbers Ernst & Young LLP Ray Joanne Leyva OSI Systems, Inc. Robert Thayer Engemann Asset Management Puneet Pandey KPMG LLP Luca Palombi Mansour Bighamian KPMG LLP Roy Hernandez Office of Thrift Supervision Jacqueline Valentin Jefferson Wells Shirley Johnson WellPoint Jonathan Kesterson PricewaterhouseCoopers LLP Eve Polyachenko BPPC Christopher Garlington Ernst & Young LLP Linda Antwi-Addo Michael Goay USC Annenberg Center Bob Harman Michael Muro City of Hope Devroy Barnett Terri Tyler Terroid Computing 125th Digital Solutions Consulting Ryan Ung PricewaterhouseCoopers LLP Edward Chavannes Ernst & Young LLP Tu Huynh Steven Garcia Saima Khan Saima Khan Hyper Tech Regina McDuel Panavision, Inc. Robert Lai SystemGate Consulting Terry Belter FDIC Richars Eyers Experian Carin Ruiz Bank of the West James Pu LACERA Marshall Nu Ernst & Young LLP George Chigogidze KPMG LLP Ed Tobias March 2005 Employment Opportunities Employment Ads BECKMAN COULTER, INC. Senior Internal Auditor - Information Technology Fullerton, CA Job Description: • Review entities to assess internal controls, operational practices and compliance with company policies and regulatory requirements with focus on information technology. • Plan and conduct complex IT and integrated audit projects that will include ERP post implementation evaluations, general computer and application controls assessments and other specialized technical reviews. • Experience in the development of computer assisted audit techniques using ACL and other tools desirable. • Must have excellent interpersonal and communication skills (written and verbal). Qualifications: • Requires a BA in Information Technology, or business related field with a minimum of 4 years IT Audit experience. • CISA, CISSP, CIA or CPA credentials preferred. • Second language fluency is highly desirable. Salary Range: Commensurate with experience. Contact: Apply online at www. beckmancoulter.com. Search on Job # 02661 BECKMAN COULTER, INC. Senior Quality Systems Assessment Specialist Fullerton, CA Job Description: • Conduct reviews of Information Technology functions to address IT practices and internal controls. • Perfrom reviews to assess the effectiveness of IT controls and compliance with Company policies/ procedures and applicable regulatory requirements. • Provide relevant recommendations to strengthen and enhance IT risk management practicies and controls. • Assist in year-end audit with public accountants and special management projects. Experience: • Requires a Bachelor’s degree with a major in IT. • Masters degree in Business Administration, professional certification (CISA/CIA/CPA) desirable. • Second language fluency is highly desirable. Salary Range: Commensurate with experience Contact: Apply online at http//www. beckmancoulter.com Contact Fax: (714) 961-4113 =========================== ERNST & YOUNG Technology & Security Risk Services Senior Los Angeles, Irvine, San Diego, Las Vegas, Denver, Phoenix Page 12 Job Description: • Participate in identification and testing of IT processes and controls (general & application). • Help plan engagement and develop work programs timelines, risk assessments, & other doc’s. • Work with audit team to document business processes dependent on information technology. • Direct progress of fieldwork and manage staff performance. Experience: • Degree in business, accounting, finance, CS , IS, engineering and/or other related major. • Min. 2 yrs audit exp. for public accounting firm or systems experience to meet special needs. • Advanced written and verbal communication skills. • Excellent leadership and teamwork skills. • Demonstrated integrity within a professional environment. Salary Range: Depends on experience Contact: For consideration, please submit your résumé/CV using the password 26514 at: http://ey.com/ ca/doorway (http://ey.com/ca/porte). Visit our Web site at: www.ey.com. Ernst & Young LLP, an equal opportunity employer, values the diversity of our work force and the knowledge of our people. =========================== FARMERS INSURANCE GROUP IT Auditors (2 positions) Mid-Wilshire, Los Angeles, CA March 2005 Employment Opportunities Job Description: • Opportunities to work in a global audit environment • Responsibilities include conducting IT audits and participating in consulting engagements. • Compensation includes competitive salary and fully-funded deferred profit sharing plan and pension plan. Qualifications: • Progressive experience in IT Auditing, Auditing, or IT • Big 4 experience a plus; insurance experience a plus • CISA, CIA or pursuing designation • Bachelor’s degree in Business, Accounting, or Computer Science • Master’s degree a plus • Strong interpersonal skills, communication skills, and work ethics Contact Name: Evangeline Funda Email : evangeline. [email protected] Contact Fax: (323) 930-6101 =========================== FARMERS INSURANCE GROUP Financial Auditors (2 positions) Mid-Wilshire, Los Angeles, CA Job Description: • Opportunities to work in a global audit environment. • Responsibilities include conducting financial and operational audits. • Compensation package includes competitive salary and fully-funded deferred profit sharing plan and pension plan. Qualifications: • Progressive experience in Auditing or Accounting • Strong GAAP knowledge • Big 4 experience a plus; insurance experience a plus • CPA, CIA or pursuing designation • Bachelor’s degree in Business or Accounting • Strong interpersonal skills, oral and written communication skills, and work ethics Contact Name: Evangeline Funda Email : evangeline. [email protected] Contact Fax: (323) 930-6101 =========================== FIRST DATA CORPORATION Technical Audit Team Lead Denver, Colorado Job Description: • The Technical Audit Team Lead is responsible for establishing objectives for and participating in complex IT audits and consulting projects. • The incumbent is also responsible for identification of required resources, project time scales, detailed project objectives, pre-assessment of risk, establishing time and travel budgets, and leading other team members in completing analysis. Experience: • Bachelors degree in MIS, computer science, or business related. • A minimum of 6 years experience in audit, information technology, or process management. • Background in mainframe, distributed systems, and/or project Page 13 management. • Strong knowledge of internal audit function and consultative skills. • Advanced degree or professional certification (CIA, CISA), foreign language, or experience in major public accounting firm. Contact: To apply for this position, please complete our online application found at www.firstdatajobs.com, requisition 001CO10400159. =========================== FREMONT INVESTMENT AND LOAN IT Senior Auditor Brea, CA Description: • Plan and perform complex IT audits. Assist in IT testing during integrated audits. • Consult with system implementation project teams to provide guidance on internal controls. • Assist in performing companywide and process specific risk assessments. Experience: • Bachelor Degree in Accounting, MIS or Computer Science • Minimum of 3 year IT audit experience • CISA, CIA, CPA preferred • Big 4 experience preferred Contact Name: Jane Vong Email Address: [email protected] Contact Phone: 714-961-2967 Contact Fax: 714-961-2966 March 2005 Employment Opportunities HONDA NORTH AMERICA Senior Info Systems Auditor Torrance, CA Job Description: • Primary responsibilities include audit planning & conducting business systems reviews, process reviews (SDLC, BRP, etc.), and general ISD control reviews of Honda companies, suppliers and other Honda service providers. • Other responsibilities include technical support for the department and also working on non-technical reviews. Experience: • The qualified candidate will have an appropriate BS degree (CISA desired) or equivalent experience • Minimum of 10 years work experience in pre/post implementation reviews of manufacturing systems (Inventory , accounting , SAP, PeopleSoft,etc) • Please see: http://www. hondacorporate.com/careers/index. html?subsection=results&location=al l&keywords=Systems+Auditor&job_ id= Contact: Reply to attention of job code HNA10499/TDD, Honda North America, 1919 Torrance Boulevard, MS100-1C-3A, Torrance, CA 905012746 Fax: (310) 783-2110 Responses accepted from principals only. No emails, please. EOE/AA Contact Fax: (310) 783-2110 JEFFERSON WELLS INTERNATIONAL Information Systems Auditors Jefferson Wells International, a global provider of professional services in the areas of risk, controls, compliance and financial process improvement, has excellent opportunities for Information Systems Audit Professionals. We are seeking Information Systems Audit Professionals for a variety of engagements including SarbanesOxley. Consultants must understand business processes, internal control risk management, IT controls and related regulations for identification of technology and evaluation of business process risks. Consultants must also have excellent interpersonal skills to build positive working relationships with clients. Candidates should have 3 years prior experience in audit or IT audit. BA/BS in Business Administration, Accounting, Computer Science, Information Systems Administration or related field; CPA, CIA, CISA, preferred. For consideration, please apply to Jefferson Wells International 2 Park Plaza, Suite 950 Irvine, CA 92614. E-mail: gina_colene@jeffersonwells. com =========================== PCAOB (PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD) Manager of Inspection - Information Page 14 Systems Los Angeles, CA Description: • Develop a vigorous program of regular and special inspections of registered public accounting firms (“firms”) relating to the IS Auditing of publicly traded companies • Fully execute the IS Audit facet of inspection programs (interviewing audit firm personnel; communicating/ reporting issue identification, findings, and recommendations; etc.) • Evaluate the firms’ assessment of information systems and automated accounting systems for the public companies under review • Determine if the firms’ engagement team had performed appropriate procedures to achieve the resulting assessment • Effectively document and communicate any deficiencies or weaknesses in the firms’ procedures applied to the engagement under review to the inspection teams Experience: • At least 6 years of progressively responsible IS Audit experience with recent experience as an external IS Auditor at a public accounting firm. • Strong grasp of automated accounting systems with experience documenting transaction flows through various financial accounting applications. • Proficiency identifying automated application controls and programmed accounting procedures in automated accounting systems. • Strong knowledge and experience performing general controls reviews in various IS environments • Ability to clearly explain why March 2005 Employment Opportunities general controls are important and the relationship between general controls and accounting systems. Contact: Please view the full posting and apply online via our Career Center at www.pcaobus.org =========================== PRICEWATERHOUSECOOPERS Sr. Associate – Threat & Vulnerability Management San Francisco, San Jose, Los Angeles Job Description: • Develop work plans and lead core security projects • Participate in penetration testing, system security assessments, incident response and forensic analysis, privacy policy development, training and awareness program development, security strategy development, and IT security and privacy risk assessments. • Support internal audit and external financial audit projects involving focused security and controls reviews of information systems. Qualifications: • BA/BS degree required with an emphasis in MIS/CS. CISA/CISSP a plus. • Mainframe, Unix, Windows NT/2000, Netware, firewalls, Cisco routers, intrusion detection • Experience in security policy development and risk assessments a plus • Strong oral and written communication skills • Ability to travel at least 50% or greater Contact: Please submit resumes to our website at: http://search.pwcglobal.com/ extweb/jobsrch.nsf/search?openform& language=eng~country=us~interest= =========================== SONY Senior IT Auditor Culver City, CA Job Description: • Sony Corporate of America seeks a Senior IT Auditor primarily for our entertainment operations in Culver City, California. • The position carries a wide range of responsibilities in performing IT audits, with emphasis on assessing business/technology risks and controls and providing practical, value-added recommendations. Qualifications: • Minimum three years of IT audit experience, with CISA, CISSP or other related certifications • A BS degree in Business, Computer Science, Information Systems, or a related field. • Experience in identifying and linking business risks to the relevant IT audit procedures. • Experience with IT general controls, system development and integrated audits. • Experience in performing network, web, Windows, Novell, UNIX, or database audits. Contact: Go to IT_ [email protected] PLEASE REFER TO ITSA2914 IN YOUR SUBJECT LINE. NO AGENCY REFERRALS. Page 15 Contact Fax: (310) 244-1919. =========================== SONY Senior IT (SAP) Auditor Culver City, CA Job Description: • Sony Corporate of America seeks a Senior IT Auditor primarily for our entertainment operations in California. • The position will perform SAP and a variety of other IT and integrated audits, with emphasis on assessing business/technology risks and controls and providing practical, value-added recommendations • The position requires occasional domestic and international travel. Qualifications: • Working knowledge of SAP that focuses on security over the financial modules. • Minimum three years IT audit experience, with CISA, CISSP or other related certification • BS degree in Business, Computer Science, Information Systems, or a related field. • Experience in identifying and linking business risks to the relevant IT audit procedures. • Experience in performing network, web, Windows, Novell, UNIX, or database audits. Contact: Go to IT_ [email protected] PLEASE REFER TO ITSA2914 IN YOUR SUBJECT LINE. NO AGENCY REFERRALS. Contact Fax: (310) 244-1919 March 2005 Employment Opportunities V BLUWATER CONSULTING INC. ALACON, INC. “We Practice Quality” Internal or IT Auditor Description: • Perform audit of internal procedures and document those procedures • Help implement internal controls as they related to Sarbanes Oxley • Test internal controls as they relate to Sarbanes Oxley The job market is now very active. As new opportunities arise, are you prepared to take advantage? Call us now so that we know what you are looking for, and we can alert you when “your” position is available. Outstanding career moves and outstanding candidates don’t usually just appear out of the blue. They are a result of effort and careful screening and matching. In addition to his 13 years of recruiting experience, Sandy Geffner was an IS Audit director and manager for eight years and a Big 4 consultant prior to that. He has passed the CISA and CPA exams. If you are looking for an opportunity that’s right for you, or a person who’s right for your opening, let him put his 20+ years of experience to work on your behalf. City, State: Southern California and Seattle Washington locations PARTIAL LIST OF JOB POSTINGS • Qualification and Experience: • 5 + years Internal Audit/ Accounting or IT experience • Accounting, Computer Science or like degree required • Sarbanes Oxley experience strongly desired • Strong documentation experience desired • CISA, CISSP, CIA or like certification desired Application Deadline: None Salary Range: $45+ an hour or $85,000+ a year Contact: Please call Jill Boon at 206-354-4114 / 425-8423105 or email resume to jill. [email protected] Page 16 • • • • • • Contract opportunities - Work on Sarbanes Oxley projects or other IT Audit reviews. Hands on skills. Salary DOE from $50-$95+ per hour. Various locations. Senior / Staff IT Auditor - Full range of IT Audits (applications, general controls, systems development, technical, audit software). AS400, UNIX +. Strong communications skills. Big 4 exp +. Travel to 30%. Salary to $60s - $80s DOE. IS Audit Senior and Staff – Fortune 500 Company. Wide range of IS audits. Solid IT Audit exp. SAP or Network exp ++. Work in teams and/or independently. NT, Unix, Internet. Limited Travel (to 15%). Salary $60s to $80s DOE. IS Audit Senior – Experienced with a mix of: ORACLE, Networks, Security, Systems, General Controls, Applications, Audit Software. Spend a few years in audit and then move out into the company. Good interpersonal/communications skills necessary. Salary $60s/70s. IS Audit Supervisor / Senior – Financial Services Company. Big4+. Varying needs. Perform applications reviews, general controls, integrated audits, Sarbanes, etc. Domestic travel to 35% (higher the first year). 7+ yrs exp. Strong writing skills. Salary $80s. Call for additional oportunities. IT Audit openings in Northern California, Pacific Northwest and Texas - call for details. Sandy Geffner Phone: (626) 296-2751 Fax: (626) 296-2760 Email: [email protected] Valacon, Inc., P.O. Box 6136, Altadena, CA 91003-6136 www.valacon.com Spring Conference Schedule/Form March 2005 Page 17 ISACA LOS ANGELES SPRING 2005 CONFERENCE SCHEDULE APRIL 10 TO 13 – UNIVERSAL CITY HILTON AND TOWERS SUNDAY, APRIL 10, 2005 Pre-Conference Workshops WS1 – Network Security, Gene Schultz, Lawrence Berkeley National Laboratory 8:30-4:30 WS2 – Hands-on Linux Workshop, Justin Peltier, Peltier & Assoc. WS3 – Designing Secure Systems: An Architected Approach, Alex Woda, DynTeK MONDAY, APRIL 11, 2005 Core Competencies Information Security Current and Emerging Tools and Techniques 7:30 - 8:30 REGISTRATION and BREAKFAST BREAK sponsored by PwC 8:30 - 10:00 Keynote Session – Ballroom A Sarbanes Oxley: Lessons Learned and Next Steps Panel Discussion with Senior Management 10:00 - 10:20 NETWORKING BREAK sponsored by Ernst & Young 10:20 - 11:50 C1 Fundamentals of IT Auditing Anita Montgomery Aleksandra Looho-Davis Countrywide Financial S1 11:50 - 1:10 The Good, the Bad, the Ugly of Information Security Todd Barnum Ron Dilley Amgen E1 The Importance of SAS 70 in the New World of SOX 404 Scott Coolidge E&Y Audit Perspective on IT Disaster Recovery Testing Shannon Parks, Tom Knodle IndyMac T1 LUNCH – Ballroom A 1:10 - 2:40 (Continued) C1 S2A 2:40 - 3:00 Common Mistakes in Intrusion Detection and Protection Gene Schultz Lawrence Berkeley National Laboratory E2 What Auditors & IT Mgmt May Not Know About Change & Patch Mgmt Processes Gene Kim, Tripwire Jay Taylor, General Motors Cyber Disaster-Recovery – Planning for the Inevitable Ed Hudson ISS T2 NETWORKING BREAK sponsored by Microsoft 3:00 - 4:30 Lotus Notes Audit and Security Rodney Kocot Systems Control and Security Inc. (Continued) C1 S2B E3 Corporate Protection Through Information Control and Records Policy Enforcement Jeff Hatfield Jordan Lawrence Group T3 So You Need to Audit Mainframe Security for SOX Compliance – RACF Best Practices Frank Ness Honda Spring Conference Schedule/Form March 2005 Page 18 TUESDAY, APRIL 12, 2005 Core Competencies 7:30 - 8:30 Information Security Current and Emerging Tools and Techniques REGISTRATION and BREAKFAST BREAK sponsored by KPMG Risk, IT Governance & Compliance Alex Fowler PwC 8:30 - 10:00 C2 S3 10:00 - 10:20 Impact of Regulations on Security: CISO Panel Discussion CISOs from Warner Bros., HealthNet, Countrywide, SCE and CB Richard Ellis E4 Addressing the Need to Understand Who Has Access to What on Your IT Systems Jeff Kovach KPMG Using ACL to Prevent and Detect Fraud Michael Kano ACL T4 NETWORKING BREAK sponsored by Sygate 10:20 - 11:50 (Continued) C2 S4 11:50 - 1:30 Eliminating Rogue Devices From the Corporate Network Paul Deakin Sygate E5 Cyber Crime Trends Terry Willis LAPD/Electronic Crimes Task Force T5 Taking Data Analysis Technology to the Next Level through Continuous Monitoring Fred Balcom ACL BUFFET LUNCH – EXHIBITION FAIR – Ballroom A & B 1:30 - 3:00 (Continued) C2 S5 3:00 - 3:30 Live Hacking Demo – Top Web App Attack Methods and How to Combat Them Brian Christian SPI Dynamic E6 E-Mail Control – Treating the Common Cold Jeff Hatfield Jordan Lawrence Group T6 Tools to Assist in Meeting Regulatory IT Compliance/ Policy Requirements Paul Castillo Countrywide Financial Corp. Exhibition Fair (Continued) 3:30 - 5:00 (Continued) C2 S6 Update on Microsoft Trustworthy Computing and Microsoft Security Roadmap Ned Curic Microsoft E7 Identity/Access Mgmt and SOX 404 Tushar Padhiar & Ayan Roy Ernst & Young (Continued) T6 WEDNESDAY, APRIL 13, 2005 7:30 - 8:30 REGISTRATION and BREAKFAST BREAK sponsored by Deloitte & Touche 8:30 - 10:00 C3 COBIT Security Baseline – Overview & Implement. Case Study Mark Stanley Toyota Financial 10:00 - 10:20 S7 Wireless Network Security – Breaking & Fixing Justin Peltier Peltier & Assoc. E8 Audit and Security of Oracle Database Ron Hoffer, UBOC Bill Liao, BDO Seidman T7 Establishing a Sustainable Compliance Framework Larry Kucera Brant Whitebread IBM NETWORKING BREAK sponsored by Lander International 10:20 - 11:50 (Continued) C3 (Continued) S7 11:50 - 1:15 (Continued) E8 T8 SOX Compliance and Beyond: Active Risk Management Practices Dr. Ed Shea Providus LUNCH – BALLROOM A 1:15 - 3:15 (Continued) C3 S8 Mapping Security to the System Development Life Cycle Tom Peltier Peltier & Assoc. E9 Choosing “Best Practices” Frameworks for IT Audit: COBIT, COSO, ISO 17799 etc. Nelson Gibbs Deloitte & Touche T9 How to Secure The Enterprise with One Tool and One Process Alan Wong Bank of America Registration Form Universal Hilton Universal City, CA 91608 (818) 506-2500 ISACA Los Angeles Spring Conference April 10 - 13, 2005 (7 CPEs for a workshop and 21 CPEs for the conference!) 1. Fill in the information below Membership Affiliation (Please check one): ISACA IIA ISSA None Chapter Affiliation: ___________________________________________________ Membership No.: _________________________________________________ E-Mail Address: _______________________________________________________ Name: __________________________________________________________ Title: ________________________________________________________________ Company: _______________________________________________________ Telephone: ___________________________________________________________ Address: City: ____________________________________________________________ State: ___________ Zip Code: 2. Select your session choices Sunday April 10 Conference Tracks Monday April 11 Tuesday April 12 WS1 WS2 WS3 Information Security Current & Emerging Tools & Techniques Pre-Conference Workshops > Core Competencies 10:20 am - 11:50 am S1 E1 T1 S2A E2 T2 3:00 pm - 4:30 pm S2B E3 T3 8:30 am - 10:00 am S3 E4 T4 S4 E5 T5 S5 E6 S6 E7 S7 E8 S8 E9 1:10 pm - 2:40 pm C1 10:20 am - 11:50 am C2 1:30 pm - 3:00 pm 3:30 pm - 5:00 pm Wednesday April 13 8:30 am - 10:00 am 10:20 am - 11:50 am C3 1:15 pm - 3:15 pm T6 T7 T8 T9 NOTE: Registrants may not sign up for more than one session in a given period including “double sessions.” 3. Registration Fees (Please select your choices) NOTE: Payment should be sent to address outlined in STEP 6. 6. Choose one of two easy ways to register Conference Registration Early Registration (On or before March 14, 2005) 3 Day 1 Day Members (ISACA, IIA, ISSA) $495.00 $250.00 Non-Members $625.00 $315.00 Regular Registration (After March 14, 2005) 3 Day 1 Day Members (ISACA, IIA, ISSA) $595.00 $300.00 Non-Members $725.00 $365.00 CONFERENCE REGISTRATION DISCOUNT: A $50.00 discount per three-day registration is available to companies with three or more paid three-day registrants. For multiple registrations, please use one form per person. Workshop Registration With 3-Day Registration Without 3-Day Registration Members (ISACA, IIA, ISSA) $125.00 $175.00 Non-Members $150.00 $225.00 TOTAL REGISTRATION COST $ __________________ 4. Special Arrangements Please check the box if you prefer vegetarian meals. Please check the box if you wish to opt-out from the conference attendee list. 5. Indicate method of payment (Mail or PayPal) Payment enclosed. Please make check payable to: ISACA (ISACA-LA’s Taxpayer Identification Number is 23-7294468) PayPal payment. (ISACA-LA’s PayPal address is [email protected] [email protected] g) A. Fax completed registration form to (626) 296-2760 B. Register online at http://www.isacala.org C. Mail registration form to: Sandy Geffner, Valacon, Inc. P.O. Box 6136, Altadena, CA 91003-6136 NOTE: Registration will not guarantee acceptance into a session unless the payment was also received. 7. Cancellation Policy: Cancellation requests via mail or fax received on or before March 21, 2005 for paid registration will be eligible for a full refund. Requests received after March 21, 2005, but before April 8, 2005, will be subject to a $75.00 cancellation fee. No refund will be issued for any cancellation request received on or after April 8, 2005. Cancellation / refund requests must be made in writing to: Sandy Geffner, Valacon, Inc. P.O. Box 6136, Altadena, CA 91003-6136 Fax: (626) 296-2760 8. Questions? For additional information about the conference, contact Web Site: www.isacala.org E-mail: [email protected] CISM Exam Prep Workshop March 2005 ISACA – Los Angeles Chapter Present CISM Exam Preparation Workshop Thursday - Friday, April 14 - 15, 2005 8:30 a.m. to 4:30 p.m. (Registration at 8:00 a.m. April 14) Universal Hilton and Towers – Salon 5 555 Universal Hollywood Dr., Universal City/Los Angeles, CA COST: $500 for members with early registration discount or $600 for all others INSTRUCTOR: Tom Peltier, CISM, Justin Peltier, CISM CPE HOURS: 14 CPE hours for 2 days The Certified Information Security Manager (CISM) is designed to provide executive management with assurance that those earning the designation have the required knowledge and ability to provide effective security management and consulting. While the CISM’s central focus is security management, all those in the information systems profession with security experience will find the value in the CISM. This workshop will examine the qualifications for the CISM five key areas (Security Governance, Risk Management, Information Security Program Management, Information Security Management and Response Management). This two-day workshop is designed to provide CISM candidates with exposure to the areas tested in the core competencies and international standards to assist in the preparation and study for the CISM examination. Candidates will be tested on their not only their knowledge of the topics but your ability to apply the knowledge to real world situations. This workshop will address both of these elements. Register early ----------------------------------------------------------------------------------------------------------SEMINAR COST: $500 ISACA, ISSA Members with early registration discount (Payment received on or before March 21, 2005) $600 Non-Members or Members registering after March 21, 2005 Name ____________________________________Company _____________________ Address _______________________________________________________________ City, State, Zip Code _____________________________________________________ Telephone _______________________________ Email _________________________ Please make checks payable to ISACA, Los Angeles Chapter and return registration form with payment to: Sandy Geffner, Valacon, Inc. P.O. Box 6136, Altadena, CA 91003-6136. You may also register online www.isacala.org and utilize PayPal for payment. For additional information email: [email protected]. Please note there will be no refunds unless the class is cancelled by ISACA Los Angeles. Enrollment in class is not guaranteed until the payment is received by the seminar registrar and will be processed on a firstcome-first-served basis. Page 20 CISM Exam Preparation Workshop April 14 and 15, 2005 AGENDA Day 1 Information Security Governance – Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. The objective of this core competency, which accounts for 21% of the exam content, is to focus on the need for a stable security program. Risk Management – Identify and manage information security risks to achieve business objectives. This topic area is included to test the applicant’s knowledge in the area of risk identification and management as they relate to business needs. This area accounts for 21% of the exam contents. Exam Overview – This section will review the requirements to sit for the CISM exam and how to maintain the certification after successful completion of the examination process. We will provide the attendees with techniques used by other successful certification candidates, and with tips on how to study and how to prepare for an exam. Day 2 Information Security Program – Design, develop and manage an information security program to implement the information security governance framework. The topic area stresses the skills and knowledge necessary to create and implement the information security framework. This section accounts for 21% of the examination material. Information Security Management – Oversee the internal and external resources for information security are identified, appropriated and managed. Candidates will have to show proficiency in their understanding of the tools required to manage an information security program. The topic area accounts for 24% of the examination total. Response Management – Develop and manage a capability to respond to and recover from disruptive and destructive information security events. This section addresses the need for development and implementation of policies and procedures and accounts for 13% of the exam total. You Will Learn: • The requirements to obtain the CISM • Why the CISM is the certification of choice for security professionals • How to study for an exam • How to take a certification exam You’ll Take Back With You: • Knowledge of the five core competencies that make up the CISM • Reference lists to improve weak areas • A sample exam to test your readiness for the exam CISA Exams June 11, 2005 Los Angeles Chapter’s Annual CISA Review Courses The LA Chapter is proud to offer its annual CISA Review Course. This course is designed to help candidates prepare for the exams. The CISA course for the 2005 exam is held on six Saturdays, from April 9 to May 14, 2005. The four-hour review sessions are held from 9 am to 1 pm and generally cover the exam’s process and content areas: • Domain 1: IS Audit Process (10%) • Domain 2: Management, Planning, and Organization of IS (11%) • Domain 3: Technical Infrastructure & Operational Practices (13%) • Domain 4: Protection of Information Assets (25%) • Domain 5: Disaster Recovery and Business Continuity (10%) • Domain 6: Business Application System Development, Acquisition, Implementation, and Maintenance (16%) • Domain 7: Business Process Evaluation & Risk Management Course Location: Southern California Edison Facilities 2244 Walnut Grove, Rosemead, CA 91770 Parking is provided free of charge. Course Materials: Participants are strongly encouraged to purchase the CISA Review Manual 2005 from the ISACA Bookstore. The manuals are not provided with the course. The CISA manual costs $105 for members and $135 for non-members. To order the manual, access the ISACA bookstore or call (847) 253-1545, ext 401. Course Costs: Members: Non-members: Part-time Students: Full-time Students: Register by 3/18/2005 $ 65 $135 $ 45 Free (12 units +) Register by 4/9/2005 $ 75 $150 $ 50 $ 10 After 4/10/2005 $ 85 $160 $ 60 $ 20 Course Registration: To register, download a copy of the registration form from www.isacala.org, pick one up at the monthly chapter meeting or contact Greg Ash for the CISA course at (626) 302-9959 or e-mail [email protected], or Cheryl Santor for the CISM course at (805) 795-2057 or e-mail [email protected]. CISA & CISM Exam Registration Deadlines and Fees Early registrations received by February 2, 2005 ISACA Member: US $325.00 Non-Member: US $445.00 Early Registrations received by February 2, 2005 Final registrations received by March 30, 2005 ISACA Member: US $375.00 Non-Member: US $495.00 Final Registrations received by March 30, 2005 Information Systems Audit and Control Association Los Angeles Chapter PO Box 712726 Los Angeles, CA 90071 www.isacala.org ISACA LOS ANGELES CHAPTER BOARD OF DIRECTORS ASSOCIATE DIRECTORS & VOLUNTEERS Spring Conference Chair Debbie Lew, CISA Ernst & Young, LLP [email protected] (818) 703-4728 Reservations Chair Sandy Geffner Valacon, Inc. [email protected] (626) 296-2751 Employment Chair Roger Lux Farmers Insurance [email protected] 323-930-4053 Membership Chair Mark Stanley, CISA Toyota Financial Services [email protected] (310) 468-8587 Newsletter Editor Mary Ma PricewaterhouseCoopers LLP [email protected] (213) 356-6305 CISA Review Chair Greg Ash, CISA Southern California Edison [email protected] (626) 302-9959 Webmaster Chair Edson Gin, CISA, CFE, SSCP City National Bank [email protected] Spring Conference and Marketing Frank Ness, CISA Honda North America [email protected] (310) 781-4673 Seminars Chair David Lowe, CISA, CISSP Sony Pictures Entertainment [email protected] (310) 665-6630 Academic Relations Chair Amanda Xu KPMG LLP [email protected] (213) 955-8552 Chief Technology Officer Larry Hanson, CPA, CISA, CIA Southern California Edison [email protected] (626) 302-9956 Newsletter Layout Editor Don Kuo Cal Poly Pomona [email protected] Co-Webmaster - Associate Director Peter Hewitt, CISA, CISSP HealthNet Audit Chair [email protected] Michelle Quan, CPA (818) 676-7734 PricewaterhouseCoopers LLP [email protected] Marketing Committee Chair Membership Committee Robert Brown Constance Slack PricewaterhouseCoopers LLP Ingram Micro [email protected] [email protected] (310) 500-7957
Similar documents
september 14 meeting notice - ISACA – Los Angeles Chapter
promote ISACA-LA events (dinner meetings, spring conference, CISA Review, summer picnic, etc.) Academic Relations offers free student membership
More information