SPRING CONFERENCE 2012 SPRING MEMBERSHIP MEETING

Transcription

1 ISACA NEW YORK METROPOLITAN CHAPTER SPRING CONFERENCE 2012 SPRING MEMBERSHIP MEETING Citi 388 Greenwich Street Greenwich Rooms New York City, NY April 30, 2012

2 A Message From the President: Dear ISACA NY Metro Member: On behalf of our Board of Directors, I'd like to welcome you to our 2012 Spring Conference. This is one of several major educational events we had planned for this year. We've selected our presenters based on feedback from you and what we believe are 'hot topics' in the industry. The chapter year is almost completed and I m very pleased with everything we ve accomplished. Our webinar series has received great feedback and we continue to offer many world-class educational opportunities at an unmatched price and value. Our next membership event will be our Annual Gala, held on June 18 at the Union League Club in Midtown. This is where we announce our Board of Directors and bestow the prestigious Wasserman Award to this year's winner, for doing the most for the profession. It's a top-notch event with an open bar and hors d'oeuvres, a sit-down dinner and plenty of networking opportunities. Details will be posted on our website and space is limited so please register soon. Thank you for all your support today, and throughout the year. We couldn t be the organization we are today without a strong and dynamic membership. I hope you enjoy today's event and we re already planning plenty more for the Fall, including a joint IIA and ISACA Conference. All the best, James C. Ambrosini CISA, CISSP, CFE, CRISC ISACA New York Metropolitan Chapter President Thank You to our Sponsors and Speakers 2

3 Spring Conference 2012 April 30, 2012 AGENDA Morning Session 08:30 AM 09:00 AM Registration and Networking, Continental Breakfast 09:00 AM 09:15 AM Welcome and Opening Remarks 09:15 AM 10:05 AM Keynote Address - Governance and Security Bart Stanco, Vice President & Executive Partner, Gartner Executive Programs 10:15 AM 11:05 AM Overview of National Cybersecurity & Communications Integration Center and Federal Cyber Response Capabilities Rick Lichtenfels, Deputy Director, Assist and Assess Branch, NCCIC, US Department of Homeland Security 11:15 AM 12:05 PM COBIT 5 Brian Barnier, Principal Analyst and Advisor, ValueBridge Advisors LLC 12:05 PM 12:30 PM Closing Remarks and Raffle Afternoon Session 01:30 AM 02:00 PM Registration and Networking 02:00 PM 02:15 PM Welcome and Opening Remarks 02:15 PM 03:05 PM Choosing the Most Appropriate Data Security Solution for an Organization Ulf Mattsson, Chief Technology Officer, Protegrity 03:15 PM 04:05 PM Operational Standards of Anti-Money Laundering / Combating Terrorist Financing (AML/CTF) Program John F. Walsh, President and Chief Executive Officer, SightSpan 04:15 PM 05:05 PM Enough on Mobile Problems, What About Solutions? Yan Kravchenko, Practice Lead, NetSpi 05:15 PM 05:30 PM Closing Remarks and Raffle 3

4 About the Speaker: Morning Session One 9:15 AM 10:05 AM Keynote Address Governance and Security Gartner defines a strategic technology as one with the potential for significant impact on the enterprise in the next three years. A strategic technology may be an emerging technology. It may also be an existing technology that has matured and/or become suitable for a wider range of uses. Factors that denote significant impact include a high potential for disruption to IT or the business, the need for a major dollar investment, or the risk of being late to adopt. These technologies impact the organization's long-term plans, programs and initiatives. Bart Stanco, Vice President and Executive Partner, Gartner Executive Programs Bart Stanco has more than 25 years of hands-on leadership experience working with key executives, providing business and technology strategy advice. His experience spans successful start-ups, IPOs, and mature companies - and he has worked from Wall Street to the White House. In his previous position at Gartner, Bart was the CIO. He led the team that developed a state-of-the-art operations practice while creating an exciting work environment that yielded high morale and award-winning business results. About the Speaker: Morning Session Two 10:15 AM to 11:05 AM Overview of National Cybersecurity & Communications Integration Center and Federal Cyber Response Capabilities The rapidly converging information technology (IT) and communications infrastructure, known as cyberspace, touches every corner of the globe and every facet of human life. The United States in particular continues to embrace cyberspace, utilizing it for diverse activities from increasing energy efficiency to conducting financial transactions. Recognizing this national reliance on cyberspace and the interdependent nature of the Nation s current cyber infrastructure, the President commissioned the Cyberspace Policy Review. This report, released on May 29, 2009, builds on the Comprehensive National Cybersecurity Initiative (CNCI) and calls for the development of a cybersecurity incident response plan. This National Cyber Incident Response Plan (NCIRP) was developed according to the principles outlined in the National Response Framework (NRF) and describes how the Nation responds to Significant Cyber Incidents. Per the terms of the NCIRP, the National Cybersecurity and Communications Integration Center (NCCIC) is the focal point for the Nation s federal response to a significant cyber incident. The NCIRP represents a significant innovation in how DHS executes its cybersecurity and communications mission and in how the country responds to significant cyber incidents. This session will provide an overview of the NCCIC, the means in which DHS engages government, industry, intelligence and law enforcement communities, and a summary of Federal resources available to state and local entities before, during and after a cyber incident. Rick Lichtenfels, Deputy Director, Assist and Assess Branch, NCCIC, US Department of Homeland Security Rick Lichtenfels is the Deputy Director for the National Cybersecurity and Communications Integration Center's (NCCIC) Assist and Assess Branch. Previously, he was the Deputy Director of the Department of Homeland Security s (DHS) Control Systems Security Program (CSSP), where he led efforts to improve the security of the control systems underlying the Nation s critical infrastructure. Prior to becoming the CSSP Deputy Director, Rick was with DHS National Communications System (NCS) where he led the NCS Modeling, Analysis and Technology Assessment branch. Rick has over 15 years of engineering and management experience within both the public and private sectors, and holds a B.S. degree in Electrical Engineering from the University of Maryland at College Park. 4

5 About the Speaker: Morning Session Three 11:45 AM to 12:05 PM COBIT 5 COBIT 5 is ISACA's next generation of guidance on the governance and management of enterprise IT. COBIT 5 helps enterprises increase value from information and technology assets in view of risks and resource use. It builds on the COBIT history to enable improved ROI from information systems, maintaining the level of support and service for which ISACA is known. COBIT 5 integrates COBIT 4.1, Val IT, Risk IT while adding new business-process related content and a new maturity model method. COBIT 5 provides five principles and seven enablers for the governance and management of enterprise IT assets. It is designed to work with all major IT frameworks and standards such as ITIL and ISO. As such, COBIT 5 not only supports compliance with relevant laws, regulations and policies but also dovetails seamlessly with any framework approaches that the organization already has in place. Brian Barnier, Principal Analyst and Advisor, ValueBridge Advisors LLC Brian Barnier, Principal Analyst and Advisor at ValueBridge Advisors, is also an OCEG Fellow. He served on the OCEG Red Book Review Committee, co-authored ISACA s Risk IT Based on COBIT, and served on the COBIT 5 development workshop team, the IIA Risk Leadership Summit and BITS/FS Roundtable committees, including the Shared Assessment Program. Brian has penned over 100 articles, serves on the editorial panels of the Taylor & Francis EDPACS newsletter, ISACA Journal, and Association for Financial Professionals Risk! newsletter, contributed to Risk Management in Finance (Wiley, San Francisco, 2009) and is the author of The Operational Risk Handbook for Financial Companies (Harriman House, London, 2011). He twice chaired ISACA s IT GRC Conference. A global businessperson with Finance, Operations and Product Management experience, he has also led teams to nine technology patents. About the Speaker: Afternoon Session One 2:15 PM to 3:05 PM Choosing the Most Appropriate Data Security Solution for an Organization The frequency and cost of data security breaches continue to escalate. External and internal breaches continue to highlight the need for companies to understand the flow of data within the enterprise and the need to take a more granular approach in terms of how it is secured. This session analyzes recent security breach investigative reports and trend/risk studies, opining on who are the hackers, what are they doing, and what are their possible next targets. Recent case studies will be presented, illustrating what the IT security industry is doing to improve data security. The role of risk management in balancing business needs vs. security demands will also be discussed. Ulf Mattsson, Chief Technology Officer, Protegrity Ulf Mattsson created the innovative architecture of the Protegrity database security technology. Prior to joining Protegrity, he was a consulting resource to IBM's Research organization for 20 years, specializing in the areas of IT Architecture and IT Security. Ulf is the inventor of more than 20 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. He is a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security, ANSI X9, Information Systems Security Association (ISSA) and ISACA. Ulf received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden, and holds degrees in electrical engineering and finance. 5

6 About the Speaker: Afternoon Session Two 3:15 PM to 4:05 PM Operational Standards of an Anti-Money Laundering / Combating Terrorist Financing Program Multiple operational segments of work are required for an effective Anti-Money Laundering/Combating Terrorist Financing (AML/CTF) program, ranging from client on-boarding processes, proper risk assessments, sanctions, transaction monitoring, investigations of suspicious activities and filings with government agencies and/or account closures. Operational effectiveness is necessary to build and manage a sound cost effective AML/CTF program that provides proper levels of risk management and value for the shareholder. This session will cover practical approaches to AML/CTF risk management and engage the group in an open dialog about the reputational and regulatory risk associated with AML/CTF. John F. Walsh, President and Chief Executive Officer, SightSpan John Walsh is the President and Chief Executive Officer of SightSpan Inc. and a well-regarded Industry Leader, Speaker, and Trainer on the subjects of Risk Management, Security, Anti-Money Laundering (AML) and Combating Terrorist Financing (CTF). Prior to joining SightSpan, John held several leadership positions within the financial services industry over the past 25 years, including roles at Wachovia Bank where he was the CIB Data Czar responsible for information management and corporate governance, Bank of America in the role of Global AML Technology and Process Executive, and Merrill Lynch where he led Wholesale Trading Initiatives and GMI ecommerce prior to assisting the firm build out an AML and CTF program after 9/11. About the Speaker: Afternoon Session Three 4:15 PM to 5:05 PM Enough on Mobile Problems, What About Solutions? Mobile remains one of the most talked about problems with regard to security. While better and less expensive Mobile Device Management (MDM) tools are still being developed, organizations are facing a very real risk that remains largely unaddressed. Some organizations choose to pretend that wireless does not exist, while others implement policies that prohibit use of wireless technologies. This presentation will side step the typical rhetoric of the size of the problem that wireless devices pose, and focus on real world meaningful solutions that organizations can implement today. This session will provide a deconstructed view of the mobile dilemma, and introduce different techniques by which organizations can stop ignoring mobile and embrace its usefulness along with the risks in a more constructive manner. Yan Kravchenko, Practice Lead, NetSpi Yan Kravchenko has over 14 years of consulting experience in Information Technology and Information Security, specializing in security program development and management, security assessments, and IT audits. He has performed and managed numerous security assessment and IT audit projects in the education, government, healthcare, manufacturing, and agriculture sectors. A particular focus recently has been information security in healthcare. Yan is a founding member of the HITRUST SIG in the Twin Cities, which helps organizations affected by healthcare regulations evaluate and begin implementing the HITRUST Common Security Framework, or CSF.

7 Spring Membership Meeting April 30, 2012 AGENDA 05:30 PM 06:30 PM Registration and Networking, Food and Beverages 06:30 PM 06:40 PM Welcome and Opening Remarks 06:40 PM 07:30 PM Exposing the Most Recent Spate of Targeted Attacks Why are They Successful? Bradley Anstis, Vice President Technical Strategy, M86 Security 07:30 PM 08:30 PM Networking, Cocktails, and Refreshments About the Speaker Exposing the Most Recent Spate of Targeted Attacks Why are They Successful? In the last several months, M86 Security has monitored an apparent surge in targeted attacks against organizations. There appear to be several motives for the attackers: either they are after customer information or intellectual property, or perhaps wish to wreak public havoc. This session reviews the methods and tactics used in the most recent attacks and discusses why they are succeeding in spite of investments in security. The presentation will look at the anatomy of common attacks such as spear-phishing, blended threat s and malicious attachments. Then it will look at how those attacks are successful, even against world leading IT security organizations, to identify any potential holes in your organization s security architecture. Bradley Anstis, Vice President Technical Strategy, M86 Security Bradley Anstis is a 20-year veteran of the IT industry and a leading authority on the topic of Internet threats and cybercrime. He is M86 Security s primary spokesperson on the evolution of technical and strategic products. He is also the primary spokesperson on all topics relevant to the M86 Security Labs, which provides 24/7 monitoring of and Internet traffic to ensure that M86 keeps ahead of emerging threats, security trends and market requirements to provide solutions that protect customers from the latest threats and attacks to their electronic communication channels. Bradley is a regular speaker at global industry conferences, and is frequently featured in security publications. 7

8 recognition success growth Be recognized as an expert in your profession. With a globally accepted and recognized ISACA certification, you hold the power to move ahead in your career, increase your earning potential, enhance your credibility and prove you have what it takes to add value to your employer s enterprise. Registration is closed for June 2012 exams. Next exams are in December Are you ready for the June 2012 Certification Exams? the isaca new york metropolitan chapter offers the following exam review classes: cisa exam review class 4 consecutive saturdays may 5, 12, 19 & 26 9 am to 5 pm st. john s university, manhattan campus crisc exam review class 3 day course may am to 5 pm ernst & young llc, times square, new york, ny spring 2012 it boot camp for cisa and cism may 11 9 am to 5 pm st. john s university, manhattan campus register on the chapter website isaca.org/nymetro or kwongmei.to@isacany.org registration is still available but seating is limited 8