The Newsletter of ISACA - North Texas Chapter
In This Issue:
Letter From the President
Meeting Agenda for our September 12, 2013 Luncheon Meeting
Welcome to our first newsletter of the 2013-2014 year! Your North Texas Chapter Board of Directors is already busy planning programs and activities for the upcoming year.
Our September meeting takes place next Thursday 9/12 at the Sheraton Hotel in Arlington. Our theme this month is Regulatory Update. The Programs team lead by Andrew Neal has speakers scheduled to discuss the latest changes with HIPAA, SOX (SOC) and PCI-DSS. The Board will also present our current year's budget for your review and approval. Please register for this meeting at www.isaca-northtexas.org.
Our Certifications team lead by Barry Raven is busy planning our fall review courses. These classes will begin on the last Saturday of October and continue on the first three Saturdays in November. If you're studying to take either the CISA or CISM exam in December these classes are a great way to finalize your preparation. Stay tuned to our web site for more details.
We are looking for volunteers for three open positions: Hospitality Coordinator, Education Coordinator and Newsletter Coordinator. Please contact me at email@example.com if you're interested in learning more about one of these positions. If you indicated an interest in volunteering while completing the chapter survey, look forward to being contacted soon by a board member who will work with you to best use your talents.
Invest in yourself and your career! Take advantage of the opportunities your ISACA membership offers you. Stay tuned to our Chapter Website and your email box for all the North Texas Chapter ISACA news. I look forward to meeting you at one of our monthly chapter meetings, educational seminars, certification reviews or networking events this year.
The focus of this month's meeting is Compliance Update. The meeting will be held at the Sheraton - Arlington. Experts will present the following sessions "An overview and update on HIPAA ", "Regulatory & Compliance Update – The changes coming for SOX" and, "PCI DSS 3.0". Be sure to join us and learn from the experts.
10:30 AM (Pre-Luncheon meeting)
Angela Miller, President/General Manager, Medical Auditing Solutions LLC
"An overview and update on HIPAA – Updates since HITECH and implications of the Affordable Care Act"
12:20 PM (Luncheon)
Kris Lonborg, Partner, and Maria Avedissian, Senior Manager, Advisory Services, Ernst & Young LLP
"Regulatory & Compliance Update – The changes coming for SOX"
*Note - This session will focus on the recent changes made to the SOC1 Audit Guide and the highlights of the recent Audit Risk Alert.
1:30 PM (Post-Luncheon session)
Branden R. Williams, EVP Strategy at Sysnet Global Solutions
"PCI DSS 3.0"
Complete details are provided below.
Pre-Luncheon Session - 10:30 AM - 11:20 AM
Topic: An overview and update on HIPAA – Updates since HITECH and implications of the Affordable Care Act
Presenter: Angela Miller, President/General Manager, Medical Auditing Solutions LLC
HIPAA rules were significantly modified in 2009 with the HITECH act. Since then HIPAA rules have undergone further refinement and modification with implementation deadlines in 2013. The Affordable Care Act begins implementation in the fall and brings with it HIPAA implications.
This presentation will provide a high level update regarding recent HIPAA regulatory changes, pending changes, and anticipated operational impacts resulting from the Affordable Care Act. The presentation will give insight into the topics auditors and security professionals should be aware of in assessing their internal privacy and security compliance programs.
Angela Miller has over 18 years of leadership and consulting experience in healthcare compliance program development, training and audits for coding and billing, as well as collections for all types of healthcare and medical providers. Ms. Miller is President of Medical Auditing Solutions LLC and has provided consulting services to a variety of companies. Her company is a Texas certified WBE and HUB business.
Ms. Miller is a Certified in Healthcare Compliance (CHC) Her consultation services cover the areas of healthcare compliance, HIPAA, & HITECH program development & training, as well as payer audit review & response, legal defense audits & recommendations, credentialing/provider applications and cash flow management.
Objectives: Attendees will gain an:
- Overview of the high level HIPAA privacy and security rules resulting from HITECH Act
- Understanding HIPAA changes resulting from the introduction of the Affordable Care Act
- Understanding the nature of Security/Privacy breaches associated with PHI
- General understanding of how the regulatory changes will affect organizations in general
: Group-Live Program Level
Specialized Knowledge & ApplicationsPrerequisites/Advance Preparation:
NoneRecommended CPE Hours:
Pre-Luncheon registration begins at 10:00 am
Luncheon Session - 12:20 PM - 1:20 PM
Topic: Regulatory & Compliance Update – The changes coming for SOX
Presenters: Kris Lonborg, Partner, and Maria Avedissian, Senior Manager, Advisory Services, Ernst & Young LLP
The AICPA recently published a new SOC1 Audit Guide and an Audit Risk Alert making some changes to SOC1 report expectations and providing clarity in some areas for these reports. These reports are widely used by companies with outsourced operations for SOX 404 and Internal Audit purposes.
Are you aware of these recent changes and how they may impact your company? This presentation will provide an overview of the changes required for SOC1 reports and prepare you to understand these changes that should be reflected in the upcoming cycle of reports you may be dependent upon.
Kris Lonborg, CISA, CISM, CGEIT, CRISC is a Partner in Ernst & Young's Advisory Services practice. He has 29 years of experience in information technology auditing and advisory services. Kris has performed control assessments in a variety of computer environments, managed numerous security assessments, data analysis projects, and pre-implementation reviews. Kris directs the activities of more than 100 SSAE 16 reports annually. He is the Southwest Sub-Area's Third-Party Reporting service-line champion. He also serves as the Technology Partner on a number of our external financial audits.
Maria Avedissian, CISA, CRISC is a Senior Manager in the Advisory Services practice of Ernst & Young LLP. Maria specializes in the delivery of Information Technology (IT) risk assurance and advisory services including IT security, ERP integrity and Third-party reporting.
Maria also has significant experience in assisting her clients in their Sarbanes-Oxley and regulatory compliance initiatives and providing information technology audit and advisory services to the marketplace. Maria manages over 50 Service Organization Controls reports (SOC 1, SOC 2 and SOC3) reports annually for national and international service organizations.
Objectives: Potential learning outcomes/takeaways include:
- Understanding the recent changes made to the SOC1 Audit Guide and the highlights of the recent Audit Risk Alert.
- Understanding the user auditor implications of these changes
Category: Specialized Knowledge & ApplicationsPrerequisites/Advance Preparation:
NoneRecommended CPE Hours:
Luncheon registration opens at 11:15 am
Lunch is served no later than 11:45 am
Post Luncheon Session - 1:30 PM - 2:30 PM
Topic: PCI DSS 3.0
Presenter: Branden R. Williams, EVP Strategy at Sysnet Global Solutions
We have a new standard on the way in PCI DSS 3.0. What can you expect? Can you get ahead of the game? This session will preview some of the changes to come as well as strategies for dealing with the changes.
Branden Williams, CISSP, CISM is well known in the industry as a practitioner, consultant, and thought leader. He spent a number of years helping companies solve major security and compliance problems, including building PCI DSS compliance programs for some of the largest retailers around the globe. He recently sat on the PCI Board of Advisors and published the third edition of his book, PCI Compliance (Syngress, 2012) in August. Branden routinely speaks with organizations big and small with various levels of regulation to help them reduce their overall risk footprint and build safer and more efficient IT functions.
Objectives: Attendees will learn:
- General areas of PCI DSS changes
- Key PCI DSS changes where new challenges may arise
Group Live Program Level:
Specialized Knowledge and Applications Prerequisites/Advanced Preparation:
None Recommended CPE hours:
For complete details, including CPE information and to register, click the buttons below.
Copies of the presentations for this meeting will be made available at http://www.isaca-northtexas.org/SitePages/Presentations.aspx, before the meeting if possible.
New Meeting Rate Structure – Effective September 2013
Like many businesses our chapter is challenged with rising costs. Several venues where we met in past years raised their rates significantly this year. Brittany Teare, VP of Facilities, works diligently to find new venues which are more cost effective. After careful consideration, the Board decided to raise our meeting rates beginning in September 2013. The new rate structure follows below:
- $35 – members (+$5 increase)
- $45 - non-members (+$10 increase)
- $45 – walk-ins, regardless of ISACA membership (+$5 increase)
- $15 – students (+$5 increase)
- $0 – students with approved voucher from professor (no change)
Please note: The chapter will continue to subsidize the total cost of our monthly meetings, as the above rate increase will not put us in a breakeven position. We make up most of the shortfall through our educational seminar and certification review class revenue. We will continue to look for new meeting venues across the D/FW Metroplex to minimize costs while providing a quality meeting experience.
Upcoming CPE Changes – "Going Electronic"
This chapter year will bring changes to our CPE processes. The Board is targeting November for the rollout of electronic CPE certificates for meetings and seminar attendees. Until this is completed, we will still be providing paper CPE certificates at the meetings as follows:
- Pre-meeting CPE certificates may be picked up at registration prior to the session. Attendees should make sure they sign the pre-meeting registration list to make sure their attendance is recorded.
- Lunch and post-meeting CPE certificates will be handed out at the end of each of the sessions. Post-meeting attendees should make sure they sign the post-meeting registration list circulated at the beginning of the post-meeting session.
According to NASBA requirements, we cannot provide CPE for an incomplete session, so we encourage members to arrive promptly and attend the full meeting session. If you have any questions regarding CPE, please contact Lisa Bartsch, CPE Coordinator at firstname.lastname@example.org
Introducing this year's Education Committee
A new ISACA Year is upon us and I would like to introduce myself, Matthew Smith as VP of Education. I currently work for Capital One as an IT Risk Manager and have been a member of ISACA since 2004. I have previously served on the Chapter Board as both VP Communications and Newsletter Coordinator.
Your 2013-2014 Education Committee is currently comprised of Iddah Wangondu and myself. We are currently seeking additional committee members, if you are interested please contact us at email@example.com.
The Summer Seminar, Mobile Security Boot Camp, was held last month and was very successful. The course presenter was Jerod Brennen, CTO and Principal Security Consultant with Jacadis. Feedback from the participants was very positive:
- 100% of those that responded said that the learning objectives of the seminar were met, Excellent (63.6%) or Good (36.4%)
- 100% said that the instructor was effective, Excellent (77.3%) or Good (22.7%)
- 95.5% said that the seminar was cost effective, Excellent (54.5%), Good (36.4%) or Satisfactory (4.5%)
- 100% said that they would recommend the seminar to others
Look for details of the Fall and Spring seminars, they provide excellent training at cost effective prices.
Current Job Postings
The word is getting out - that firms and recruiters can post their available audit and security-based openings on our JOBS Board, without charge. Help bring jobs and job seekers together by promoting job postings. Your fellow ISACA members will appreciate it.
As of September 8, 2013, we have two opportunities posted on the jobs board, as summarized below. See our website regularly for any updates and for complete details. Please note that positions may have been filled or new positions added prior to the newsletter publication, so always check the jobs board directly for the most current status.
Additional details about these jobs and all current job postings are available at: ISACA North Texas Job Postings.
To post an available position, just complete a Job Posting Template. Each job posting will be displayed on our site for one month, but can be reposted again or removed at any time by request.
All posted job descriptions will also be included in this newsletter each month. Members can also examine the available positions on the job board.
Don't forget - Postings are FREE and available for members and non-members alike.
Interested in positions outside the DFW area, even world-wide? ISACA International maintains a Career Center that hosts hundreds of available opportunities. https://www.isaca.org/ecommerce/Pages/ISACACareerCentre.aspx?returnurl=/ecommerce/Pages/ProcessLogin.aspx?vt=3
News from ISACA International
Upcoming ISACA Conferences
Upcoming ISACA Training
- Cloud Computing: Seeing through the Clouds - What the IT Auditor Needs to Know - 7-10 October 2013, Chicago, IL, USA. Cloud computing has emerged as one of the most significant information technology developments over the past decade. As a new framework for the way IT solutions are designed, sourced and used for services delivery, it offers organizations new and flexible ways to manage IT costs, scale IT operations and streamline related processes. However, with new IT developments come new risks. ISACA and Deloitte & Touche LLP have teamed up to deliver a cloud computing course to help you understand the risk implications of moving to the cloud, as well as strategies for managing those risks. Earn up to 32 CPE Hours!
- Training Week - Boston - October 14-17, 2013, Boston, MA, USA. ISACA's Training Week program provides a unique opportunity to explore today's key IS and IT topics with knowledgeable experts while updating and upgrading your own professional skills and potential. Courses are tailored to meet the unique requirements and challenges of IS & IT professionals just like you. Choose from one of the following educational tracks to study during your training week: Fundamentals of IS Audit & Assurance, Information Security Management, Governance of Enterprise IT, IT Risk Management and, COBIT: Strategies for Implementing IT Governance. Earn up to 32 CPE Hours!
- Taking the Next Step: Advancing Your IT Auditing Skills- November 11-14, 2013, Dallas, TX, USA. IT auditors must have wide range of skills across a broad array of technologies and platforms. This course provides the IT audit professional with an opportunity to deepen their knowledge across a range of various technologies, using practical hands on presentations and demonstrations, to enable IT auditors and security professionals to identify and analyze risks associated with a range of infrastructure platforms. Earn up to 32 CPE Hours!
- Training Week - Las Vegas - December 9-12, 2013, Las Vegas, NV, USA. ISACA's Training Week program provides a unique opportunity to explore today's key IS and IT topics with knowledgeable experts while updating and upgrading your own professional skills and potential. Courses are tailored to meet the unique requirements and challenges of IS & IT professionals just like you. Choose from one of the following educational tracks to study during your training week: Fundamentals of IS Audit & Assurance, Information Security Management, Governance of Enterprise IT, IT Risk Management and, COBIT: Strategies for Implementing IT Governance. Earn up to 32 CPE Hours!
New Research Available
- Privacy and Big Data: Improved decision making, faster time to market, better customer service and increased profits are just some of the benefits contributing to the explosion of big data implementation across enterprises of all sizes. The World Economic Forum describes the personal information garnered by big data as "the new 'oil'—a valuable resource of the 21st century." Big data analytics is the "new engine of economic and social value creation." Enterprises eager to reap the benefits of big data and its vast potential are recognizing their responsibility to protect the privacy of the personal data gathered and analyzed with big data. The success of enterprises will depend on how they meet and deal with the various big data challenges and impacts, including privacy.
- ITAF: A Professional Practices Framework for IS Audit/Assurance, 2nd Edition: ITAF consists of compliance and good practice setting guidance. It provides guidance on the design, conduct and reporting of IS audit and assurance assignments, defines terms and concepts specific to IS assurance and, establishes standards that address IS audit and assurance professional roles and responsibilities, knowledge, skills and diligence, conduct, and reporting requirements. ITAF provides a single source through which IS audit and assurance professionals can seek guidance, research policies and procedures, obtain audit and assurance programmes and develop effective reports. While ITAF incorporates existing ISACA standards and guidance, it has been designed to be a living document. As new guidance is developed and issued, it will be indexed within the framework and made available to ISACA members and the public. To date, all current ISACA guidance has been mapped to the framework.
- Transforming Cybersecurity Using COBIT 5; The numbers of threats, risk scenarios and vulnerabilities have grown exponentially. Cybersecurity has evolved as a new field of interest, gaining political and societal attention. Given this magnitude, the future tasks and responsibilities associated with cybersecurity will be essential to organizational survival and profitability. This publication applies the COBIT 5 framework and its component publications to transforming cybersecurity in a systemic way. First, the impacts of cybercrime and cyberwarfare on business and society are illustrated and put in context. This section shows the rise in cost and frequency of security incidents, including APT attacks and other threats with a critical impact and high intensity. Second, the transformation addresses security governance, security management and security assurance. In accordance with the lens concept within COBIT 5, these sections cover all elements of the systemic transformation and cybersecurity improvements.
- Responding to Targeted Cyberattacks; A breach will eventually Occur! Is your enterprise prepared? The threat environment has radically changed over the last decade. Most enterprises have not kept pace and lack the necessary fundamentals required to prepare and plan against cyberattacks. To successfully expel attackers, the enterprise must be able to:
This publication covers a few of the basic concepts that will help answer the key questions posed by a new outlook: that a breach will eventually occur.
- Conduct an investigation
- Feed threat intelligence into a detailed remediation/eradication plan
- Execute the remediation/eradication plan
Free CPE Using Your ISACA Membership
As a benefit of your ISACA membership, ISACA International is making free CPE available in four different formats. In fact, you can secure up to 72 hours of CPE per year, as follows:
- Earn one hour of CPE by taking and passing a quiz involving ISACA Journal. With six issues of ISACA Journal published each year, you can earn up to six hours of CPE, without charge.
- Earn three CPEs for each of 12 e-Symposia per year. That's 36 CPE credits available to you. Just sign-up for and attend each e-symposium in its entirety and complete a short 10-question quiz at the end of each 3-hour event.
- Earn up to 20 CPE by actively participating on an ISACA or ITGI board, committee, task force or as an officer of an ISACA chapter.
- Earn one CPE for each hour of mentoring efforts directly related to coaching, reviewing or assisting an individual with CISA/CISM/CGEIT/CRISC exam (up to 10 CPE).
As always, read the full details at http://www.isaca.org/Certification/Pages/How-to-Earn-CPE.aspx.