SlideShare uma empresa Scribd logo

ISACA SV 2013 Winter Conference Brochure

EnterpriseGRC Solutions, Inc.
EnterpriseGRC Solutions, Inc.
1 de 18
Baixar para ler offline
This event counts towards 14 hours of Continuing Professional Education ISACA SILICON VALLEY 2013 Winter Conference Schedule March 7 3 Schedule March 8 4 Sponsors 4-5 Day 1 Sessions and Bios 6-11 Day 2 Sessions and Bios 12-16 From the ISACA SV Board 16 About Our Committee 17 Venue Information 18 Academic Relations 18 Conference Brochure March 7th & 8th - Santa Clara, California 14 CPEs
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 2 Program Day One -Thursday, 7 March 2013 Time Event / Topic Speaker 8:00 AM RegistraƟon, Networking & Coffee, Vendor meeƟngs 8:45 AM Welcome Message from the ISACA SV President and The ISACA SV Board, Sumit Kalra, Robin Basham, Rocco Cappalla 9:00 AM 50 min Session 1-1: MeeƟng Stakeholder Needs—ISACA Leadership Panel • Jay Swaminantham - ISACA Silicon Valley • Debra Mallette - ISACA San Francisco • Karen Tinucci - ISACA Sacramento • Sumit Kalra - ISACA Silicon Valley 9:50 AM Vendor Raffle and InteracƟon Process 10:00 AM 50 min Session 1-2: Covering the Enterprise End to End Dwayne Melançon, Chief Technology Officer at Tripwire, Inc 11:00 AM 50 min Session 1-3 : The Map: Applying a Single Integrated Framework to mulƟple needs Debra MalleƩe, ISACA SF Past President 11:50 AM— 70 min Lunch and Networking - Enjoy Ɵme with Conference Sponsors—Remember to get those signatures for evidence of discussion 1:00 PM 50 min Session 1-4: IntroducƟon to the HolisƟc InformaƟon Security PracƟƟoner Approach Taiye Lambo, Founder and CEO of CloudeAssurance, Inc. , President and Founder of eFortresses , and HolisƟc InformaƟon Security PracƟƟoner (HISP) InsƟtute 2:00 PM 50 min Session 1-5: SeparaƟng Governance from Management or How to Balance InformaƟon Risk with IT Strategy—David Harrison, Director InformaƟon Risk Management Office at Ellie Mae, Jonathan Callahan, PMO at Ellie Mae 3:00 PM Vendor sign off—ConversaƟons Required—each aƩendee must get a signature from one or more vendors, presenters, or a board member—Subjects are CobiT Principles or Enablers 3:30 PM 50 min Session 1-6: Plan Build Run Monitor—Doctrine Meets PracƟce Doug Meier, Director Security & Compliance, Pandora 4:30PM 45 min Session 1-7: Sponsor Wrap Up—Thoughts from Our PlaƟnum Sponsors CloudeAssurance, Inc. — Quest SoŌware/Dell — VMWare— AppSec ConsulƟng— FoxT — Tripwire — ISACA San Francisco — ISACA Sacramento — ISACA Los Angeles — ISACA San Diego 5:15 PM Sponsors Exhibit, Networking & RecepƟon (unƟl 7:30 PM) Foundation: The Principles of Governance - Using the CobiT Five Principles to Organize Our Approach
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 3 Time Event / Topic Speaker 8:00 AM Networking & Coffee 8:30 AM 15 min Message from the ISACA SV President, Message from Academic RelaƟons, and a few words from our Membership Chair, Greg Edwards, Summit Kalra, Robin Basham, Rocco Cappalla, Larry Halme, Naimish Ankarat, The ISACA Board, Volunteers 8:45 AM 15 min Tabletop Demo from Aveska and FoxT— sponsors who will not be presenƟng at this conference will take 5-10 minutes to explain their products and how the support Enterprise OperaƟons. 9:00 AM 50 min Session 2-1: EffecƟve Change Control through ProacƟve Management Tim Sedlack, Dell SoŌware Group 10:00 AM 50 mins Session 2-2: InnovaƟon with Security in Mind Lee Penning, CIO, Customer Support, Collabworks 11:00 AM 50 min Session 2-3: NavigaƟng The Path to Compliance Brian Bertacini, President and CEO of AppSec ConsulƟng 11:50 AM Lunch and Networking - Enjoy Ɵme with Conference Sponsors 1:00 PM 50 min Session 2-4: Managing Risk and Developing Trust in the Cloud Joan Ross DocuSign’s Chief Security Officer 2:00 PM 50 min Session 2-5: How To Safely And Securely Move To The Cloud Taiye Lambo, Founder and CEO of CloudeAssurance, Inc. 2:50 PM 15 min Break—Hurry get those signatures from your sponsors and chapter leaders!!! Can’t win the raffle unless you show a full card. 4:15 PM to 5:05 PM 50 min Session 2-7 Panel Discussion - Moderator: Rocco Capalla—FoundaƟon2InnovaƟn—Are we There Yet? • Benny Kirsh, CIO Infoblox • Lynne Courts, CMO Foxt • Allyn McGillicuddy, Partner, The Office of the CIO • Barbara Adey, Senior Product Manager Cisco 5:10 PM Final Words and RecommendaƟons from our Sponsor—5 to 10 minutes each CPE will not be provided unƟl 5:30 PM Quest, Tripwire, AppSec ConsulƟng, HISPI/ CloudEAssurance, VMWare, Fox Technologies, Aveska The Silicon Valley’s Best Raffle Awards to Volunteers and CommiƩee Concluding Chapter Announcement CPE CerƟficates 3:15 PM 50 min Session 2-6: SoŌware-Defined Center Impact on Security and Compliance Session - VMWare Inc. Gargi Mitra Keeling is a Group Product Manager for Cloud Infrastructure Program Day Two –Friday, 8 March 2013 Innovation: Creative and Pragmatic Solutions for Implementing Governance, Risk and Compliance
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 4
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 5 About Dell (Quest SoŌware) Quest SoŌware, now a part of Dell, simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovaƟve soluƟons make solving the toughest IT management problems easier, enabling customers to save Ɵme and money across physical, virtual and cloud environments. For more informaƟon about Quest soluƟons for administraƟon and automaƟon, data protecƟon, development and opƟmizaƟon, idenƟty and access management, migraƟon and consolidaƟon, and performance monitoring, go to hƩp://www.quest.com. SoŌware for Windows Management, Database Management, VirtualizaƟon & Cloud Managment, ApplicaƟon Manage- ment hƩp://www.quest.com About VMWare VMWare (NYSE: VMW) is the global leader in virtualizaƟon and cloud infrastructure, two areas that consistently rank as top prioriƟes among CIOs. VMware delivers award-winning, customer-proven soluƟons that accelerate IT by reducing complexity and enabling more flexible, agile service delivery. Our soluƟons help organizaƟons of all sizes, lower costs, increase business agility and ensure freedom of choice. Cloud Infrastructure & Management, Cloud ApplicaƟons, Datacenter VirtualizaƟon, Desktop VirtualizaƟon, Mobile VirtualizaƟon, VMware vSphere, VMware vCloud, VMware View, VMware Fusion for Mac hƩp://www.vmware.com About CloudeAssurance CloudeAssurance plaƞorm is the industry’s first truly risk-intelligent raƟng, conƟnuous educaƟon and conƟnuous moni- toring system assuring cloud service provider’s cloud security and governance, risk and compliance. Customers can know which cloud providers have the best cloud assurance score and history, a measure of cloud trust they can depend on. This plaƞorm enables safe and secure adopƟon of Cloud CompuƟng! hƩp://www.CloudeAssurance.com About Tripwire Tripwire is a leading global provider of IT security and compliance soluƟons for enterprises, government agencies and service providers who need to protect their sensiƟve data on criƟcal infrastructure from breaches, vulnerabiliƟes, and threats. Thousands of customers rely on Tripwire’s criƟcal security controls like security configuraƟon management, file integrity monitoring, log and event management. The Tripwire VIA plaƞorm of integrated controls provides unprece- dented visibility and intelligence into business risk while automaƟng complex and manual tasks, enabling organizaƟons to beƩer achieve conƟnuous compliance, miƟgate business risk and help ensure operaƟonal control. Learn more at www.tripwire.com or follow us @TripwireInc on TwiƩer. hƩp://www.tripwire.com About AppSec ConsulƟng Using proven risk and vulnerability assessment services, AppSec ConsulƟng helps protect online applicaƟons against immediate and future threats. We help organizaƟons improve their security posture by idenƟfying their security re- quirements and providing a complete plan for improving the overall security of applicaƟons, hosts, and networks. We perform vulnerability assessments of applicaƟons and networks, provide security cerƟficaƟons, help organizaƟons develop coding security policies and procedures and teach applicaƟon security courses. Our goal is to help companies integrate security into the applicaƟon development life cycle. hƩp://www.appsecconsulƟng.com About FoxT FoxT protects corporate informaƟon and privileged accounts with an enterprise access management soluƟon that cen- trally enforces access across diverse servers and business applicaƟons. The ability to centrally administer, authenƟcate, authorize, and audit across diverse plaƞorms and applicaƟons, down to the file level, enables organizaƟons to simplify audits, streamline administraƟon, and miƟgate insider fraud. hƩp://www.foxt.com About Aveska Aveksa provides the industry's most comprehensive Business-Driven IdenƟty and Access Management plaƞorm. By uniquely integraƟng IdenƟty and Access Governance, Provisioning and AuthenƟcaƟon, Aveksa enables enterprises to manage the complete lifecycle of user access for SaaS and On-premise applicaƟons and data. With Aveksa, IT organiza- Ɵons can reduce Access Management complexity and increase operaƟonal efficiency while minimizing risk and ensuring sustainable compliance. Aveksa provides enterprises with the industry's fastest Ɵme to value with over 90% of custom- ers reporƟng live implementaƟons of the company's business-driven IdenƟty & Access Management soluƟons and over 80% of these customers live with the latest version of the Aveksa plaƞorm. For more informaƟon, visit www.aveksa.com.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 6 Session 1-1 MeeƟng Stakeholder Needs This session will assist our professionals in idenƟficaƟon and management of Stakeholder Needs and in providing the link between strategy and execuƟon by translaƟng stakeholder needs and enterprise goals into increasing levels of detail and specificity: ‒Drivers ‒Stakeholder Needs ‒Enterprise Goals ‒IT related Goals ‒Enabler Goals (e.g. process goals) Session allows seƫng specific goals at every level of the enterprise in support of the overall goals and stakeholder requirements, and by balancing benefits and risk COBIT 5 enablers are 7 factors that influence successful governance and management over enterprise IT: Processes—pracƟces and acƟviƟes to achieve certain objecƟves; OrganizaƟonal structures—Are the key decision-making enƟƟes; Culture, ethics and behavior—oŌen under- esƟmated as a success factor in governance; Principles, policies and frameworks—pracƟcal guidance for day-to-day management; InformaƟon—all informaƟon produced and used by the enterprise - oŌen the key product of the enterprise itself; Services, infrastructure and applicaƟons—Include the infrastructure, technology and applicaƟons that provide the enter- About Karen Tinucci: President ISACA Sacramento, CGEIT, CRISC, CISA, Karen Tinucci is an independent Management Consultant; a leader and influencer within IT and business for more than 25 years, spending most of her professional life in California & Minnesota; primari- ly private sector, some public sector, and spanning industry, business or technical area. In her current role, she provides enterprise risk management oversight and influences governance redesign and process improvement iniƟaƟves, advising the CalWIN consorƟum of 18 counƟes in California Board of Directors, Policy Board, and IntegraƟon Oversight CommiƩee (IOC). Karen is a past 6-year member of the Forius Board of Directors, Strategy & Audit CommiƩees. About Debra MalleƩe: ISACA San Francisco Past President, CGEIT®, CISA®, CSSBB (ASQ CerƟ- fied Six Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for implemenƟng IT Governance. Having used the COBIT 3 Maturity Model, wriƩen ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a cerƟfied SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improve- ment programs throughout most of her career. She is an ISACA cerƟfied instructor for Imple- menƟng and ConƟnuously Improving IT Governance, V3.0, as well as IntroducƟon to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Manage- ment Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organizaƟon serving the largest and original Health Maintenance OrganizaƟon in the United States.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 7 About Sumit Kalra: Sumit Kalra, President ISACA Silicon Valley, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages the Assurance Services pracƟce specializing in infor- maƟon technology, SAS70 Audits, and assessments. His 12 years of industry experience in- clude 6 years at internaƟonal CPA firms, and 6 years at companies in the technology, consum- er products and financial services industries. His knowledge base spans a variety of ERP solu- Ɵons and complex infrastructure implementaƟons. Sumit has a BS in AccounƟng and Comput- er InformaƟon Systems from San Francisco State University. Visit hƩp://www.bpmllp.com About Jay Swaminantham, Past President ISACA-Silicon Valley, Jay Swaminathan, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit and IT risk consultaƟon to his clients. Jay has more than 10 years of experience in varied industries. In his current role at SOAPro- jects, he specializes in implemenƟng opƟmizaƟon and process improvements for his clients in compliance and other areas. His experƟse includes in depth knowledge of Oracle EBS, related tools and methodologies to evaluate the ERP system. Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young. Jay was responsible for managing and execuƟng review of IT systems as part of financial and Sarbanes-Oxley 404 audits of major corporaƟons like Seagate, Spansion, and Copart. Jay was an Oracle Subject MaƩer Resource (SMR) at Ernst & Young pracƟce and instructed various Oracle training sessions. Jay is the recent past President of the ISACA Silicon Valley chapter and successfully lead the 830-member organizaƟon, steering goals and objecƟves and in col- laboraƟon with a team of board members, executes programs for the benefit of the mem- bers. He instructs the CISA review courses and is a regular speaker at different conferences. Jay is an undergraduate in Management from Bangalore University. Moderator: About Robin Basham: Conference Director for the ISACA Silicon Valley Board, ITPreneurs partner, and board advisor for HolisƟc InformaƟon Security PracƟƟoners, Robin now leads Cloud Security & VirtualizaƟon Controls Management training in the San Francisco and Bay Area. As EnterpriseGRC SoluƟons lead architect, Robin brings team experience lever- aging plaƞorms such as Oracle, Archer, SAP, Web ApplicaƟons like Joomla, Visual Studio, Ac- cess and SharePoint. As an Archer CerƟfied Consultant and SharePoint architect, she’s known for successful GRC implementaƟons, supplying overall design, development and training to companies ranging from start up to fortune five hundred. Over the last decade Robin has ar- chitect more than 70 GRC programs, delivering end to end soluƟons with full knowledge transfer to program owners and users. Corporate leadership includes acƟng as technical liai- son for ISACA in development of the OCEG Redbook V1, TC Co-Chair for OMG’s Open Regula- tory Compliance Architecture (ORCA) project, working with co-chairs EMC’s Chief Governance Officer, Dr. Marlin Pohlman and world expert, Dr. Said Tabet. Robin’s companies remain ac- Ɵve in emerging standards with parƟcipaƟon on recent releases from ISACA® for both Oracle R12 and SAP ECC 6.0 controls. Ms. Basham is also past president for the AssociaƟon for CerƟ- fied Green Technology Auditors, ACGTA, a frequent commiƩee contributor to the ISACA Sili- con Valley Chapter and liaison to the ITSMF SV chapter, as well as frequent parƟcipant in Cloud Security Alliance local chapter. EnterpriseGRC SoluƟons is recently added to the Cloud CredenƟal Council and is named to the cerƟficaƟon commiƩee of The HolisƟc InformaƟon Security PracƟƟoner InsƟtute (HISPI). EnterpriseGRC SoluƟons® is an acƟve sponsor to Infor- maƟon Systems Audit and Control AssociaƟon, ISACA®, listed as corporate sponsor and many Ɵme CobiT® trainer for the ITGI. Visit hƩp://enterprisegrc.com We would also like to thank ISACA chapters Los Angeles and San Diego for parƟcipaƟng on our conference planning.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 8 Session 1_2: Covering the Enterprise End to End Session addresses governance and management of informaƟon technology from an enterprise-wide, end-to-end perspecƟve. This relates to the enter- prise objecƟves of benefits realizaƟon, risk opƟmizaƟon, and resource opƟmizaƟon – i.e. “Value” Presenter: Dwayne Melancon, the Chief Technology Officer at Tripwire, Inc., Dwayne is Trip- wire's Chief Technology Officer, where he owns a criƟcal role in driving and evangelizing the company's global overall product strategy. He brings over 25 years of security soŌware expe- rience, and is responsible for leading the company's long term product strategy to meet the evolving data security needs of global enterprises. Melançon joined Tripwire in 2000 and most recently served as Vice President of Products for Tripwire. He has spearheaded numerous iniƟaƟves during his tenure, including execuƟve responsibility for business development, professional services and support, informaƟon sys- tems and markeƟng. Prior to joining Tripwire, Melançon held leadership roles at DirectWeb, Inc., Symantec CorporaƟon and FiŌh GeneraƟon Systems, Inc. He is cerƟfied on both IT man- agement and audit processes, holding both ITIL and CISA cerƟficaƟons, and is a frequent speaker at naƟonal and regional industry events. Session 1-3 Fundamentals: The Map: Applying a Single Integrated Framework to mulƟple needs—This session will provide example of a company audit plan, leveraging integraƟon of stakeholder needs, strategic objecƟves, and a unified risk control matrix that is robust enough to cover an enterprise governance, risk and compliance requirement. COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises: Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000 IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI This allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator. ISACA plans a capability to facilitate COBIT user mapping of pracƟces and acƟviƟes to third- party references. Presenter: ISACA SF President Debra MalleƩe CGEIT®, CISA®, CSSBB (ASQ CerƟfied Six Sig- ma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for imple- menƟng IT Governance. Having used the COBIT 3 Maturity Model, wriƩen ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a cerƟfied SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improvement programs throughout most of her career. She is an ISACA cerƟfied instructor for ImplemenƟng and ConƟnuously Improving IT Governance, V3.0, as well as IntroducƟon to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organizaƟon serving the largest and original Health Maintenance OrganizaƟon in the United States.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 9 Session 1_4: IntroducƟon to the HolisƟc InformaƟon Security PracƟƟoner Approach —The issue of informaƟon security and regulatory compliance affects organizaƟons of all sizes and sectors, with an idenƟcal problem, their inherent vulnerability and high cost of compli- ance. Unfortunately in most cases, the regulaƟons and laws set forth offer liƩle guidance of any specific security measures or standards, instead leaving the decision up to the organiza- Ɵon. This causes confusion, misinterpretaƟon and drives up costs. Many organizaƟons struggle and treat each of these compliance areas as a silo. By taking this approach, the opportunity for a security breach is enhanced. An integrated approach can help form the basis for a secure informaƟon security program and design and deploy a comprehensive risk governance plaƞorm both for compliance and assur- ance. The HISP process uƟlizes the Implement Once Comply Many (IOCM) philosophy based on a unique approach that stands alone in the security and compliance industry. IOCM is a struc- ture for solving business and compliance problems. The structure includes a powerful method- ology, analyƟcal methods and tools, improvement techniques and trained, capable people. CerƟfied PracƟƟoners leverage the HISP to provide a holisƟc integrated management system that will show improved efficiency, reduce waste and cost. Presenter: Taiye Lambo is a seasoned Entrepreneur with Global InformaƟon Security and Gov- ernance, Risk Management and Compliance experƟse. Founder of CloudeAssurance, Inc. as a soŌware spin-off of eFortresses, Inc. Taiye is the creator of the CloudeAssurance plaƞorm, the industry’s first truly risk-intelligent raƟng and conƟnuous monitoring system assuring cloud service provider’s security and governance, risk and complianceCustomers can know which cloud providers have the best cloud assurance score and history, a measure of trust they can depend on. This plaƞorm enables safe and secure adopƟon of Cloud Compu- Ɵng! www.CloudeAssurance.com Taiye Lambo is a security subject maƩer expert in the area of InformaƟon Security Governance; with 20+ years IT including 16 years of experience as- sisƟng various organizaƟons globally to build robust, comprehensive, effecƟve and sustainable informaƟon security programs through the integraƟon of internaƟonally accepted best pracƟc- es, including ISO 27000, COBIT, COSO, ITIL and NIST. He founded the UK Honeynet project – www.honeynet.org.uk and the HolisƟc InformaƟon Security PracƟƟoner (HISP) InsƟtute – www.hispi.org and also founded the HISP Program, which is the first integrated training and cerƟficaƟon for Governance, Risk Management and Compliance (GRC) which he has personally delivered in the following countries USA, UK, Greece, Jamaica and South Africa. He also serves as an Independent Consultant to the United NaƟons audiƟng the ICT Governance and Security Management Programs of various United NaƟons Missions internaƟonally (Read more about Taiye Lambo in SecƟon 2-5)
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 10 1-5 Session DescripƟon: SeparaƟng Governance from Management or How to Balance In- formaƟon Risk with IT Strategy SeparaƟng Governance from Management - EffecƟve integraƟon of Governance and IT Steering - The COBIT 5 framework makes a clear disƟncƟon between governance and management – each requiring different organizaƟonal structures and serving different purposes • Governance—responsibility of the board of directors under the leadership of the chairperson. • Management—responsibility of the execuƟve management under the leadership of the CEO. Governance ensures stakeholders needs, condiƟons and opƟons are evaluated to determine balanced, agreed-on enterprise … (EDM). Management plans, builds, runs and monitors acƟviƟes in alignment with the direcƟon set by the governance body to achieve the enterprise objecƟves (PBRM). This session is a real world example of Governance working with Management across the programs of EDM and PBRM. Presenters: David Harrison, Director InformaƟon Risk Management Office, and Jonathan Callahan, PMO at Ellie Mae, Robin Basham, GRC Jonathan Callahan and David Harrison run parallel programs for InformaƟon Risk and IT Strategy, supporƟng an overall program of Gov- ernance for Ellie Mae® a leading provider of enterprise level, on-demand automated soluƟons for the residenƟal mortgage industry. We offer Encompass360®, an end-to-end soluƟon, de- livered using a SoŌware-as-a-Service model, that serves as the core operaƟng system for mortgage originators. Encompass360, spans customer relaƟonship management, loan origi- naƟon and business management. (ConƟnued) The team of Harrison and Callahan share responsibiliƟes to safeguard and project manage a world class, hosted Ellie Mae Network™, an integrated network that allows mortgage profes- sionals to conduct electronic business transacƟons with the mortgage lenders and seƩlement service providers they work with to process and fund loans. It is esƟmated that more than 20% of all mortgage originaƟons in the United States flow through our Encompass360 mort- gage management soŌware and Ellie Mae Network. More about Jonathan Callahan: Experienced leader for Enterprise-level IT iniƟaƟves. Manag- es highly complex cross-funcƟonal change efforts. Consistently delivers results through stra- tegic planning and leadership, strong project management, communicaƟon, and team build- ing. Thrives in high-pressure, fast paced environments that require a holisƟc understanding of scope and creaƟve out-of-the box problem solving.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 11 1-6 Session DescripƟon: Plan Build Run Monitor—Doctrine Meets PracƟce -This session reviews how management plans, builds, runs and monitors acƟviƟes in alignment with the direcƟon set by the governance body to achieve the enterprise objecƟves (PBRM). “In theory, pracƟce follows theory. In pracƟce, that rarely happens.” GRC (Governance, Risk Mgmt, Compliance) = Doctrine PBRM (Plan Build Run Maintain) = PracƟce Presenters: Doug Meier, Director Security & Compliance, Pandora Doug brings 20+ years experience designing and managing infrastructure, security, disaster recovery, and compliance programs for Silicon Valley Internet companies. Doug has designed corporate security programs, managed Exchange mail server migraƟons for a globally distributed enterprise, architected and implemented regulatory compliance programs and Disaster Recovery iniƟaƟves, and managed operaƟons of enterprise-wide IT services and knowledge systems.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 12 Session 2-1 DescripƟon: EffecƟve Change Control through ProacƟve Management Change is the one constant in the universe, but you don’t have to be an innocent bystander. Being proacƟve about changes is about more than Change Control – although that’s an im- portant piece. Gain an understanding how normalizing change records can posiƟvely or nega- Ɵvely affect your process assurance, incident management and security controls. We’ll give you some consideraƟons and best pracƟces to help you get going and keep the auditors at bay. Presenter Tim Sedlack, Dell SoŌware Group, is a senior product manager, where he is respon- sible for guiding the direcƟon of Quest’s compliance products, and provides assistance to Quest’s customers and strategic partners around the world. Tim has more than 20 years of experience in IT, including Ɵme at MicrosoŌ during early imple- mentaƟons of AcƟve Directory and Exchange. Prior to joining Dell, Tim worked with clients around the world on products that monitor health and availability of enterprise IT environ- ments. 2-2 Session DescripƟon: InnovaƟon with Security in Mind - InnovaƟon and Security generally go Head to Head not Hand in Hand. InnovaƟon represents changing the way things are done, someƟmes drasƟcally and oŌen frequently. The intent of the innovaƟon is to create an oppor- tunity to gain advantage over your compeƟtor or other market advantage by doing things differently. Examples include the Internet, Cloud CompuƟng (SaaS apps, Data storage, Serv- ers, mobile apps), the ability to work from anywhere with any device, mulƟ-naƟonal talent resource pools, use of social networks to reach your customers. Security represents controlled access to informaƟon and is usually rigid and restricƟve. The intent is to prevent unauthorized access to informaƟon. It may include “strong” passwords, dual authenƟcaƟon, data encryp- Ɵon, and limited access to the corporate data network. These tacƟcs are generally perceived as interfering with the employee’s ability to do their job. The dilemma that many companies are facing is how to allow innovaƟon and make the com- pany more compeƟƟve without losing control of key pieces of informaƟon because of poor security.Planning for security during the innovaƟon process is one way to minimize the prob- lem. COBIT 5 provides a comprehensive framework that assists enterprises to achieve their goals and deliver value through effecƟve governance and management of enterprise IT by maintaining a balance between realizing benefits and opƟmising risk levels and resource use. These principles can be applied by the innovaƟon teams as they develop new products or pro- cess changes therefore minimizing the security risks. Presenter: Lee Penning, CIO, Customer Support Lee joined the Collabworks leadership team in April 2008, overseeing Collabworks InformaƟon Technology strategy, as well as having overall responsibility for the day to day IT operaƟons and customer support for Collabworks. Prior to joining Collabworks, Lee held the posiƟon of Vice President and Chief InformaƟon Officer for Photon Dynamics, Inc., where he had respon- sibility for the IT organizaƟon supporƟng corporate business systems and network infrastruc- ture worldwide. Previously, as CIO of Spectrian, he led the organizaƟon toward a virtual com- pany vision that allowed employees to perform their job funcƟons from anywhere in the world. Lee has also held senior level informaƟon technology posiƟons at FCS/New Millennium Technologies, Inc. a Y2K soŌware conversion services company and Nextron CommunicaƟons, Inc., a web site creaƟon and hosƟng company. Earlier in his career, Lee worked for Deere & Company holding several posiƟons within its InformaƟon Technology organizaƟon at both unit and corporate levels. Lee received an MBA from the University of Iowa and holds a bachelor's degree in business administraƟon from Upper Iowa University.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 13 2-3 Session DescripƟon : NavigaƟng The Path to Compliance Compliance programs impact a large base of organizaƟonal stakeholders. There are many factors that determine an organizaƟon’s ability and achieve and sustain compliance with in- dustry and global standards programs like PCI DSS and ISO27001. Planning and execuƟon are criƟcal to the success of such programs. So is geƫng the right people on the bus and in the right seats. This presentaƟon will share insights based on field experiences to help stakehold- ers make beƩer and more informed decisions along the path to compliance. Key topics in- clude: Approaches to the Risk Assessment/Gap Analysis, Strategic RemediaƟon Planning, and Program Sustainability. Presenter: President, Brian Bertacini, is the President and CEO of AppSec ConsulƟng, a se- curity consulƟng firm based in San Jose. Brian is a PCI Qualified Security Assessor (QSA) and former Conference Director for the Silicon Valley ISACA Chapter. He is also the found- ing member of the Silicon Valley OWASP Chapter. AppSec ConsulƟng provides professional services in the area security tesƟng, compliance assessments, strategic consulƟng, training and remediaƟon services. 2-4 Session DescripƟon : Managing Risk and Developing Trust in the Cloud The global acceptance and adopƟon of electronic signatures are transforming how people transact business - In this session, we’ll explore use cases and the significant impact achieved in evolving and delivering business efficiencies. We’ll also examine the security require- ments, reports, and cerƟficaƟons that are beneficial to security teams performing technology and protecƟon due diligence for their organizaƟon. Key takeaways include: • The difference between electronic and digital signatures. • How electronic signatures reduce transacƟon Ɵme from days and weeks, to minutes and hours. • Minimum and best pracƟce security requirements to protect organizaƟons and individuals. • Tamper resistant protecƟons and automaƟons that protect against fraud and repudiaƟon. • Regional and global implementaƟon consideraƟons Presenter: Joan Ross DocuSign’s Chief Security Officer - In her tenure with DocuSign, the or- ganizaƟon has achieved the highest naƟonal and internaƟonal standards, including ISO 27001 cerƟficaƟon across all aspects of the organizaƟon, and PCI DSS compliance as a level one ser- vice provider. Joan Ross serves as DocuSign’s Chief Security Officer and leads DocuSign’s governance, risk, and compliance (GRC) program. In her tenure with DocuSign, the organizaƟon has achieved the highest naƟonal and internaƟonal standards, including ISO 27001 cerƟficaƟon across all aspects of the organizaƟon, and PCI DSS compliance as a level one service provider. DocuSign is also SSAE 16 examined and tested with no excepƟons, TRUSTe cerƟfied, and a member of the U.S. Dept. of Commerce Safe Harbor. Prior to joining DocuSign and in addiƟon to running her own security consulƟng companies, Joan has served as Security Architect and Strategist for MicrosoŌ’s Global FoundaƟon Ser- vices Security and Compliance Division, and Vice President of InformaƟon Security at Wash- ington Mutual. In her twenty years of experience she holds numerous security cerƟficaƟons including the CISSP-ISSAP, HISP, and NSA IEM, and obtained her Master of Science from the University of Washington in Human Centered Design and Engineering.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 14 Session 2-5 DescripƟon: How To Safely And Securely Move To The Cloud - With the global cloud services revenue projected to reach $148.8 billion by 2014 (Source: Gartner) and $241 billion by 2020 (Source: Forrester), InformaƟon Security and Privacy can either become a nightmare or an enabler for cloud adopƟon, parƟcularly with recent increases in highly publi- cized cloud related security breaches. Aims/ObjecƟves Cloud compuƟng provides many benefits, but also comes with inherent risks that could po- tenƟally damage an organizaƟon’s reputaƟon. This workshop will focus on key informaƟon security and privacy concerns in migraƟng to the cloud and miƟgaƟng soluƟons as well as impact assessments for using 3rd party cloud service providers. Overview of: Global Cloud CompuƟng, Cloud CompuƟng Benefits, Cloud Security Issues, and Cloud Privacy Issues IntroducƟon to: Cloud Assurance Frameworks, Cloud Security AudiƟng Best PracƟces, Cloud Privacy Best PracƟces Presenter: Presenter: Taiye Lambo, Founder and CEO of CloudeAssurance, Inc. In the com- mercial sector he has completed ConsulƟng engagements for clients in various verƟcals in- cluding SoŌware, Manufacturing, Financial Services and Healthcare sector. He was the Direc- tor of InformaƟon Security for John H. Harland (now Harland Clarke), the leading provider of soluƟons to the Financial Services industry in the USA, including check and check related products and accessories, direct markeƟng soluƟons, and contact center soluƟons. Taiye also serves on the Cloud Security Alliance (CSA) Quality Assurance (QA) team on behalf of his organizaƟon the HISP InsƟtute (HISPI) for the development of the Cloud Controls Matrix (CCM). Taiye is President and Founder of eFortresses, Founder of the HolisƟc InformaƟon Security PracƟƟoner (HISP) InsƟtute (HISPI) and Founder of the CloudeAssurance SaaS plaƞorm, the industry’s first truly risk-intelligent raƟng and conƟnuous monitoring system for assurance of cloud service provider’s security, governance, risk management and compli- ance. Please review Taiye’s LinkedIn Profile and recommendaƟons at hƩp:// www.linkedin.com/in/taiyelambo (Read More about Taiye Lambo in SecƟon 1-3) Session 2-4 DescripƟon—SoŌware-Defined Center Impact on Security and Compliance Ses- sion - VMWare Inc - The demand for agile development and producƟon environments is driving more workloads to virtual and cloud infrastructure. But agility for storage and com- pute is only part of the soluƟon when these workloads are chained to legacy network and security infrastructure. The goal is to have all infrastructure virtualized and delivered as a service, where the control of this datacenter is enƟrely automated by soŌware – also known as the SoŌware Defined Data Center (SDDC). We will discuss how early adopters of this tech- nology have transformed their network and security controls into soŌware and how some auditor organizaƟons have embraced this new trend to help customers be both agile and compliant in the SDDC. Presenter: GARGI MITRA KEELING is a Group Product Manager for Cloud Infrastructure, fo- cused on strategy and product planning for plaƞorm security (ESXi, vCenter) and applicaƟon security (vShield soluƟons . She has led a successful consulƟng pracƟce and held product management/markeƟng roles for startups and established leaders in Silicon Valley for over a decade. Previously, she held IT management posiƟons on Wall St. where she focused on in- frastructure for networking, endpoints and security. At VMware, she is working with her ex- tended team to drive innovaƟon in cloud compuƟng by transforming informaƟon security and compliance so that they are relevant and 'beƩer than physical' when it comes to protecƟng applicaƟons in the cloud.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 15 Session 2-7 DescripƟon: Expert Panel—FoundaƟon2InnovaƟon-Are We There Yet? The Success and Challenges in MeeƟng our Compliance Requirements Using our Most Inno- vaƟve Ideas Moderator and Conference Co-Chair: Rocco Cappalla, is known for Analysis of Business pro- cess and controls to improve operaƟonal effecƟveness, financial reporƟng and compliance. IniƟaƟng difficult conversaƟons without destroying the business relaƟonship to add value to the business. CERTIFICATIONS • CerƟfied Public Accountant (CPA) State of California- License # 89288 – Current • CerƟfied InformaƟon Systems Auditor (CISA) - Current • CerƟfied Internal Auditor – Current Rocco can be reached at rocco.cappalla@gmail.com Panelist: Benny Kirsh - CIO of Infoblox, a leading company in network automaƟon and control, Benny Kirsh, is an accomplished, results-oriented informaƟon technology professional with more than 20 years of experience in various industries. He has held several CIO posiƟons. He joined The Cooper Companies to lead an ERP implementaƟon and drive a cultural change necessary for a global rollout. He also led a highly professional IT team in implemenƟng sever- al systems such as financials, distribuƟon, supply chain and others. He established a Change Management process to create transparency and build a strong working relaƟonship within the business. Prior to The Cooper Companies, Benny was the first CIO at Kyphon, a company experiencing significant growth. His most important objecƟve was to lay the technology foun- daƟon for growth while sustaining the flexibility required for Kyphon to funcƟon in a compeƟ- Ɵve market. He was responsible for implemenƟng criƟcal systems such as ERP, Quality Assur- ance, Workflow, Clinical Trial Systems and others. Benny relocated to the US from Israel with an InternaƟonal Enterprise, Terayon CommunicaƟon Systems, bringing with him a wealth of global experience. Presenter: Meet Barbara Adey As Senior Director for Product Management in the Security Technology Group at Cisco Sys- tems, Barbara is responsible for developing new lines of business in Cisco Security. Prior to taking on her current role, she was the chief operaƟng officer for the Wireless, Security and RouƟng Technology Group at Cisco. Previously, she was a member of the corporate strategy team where she led the three-year plan for Cisco's entry to the data center / cloud mar- ket. Barbara holds a bachelor's degree in Systems Design Engineering from the University of Waterloo and an MBA from York University. She is a licensed Professional Engineer.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 16 Session 2-7 Panel Discussion Panelist: Allyn McGillicuddy, Partner, The Office of the CIO, Palo Alto, CA Allyn McGillicuddy collaborates with major Northern California enterprises to deliver strategic soluƟons for challenging business and informaƟon technology objecƟves. Establishes and leads process-based methodology to efficiently achieve enterprise compliance, informaƟon security objecƟves, and privacy goals. Panelist: Lynne Courts – Chief MarkeƟng Officer, Fox Technologies Lynne Courts brings over 20 years of global enterprise soŌware markeƟng and sales experi- ence to Fox Technologies where she is responsible for product markeƟng and management, field markeƟng, and corporate brand markeƟng. Lynne started with FoxT in 2005, and in her current role is focused on growing market share and driving product innovaƟon. Prior to FoxT, Lynne held a wide range of sales and markeƟng roles in the IT industry including Director of Product MarkeƟng at Chordiant SoŌware, Managing Director of EMEA for AcƟon Point SoŌ- ware, and Western Region Sales Manager for Intellus SoŌware. Lynne also held a variety of Product MarkeƟng and Management posiƟons at NCR CorporaƟon. Lynne holds a BS degree in Business MarkeƟng from Michigan State University.
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 17 ISACA Silicon Valley has been providing IT Audit, Security, and Governance Professionals with the training and net- working opportuniƟes they need to compete and thrive since 1982. We are conƟnuing this tradiƟon at our 2013 Winter Conference, where we offer our aƩendees are a range of industry leaders, speaking to their wisdom and experience in Enabling Trust through Business in the Cloud. Don’t miss our upcoming Winter Conference, offering two full day courses that move beyond theory to emphasize pracƟcal skills you can uƟlize at work or to improve your marketability. The Conference CommiƩee has worked hard to provide a cost effecƟve, value driven, high quality educaƟonal and networking experience. We tailor our events for ISACA members as well as Bay area professionals in governance and compliance fields. We hope we have succeeded. As always, you input is greatly appreciated, and we strongly encourage you to fill-out the EvaluaƟon Forms at the end of each day. You are also welcome to seek us out with any comments or suggesƟons you might have to help us conƟnually improve. Yours Sincerely, The ISACA SV Summer Conference CommiƩee 2013 Winter Conference Committee Robin Basham, Conference Director Rocco Cappalla, Co-Chair Conference ScoƩ Simmons, Assistant MarkeƟng and CommunicaƟons Mohammed Saifuddin, LogisƟcs, Cost Management and Collateral Summit Kalra, President ISACA SV, Meal and FaciliƟes Planning Rajeev Basra, PrinƟng Bala Krishnan, Liaison, Conference Management Larry Halme, Academic RelaƟons, ISACA SV, Scholarship and Student Outreach, Survey and CPE Robert Yewell, Treasurer, AccounƟng, RegistraƟon Greg Edwards, Conference Photographer, RegistraƟon AddiƟonal Thanks to ISACA Board members who parƟcipated in updates for the conference and who conƟnue to perform their board funcƟons throughout the year, Ruchi Gupta, Dharshan Shantamurthy, Mike Jordan, Naimish Anarkat, Jay Swaminathan, Pat Kumar Committee Members
hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 18 Venue Information and a note regarding Academic Relations The 2012 Summer Conference will be held at: Biltmore Hotel & Suites 2151 Laurelwood Road Santa Clara, CA 95054 (408) 988-8411 Free Parking ISACA Supports Academic Research Academic research is the foundaƟon of many of the breakthroughs and new theories supporƟng the IT assurance, informaƟon security and IT governance professional space. ISACA is pleased to sup- port academic research projects by posƟng these descripƟons of peer-reviewed research projects underway. You are encouraged to parƟcipate in those you find of special interest or perƟnence. ISACA Silicon Valley maintains a relaƟonship with San Jose State University. To learn more contact the Academic RelaƟons Director A special thank you is in order to the companies that volunteered sponsorship for local university students. In addiƟon to their generous conference support, these companies also hosted student aƩendance for this and future ISACA SV training events. Academic Scholarship

Recomendados

2012 Summer Conference Brochure
2012 Summer Conference Brochure2012 Summer Conference Brochure
2012 Summer Conference Brochure
EnterpriseGRC Solutions, Inc.
 
2011 Summer Conference Brochure
2011 Summer Conference Brochure2011 Summer Conference Brochure
2011 Summer Conference Brochure
EnterpriseGRC Solutions, Inc.
 
ResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdf
Gregory Edwards
 
Joseph Mann
Joseph MannJoseph Mann
Joseph Mann
Joe Mann, CISSP,SSFIPS
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
Nur Shiqim Chok
 
Cisco DNA
Cisco DNACisco DNA
Cisco DNA
Mohammad ali Safvati
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
Nur Shiqim Chok
 
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco Canada
 

Recomendados

2012 Summer Conference Brochure
2012 Summer Conference Brochure2012 Summer Conference Brochure
2012 Summer Conference Brochure
EnterpriseGRC Solutions, Inc.
 
2011 Summer Conference Brochure
2011 Summer Conference Brochure2011 Summer Conference Brochure
2011 Summer Conference Brochure
EnterpriseGRC Solutions, Inc.
 
ResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdf
Gregory Edwards
 
Joseph Mann
Joseph MannJoseph Mann
Joseph Mann
Joe Mann, CISSP,SSFIPS
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
Nur Shiqim Chok
 
Cisco DNA
Cisco DNACisco DNA
Cisco DNA
Mohammad ali Safvati
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
Nur Shiqim Chok
 
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco Canada
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Canada
 
Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)
Cisco Canada
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
Scalar Decisions
 
easySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitieseasySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company Capabilities
Anisha Gupta
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
ThousandEyes
 
Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work
Cisco Webex
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
Cyber Security Alliance
 
Cio resume
Cio resumeCio resume
Cio resume
Ken Schirrmacher RCDD MCSA,CTS,DMC-D
 
Wise Men TIBCO ADF Webinar- 16 October 2014
Wise Men TIBCO ADF Webinar- 16 October 2014Wise Men TIBCO ADF Webinar- 16 October 2014
Wise Men TIBCO ADF Webinar- 16 October 2014
Wise Men
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016
SolarWinds
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco Canada
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT Consolidation
SolarWinds
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Canada
 
AOS - Overview
AOS - OverviewAOS - Overview
AOS - Overview
NGINX at F5
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Marc Lijour, OCT, BSc, MBA
 
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds
 
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Yazad Khandhadia
 
Troubleshooting Webex and Microsoft Teams with ThousandEyes
Troubleshooting Webex and Microsoft Teams with ThousandEyesTroubleshooting Webex and Microsoft Teams with ThousandEyes
Troubleshooting Webex and Microsoft Teams with ThousandEyes
ThousandEyes
 
How to Transform Your Workplace with Hybrid Collaboration
How to Transform Your Workplace with Hybrid CollaborationHow to Transform Your Workplace with Hybrid Collaboration
How to Transform Your Workplace with Hybrid Collaboration
Cisco Webex
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
EnterpriseGRC Solutions, Inc.
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
EnterpriseGRC Solutions, Inc.
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
EnterpriseGRC Solutions, Inc.
 

Mais conteúdo relacionado

Mais procurados

Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
Scalar Decisions
 
Wise Men TIBCO ADF Webinar- 16 October 2014
Wise Men TIBCO ADF Webinar- 16 October 2014Wise Men TIBCO ADF Webinar- 16 October 2014
Wise Men TIBCO ADF Webinar- 16 October 2014
Wise Men
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco Canada
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Canada
 

Mais procurados (19)

Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
 
Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
 
easySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitieseasySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company Capabilities
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
 
Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
 
Cio resume
Cio resumeCio resume
Cio resume
 
Wise Men TIBCO ADF Webinar- 16 October 2014
Wise Men TIBCO ADF Webinar- 16 October 2014Wise Men TIBCO ADF Webinar- 16 October 2014
Wise Men TIBCO ADF Webinar- 16 October 2014
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT Consolidation
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
 
AOS - Overview
AOS - OverviewAOS - Overview
AOS - Overview
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
 
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
 
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...
 
Troubleshooting Webex and Microsoft Teams with ThousandEyes
Troubleshooting Webex and Microsoft Teams with ThousandEyesTroubleshooting Webex and Microsoft Teams with ThousandEyes
Troubleshooting Webex and Microsoft Teams with ThousandEyes
 
How to Transform Your Workplace with Hybrid Collaboration
How to Transform Your Workplace with Hybrid CollaborationHow to Transform Your Workplace with Hybrid Collaboration
How to Transform Your Workplace with Hybrid Collaboration
 

Destaque

Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
EnterpriseGRC Solutions, Inc.
 

Destaque (9)

CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
 

Semelhante a ISACA SV 2013 Winter Conference Brochure

Securing The Clouds Proactively-BlackisTech.pptx
Securing The Clouds Proactively-BlackisTech.pptxSecuring The Clouds Proactively-BlackisTech.pptx
Securing The Clouds Proactively-BlackisTech.pptx
Chinatu Uzuegbu
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
lior mazor
 
CSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 FinalCSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 Final
Peister
 
Cloud South East Asia Brochure
Cloud South East Asia BrochureCloud South East Asia Brochure
Cloud South East Asia Brochure
kgraham32
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
Andrew Ames
 
David_Walaski_Resume
David_Walaski_ResumeDavid_Walaski_Resume
David_Walaski_Resume
David Walaski
 
comspace technology profile
comspace technology profilecomspace technology profile
comspace technology profile
Wao Wamola
 
Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)
Mateen Amjad
 
Skali_Corporate Profile_Final_March2015
Skali_Corporate Profile_Final_March2015Skali_Corporate Profile_Final_March2015
Skali_Corporate Profile_Final_March2015
SKALI Group
 

Semelhante a ISACA SV 2013 Winter Conference Brochure (20)

Securing The Clouds Proactively-BlackisTech.pptx
Securing The Clouds Proactively-BlackisTech.pptxSecuring The Clouds Proactively-BlackisTech.pptx
Securing The Clouds Proactively-BlackisTech.pptx
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
 
CSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 FinalCSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 Final
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudEspion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
 
Sydney MuleSoft meetup #11 28 November 2019 - all slides
Sydney MuleSoft meetup #11 28 November 2019 - all slidesSydney MuleSoft meetup #11 28 November 2019 - all slides
Sydney MuleSoft meetup #11 28 November 2019 - all slides
 
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
 
Cloud South East Asia Brochure
Cloud South East Asia BrochureCloud South East Asia Brochure
Cloud South East Asia Brochure
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
 
David_Walaski_Resume
David_Walaski_ResumeDavid_Walaski_Resume
David_Walaski_Resume
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
 
comspace technology profile
comspace technology profilecomspace technology profile
comspace technology profile
 
Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)
 
Transform your organization with cisco cloud
Transform your organization with cisco cloudTransform your organization with cisco cloud
Transform your organization with cisco cloud
 
Get ready for the future: How to make enterprise UC networks flexible, agile,...
Get ready for the future: How to make enterprise UC networks flexible, agile,...Get ready for the future: How to make enterprise UC networks flexible, agile,...
Get ready for the future: How to make enterprise UC networks flexible, agile,...
 
Skali_Corporate Profile_Final_March2015
Skali_Corporate Profile_Final_March2015Skali_Corporate Profile_Final_March2015
Skali_Corporate Profile_Final_March2015
 
Education in 2015
Education in 2015Education in 2015
Education in 2015
 
Review Paper ( Research Articles )
Review Paper ( Research Articles )Review Paper ( Research Articles )
Review Paper ( Research Articles )
 
SFbayACM ACM Data Science Camp 2015 10 24
SFbayACM ACM Data Science Camp 2015 10 24SFbayACM ACM Data Science Camp 2015 10 24
SFbayACM ACM Data Science Camp 2015 10 24
 

Mais de EnterpriseGRC Solutions, Inc.

Mais de EnterpriseGRC Solutions, Inc. (7)

CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Green Tech
Green TechGreen Tech
Green Tech
 

ISACA SV 2013 Winter Conference Brochure

  • 1. This event counts towards 14 hours of Continuing Professional Education ISACA SILICON VALLEY 2013 Winter Conference Schedule March 7 3 Schedule March 8 4 Sponsors 4-5 Day 1 Sessions and Bios 6-11 Day 2 Sessions and Bios 12-16 From the ISACA SV Board 16 About Our Committee 17 Venue Information 18 Academic Relations 18 Conference Brochure March 7th & 8th - Santa Clara, California 14 CPEs
  • 2. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 2 Program Day One -Thursday, 7 March 2013 Time Event / Topic Speaker 8:00 AM RegistraƟon, Networking & Coffee, Vendor meeƟngs 8:45 AM Welcome Message from the ISACA SV President and The ISACA SV Board, Sumit Kalra, Robin Basham, Rocco Cappalla 9:00 AM 50 min Session 1-1: MeeƟng Stakeholder Needs—ISACA Leadership Panel • Jay Swaminantham - ISACA Silicon Valley • Debra Mallette - ISACA San Francisco • Karen Tinucci - ISACA Sacramento • Sumit Kalra - ISACA Silicon Valley 9:50 AM Vendor Raffle and InteracƟon Process 10:00 AM 50 min Session 1-2: Covering the Enterprise End to End Dwayne Melançon, Chief Technology Officer at Tripwire, Inc 11:00 AM 50 min Session 1-3 : The Map: Applying a Single Integrated Framework to mulƟple needs Debra MalleƩe, ISACA SF Past President 11:50 AM— 70 min Lunch and Networking - Enjoy Ɵme with Conference Sponsors—Remember to get those signatures for evidence of discussion 1:00 PM 50 min Session 1-4: IntroducƟon to the HolisƟc InformaƟon Security PracƟƟoner Approach Taiye Lambo, Founder and CEO of CloudeAssurance, Inc. , President and Founder of eFortresses , and HolisƟc InformaƟon Security PracƟƟoner (HISP) InsƟtute 2:00 PM 50 min Session 1-5: SeparaƟng Governance from Management or How to Balance InformaƟon Risk with IT Strategy—David Harrison, Director InformaƟon Risk Management Office at Ellie Mae, Jonathan Callahan, PMO at Ellie Mae 3:00 PM Vendor sign off—ConversaƟons Required—each aƩendee must get a signature from one or more vendors, presenters, or a board member—Subjects are CobiT Principles or Enablers 3:30 PM 50 min Session 1-6: Plan Build Run Monitor—Doctrine Meets PracƟce Doug Meier, Director Security & Compliance, Pandora 4:30PM 45 min Session 1-7: Sponsor Wrap Up—Thoughts from Our PlaƟnum Sponsors CloudeAssurance, Inc. — Quest SoŌware/Dell — VMWare— AppSec ConsulƟng— FoxT — Tripwire — ISACA San Francisco — ISACA Sacramento — ISACA Los Angeles — ISACA San Diego 5:15 PM Sponsors Exhibit, Networking & RecepƟon (unƟl 7:30 PM) Foundation: The Principles of Governance - Using the CobiT Five Principles to Organize Our Approach
  • 3. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 3 Time Event / Topic Speaker 8:00 AM Networking & Coffee 8:30 AM 15 min Message from the ISACA SV President, Message from Academic RelaƟons, and a few words from our Membership Chair, Greg Edwards, Summit Kalra, Robin Basham, Rocco Cappalla, Larry Halme, Naimish Ankarat, The ISACA Board, Volunteers 8:45 AM 15 min Tabletop Demo from Aveska and FoxT— sponsors who will not be presenƟng at this conference will take 5-10 minutes to explain their products and how the support Enterprise OperaƟons. 9:00 AM 50 min Session 2-1: EffecƟve Change Control through ProacƟve Management Tim Sedlack, Dell SoŌware Group 10:00 AM 50 mins Session 2-2: InnovaƟon with Security in Mind Lee Penning, CIO, Customer Support, Collabworks 11:00 AM 50 min Session 2-3: NavigaƟng The Path to Compliance Brian Bertacini, President and CEO of AppSec ConsulƟng 11:50 AM Lunch and Networking - Enjoy Ɵme with Conference Sponsors 1:00 PM 50 min Session 2-4: Managing Risk and Developing Trust in the Cloud Joan Ross DocuSign’s Chief Security Officer 2:00 PM 50 min Session 2-5: How To Safely And Securely Move To The Cloud Taiye Lambo, Founder and CEO of CloudeAssurance, Inc. 2:50 PM 15 min Break—Hurry get those signatures from your sponsors and chapter leaders!!! Can’t win the raffle unless you show a full card. 4:15 PM to 5:05 PM 50 min Session 2-7 Panel Discussion - Moderator: Rocco Capalla—FoundaƟon2InnovaƟn—Are we There Yet? • Benny Kirsh, CIO Infoblox • Lynne Courts, CMO Foxt • Allyn McGillicuddy, Partner, The Office of the CIO • Barbara Adey, Senior Product Manager Cisco 5:10 PM Final Words and RecommendaƟons from our Sponsor—5 to 10 minutes each CPE will not be provided unƟl 5:30 PM Quest, Tripwire, AppSec ConsulƟng, HISPI/ CloudEAssurance, VMWare, Fox Technologies, Aveska The Silicon Valley’s Best Raffle Awards to Volunteers and CommiƩee Concluding Chapter Announcement CPE CerƟficates 3:15 PM 50 min Session 2-6: SoŌware-Defined Center Impact on Security and Compliance Session - VMWare Inc. Gargi Mitra Keeling is a Group Product Manager for Cloud Infrastructure Program Day Two –Friday, 8 March 2013 Innovation: Creative and Pragmatic Solutions for Implementing Governance, Risk and Compliance
  • 4. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 4
  • 5. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 5 About Dell (Quest SoŌware) Quest SoŌware, now a part of Dell, simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovaƟve soluƟons make solving the toughest IT management problems easier, enabling customers to save Ɵme and money across physical, virtual and cloud environments. For more informaƟon about Quest soluƟons for administraƟon and automaƟon, data protecƟon, development and opƟmizaƟon, idenƟty and access management, migraƟon and consolidaƟon, and performance monitoring, go to hƩp://www.quest.com. SoŌware for Windows Management, Database Management, VirtualizaƟon & Cloud Managment, ApplicaƟon Manage- ment hƩp://www.quest.com About VMWare VMWare (NYSE: VMW) is the global leader in virtualizaƟon and cloud infrastructure, two areas that consistently rank as top prioriƟes among CIOs. VMware delivers award-winning, customer-proven soluƟons that accelerate IT by reducing complexity and enabling more flexible, agile service delivery. Our soluƟons help organizaƟons of all sizes, lower costs, increase business agility and ensure freedom of choice. Cloud Infrastructure & Management, Cloud ApplicaƟons, Datacenter VirtualizaƟon, Desktop VirtualizaƟon, Mobile VirtualizaƟon, VMware vSphere, VMware vCloud, VMware View, VMware Fusion for Mac hƩp://www.vmware.com About CloudeAssurance CloudeAssurance plaƞorm is the industry’s first truly risk-intelligent raƟng, conƟnuous educaƟon and conƟnuous moni- toring system assuring cloud service provider’s cloud security and governance, risk and compliance. Customers can know which cloud providers have the best cloud assurance score and history, a measure of cloud trust they can depend on. This plaƞorm enables safe and secure adopƟon of Cloud CompuƟng! hƩp://www.CloudeAssurance.com About Tripwire Tripwire is a leading global provider of IT security and compliance soluƟons for enterprises, government agencies and service providers who need to protect their sensiƟve data on criƟcal infrastructure from breaches, vulnerabiliƟes, and threats. Thousands of customers rely on Tripwire’s criƟcal security controls like security configuraƟon management, file integrity monitoring, log and event management. The Tripwire VIA plaƞorm of integrated controls provides unprece- dented visibility and intelligence into business risk while automaƟng complex and manual tasks, enabling organizaƟons to beƩer achieve conƟnuous compliance, miƟgate business risk and help ensure operaƟonal control. Learn more at www.tripwire.com or follow us @TripwireInc on TwiƩer. hƩp://www.tripwire.com About AppSec ConsulƟng Using proven risk and vulnerability assessment services, AppSec ConsulƟng helps protect online applicaƟons against immediate and future threats. We help organizaƟons improve their security posture by idenƟfying their security re- quirements and providing a complete plan for improving the overall security of applicaƟons, hosts, and networks. We perform vulnerability assessments of applicaƟons and networks, provide security cerƟficaƟons, help organizaƟons develop coding security policies and procedures and teach applicaƟon security courses. Our goal is to help companies integrate security into the applicaƟon development life cycle. hƩp://www.appsecconsulƟng.com About FoxT FoxT protects corporate informaƟon and privileged accounts with an enterprise access management soluƟon that cen- trally enforces access across diverse servers and business applicaƟons. The ability to centrally administer, authenƟcate, authorize, and audit across diverse plaƞorms and applicaƟons, down to the file level, enables organizaƟons to simplify audits, streamline administraƟon, and miƟgate insider fraud. hƩp://www.foxt.com About Aveska Aveksa provides the industry's most comprehensive Business-Driven IdenƟty and Access Management plaƞorm. By uniquely integraƟng IdenƟty and Access Governance, Provisioning and AuthenƟcaƟon, Aveksa enables enterprises to manage the complete lifecycle of user access for SaaS and On-premise applicaƟons and data. With Aveksa, IT organiza- Ɵons can reduce Access Management complexity and increase operaƟonal efficiency while minimizing risk and ensuring sustainable compliance. Aveksa provides enterprises with the industry's fastest Ɵme to value with over 90% of custom- ers reporƟng live implementaƟons of the company's business-driven IdenƟty & Access Management soluƟons and over 80% of these customers live with the latest version of the Aveksa plaƞorm. For more informaƟon, visit www.aveksa.com.
  • 6. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 6 Session 1-1 MeeƟng Stakeholder Needs This session will assist our professionals in idenƟficaƟon and management of Stakeholder Needs and in providing the link between strategy and execuƟon by translaƟng stakeholder needs and enterprise goals into increasing levels of detail and specificity: ‒Drivers ‒Stakeholder Needs ‒Enterprise Goals ‒IT related Goals ‒Enabler Goals (e.g. process goals) Session allows seƫng specific goals at every level of the enterprise in support of the overall goals and stakeholder requirements, and by balancing benefits and risk COBIT 5 enablers are 7 factors that influence successful governance and management over enterprise IT: Processes—pracƟces and acƟviƟes to achieve certain objecƟves; OrganizaƟonal structures—Are the key decision-making enƟƟes; Culture, ethics and behavior—oŌen under- esƟmated as a success factor in governance; Principles, policies and frameworks—pracƟcal guidance for day-to-day management; InformaƟon—all informaƟon produced and used by the enterprise - oŌen the key product of the enterprise itself; Services, infrastructure and applicaƟons—Include the infrastructure, technology and applicaƟons that provide the enter- About Karen Tinucci: President ISACA Sacramento, CGEIT, CRISC, CISA, Karen Tinucci is an independent Management Consultant; a leader and influencer within IT and business for more than 25 years, spending most of her professional life in California & Minnesota; primari- ly private sector, some public sector, and spanning industry, business or technical area. In her current role, she provides enterprise risk management oversight and influences governance redesign and process improvement iniƟaƟves, advising the CalWIN consorƟum of 18 counƟes in California Board of Directors, Policy Board, and IntegraƟon Oversight CommiƩee (IOC). Karen is a past 6-year member of the Forius Board of Directors, Strategy & Audit CommiƩees. About Debra MalleƩe: ISACA San Francisco Past President, CGEIT®, CISA®, CSSBB (ASQ CerƟ- fied Six Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for implemenƟng IT Governance. Having used the COBIT 3 Maturity Model, wriƩen ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a cerƟfied SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improve- ment programs throughout most of her career. She is an ISACA cerƟfied instructor for Imple- menƟng and ConƟnuously Improving IT Governance, V3.0, as well as IntroducƟon to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Manage- ment Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organizaƟon serving the largest and original Health Maintenance OrganizaƟon in the United States.
  • 7. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 7 About Sumit Kalra: Sumit Kalra, President ISACA Silicon Valley, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages the Assurance Services pracƟce specializing in infor- maƟon technology, SAS70 Audits, and assessments. His 12 years of industry experience in- clude 6 years at internaƟonal CPA firms, and 6 years at companies in the technology, consum- er products and financial services industries. His knowledge base spans a variety of ERP solu- Ɵons and complex infrastructure implementaƟons. Sumit has a BS in AccounƟng and Comput- er InformaƟon Systems from San Francisco State University. Visit hƩp://www.bpmllp.com About Jay Swaminantham, Past President ISACA-Silicon Valley, Jay Swaminathan, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit and IT risk consultaƟon to his clients. Jay has more than 10 years of experience in varied industries. In his current role at SOAPro- jects, he specializes in implemenƟng opƟmizaƟon and process improvements for his clients in compliance and other areas. His experƟse includes in depth knowledge of Oracle EBS, related tools and methodologies to evaluate the ERP system. Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young. Jay was responsible for managing and execuƟng review of IT systems as part of financial and Sarbanes-Oxley 404 audits of major corporaƟons like Seagate, Spansion, and Copart. Jay was an Oracle Subject MaƩer Resource (SMR) at Ernst & Young pracƟce and instructed various Oracle training sessions. Jay is the recent past President of the ISACA Silicon Valley chapter and successfully lead the 830-member organizaƟon, steering goals and objecƟves and in col- laboraƟon with a team of board members, executes programs for the benefit of the mem- bers. He instructs the CISA review courses and is a regular speaker at different conferences. Jay is an undergraduate in Management from Bangalore University. Moderator: About Robin Basham: Conference Director for the ISACA Silicon Valley Board, ITPreneurs partner, and board advisor for HolisƟc InformaƟon Security PracƟƟoners, Robin now leads Cloud Security & VirtualizaƟon Controls Management training in the San Francisco and Bay Area. As EnterpriseGRC SoluƟons lead architect, Robin brings team experience lever- aging plaƞorms such as Oracle, Archer, SAP, Web ApplicaƟons like Joomla, Visual Studio, Ac- cess and SharePoint. As an Archer CerƟfied Consultant and SharePoint architect, she’s known for successful GRC implementaƟons, supplying overall design, development and training to companies ranging from start up to fortune five hundred. Over the last decade Robin has ar- chitect more than 70 GRC programs, delivering end to end soluƟons with full knowledge transfer to program owners and users. Corporate leadership includes acƟng as technical liai- son for ISACA in development of the OCEG Redbook V1, TC Co-Chair for OMG’s Open Regula- tory Compliance Architecture (ORCA) project, working with co-chairs EMC’s Chief Governance Officer, Dr. Marlin Pohlman and world expert, Dr. Said Tabet. Robin’s companies remain ac- Ɵve in emerging standards with parƟcipaƟon on recent releases from ISACA® for both Oracle R12 and SAP ECC 6.0 controls. Ms. Basham is also past president for the AssociaƟon for CerƟ- fied Green Technology Auditors, ACGTA, a frequent commiƩee contributor to the ISACA Sili- con Valley Chapter and liaison to the ITSMF SV chapter, as well as frequent parƟcipant in Cloud Security Alliance local chapter. EnterpriseGRC SoluƟons is recently added to the Cloud CredenƟal Council and is named to the cerƟficaƟon commiƩee of The HolisƟc InformaƟon Security PracƟƟoner InsƟtute (HISPI). EnterpriseGRC SoluƟons® is an acƟve sponsor to Infor- maƟon Systems Audit and Control AssociaƟon, ISACA®, listed as corporate sponsor and many Ɵme CobiT® trainer for the ITGI. Visit hƩp://enterprisegrc.com We would also like to thank ISACA chapters Los Angeles and San Diego for parƟcipaƟng on our conference planning.
  • 8. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 8 Session 1_2: Covering the Enterprise End to End Session addresses governance and management of informaƟon technology from an enterprise-wide, end-to-end perspecƟve. This relates to the enter- prise objecƟves of benefits realizaƟon, risk opƟmizaƟon, and resource opƟmizaƟon – i.e. “Value” Presenter: Dwayne Melancon, the Chief Technology Officer at Tripwire, Inc., Dwayne is Trip- wire's Chief Technology Officer, where he owns a criƟcal role in driving and evangelizing the company's global overall product strategy. He brings over 25 years of security soŌware expe- rience, and is responsible for leading the company's long term product strategy to meet the evolving data security needs of global enterprises. Melançon joined Tripwire in 2000 and most recently served as Vice President of Products for Tripwire. He has spearheaded numerous iniƟaƟves during his tenure, including execuƟve responsibility for business development, professional services and support, informaƟon sys- tems and markeƟng. Prior to joining Tripwire, Melançon held leadership roles at DirectWeb, Inc., Symantec CorporaƟon and FiŌh GeneraƟon Systems, Inc. He is cerƟfied on both IT man- agement and audit processes, holding both ITIL and CISA cerƟficaƟons, and is a frequent speaker at naƟonal and regional industry events. Session 1-3 Fundamentals: The Map: Applying a Single Integrated Framework to mulƟple needs—This session will provide example of a company audit plan, leveraging integraƟon of stakeholder needs, strategic objecƟves, and a unified risk control matrix that is robust enough to cover an enterprise governance, risk and compliance requirement. COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises: Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000 IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI This allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator. ISACA plans a capability to facilitate COBIT user mapping of pracƟces and acƟviƟes to third- party references. Presenter: ISACA SF President Debra MalleƩe CGEIT®, CISA®, CSSBB (ASQ CerƟfied Six Sig- ma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for imple- menƟng IT Governance. Having used the COBIT 3 Maturity Model, wriƩen ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a cerƟfied SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improvement programs throughout most of her career. She is an ISACA cerƟfied instructor for ImplemenƟng and ConƟnuously Improving IT Governance, V3.0, as well as IntroducƟon to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organizaƟon serving the largest and original Health Maintenance OrganizaƟon in the United States.
  • 9. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 9 Session 1_4: IntroducƟon to the HolisƟc InformaƟon Security PracƟƟoner Approach —The issue of informaƟon security and regulatory compliance affects organizaƟons of all sizes and sectors, with an idenƟcal problem, their inherent vulnerability and high cost of compli- ance. Unfortunately in most cases, the regulaƟons and laws set forth offer liƩle guidance of any specific security measures or standards, instead leaving the decision up to the organiza- Ɵon. This causes confusion, misinterpretaƟon and drives up costs. Many organizaƟons struggle and treat each of these compliance areas as a silo. By taking this approach, the opportunity for a security breach is enhanced. An integrated approach can help form the basis for a secure informaƟon security program and design and deploy a comprehensive risk governance plaƞorm both for compliance and assur- ance. The HISP process uƟlizes the Implement Once Comply Many (IOCM) philosophy based on a unique approach that stands alone in the security and compliance industry. IOCM is a struc- ture for solving business and compliance problems. The structure includes a powerful method- ology, analyƟcal methods and tools, improvement techniques and trained, capable people. CerƟfied PracƟƟoners leverage the HISP to provide a holisƟc integrated management system that will show improved efficiency, reduce waste and cost. Presenter: Taiye Lambo is a seasoned Entrepreneur with Global InformaƟon Security and Gov- ernance, Risk Management and Compliance experƟse. Founder of CloudeAssurance, Inc. as a soŌware spin-off of eFortresses, Inc. Taiye is the creator of the CloudeAssurance plaƞorm, the industry’s first truly risk-intelligent raƟng and conƟnuous monitoring system assuring cloud service provider’s security and governance, risk and complianceCustomers can know which cloud providers have the best cloud assurance score and history, a measure of trust they can depend on. This plaƞorm enables safe and secure adopƟon of Cloud Compu- Ɵng! www.CloudeAssurance.com Taiye Lambo is a security subject maƩer expert in the area of InformaƟon Security Governance; with 20+ years IT including 16 years of experience as- sisƟng various organizaƟons globally to build robust, comprehensive, effecƟve and sustainable informaƟon security programs through the integraƟon of internaƟonally accepted best pracƟc- es, including ISO 27000, COBIT, COSO, ITIL and NIST. He founded the UK Honeynet project – www.honeynet.org.uk and the HolisƟc InformaƟon Security PracƟƟoner (HISP) InsƟtute – www.hispi.org and also founded the HISP Program, which is the first integrated training and cerƟficaƟon for Governance, Risk Management and Compliance (GRC) which he has personally delivered in the following countries USA, UK, Greece, Jamaica and South Africa. He also serves as an Independent Consultant to the United NaƟons audiƟng the ICT Governance and Security Management Programs of various United NaƟons Missions internaƟonally (Read more about Taiye Lambo in SecƟon 2-5)
  • 10. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 10 1-5 Session DescripƟon: SeparaƟng Governance from Management or How to Balance In- formaƟon Risk with IT Strategy SeparaƟng Governance from Management - EffecƟve integraƟon of Governance and IT Steering - The COBIT 5 framework makes a clear disƟncƟon between governance and management – each requiring different organizaƟonal structures and serving different purposes • Governance—responsibility of the board of directors under the leadership of the chairperson. • Management—responsibility of the execuƟve management under the leadership of the CEO. Governance ensures stakeholders needs, condiƟons and opƟons are evaluated to determine balanced, agreed-on enterprise … (EDM). Management plans, builds, runs and monitors acƟviƟes in alignment with the direcƟon set by the governance body to achieve the enterprise objecƟves (PBRM). This session is a real world example of Governance working with Management across the programs of EDM and PBRM. Presenters: David Harrison, Director InformaƟon Risk Management Office, and Jonathan Callahan, PMO at Ellie Mae, Robin Basham, GRC Jonathan Callahan and David Harrison run parallel programs for InformaƟon Risk and IT Strategy, supporƟng an overall program of Gov- ernance for Ellie Mae® a leading provider of enterprise level, on-demand automated soluƟons for the residenƟal mortgage industry. We offer Encompass360®, an end-to-end soluƟon, de- livered using a SoŌware-as-a-Service model, that serves as the core operaƟng system for mortgage originators. Encompass360, spans customer relaƟonship management, loan origi- naƟon and business management. (ConƟnued) The team of Harrison and Callahan share responsibiliƟes to safeguard and project manage a world class, hosted Ellie Mae Network™, an integrated network that allows mortgage profes- sionals to conduct electronic business transacƟons with the mortgage lenders and seƩlement service providers they work with to process and fund loans. It is esƟmated that more than 20% of all mortgage originaƟons in the United States flow through our Encompass360 mort- gage management soŌware and Ellie Mae Network. More about Jonathan Callahan: Experienced leader for Enterprise-level IT iniƟaƟves. Manag- es highly complex cross-funcƟonal change efforts. Consistently delivers results through stra- tegic planning and leadership, strong project management, communicaƟon, and team build- ing. Thrives in high-pressure, fast paced environments that require a holisƟc understanding of scope and creaƟve out-of-the box problem solving.
  • 11. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 11 1-6 Session DescripƟon: Plan Build Run Monitor—Doctrine Meets PracƟce -This session reviews how management plans, builds, runs and monitors acƟviƟes in alignment with the direcƟon set by the governance body to achieve the enterprise objecƟves (PBRM). “In theory, pracƟce follows theory. In pracƟce, that rarely happens.” GRC (Governance, Risk Mgmt, Compliance) = Doctrine PBRM (Plan Build Run Maintain) = PracƟce Presenters: Doug Meier, Director Security & Compliance, Pandora Doug brings 20+ years experience designing and managing infrastructure, security, disaster recovery, and compliance programs for Silicon Valley Internet companies. Doug has designed corporate security programs, managed Exchange mail server migraƟons for a globally distributed enterprise, architected and implemented regulatory compliance programs and Disaster Recovery iniƟaƟves, and managed operaƟons of enterprise-wide IT services and knowledge systems.
  • 12. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 12 Session 2-1 DescripƟon: EffecƟve Change Control through ProacƟve Management Change is the one constant in the universe, but you don’t have to be an innocent bystander. Being proacƟve about changes is about more than Change Control – although that’s an im- portant piece. Gain an understanding how normalizing change records can posiƟvely or nega- Ɵvely affect your process assurance, incident management and security controls. We’ll give you some consideraƟons and best pracƟces to help you get going and keep the auditors at bay. Presenter Tim Sedlack, Dell SoŌware Group, is a senior product manager, where he is respon- sible for guiding the direcƟon of Quest’s compliance products, and provides assistance to Quest’s customers and strategic partners around the world. Tim has more than 20 years of experience in IT, including Ɵme at MicrosoŌ during early imple- mentaƟons of AcƟve Directory and Exchange. Prior to joining Dell, Tim worked with clients around the world on products that monitor health and availability of enterprise IT environ- ments. 2-2 Session DescripƟon: InnovaƟon with Security in Mind - InnovaƟon and Security generally go Head to Head not Hand in Hand. InnovaƟon represents changing the way things are done, someƟmes drasƟcally and oŌen frequently. The intent of the innovaƟon is to create an oppor- tunity to gain advantage over your compeƟtor or other market advantage by doing things differently. Examples include the Internet, Cloud CompuƟng (SaaS apps, Data storage, Serv- ers, mobile apps), the ability to work from anywhere with any device, mulƟ-naƟonal talent resource pools, use of social networks to reach your customers. Security represents controlled access to informaƟon and is usually rigid and restricƟve. The intent is to prevent unauthorized access to informaƟon. It may include “strong” passwords, dual authenƟcaƟon, data encryp- Ɵon, and limited access to the corporate data network. These tacƟcs are generally perceived as interfering with the employee’s ability to do their job. The dilemma that many companies are facing is how to allow innovaƟon and make the com- pany more compeƟƟve without losing control of key pieces of informaƟon because of poor security.Planning for security during the innovaƟon process is one way to minimize the prob- lem. COBIT 5 provides a comprehensive framework that assists enterprises to achieve their goals and deliver value through effecƟve governance and management of enterprise IT by maintaining a balance between realizing benefits and opƟmising risk levels and resource use. These principles can be applied by the innovaƟon teams as they develop new products or pro- cess changes therefore minimizing the security risks. Presenter: Lee Penning, CIO, Customer Support Lee joined the Collabworks leadership team in April 2008, overseeing Collabworks InformaƟon Technology strategy, as well as having overall responsibility for the day to day IT operaƟons and customer support for Collabworks. Prior to joining Collabworks, Lee held the posiƟon of Vice President and Chief InformaƟon Officer for Photon Dynamics, Inc., where he had respon- sibility for the IT organizaƟon supporƟng corporate business systems and network infrastruc- ture worldwide. Previously, as CIO of Spectrian, he led the organizaƟon toward a virtual com- pany vision that allowed employees to perform their job funcƟons from anywhere in the world. Lee has also held senior level informaƟon technology posiƟons at FCS/New Millennium Technologies, Inc. a Y2K soŌware conversion services company and Nextron CommunicaƟons, Inc., a web site creaƟon and hosƟng company. Earlier in his career, Lee worked for Deere & Company holding several posiƟons within its InformaƟon Technology organizaƟon at both unit and corporate levels. Lee received an MBA from the University of Iowa and holds a bachelor's degree in business administraƟon from Upper Iowa University.
  • 13. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 13 2-3 Session DescripƟon : NavigaƟng The Path to Compliance Compliance programs impact a large base of organizaƟonal stakeholders. There are many factors that determine an organizaƟon’s ability and achieve and sustain compliance with in- dustry and global standards programs like PCI DSS and ISO27001. Planning and execuƟon are criƟcal to the success of such programs. So is geƫng the right people on the bus and in the right seats. This presentaƟon will share insights based on field experiences to help stakehold- ers make beƩer and more informed decisions along the path to compliance. Key topics in- clude: Approaches to the Risk Assessment/Gap Analysis, Strategic RemediaƟon Planning, and Program Sustainability. Presenter: President, Brian Bertacini, is the President and CEO of AppSec ConsulƟng, a se- curity consulƟng firm based in San Jose. Brian is a PCI Qualified Security Assessor (QSA) and former Conference Director for the Silicon Valley ISACA Chapter. He is also the found- ing member of the Silicon Valley OWASP Chapter. AppSec ConsulƟng provides professional services in the area security tesƟng, compliance assessments, strategic consulƟng, training and remediaƟon services. 2-4 Session DescripƟon : Managing Risk and Developing Trust in the Cloud The global acceptance and adopƟon of electronic signatures are transforming how people transact business - In this session, we’ll explore use cases and the significant impact achieved in evolving and delivering business efficiencies. We’ll also examine the security require- ments, reports, and cerƟficaƟons that are beneficial to security teams performing technology and protecƟon due diligence for their organizaƟon. Key takeaways include: • The difference between electronic and digital signatures. • How electronic signatures reduce transacƟon Ɵme from days and weeks, to minutes and hours. • Minimum and best pracƟce security requirements to protect organizaƟons and individuals. • Tamper resistant protecƟons and automaƟons that protect against fraud and repudiaƟon. • Regional and global implementaƟon consideraƟons Presenter: Joan Ross DocuSign’s Chief Security Officer - In her tenure with DocuSign, the or- ganizaƟon has achieved the highest naƟonal and internaƟonal standards, including ISO 27001 cerƟficaƟon across all aspects of the organizaƟon, and PCI DSS compliance as a level one ser- vice provider. Joan Ross serves as DocuSign’s Chief Security Officer and leads DocuSign’s governance, risk, and compliance (GRC) program. In her tenure with DocuSign, the organizaƟon has achieved the highest naƟonal and internaƟonal standards, including ISO 27001 cerƟficaƟon across all aspects of the organizaƟon, and PCI DSS compliance as a level one service provider. DocuSign is also SSAE 16 examined and tested with no excepƟons, TRUSTe cerƟfied, and a member of the U.S. Dept. of Commerce Safe Harbor. Prior to joining DocuSign and in addiƟon to running her own security consulƟng companies, Joan has served as Security Architect and Strategist for MicrosoŌ’s Global FoundaƟon Ser- vices Security and Compliance Division, and Vice President of InformaƟon Security at Wash- ington Mutual. In her twenty years of experience she holds numerous security cerƟficaƟons including the CISSP-ISSAP, HISP, and NSA IEM, and obtained her Master of Science from the University of Washington in Human Centered Design and Engineering.
  • 14. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 14 Session 2-5 DescripƟon: How To Safely And Securely Move To The Cloud - With the global cloud services revenue projected to reach $148.8 billion by 2014 (Source: Gartner) and $241 billion by 2020 (Source: Forrester), InformaƟon Security and Privacy can either become a nightmare or an enabler for cloud adopƟon, parƟcularly with recent increases in highly publi- cized cloud related security breaches. Aims/ObjecƟves Cloud compuƟng provides many benefits, but also comes with inherent risks that could po- tenƟally damage an organizaƟon’s reputaƟon. This workshop will focus on key informaƟon security and privacy concerns in migraƟng to the cloud and miƟgaƟng soluƟons as well as impact assessments for using 3rd party cloud service providers. Overview of: Global Cloud CompuƟng, Cloud CompuƟng Benefits, Cloud Security Issues, and Cloud Privacy Issues IntroducƟon to: Cloud Assurance Frameworks, Cloud Security AudiƟng Best PracƟces, Cloud Privacy Best PracƟces Presenter: Presenter: Taiye Lambo, Founder and CEO of CloudeAssurance, Inc. In the com- mercial sector he has completed ConsulƟng engagements for clients in various verƟcals in- cluding SoŌware, Manufacturing, Financial Services and Healthcare sector. He was the Direc- tor of InformaƟon Security for John H. Harland (now Harland Clarke), the leading provider of soluƟons to the Financial Services industry in the USA, including check and check related products and accessories, direct markeƟng soluƟons, and contact center soluƟons. Taiye also serves on the Cloud Security Alliance (CSA) Quality Assurance (QA) team on behalf of his organizaƟon the HISP InsƟtute (HISPI) for the development of the Cloud Controls Matrix (CCM). Taiye is President and Founder of eFortresses, Founder of the HolisƟc InformaƟon Security PracƟƟoner (HISP) InsƟtute (HISPI) and Founder of the CloudeAssurance SaaS plaƞorm, the industry’s first truly risk-intelligent raƟng and conƟnuous monitoring system for assurance of cloud service provider’s security, governance, risk management and compli- ance. Please review Taiye’s LinkedIn Profile and recommendaƟons at hƩp:// www.linkedin.com/in/taiyelambo (Read More about Taiye Lambo in SecƟon 1-3) Session 2-4 DescripƟon—SoŌware-Defined Center Impact on Security and Compliance Ses- sion - VMWare Inc - The demand for agile development and producƟon environments is driving more workloads to virtual and cloud infrastructure. But agility for storage and com- pute is only part of the soluƟon when these workloads are chained to legacy network and security infrastructure. The goal is to have all infrastructure virtualized and delivered as a service, where the control of this datacenter is enƟrely automated by soŌware – also known as the SoŌware Defined Data Center (SDDC). We will discuss how early adopters of this tech- nology have transformed their network and security controls into soŌware and how some auditor organizaƟons have embraced this new trend to help customers be both agile and compliant in the SDDC. Presenter: GARGI MITRA KEELING is a Group Product Manager for Cloud Infrastructure, fo- cused on strategy and product planning for plaƞorm security (ESXi, vCenter) and applicaƟon security (vShield soluƟons . She has led a successful consulƟng pracƟce and held product management/markeƟng roles for startups and established leaders in Silicon Valley for over a decade. Previously, she held IT management posiƟons on Wall St. where she focused on in- frastructure for networking, endpoints and security. At VMware, she is working with her ex- tended team to drive innovaƟon in cloud compuƟng by transforming informaƟon security and compliance so that they are relevant and 'beƩer than physical' when it comes to protecƟng applicaƟons in the cloud.
  • 15. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 15 Session 2-7 DescripƟon: Expert Panel—FoundaƟon2InnovaƟon-Are We There Yet? The Success and Challenges in MeeƟng our Compliance Requirements Using our Most Inno- vaƟve Ideas Moderator and Conference Co-Chair: Rocco Cappalla, is known for Analysis of Business pro- cess and controls to improve operaƟonal effecƟveness, financial reporƟng and compliance. IniƟaƟng difficult conversaƟons without destroying the business relaƟonship to add value to the business. CERTIFICATIONS • CerƟfied Public Accountant (CPA) State of California- License # 89288 – Current • CerƟfied InformaƟon Systems Auditor (CISA) - Current • CerƟfied Internal Auditor – Current Rocco can be reached at rocco.cappalla@gmail.com Panelist: Benny Kirsh - CIO of Infoblox, a leading company in network automaƟon and control, Benny Kirsh, is an accomplished, results-oriented informaƟon technology professional with more than 20 years of experience in various industries. He has held several CIO posiƟons. He joined The Cooper Companies to lead an ERP implementaƟon and drive a cultural change necessary for a global rollout. He also led a highly professional IT team in implemenƟng sever- al systems such as financials, distribuƟon, supply chain and others. He established a Change Management process to create transparency and build a strong working relaƟonship within the business. Prior to The Cooper Companies, Benny was the first CIO at Kyphon, a company experiencing significant growth. His most important objecƟve was to lay the technology foun- daƟon for growth while sustaining the flexibility required for Kyphon to funcƟon in a compeƟ- Ɵve market. He was responsible for implemenƟng criƟcal systems such as ERP, Quality Assur- ance, Workflow, Clinical Trial Systems and others. Benny relocated to the US from Israel with an InternaƟonal Enterprise, Terayon CommunicaƟon Systems, bringing with him a wealth of global experience. Presenter: Meet Barbara Adey As Senior Director for Product Management in the Security Technology Group at Cisco Sys- tems, Barbara is responsible for developing new lines of business in Cisco Security. Prior to taking on her current role, she was the chief operaƟng officer for the Wireless, Security and RouƟng Technology Group at Cisco. Previously, she was a member of the corporate strategy team where she led the three-year plan for Cisco's entry to the data center / cloud mar- ket. Barbara holds a bachelor's degree in Systems Design Engineering from the University of Waterloo and an MBA from York University. She is a licensed Professional Engineer.
  • 16. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 16 Session 2-7 Panel Discussion Panelist: Allyn McGillicuddy, Partner, The Office of the CIO, Palo Alto, CA Allyn McGillicuddy collaborates with major Northern California enterprises to deliver strategic soluƟons for challenging business and informaƟon technology objecƟves. Establishes and leads process-based methodology to efficiently achieve enterprise compliance, informaƟon security objecƟves, and privacy goals. Panelist: Lynne Courts – Chief MarkeƟng Officer, Fox Technologies Lynne Courts brings over 20 years of global enterprise soŌware markeƟng and sales experi- ence to Fox Technologies where she is responsible for product markeƟng and management, field markeƟng, and corporate brand markeƟng. Lynne started with FoxT in 2005, and in her current role is focused on growing market share and driving product innovaƟon. Prior to FoxT, Lynne held a wide range of sales and markeƟng roles in the IT industry including Director of Product MarkeƟng at Chordiant SoŌware, Managing Director of EMEA for AcƟon Point SoŌ- ware, and Western Region Sales Manager for Intellus SoŌware. Lynne also held a variety of Product MarkeƟng and Management posiƟons at NCR CorporaƟon. Lynne holds a BS degree in Business MarkeƟng from Michigan State University.
  • 17. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 17 ISACA Silicon Valley has been providing IT Audit, Security, and Governance Professionals with the training and net- working opportuniƟes they need to compete and thrive since 1982. We are conƟnuing this tradiƟon at our 2013 Winter Conference, where we offer our aƩendees are a range of industry leaders, speaking to their wisdom and experience in Enabling Trust through Business in the Cloud. Don’t miss our upcoming Winter Conference, offering two full day courses that move beyond theory to emphasize pracƟcal skills you can uƟlize at work or to improve your marketability. The Conference CommiƩee has worked hard to provide a cost effecƟve, value driven, high quality educaƟonal and networking experience. We tailor our events for ISACA members as well as Bay area professionals in governance and compliance fields. We hope we have succeeded. As always, you input is greatly appreciated, and we strongly encourage you to fill-out the EvaluaƟon Forms at the end of each day. You are also welcome to seek us out with any comments or suggesƟons you might have to help us conƟnually improve. Yours Sincerely, The ISACA SV Summer Conference CommiƩee 2013 Winter Conference Committee Robin Basham, Conference Director Rocco Cappalla, Co-Chair Conference ScoƩ Simmons, Assistant MarkeƟng and CommunicaƟons Mohammed Saifuddin, LogisƟcs, Cost Management and Collateral Summit Kalra, President ISACA SV, Meal and FaciliƟes Planning Rajeev Basra, PrinƟng Bala Krishnan, Liaison, Conference Management Larry Halme, Academic RelaƟons, ISACA SV, Scholarship and Student Outreach, Survey and CPE Robert Yewell, Treasurer, AccounƟng, RegistraƟon Greg Edwards, Conference Photographer, RegistraƟon AddiƟonal Thanks to ISACA Board members who parƟcipated in updates for the conference and who conƟnue to perform their board funcƟons throughout the year, Ruchi Gupta, Dharshan Shantamurthy, Mike Jordan, Naimish Anarkat, Jay Swaminathan, Pat Kumar Committee Members
  • 18. hƩp://www.isaca-sv.org/ FoundaƟon2InnovaƟon: Compliance Start to Finish—ISACA SV Summer Conference 2012 18 Venue Information and a note regarding Academic Relations The 2012 Summer Conference will be held at: Biltmore Hotel & Suites 2151 Laurelwood Road Santa Clara, CA 95054 (408) 988-8411 Free Parking ISACA Supports Academic Research Academic research is the foundaƟon of many of the breakthroughs and new theories supporƟng the IT assurance, informaƟon security and IT governance professional space. ISACA is pleased to sup- port academic research projects by posƟng these descripƟons of peer-reviewed research projects underway. You are encouraged to parƟcipate in those you find of special interest or perƟnence. ISACA Silicon Valley maintains a relaƟonship with San Jose State University. To learn more contact the Academic RelaƟons Director A special thank you is in order to the companies that volunteered sponsorship for local university students. In addiƟon to their generous conference support, these companies also hosted student aƩendance for this and future ISACA SV training events. Academic Scholarship