Welcome to ISACA Silicon Valley Chapter. ISACA-SV is proud to serve our Bay Area constituents. We are committed to serving those involved with various aspects of information security, assurance, risk management, privacy, audit, and similar topics associated with IT control and governance related activities.
UPCOMING EVENTS
2-Day Spring Conference March 25-26, 2010
Beyond Checkbox Compliance Audit and Accountability
The past year has taught us that regulatory compliance is not enough. The Heartland data
breach occurred even though the company was PCI compliant, and the
Madoff Ponzi scheme occurred even though Madoff's company was
investigated multiple times by the SEC and other regulatory authorities. How do we move beyond checkbox compliance to truly address the risks?
Our 2-day 2010 Spring
Conference, Beyond Checkbox Compliance – Audit and Accountability, will be held March 25-26, 2010 at the Computer History Museum in Mountain View. The conference will cover a mix of audit, security, governance and compliance tracks.
We are putting out a call for
papers to help us select potential speakers. To submit your proposal to speak at the conference, please fill out this form and e-mail it to 2010SpringConference@isaca-sv.org.
Additional conference information and registration registration link can be found here.
Nominating Committee To Be formed During the Reception on March 25, 2010
The Nominating Committee oversees the chapter elections for
Board offices to be filled at the Annual General Meeting, which will be held on June 17, 2010. Per ARTICLE
VII, Section 1 of our Bylaws, "The Chapter Board shall solicit and select volunteers
to form a three-member Nominating Committee at a meeting 3 months prior to the
upcoming Annual General Meeting. Current Chapter Board members may serve on
this committee; however no members of the Nominating Committee will be eligible
to stand for upcoming elections for that term."
Our Next Monthly Meeting Thursday, April 15, 2010
Presentation #1: SaaS and Cloud Applications – What You Need to Know
The migration of business-critical
applications to the cloud amplifies the need for visibility and
control. Unfortunately business users often deploy SaaS applications
without any thought to finance and IT controls and processes. In this
session learn the critical access control challenges being created by
SaaS and cloud applications. Also hear best practices for how
forward-thinking organizations are managing the security and compliance
challenges being created by on-demand applications.
Speaker #1: Tom Bishop, Chief Technology Officer, Conformity
As Chief Technology Officer, Tom is
responsible for overall technology vision and strategy at Conformity.
Tom is a recognized and award-winning CTO, and brings over 30 years of
experience in senior technology and strategy roles at a variety of
pioneering systems management solution vendors.
Prior to
Conformity, Tom was VP of Engineering at Storspeed, a leading storage
solutions vendor. Before that he was Chief Technology Officer at BMC
Software, where he was responsible for product vision and direction.
Tom served as Chief Technology Officer at VIEO, Inc, where he was named
“Chief Technology Officer of the Year” by InfoWorld magazine in 2004.
Before that, he was Chief Technology Officer at Tivoli and later
IBM-Tivoli. Tom began his career at Bell Labs. He holds nine patents in
fault-tolerant and distributed computing and led the development of
such industry standards as the DMTF’s CIM, the CMDB federation
specification, and POSIX.
Tom holds BS and MS degrees in Computer Science from Cornell University.
Presentation #2: Cloud Computing Security - Practical and Actionable Security Controls to Assess the Cloud Vendor.
With Cloud Computing comes a whole new set
of security vectors, white papers and various schools of thought
related to security, privacy and governance. I have taken the time to
decipher some recent white papers and guidance to put together some
practical, actionable and relevant security controls which the audience
can take back and immediately begin to use to properly assess cloud
vendors to understand the new security vectors and put the cloud
vendors to the test!
Speaker #2: Brian Koref, Information Security Officer, KLA-Tencor
Brian
Koref is the current Information Security Officer for KLA-Tencor, a
Semi-Conductor equipment company with approximately 5000 employees
world wide with a market cap of more than 5 Billion Dollars. His
responsibilities include intellectual property protection, policy
development and governance, mergers and acquisitions due diligence,
third party partner engagements and general consultation to the
business in areas of information security. Prior to his current post,
Brian has held a variety of Information Security
management,engineering, architecture and analyst positions with various
technology companies in the San Francisco Bay area. Brian began his
career in information security while spending 8 years conducting
computer crime investigations for the Air Force Office of Special
Investigations.
Additional meeting information and registration registration link can be found here.
Call for Volunteers
We
wish to call for your help with the various committees that make our
Chapter meetings, classes, and operations possible. Help the chapter
ensure quality events, gain valuable networking opportunities, and become
eligible for up to 10 CPE's per ISACA certification. Please go to the
sign in table at any of our events to volunteer.
