|
 |
MONTHLY MEETING TOPIC AND SPEAKERS
(Meeting Date: May 15, 2008)
"Challenges of Identity Access Management for Auditors" - (Panel Discussion)
Moderated by Alan Chipman - Director in SOAProjects, Inc.,
Panelists:
Tim Stapleton - Risk Management Consultant – Wells Fargo bank
Arun Perinkolam - Manager - Deloitte & Touche
Mike Johnson - Director - PWC
Harshul Joshi - Director for IT - CBIZ Accounting Tax and Advisory LLC
|
|
"Challenges of Identity Access Management for Auditors"
Identity management systems are becoming widely deployed in enterprise environments and are increasing in complexity. This panel will discuss business drivers of Enterprise Identity Management Solutions, Process & Technology aspects of it, Challenges in deployment, what is essential for the IT auditors need to gain knowledge and understanding of Identity Management Systems. Developing a risk-based audit plan that accurately measures the risks associated with Identity Management solution deployment and operation is a necessary skill for IT Auditors as this technology makes its way into corporate infrastructures.
|
By attending this panel discussion you will learn:
|
|
- What are the different types of Identity Management Systems and tools?
- Learn the critical components of an Identity Management System
- Understand risks associated with enterprise-wide Identity Management
- Audit approaches for Identity Access Management
|
|
|
 |
Alan Chipman is a Director in SOAProjects, Inc., and he is spear heading the Technology Risk and Management Advisory Services (TRMS) practice. Prior to SOAProjects, Alan was with PwC for almost 19 years, the last ten directing the SPA group in the Silicon Valley practice. Built the Systems and Process Assurance (SPA) practice in the San Jose office from zero to over eighty client service professionals; functioned as part of the top leadership team for this group through the PW-C&L merger, dot-com boom and contraction, and SOX 404 implementation periods. Led client engagements for SPA external and internal audit services within the Technology industry sector for a number of premier Silicon Valley and other companies: HP, Sun Microsystems, Plantronics, Agilent Technologies, Netgear, Verigy, Varian, Inc., Varian Medical Systems, Synnex, Redback Networks, Summit Information Systems, Advent Software, Borland Software, Yahoo, Iomega, et al, providing opportunities to observe best practices (as well as not the best practices) in internal audit departments and the companies’ controls and compliance environments.
|
|
 |
Tim Stapleton is a CISA, and has also earned CCSA and ITIL Foundations certificates. Tim is a Risk Management Consultant with Wells Fargo Bank. Earlier at Wells, he was an auditor covering special business initiatives and emerging technologies. Prior to Wells, he worked at Bank of America (Y2K), Citibank (ATM and internet project management) and the Federal Reserve Bank of San Francisco (EDP Auditor). Tim holds a Masters degree in Accounting and a Bachelors degree in Philosophy. Tim Stapleton is currently a member of the SF-ISACA Education Committee and 2008 Fall Conference committee. |
|
 |
Arun Perinkolam is a Manager with the Security & Privacy Services Group, Deloitte & Touche LLP. He has focused technical expertise in the areas of Identity & Access Management, Enterprise Access Control, PCI Data Security Standard Readiness/Remediation, SSO and related methodologies. Arun has led projects involving scoping & planning (requirements gathering, use case design, enterprise strategy & roadmap), detailed design, development and deployment of enterprise wide security solutions for over 7 years. Arun has specific deployment experience with IAM solutions such as HP Select Identity / Select Access, Oracle Identity Manager, Sun Java Identity Manager and VAAU-RBACx amongst others. Arun holds a Masters degree in Computer Science from the University of Southern California and also holds the CISSP certification. |
|
 |
Mike Johnson is a Director in PwC’s Advisory Technology practice based in San Jose. Mike’s client delivery focus is security and technology engagements. He has been involved with IT security projects for the last nine years with a focus on Identity Management. Past projects have included work on strategy and planning, product selection, and the deployment of solutions over multiple release cycles. Mike has worked on employee, business partner, and customer facing projects for Access Management, User Repository, and Provisioning solutions. |
|
 |
Harshul Joshi is Director for IT (Information Technology) services for CBIZ Accounting Tax and Advisory LLC. Harshul has been leading the IT Practice for CBIZ Risk and Advisory since 2005.
Harshul’s primary areas of focus are IT risk assessment, audit, security and compliance. He has worked with various compliance standards including Sarbanes Oxley 404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card Industry) and SAS 70. Harshul has worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives and is an internationally known speaker. Some of the sample topics he speaks on include Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and Offshoring and Performing IT Risk assessment from a Business stand-point. He has spoken at various conferences in Singapore, India and in United States.
Harshul is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). Harshul has an MBA in International Business and a MS in Information Systems.
A few of the key clients that Harshul worked with during his tenure with CBIZ RAS are Readers Digest, La-Z-Boy, CACI, Coach, Imagistics and Town Sports International. The key services that Harshul worked on include IT risk assessment, Sarbanes Oxley 404 compliance and infrastructure security assessment.
Prior to joining CBIZ, Harshul was a Director of Security service with Cognizant Technologies where he headed the security practice creating and delivering risk assessment services. He also spearheaded IT security and compliance at Sony Corporate audit group performing compliance and audit assessments for Sony Electronics, Sony Music and Sony Pictures. He was also responsible for SAS 70 reviews and privacy initiative at Sony. Prior to joining Sony, Harshul was a Security Architect with Verizon where his clients included NYSE, Sears, Novartis, Department of Veteran Affairs and Callaway golf.
|
|
|
|
