Officers & Contacts
President's Message
Academic Relations
Meetings & Events
Newsletters
Membership
Employment
Certification
Links and Resources
The Official Newsletter of the Silicon Valley Chapter of the Information Systems Audit and Control Association (ISACA) Editor: Lawrence R. Halme ISACA's Silicon Valley Chapter would like to invite you to attend our June Quarterly Meeting. This meeting will have a full agenda consisting of CISM/CISA certification discussion, two information seminars, annual officer elections, dinner, socializing, and door prizes. ------------------------------------------------------------------------------------------- June 2004 ISACA-SV Meeting Thursday, 10 June 2004 3pm to 7:30pm Ramada Inn, Sunnyvale RSVP: terry.barnhart@lmco.com JUNE 10 SCHEDULE Registration 3:00 Speaker #1 3:30 Social Hour 5:00 Dinner 5:45 Speaker #2 6:30 Adjourn 7:30 MEETING LOCATION Ramada Inn, Silicon Valley 1217 Wildwood Ave., Sunnyvale. Located near Lawrence Expressway & Highway 101. DIRECTIONS From San Jose: North on Highway 101. East on Lawrence Expressway. Take 1st right on Wildwood Ave. From San Francisco: South on Highway 101. Take the Lawrence Expressway Exit Go over Highway 101 on Lawrence. Take the 1st right on Wildwood Ave. From the East Bay: Take 237 West. Left at the Great America Parkway. Right at 101 North. Right onto the Lawrence Expressway. 1st right turn onto Wildwood Ave. COST ISACA Members $25 Non-Members $30 Students $15 CONTINUING EDUCATION Attendance of both workshops will represent three (3) hours. RESERVATIONS Please call Terry Barnhart at (408) 742-0150, or email terry.barnhart@lmco.com as soon as possible. If you've made a reservation and can't attend, please contact Terry to cancel so that the chapter is not billed for a "no show" meal. If you have special diet restrictions please notify upon reserving. Vegetarian meals are available upon request. Thank you! ------------------------------------------------------------------------------------------- AFTERNOON PRESENTATION: Network Audit and Policy Assurance Speaker: Aaron Davies-Morris Synopsis: Security policies are a powerful way to ensure that critical business processes are protected by the IT infrastructure that supports them. Policies ensure consistency and allow senior decision makers to communicate security requirements to implementers. New technology is enabling automated security audits to determine compliance to pre-stated policy requirements across large networks. This presentation will examine the benefits of automated network auditing, including its contribution to risk mitigation, and explore the way in which it will affect enterprise security deployments. This presentation will examine security posture identification via penetration testing, security auditing, and vulnerability analysis, and new trends in security products, including Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Vulnerability Detection Systems (VDS). It will discuss how these security technologies can be combined with traditional security products, such as firewalls, to create a comprehensive security platform that includes a policy compliance and auditing capability. Biography: Aaron Davies-Morris is a Senior Director of Business Development at Preventsys. He has over nine years of experience as a security professional serving Fortune 500 clients in the utility, financial, high technology and retail industries, where he focused on security architecture design, vulnerability assessment, and deployments of intrusion detection and enterprise security management solutions. Prior to joining Preventsys, Aaron served in a variety of consulting management roles, most recently in Ernst & Young's Security & Technology Solutions practice where he focused on the utility industry and managing alliance relationships with Symantec and Computer Associates. Prior to that, Aaron was with Internet Security Systems (ISS) X-Force Professional Services where he led the growth of the West coast practice from $100k in annual revenues to over $2M in a three-year period. Aaron was also at Deloitte & Touche where he executed controls reviews, vulnerability assessments and assisted clients in understanding how to securely leverage the Internet. Aaron is a frequent speaker on the subjects of cyber-terrorism, Internet security, IDS/VM deployment strategies and is a recurring guest lecturer on Digital Security at the University of California, Irvine's Graduate School of Management. He holds a BS in Civil Engineering and an MBA in Information Technology from UCI. SOCIAL HOUR: "ISACA Certifications Overview: CISA and CISM" Are you considering attempting CISM or CISA certification in the future? Do you have questions about certification requirements and the scope of the respective exams? Need pointers for how best to prepare over the coming year? Want to compare these ISACA certifications to other security and audit certifications? Just want a word of encouragement before sitting for one of the exams two days later on 12 June? During our Social Hour, we will answer your questions about the CISM and CISA certifications. The Chapter will have official flyers on the certifications available to pass out, and informal words of advice. Enjoy some wine and prepare to be convinced of the benefits of these extra letters behind your name. EVENING PRESENTATION: Managing Risk in the Employee Computing Environment Speaker: Kurt Shaver Synopsis: Employers are well aware of the benefits of an Internet-enabled workforce: instant and rich communication, vast information resources, online commerce, … but what about the downside? There are serious LEGAL and SECURITY risks associated with unmanaged employee Internet access. Mr. Shaver will present an overview of the risks associated with an Internet-enabled workforce and describe some best practices to illustrate how leading companies are minimizing these risks. Besides surfing inappropriate sites / content, this presentation will examine the security threats from instant messaging, peer-to-peer networks, spyware, mobile malicious code, and web based storage. This presentation will also discuss tools for audit and forensic analysis. Biography: Kurt Shaver is Websense’s Western Regional Director. Websense is the world’s leading provider of employee Internet management solutions. Websense enables organizations to manage how employees use computing resources to improve productivity and security, conserve information technology resources, and mitigate legal liability. Websense serves more than 20,000 organizations worldwide including corporations, government, and educational organizations. Mr. Shaver has 20 years experience in the Information Technology industry and is a frequent speaker at conferences and seminars. He holds a Masters degree in Electrical Engineering from Georgia Institute of Technology. ------------------------------------------------------------------------------------------- Job Opportunities on the ISACA-SV Website: We invite you to visit the Chapter's local job page. We are accepting job descriptions for open positions you wish to post on our web site. See the web site for contact information. Speaking Opportunities for ISACA members: San Jose State University has an ISACA student chapter. They always welcome practicing CISAs/CISMs and ISACA members to present on various IS and IS audit topics. This is a great opportunity for you to impart some of your practical knowledge, share ideas, enhance your presentation skills, help promote the IS Audit profession, and assist in training the next generation of IT and IT audit professionals in the Silicon Valley. Please contact Dikshita Kapasi (Meena), the External VP at ISACA-SJSU, if you can assist in any way with topics, speakers. She would love to hear from you, especially if you could do a presentation. Her e-mail address is meena_kapasi@hotmail.com ------------------------------------------------------------------------------------------- 2003-2004 CHAPTER OFFICERS Yogita Parulekar, President Swami Ramachandran, Vice President Sudha Chadalavada, Treasurer Oliver Wong, Secretary Kishor Kapasi, Past President Nicholas Green, Program Director Terry Barnhart, Membership and Meeting Arrangements Director Swee Fuller, Academic Relations Director and CISA/CISM Coordinator Larry Halme, Newsletter Editor Roger Delgado, Webmaster NEW MEMBERS Welcome to all new members of the chapter: Our current membership is approximately 250 members. There has been almost a net increase of almost 75 new members since the beginning of 2004. DISCLAIMER As it is the objective of the Silicon Valley Chapter of the Information Systems Audit and Control Association to provide a forum for the expression of ideas and opinions, statements of opinion appearing herein are not necessarily those of the Chapter or its directors and officers.Previous Issues of the CHIP