The Official Newsletter of the Silicon Valley Chapter Information
Systems Audit and Control Association (ISACA)

Editor: Lawrence R. Halme
Has it hit you yet? I’m talking about the imminence of winter festivities!
Last night while buying moist-wipes, sunblock, and mosquito repellant for
a vacation trip to further explore China and South East Asia, I saw that
aisles of wrapping paper, cards, and ornaments were already stocked with
a vengeance. The obligatory “Happy Holidays” were the parting words at the
cash register. Whether it is Ramadan, Diwali, Kwanza, Christmas, Hanukah,
Three Kings Day, etc., they are now or soon upon us. Personally, I’ll be
trading in Thanksgiving for Thailand’s Loy Krathong festival again this year
(though I have previously found a respectable turkey and stuffing holiday
dinner at a California restaurant in Bangkok), but I will be back in time
to check out San Jose’s Christmas in the Park light displays.

Here’s a toast that everybody will be in highest holiday spirits at the
upcoming December ISACA-SV dinner meeting!

Visit the Chapter’s web site at http://www.isaca-sv.org.

Upcoming Quarterly ISACA-SV Meeting:
Our next quarterly meeting is fast approaching.
Be sure to put December 9th on your calendar.

December 2004 ISACA-SV Dinner Meeting
Registration	3:00
Speaker #1	3:30
Social Hour	5:00
Dinner		5:45
Speaker #2	6:30
Door Prizes	7:30
Meeting Location:
Ramada Inn, Silicon Valley
1217 Wildwood Ave., Sunnyvale
(Located near Lawrence Expressway & Highway 101)

Directions:
From San Jose: North on Highway 101, East on Lawrence Expressway, and
take first right onto Wildwood Ave.
From San Francisco: South on Highway 101, take the Lawrence Expressway
exit, go over Highway 101 on Lawrence, and take the first right onto
Wildwood Ave.
From the East Bay: West on Highway 237, left at Great America Parkway,
North on Highway 101, East on Lawrence Expressway, and take first right
onto Wildwood Ave.

Cost:
ISACA Members 	$25
Non-Members	$30
Students     	$15

Continuing Education:
Attendance of both workshops will represent (3) hours.

Reservations:
Please e-mail Nic Green @ program-director@isaca-sv.org as soon as possible.
If you've made a reservation and later find that you can't attend, please contact
Nic to cancel so that the chapter is not billed for a "no show" meal. If you have
special diet restrictions please notify upon reserving. Vegetarian meals are
available upon request.

-------------------------------------------------------------------------------------------
AFTERNOON PRESENTATION: “Intelligent Risk Management” 
presented by Sandy Hawke, Solutions Engineer, TruSecure Corporation

Synopsis:
Our afternoon presentation by a speaker from TruSecure Corporation will be on the
topic of "Intelligent Risk Management" and will discuss how risk management tools
and methodologies can assist organizations comply with regulatory standards.

Biography:
Sandy Hawke, Solutions Engineer for TruSecure, has been in the Information Security
field since 1996. She started her network security career at UUNET managing InterLock
and Check Point firewalls for Fortune 500 customers. After working as a Senior Network
Security Engineer for a number of years, she was promoted to SOC Manager in her second
year with UUNET. In March 2000, Sandy took a Senior Security Analyst position with
TruSecure specifically responsible for assessing the security posture of corporations
through the analysis of remote and local scanning data, security policy compliance, and
physical security. For the past two years, Sandy has supported TruSecure’s Western field
team engineering security and compliance solutions for customers throughout California,
Nevada, Oregon, Washington, Arizona, Utah, and Colorado. She holds the following security
industry certifications: CISSP, CCSA, CCSE, and TICSA. She earned a BA in Political Science
at the University of Delaware, an MA in Political Science from UCSB and is a member of Phi
Beta Kappa. She has been very active in the past two years with speaking engagements at a
number of symposiums and technical meetings.

EVENING PRESENTATION:
Our evening presentation was planned to be an examination of a PKI implementation case
study. Unfortunately, the proposed speaker has found himself on assignment on the East
Coast for three months. We are hoping that he will be reunited with the West Coast in
time for our March 2005 meeting. But instead we are lucky to have found a speaker who
will enlighten us to auditing IBM’s flagship operating system.
Synopsis:
The evening presentation will examine the auditing of z/OS security, IBM’s 64-bit mainframe
operating system. z/OS is a highly secure, scalable, high-performance enterprise operating
system on which to build and deploy Internet and Java-enabled applications, providing a
comprehensive and diverse application execution environment.

More details about this presentation and its speaker will be provided in next month’s newsletter.
Our December meeting will also give us the opportunity to announce the names of those who passed
the CISA and CISM certification exams. Please attend to hear your name announced and bask in the
light of fine achievement! Also be there to encourage and applaud the efforts of those who took
the exams.
Attendance of both seminars will represent three (3) CPE Hours.
-------------------------------------------------------------------------------------------

Membership Survey: 
The ISACA-SV board would like to obtain input from the Chapter membership as to what they
would like to get out of their chapter. Our last newsletter promised (threatened) that there
would be a member survey in this month’s issue of The CHIP. While a detailed survey is in the
works we would highly appreciate if you can take a minute to answer the following questions
and respond to Nic Green .
Your responses will help us plan a tailored conference for the Chapter members and friends.

1)	Are you interested in attending a conference hosted by the chapter?

		Yes[ ] No[ ]

2)	Are you prepared to pay $150 - $200 per day to attend such a conference?

		Yes[ ] No[ ]

3)	How long should the conference be?

		1 day[ ] 2 day [ ] 3 days[ ]

4)	What topics are you interested in?


-------------------------------------------------------------------------------------------


2005 CISA/CISM Exam Dates Set: 
The next Certified Information Systems Auditor (CISA) exam and Certified Information Security
Manager will be held on June 11, 2005. The early registration deadline is February 2, 2005,
and the final registration deadline is March 30, 2005. More than 15,000 candidates are expected
to register for CISA exams this year. If you want to be one of them, you can sign up on the ISACA
Web site at: http://www.isaca.org/examreg.

-------------------------------------------------------------------------------------------
JOB OPPORTUNITIES ON THE ISACA-SV WEBSITE: 

We invite you to visit the Chapter’s website to view employment opportunities at
http://www.isaca-sv.org/employment.html.
We are accepting job descriptions for open positions you wish to post on our web site.
See the web site for job postings and contact information


NEW MEMBERS:
Welcome to all new members of our Chapter! Our membership has grown to over 300 members with
growing numbers of CISMs. Our growing ranks and diversity of backgrounds give all of us increased
opportunity to meet and network. with varied individuals in the coming meetings.
We invite all this new blood to join us at the December meeting!


CISA EXAM 
Congratulations to our members who passed the recent CISA exam


-------------------------------------------------------------------------------------------
Related Security Practitioner / Auditor Events:
ISACA-SF:
Our Sister chapter in San Francisco is presenting a luncheon seminar entitled, “SOX After
Implementation” on Thursday, 18 November 2004. The talk, to be given by Ernst & Young
Senior Manager, Sean Duquemin will examine last minute Sarbanes-Oxley compliance activities,
and what to expect for the second year of SOX. This seminar will take place at The Palace
Hotel in San Francisco. For ISACA members, it will cost $40, for non-members $50, and students
will need to pay $20.
http://www.sfisaca.org/events/conference04/announcement.htm.


IIA-SJ:
The San Jose chapter of the Institute of Internal Auditors and the Silicon Valley Chapter
of the AGA is holding a 7-CPE, all-day seminar on Friday, 19 November 2004 at the Santa
Clara Biltmore Hotel. The topic of this seminar is, “Preventing and Detecting Internal
Fraud,” presented by Larry Rosipajla, North American Director of Forensic Services and
Gerry Fujimoto, Partner, Deloitte & Touche, LLP. The cost is $185 for members and $205
for non-members.
http://www.theiia.org/chapters/index.cfm?cid=79.

ISSA-SF:
The San Francisco chapter of the Information Systems Security Association is holding an
afternoon seminar from 1pm to 5pm on Tuesday, 16 November 2004 at PG&E’s Main Auditorium
on 77 Beale Street in San Francisco. The topic of this seminar is, “Sarbanes-Oxley –
Governance from All Angles.” Several presentations and a highly interactive panel
discussion with attendees is promised.
http://www.sfbayissa.org/index.php?module=PostCalendar.


-------------------------------------------------------------------------------------------
2004-2005 CHAPTER OFFICERS
Yogita Parulekar, President
Swami Ramachandran, Co-Vice President
Sudha Chadalavada, Co-Vice President
Oliver Wong, Treasurer
Meena Kapasi, Assistant Treasurer
Rick Kest, Secretary
Nicholas Green, Program Director
Terry Barnhart, Membership and Meeting Arrangements Director
Janie Chang, Academic Relations Director
Swee Fuller, Assistant Academic Relations Director
Edmund Lam, CISA/CISM Coordinator
Nils Puhlmann, Seminar Director
Larry Halme, Newsletter Editor
Tamara DeMarco, Co-Webmaster
Roger Delgado, Co-Webmaster
Kishor Kapasi, Past President
Desmond Low-Kum, Chapter Advisor
Ranjita Chakravarty, Chapter Advisor

DISCLAIMER
As it is the objective of the Silicon Valley Chapter of the Information
Systems Audit and Control Association to provide a forum for the expression
of ideas and opinions, statements of opinion appearing herein are not
necessarily those of the Chapter or its directors and officers.

• October 2004
• September 2004
• July 2004
• June 2004
• March 2004
• January 2004
• December 2003