The Password - September 2013

The Newsletter of ISACA - North Texas Chapter

September 2013

In This Issue:

Letter from the PresidentMeeting Agenda for our September 12, 2013 Luncheon MeetingNew Meeting Rate Structure – Effective September 2013

Upcoming CPE Changes – “Going Electronicâ€Introducing this year's Education Committee

Current Job PostingsNews from ISACA International

Letter From the President

Welcome to our first newsletter of the 2013-2014 year! Your North Texas Chapter Board of Directors is

already busy planning programs and activities for the upcoming year.

Our September meeting takes place next Thursday 9/12 at the Sheraton Hotel in Arlington. Our theme this month

is Regulatory Update. The Programs team lead by Andrew Neal has speakers scheduled to discuss the latest

changes with HIPAA, SOX (SOC) and PCI-DSS. The Board will also present our current year's budget for

your review and approval. Please register for this meeting at www.isaca-northtexas.org.

Our Certifications team lead by Barry Raven is busy planning our fall review courses. These classes will begin on

the last Saturday of October and continue on the first three Saturdays in November. If you’re studying to

take either the CISA or CISM exam in December these classes are a great way to finalize your preparation. Stay

tuned to our web site for more details.

We are looking for volunteers for three open positions: Hospitality Coordinator, Education Coordinator and

Newsletter Coordinator. Please contact me at president@isaca-northtexas.org if you’re interested in

learning more about one of these positions. If you indicated an interest in volunteering while completing the

chapter survey, look forward to being contacted soon by a board member who will work with you to best useyour talents.

Invest in yourself and your career! Take advantage of the opportunities your ISACA membership offers you.Stay tuned to our Chapter Website and your email box for all the North Texas Chapter ISACA news. I look

forward to meeting you at one of our monthly chapter meetings, educational seminars, certification reviews ornetworking events this year.

Greg Streder, CISA

JCPenney Company, IncPresident - ISACA North Texas Chapter

president@isaca-northtexas.org

[Top]

Meeting Agenda for our September 12, 2013 Luncheon Meeting

The focus of this month's meeting is Compliance Update. The meeting will be held at the Sheraton - Arlington. Experts willpresent the following sessions "An overview and update on HIPAA ", "Regulatory & Compliance Update – The

changes coming for SOX" and, "PCI DSS 3.0". Be sure to join us and learn from the experts.

Meeting Overview: 10:30 AM (Pre-Luncheon meeting)

Angela Miller, President/General Manager, Medical Auditing Solutions LLC“An overview and update on HIPAA – Updates since HITECH and implications of the Affordable Care Act"

12:20 PM (Luncheon)

Kris Lonborg, Partner, and Maria Avedissian, Senior Manager, Advisory Services, Ernst & Young LLP "Regulatory & Compliance Update – The changes coming for SOX" *Note - This session will focus on the recent changes made to the SOC1 Audit Guide and the highlights of the recent Audit

Risk Alert.

1:30 PM (Post-Luncheon session) Branden R. Williams, EVP Strategy at Sysnet Global Solutions

"PCI DSS 3.0â€

Complete details are provided below.

Pre-Luncheon Session - 10:30 AM - 11:20 AM

Topic: An overview and update on HIPAA – Updates since HITECH and implications of the Affordable Care ActPresenter: Angela Miller, President/General Manager, Medical Auditing Solutions LLC

HIPAA rules were significantly modified in 2009 with the HITECH act. Since then HIPAA rules have undergone further refinementand modification with implementation deadlines in 2013. The Affordable Care Act begins implementation in the fall and brings with itHIPAA implications.

This presentation will provide a high level update regarding recent HIPAA regulatory changes, pending changes, and anticipatedoperational impacts resulting from the Affordable Care Act. The presentation will give insight into the topics auditors and security

professionals should be aware of in assessing their internal privacy and security compliance programs.

Angela Miller has over 18 years of leadership and consulting experience in healthcare compliance program development, trainingand audits for coding and billing, as well as collections for all types of healthcare and medical providers. Ms. Miller is President ofMedical Auditing Solutions LLC and has provided consulting services to a variety of companies. Her company is a Texas certifiedWBE and HUB business.

Ms. Miller is a Certified in Healthcare Compliance (CHC) Her consultation services cover the areas of healthcare compliance,

HIPAA, & HITECH program development & training, as well as payer audit review & response, legal defense audits &recommendations, credentialing/provider applications and cash flow management.

Objectives: Attendees will gain an:

Overview of the high level HIPAA privacy and security rules resulting from HITECH ActUnderstanding HIPAA changes resulting from the introduction of the Affordable Care ActUnderstanding the nature of Security/Privacy breaches associated with PHI

General understanding of how the regulatory changes will affect organizations in general

Presentation Method: Group-Live Program Level: BasicCategory: Specialized Knowledge & ApplicationsPrerequisites/Advance Preparation: None

Recommended CPE Hours: 1

Pre-Luncheon registration begins at 10:00 am

Luncheon Session - 12:20 PM - 1:20 PM

Topic: Regulatory & Compliance Update – The changes coming for SOX

Presenters: Kris Lonborg, Partner, and Maria Avedissian, Senior Manager, Advisory Services, Ernst & Young LLP

The AICPA recently published a new SOC1 Audit Guide and an Audit Risk Alert making some changes to SOC1 report

expectations and providing clarity in some areas for these reports. These reports are widely used by companies with outsourcedoperations for SOX 404 and Internal Audit purposes.

Are you aware of these recent changes and how they may impact your company? This presentation will provide an overview of

the changes required for SOC1 reports and prepare you to understand these changes that should be reflected in the upcomingcycle of reports you may be dependent upon.

Kris Lonborg, CISA, CISM, CGEIT, CRISC is a Partner in Ernst & Young’s Advisory Services practice. He has 29years of experience in information technology auditing and advisory services. Kris has performed control assessments in a varietyof computer environments, managed numerous security assessments, data analysis projects, and pre-implementation reviews.

Kris directs the activities of more than 100 SSAE 16 reports annually. He is the Southwest Sub-Area’s Third-PartyReporting service-line champion. He also serves as the Technology Partner on a number of our external financial audits.

Maria Avedissian, CISA, CRISC is a Senior Manager in the Advisory Services practice of Ernst & Young LLP. Mariaspecializes in the delivery of Information Technology (IT) risk assurance and advisory services including IT security, ERP integrityand Third-party reporting.

Maria also has significant experience in assisting her clients in their Sarbanes-Oxley and regulatory compliance initiatives and

providing information technology audit and advisory services to the marketplace. Maria manages over 50 Service OrganizationControls reports (SOC 1, SOC 2 and SOC3) reports annually for national and international service organizations.

Objectives: Potential learning outcomes/takeaways include:

Understanding the recent changes made to the SOC1 Audit Guide and the highlights of the recent Audit Risk Alert.Understanding the user auditor implications of these changes

Presentation Method: Group-LiveProgram Level: Basic

Category: Specialized Knowledge & ApplicationsPrerequisites/Advance Preparation: NoneRecommended CPE Hours: 1

Luncheon registration opens at 11:15 amLunch is served no later than 11:45 am

Post Luncheon Session - 1:30 PM - 2:30 PM

Topic: PCI DSS 3.0Presenter: Branden R. Williams, EVP Strategy at Sysnet Global Solutions

We have a new standard on the way in PCI DSS 3.0. What can you expect? Can you get ahead of the game? This session will

preview some of the changes to come as well as strategies for dealing with the changes.

Branden Williams, CISSP, CISM is well known in the industry as a practitioner, consultant, and thought leader. He spent anumber of years helping companies solve major security and compliance problems, including building PCI DSS complianceprograms for some of the largest retailers around the globe. He recently sat on the PCI Board of Advisors and published the thirdedition of his book, PCI Compliance (Syngress, 2012) in August. Branden routinely speaks with organizations big and small with

various levels of regulation to help them reduce their overall risk footprint and build safer and more efficient IT functions.

Objectives: Attendees will learn:

General areas of PCI DSS changesKey PCI DSS changes where new challenges may arise

Presentation Method: Group Live

Program Level: Basic

Category: Specialized Knowledge and Applications Prerequisites/Advanced Preparation: None

Recommended CPE hours: 1

For complete details, including CPE information and to register, click the buttons below.

Event Details Register

Copies of the presentations for this meeting will be made available at http://www.isaca-northtexas.org/SitePages/Presentations.aspx,

before the meeting if possible.

Andrew Neal

Andrew Neal, CISA

TransPerfect DigitalVP of Programs - ISACA North Texas Chapter

programs@isaca-northtexas.org

[Top]

New Meeting Rate Structure – Effective September 2013

Like many businesses our chapter is challenged with rising costs. Several venues where we met in past years raised their ratessignificantly this year. Brittany Teare, VP of Facilities, works diligently to find new venues which are more cost effective. After

careful consideration, the Board decided to raise our meeting rates beginning in September 2013. The new rate structure followsbelow:

$35 – members (+$5 increase)

$45 - non-members (+$10 increase)$45 – walk-ins, regardless of ISACA membership (+$5 increase)

$15 – students (+$5 increase)$0 – students with approved voucher from professor (no change)

Please note: The chapter will continue to subsidize the total cost of our monthly meetings, as the above rate increase will

not put us in a breakeven position. We make up most of the shortfall through our educational seminar and certificationreview class revenue. We will continue to look for new meeting venues across the D/FW Metroplex to minimize costs while

providing a quality meeting experience.

Doug Gorrie, CISA, CISSP, CIA

Vendor Resource Mgmt.Treasurer - ISACA North Texas Chapter

treasurer@isaca-northtexas.org

[Top]

Upcoming CPE Changes – “Going Electronicâ€

This chapter year will bring changes to our CPE processes. The Board is targeting November for the rollout of electronic CPEcertificates for meetings and seminar attendees. Until this is completed, we will still be providing paper CPE certificates at the

meetings as follows:

Pre-meeting CPE certificates may be picked up at registration prior to the session. Attendees should make sure they sign thepre-meeting registration list to make sure their attendance is recorded.

Lunch and post-meeting CPE certificates will be handed out at the end of each of the sessions. Post-meeting attendeesshould make sure they sign the post-meeting registration list circulated at the beginning of the post-meeting session.

According to NASBA requirements, we cannot provide CPE for an incomplete session, so we encourage members to arrive

promptly and attend the full meeting session. If you have any questions regarding CPE, please contact Lisa Bartsch, CPECoordinator at cpe@isaca-northtexas.org

Lisa Bartsch, CISA, CPA, CISSP

Capital One

CPE Coordinator - ISACA North Texas Chapter cpe@isaca-northtexas.org

[Top]

Introducing this year's Education Committee

A new ISACA Year is upon us and I would like to introduce myself, Matthew Smith as VP of Education. I currently work for

Capital One as an IT Risk Manager and have been a member of ISACA since 2004. I have previously served on the ChapterBoard as both VP Communications and Newsletter Coordinator.

Your 2013-2014 Education Committee is currently comprised of Iddah Wangondu and myself. We are currently seeking additionalcommittee members, if you are interested please contact us at education@isaca-northtexas.org.

The Summer Seminar, Mobile Security Boot Camp, was held last month and was very successful. The course presenter was JerodBrennen, CTO and Principal Security Consultant with Jacadis. Feedback from the participants was very positive:

100% of those that responded said that the learning objectives of the seminar were met, Excellent (63.6%) or Good (36.4%)

100% said that the instructor was effective, Excellent (77.3%) or Good (22.7%)95.5% said that the seminar was cost effective, Excellent (54.5%), Good (36.4%) or Satisfactory (4.5%)

100% said that they would recommend the seminar to others

Look for details of the Fall and Spring seminars, they provide excellent training at cost effective prices.

Matthew Smith, CISACapital One.

VP Education - ISACA North Texas Chapter communications@isaca-northtexas.org

[Top]

Current Job Postings

The word is getting out - that firms and recruiters can post their available audit and security-based openings on our JOBS Board,

without charge. Help bring jobs and job seekers together by promoting job postings. Your fellow ISACA members willappreciate it.

As of September 8, 2013, we have two opportunities posted on the jobs board, as summarized below. See our websiteregularly for any updates and for complete details. Please note that positions may have been filled or new positions added prior to

the newsletter publication, so always check the jobs board directly for the most current status.

Company: Sunera LLCPosition: Technology Risk Consultant

Location: Plano, TX

Salary: DOE Contact: Cait Hebble, 813-402-1208, chebble@sunera.com

https://sunera.com/job-postings/technology-risk-position/

Company: CVS CaremarkPosition: Sr. Privacy Consultant

Location: Irving, TX Salary: DOE

Contact: Chad Thiemann, 469-524-5666, chad.thiemann@cvscaremark.com,

http://jobs.cvscaremark.com/irving/corporate/jobid4055168-sr-privacy-consultant-jobs

Additional details about these jobs and all current job postings are available at: ISACA North Texas Job Postings.

To post an available position, just complete a Job Posting Template. Each job posting will be displayed on our site for one month,

but can be reposted again or removed at any time by request.

All posted job descriptions will also be included in this newsletter each month. Members can also examine the available positions on

the job board.

Don't forget - Postings are FREE and available for members and non-members alike.

Interested in positions outside the DFW area, even world-wide? ISACA International maintains a Career Center that hosts

hundreds of available opportunities. https://www.isaca.org/ecommerce/Pages/ISACACareerCentre.aspx?returnurl=/ecommerce/Pages/ProcessLogin.aspx?vt=3

Joe McKernan, CISA, CISSPIBM

Jobs Coordinator - ISACA North Texas Chapter

jobs@isaca-northtexas.org

[Top]

News from ISACA International

Upcoming ISACA Conferences

North America Information Security & Risk Management (ISRM) Conference - November 6-8, 2013, Las Vegas, NV,USA. The North America ISRM features relevant security and risk management topics presented by leading industry experts

and practitioners. Earn up to 32 CPE Hours!

Upcoming ISACA Training

Cloud Computing: Seeing through the Clouds - What the IT Auditor Needs to Know - 7-10 October 2013, Chicago, IL,

USA. Cloud computing has emerged as one of the most significant information technology developments over the pastdecade. As a new framework for the way IT solutions are designed, sourced and used for services delivery, it offers

organizations new and flexible ways to manage IT costs, scale IT operations and streamline related processes. However,

with new IT developments come new risks. ISACA and Deloitte & Touche LLP have teamed up to deliver a cloudcomputing course to help you understand the risk implications of moving to the cloud, as well as strategies for managing those

risks. Earn up to 32 CPE Hours!

Training Week - Boston - October 14-17, 2013, Boston, MA, USA. ISACA’s Training Week program provides a

unique opportunity to explore today’s key IS and IT topics with knowledgeable experts while updating and upgradingyour own professional skills and potential. Courses are tailored to meet the unique requirements and challenges of IS & IT

professionals just like you. Choose from one of the following educational tracks to study during your training week:

Fundamentals of IS Audit & Assurance, Information Security Management, Governance of Enterprise IT, IT Risk

Management and, COBIT: Strategies for Implementing IT Governance. Earn up to 32 CPE Hours!

Taking the Next Step: Advancing Your IT Auditing Skills- November 11-14, 2013, Dallas, TX, USA. IT auditors musthave wide range of skills across a broad array of technologies and platforms. This course provides the IT audit professional

with an opportunity to deepen their knowledge across a range of various technologies, using practical hands on presentations

and demonstrations, to enable IT auditors and security professionals to identify and analyze risks associated with a range of

infrastructure platforms. Earn up to 32 CPE Hours!

Training Week - Las Vegas - December 9-12, 2013, Las Vegas, NV, USA. ISACA’s Training Week programprovides a unique opportunity to explore today’s key IS and IT topics with knowledgeable experts while updating and

upgrading your own professional skills and potential. Courses are tailored to meet the unique requirements and challenges of

IS & IT professionals just like you. Choose from one of the following educational tracks to study during your training week:

Fundamentals of IS Audit & Assurance, Information Security Management, Governance of Enterprise IT, IT Risk

Management and, COBIT: Strategies for Implementing IT Governance. Earn up to 32 CPE Hours!

New Research Available

Privacy and Big Data: Improved decision making, faster time to market, better customer service and increased profits are

just some of the benefits contributing to the explosion of big data implementation across enterprises of all sizes. The World

Economic Forum describes the personal information garnered by big data as “the new ‘oil’—a valuable resource

of the 21st century.†Big data analytics is the “new engine of economic and social value creation.†Enterprises eager toreap the benefits of big data and its vast potential are recognizing their responsibility to protect the privacy of the personal

data gathered and analyzed with big data. The success of enterprises will depend on how they meet and deal with the various

big data challenges and impacts, including privacy.

ITAF: A Professional Practices Framework for IS Audit/Assurance, 2nd Edition: ITAF consists of compliance and good

practice setting guidance. It provides guidance on the design, conduct and reporting of IS audit and assurance assignments,

defines terms and concepts specific to IS assurance and, establishes standards that address IS audit and assurance

professional roles and responsibilities, knowledge, skills and diligence, conduct, and reporting requirements. ITAF provides a

single source through which IS audit and assurance professionals can seek guidance, research policies and procedures,obtain audit and assurance programmes and develop effective reports. While ITAF incorporates existing ISACA standards

and guidance, it has been designed to be a living document. As new guidance is developed and issued, it will be indexed

within the framework and made available to ISACA members and the public. To date, all current ISACA guidance has beenmapped to the framework.

Transforming Cybersecurity Using COBIT 5; The numbers of threats, risk scenarios and vulnerabilities have grownexponentially. Cybersecurity has evolved as a new field of interest, gaining political and societal attention. Given this

magnitude, the future tasks and responsibilities associated with cybersecurity will be essential to organizational survival and

profitability. This publication applies the COBIT 5 framework and its component publications to transforming cybersecurity

in a systemic way. First, the impacts of cybercrime and cyberwarfare on business and society are illustrated and put in

context. This section shows the rise in cost and frequency of security incidents, including APT attacks and other threats with

a critical impact and high intensity. Second, the transformation addresses security governance, security management andsecurity assurance. In accordance with the lens concept within COBIT 5, these sections cover all elements of the systemic

transformation and cybersecurity improvements.

Responding to Targeted Cyberattacks; A breach will eventually Occur! Is your enterprise prepared? The threat environment

has radically changed over the last decade. Most enterprises have not kept pace and lack the necessary fundamentals

required to prepare and plan against cyberattacks. To successfully expel attackers, the enterprise must be able to:Conduct an investigation

Feed threat intelligence into a detailed remediation/eradication plan

Execute the remediation/eradication plan

This publication covers a few of the basic concepts that will help answer the key questions posed by a new outlook: that a

breach will eventually occur.

Free CPE Using Your ISACA Membership

As a benefit of your ISACA membership, ISACA International is making free CPE available in four different formats. In fact, you

can secure up to 72 hours of CPE per year, as follows:

Earn one hour of CPE by taking and passing a quiz involving ISACA Journal. With six issues of ISACA Journal publishedeach year, you can earn up to six hours of CPE, without charge.

Earn three CPEs for each of 12 e-Symposia per year. That's 36 CPE credits available to you. Just sign-up for and attend

each e-symposium in its entirety and complete a short 10-question quiz at the end of each 3-hour event.

Earn up to 20 CPE by actively participating on an ISACA or ITGI board, committee, task force or as an officer of an

ISACA chapter.Earn one CPE for each hour of mentoring efforts directly related to coaching, reviewing or assisting an individual with

CISA/CISM/CGEIT/CRISC exam (up to 10 CPE).

As always, read the full details at http://www.isaca.org/Certification/Pages/How-to-Earn-CPE.aspx.

Laurie Flandrau, CISA

GM Financial

VP of Communications - ISACA North Texas Chapter

communications@isaca-northtexas.org​​

[Top]

Questions? Comments? Corrections? Please advise us at newsletter@isaca-northtexas.org

The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August through June. It is an objective of

the North Texas Chapter of ISACA to be a forum of free expression and interchange of ideas. Statements of position or expressions of opinion appearing herein are

those of the authors and not, by the fact of publication, necessarily those of ISACA or the North Texas Chapter. Likewise, the publication of any advertisement is

not construed to be an endorsement of the product or service offered unless specifically stated.

Copyright 2013 ISACA North Texas Chapter - all rights reserved