· Web viewCheck or Call (416) 410 - 2246 Remember to check the session location before attending since venues can change due to availability

Information Systems Audit and Control Association

TORONTO CHAPTER

2006/2007**Venue for the 2008 ISACA International Conference**

CONTINUING PROFESSIONAL EDUCATION CATALOGUE

TABLE OF CONTENTS

Page 2 A Message from the Continuing Education CommitteePage 3 2006/2007 Board MembersPage 4 Continuing Professional Education Series - SchedulePage 5 Continuing Professional Education Series - Registration FormPage 6 – 27 Continuing Professional Education Series - Session DescriptionsPage 28 Information on Certified Information Systems Auditor Designation Page 29 Information on Certified Information Systems Manager DesignationPage 30 ISACA Global Conferences and Educational ProgramsPage 31 Information Notification Form Page 32 Coupon Order FormPage 33 – 34 Membership Application FormPage 35 – 37 Chapter Committees

ISACA - Toronto Chapter 2006/2007 Continuing Professional Education

A Message from the Continuing Education Committee

The 2006/2007 ISACA Education year is just underway. The Continuing Education Committee (CEC) has planned a increasingly energetic program this year for all levels of interest and experience. We have prepared five breakfast sessions, 11 day long sessions, and two multi-day sessions.

Some of the sessions that will be presenting are as follows:

New and Topical – Responding To Incidents; Understanding Cobit; How To Stay Abreast Of IT In A Fast Paced World; Business Continuity Planning; Project Risk Management; IT Infrastructure Library (ITIL); How To Derive More Value From IT Compliance Work – Integrate Multiple Initiatives – SOX, Basel, ISO, Cobit, ITIL; and, Issues In Cyber Security.

Technical in nature – Mobile Computing; Fundamental Forensics For Auditors And Information Security Professionals; Securing Web Applications And Data; Secure VoIP Framework; and, Securing And Auditing Linux Systems

Audit Specific – The Auditor In 2020; Computer Forensics In 2006; SOX Compliance; Risk Analysis Tools; Successful Application Design: Auditing The Process Development Life Cycle; and, Alternate Tools And Techniques For Getting Audit Assurance;

Professional Development – Negotiation Skills; and, Presentation Power For Auditors;

The program committee is also working on another initiative which was identified from our member survey. That is the delivery of some of our technical sessions in other parts of the geographic area that we service. More information on these sessions will be available in the near future.

We would like to make everyone aware that the Toronto Chapter has been chosen to host the ISACA 2008 International Conference. As information becomes available we will keep our members informed.

We thank you for your continued support and patronage. This year we managed to avoid raising the prices for our ses-sions (including coupons) so your training dollars maintain value. Once again, best wishes to all ISACA members and we hope you can make it to the sessions over the coming year.

Regards,

Bob DarlingtonDirector, Continuing Education.

Disclaimer. Please note that the opinions expressed during our technical sessions are those of the presenter and do not necessarily express the opinions of ISACA International or the Toronto Chapter.

______________________________________________________________________________________________Telephone 416-410-2246 www.isaca.toronto.on.ca 2


2006/2007 BOARD MEMBERS

President Arturo Lopez PricewaterhouseCoopers [email protected]

Vice President Lisa Allen Deloitte & Touche LLP [email protected]

Secretary Jeff Bhagar Scotiabank [email protected]

Treasurer Larry Leung PricewaterhouseCoopers [email protected]

Director, CISA/CISM Training

Jennifer Boyce Deloitte & Touche LLP [email protected]

Director, Communications Ian Steingaszner Magna International Inc [email protected]

Director, Continuing Education

Bob Darlington Canadian Pacific Railway [email protected]

Director, Marketing Nina Vivera KPMG [email protected]

Director, Membership Margaret Lee-You Sun Life [email protected]

Director, Research and Academic Relations

Baskaran Rajamani Deloitte & Touche LLP [email protected]

Director, Technology Behram Faroogh Tactical Business Solutions

[email protected]

Immediate Past President Patricia Goh Scotiabank [email protected]

Administrative Assistant Rashna Daroga eAdmin Services Ltd. [email protected]

Chapter Mailing Address:Information Systems Audit and Control AssociationP.O. Box 6544,Station AToronto, OntarioM5W 1X4



2006/2007 CONTINUING PROFESSIONAL EDUCATION SERIES SCHEDULE

2006CEHrs Time Session Speaker Page

Sept 14 7.0 8:30am – 5:00pm Mobile Computing R. Hillery 6Sept 28 1.5 8:00am – 9:30am Breakfast Session - The Auditor In 2020 *** C. McGuffin 7

Oct 19 7.0 8:30am – 5:00pm Responding To Incidents E. Schultz 8

5:00pm – 8:30pm CISA/CISM Recognition And Networking Oct 23 & 24 14.0 8:30am – 5:00pm Understanding CObIT E. Guldentops 9Oct 26 1.5 8:00am – 9:30am Breakfast Session – Computer Forensics In 2006

****J. Conley 10

Nov 7 & 8 14.0 8:30am – 5:00pm Fundamental Forensics For Auditors And Information Security Professionals

A. Marcella 11

Nov 16 7.0 8:30am – 5:00pm SOX Compliance Sujauddawla 12Nov 30 1.5 8:00am – 9:30am Breakfast Session – How To Stay Abreast Of IT

In A Fast Paced World *** & ****B. Lewis 13

Dec 7 3.5 8:30am – 12:00pm Business Continuity Planning D. Jones & S. Chronowich

14

3.5 1:00pm – 5:00pm Securing Web Applications And Data T. Kissoon 152007Jan 18 3.5 8:30am – 12:00pm Negotiation Skills G. Furlong 16

3.5 1:00pm – 5:00pm Presentation Power For Auditors K. Burnett 17Feb 15 3.5 8:30am – 12:00pm Project Risk Management U. Malhotra 18 3.5 1:00pm – 5:00pm Risk Analysis Tools C. Kumar

Bommireddipalli19

Mar 8 3.5 8:30am – 12:00pm IT Infrastructure Library G. Geddes 203.5 1:00pm – 5:00pm Secure VoIP Framework I. King 21

Mar 29 1.5 8:00am – 9:30am Breakfast Session – TBD **TBD 3 days

21 8:30am – 4:30pm Canadian Conference on IT Audit, Governance And Security *

Various

April 12 7.0 8:30am – 5:00pm Successful Application Design: Auditing The Process Development Life Cycle

A. Marcella 22

May 3 1.5 8:00am – 9:30am Breakfast Session – TBD **

May 17 3.5 8:30am – 12:00pm Alternate Tools And Techniques For Getting Audit Assurance

J. Heaton 24

3.5 1:00pm – 5:00pm How To Derive More Value From IT Compliance Work

P. Tomczak 25

June 7 7.0 8:30am – 5:00pm Securing And Auditing Linux Systems C. McGuffin 26June 21 7.0 8:30am – 5:00pm Issues in Cyber Security I. Winkler 27

- 5:00pm – 6:00pm Annual General Meeting -6:00pm – 8:30pm CISA/CISM Recognition And Networking

Legend

* For more information on this conference and to register please go to the Canadian Institute of Chartered Accountantswebsite at WWW.CICA.CA.

** Breakfast Session topics will be announced closer to the date. Please watch the chapter website (www.isaca.toronto.on.ca) for a description of the session.

*** Joint Session with the Association of Certified General Accountants**** Joint Session with the Association of Certified Fraud Examiners CE Continuing Education HoursTBD To be Determined.


http://WWW.CICA.CA/


2006/2007 CONTINUING PROFESSIONAL EDUCATION SERIES

Session Members Non-Members

Two Day Seminars (8:30am – 5:00 pm) * $400 $500

All Day (8:30am – 5:00 pm) $160 $200

Morning (8:30 am – 12:00 pm)

Afternoon (1:00 pm – 5:00 pm)

$80 $100

Breakfast Sessions (8:00am – 9:30am) $25 $25

GST included. GST registration number: R123951709

* Advanced registration and payment is required for all multi-day sessions.

REGISTRATION FORM

SESSION NAME

DATE

Name & Email address

Company Telephone Member(Y/N)

AM/PM/ DAY

CISA(Y/N)

WAYS TO REGISTEREmail Rashna Daroga [email protected] or On-line form www.isaca.toronto.on.ca Call: (416) 410 – 2246 Make cheques payable to ISACA - Toronto Chapter. Charge cards will NOT be accepted.To avoid disappointment and to assist us with logistics, please register at least 2 days before the session.NEED UP-TO-DATE INFORMATION? Check www.isaca.toronto.on.ca or Call (416) 410 - 2246Remember to check the session location before attending since venues can change due to availability.


http://www.isaca.toronto.on.ca/

http://www.isaca.toronto.on.ca/


MOBILE COMPUTING

Thursday, September 14th, 2006 8:30am - 5:00pm 7.0 CE Hours

This session will address the following issues: What do we mean when we say “Mobile Computing”? How do we connect to the non-mobile infrastructure? We will explore the key issues through the building of a scenario of a typical “Road Warrior”

o Through this we will investigate examples of the risks including: Data Sniffing Web Defacements Lost devices and data losses

We will also discuss how the various risks can be managed, although not necessarily eliminated. Other areas that will be covered will be:

o How to manage the risks in the Home Office and telecommuting environments o How to effectively secure communications in the mobile worldo What are the risks related to attached storage and boot devices and how to deal with them.

We will also discuss audit techniques related to the mobile computing environment.

SPEAKER PROFILE

Bob Hillery is an experienced consultant in Information Systems Security Management. He is a founder and Senior Security Analyst with Intelguardians, LLC, of Washington, DC. His extensive background in computer networks has been gained through systems and security experience in the Navy and R&D. Bob has recently completed a National Institute of Justice funded project in cyber attack and forensic tool requirements as a Senior Researcher at the Institute for Security Technology Studies at Dartmouth College. He is on the Advisory Board for Champlain College’s Computer & Information Security degree program and for DataInquiry, LLC, providing corporate and legal digital forensic services. He has served as the Vice President of Academic Affairs & Chair of Information Systems Department for NH Community Technical College, and has significant experience with the political side of security incident handling. Bob has a Masters degree in both Strategic Studies and International Relations. His professional certifications include CISSP, GSEC, MCSE and the NSA IAM & IEM.



THE AUDITOR IN 2020

Thursday, September 28th, 2006 8:00am – 9:30am 1.5 CE Hours

The audit profession has gone through some interesting challenges over the past few years, thanks to accounting scandals, Sarbanes-Oxley, and the resulting focus on corporate governance and control structures. The spotlight has been on the audit profession to provide the necessary expertise in both control design and assurance services, which in turn has resulted in huge expenditures of audit time and effort.

Yet despite the increased attention, the auditor's role in this area has remained largely the same: the study and evaluation of internal controls. And since so many controls are computer-based, there continues to be a critical need for information systems auditors with their special set of skills and techniques.

There is no doubt all this will continue, at least in the short-term. But what about our long-term future? What will audit look like in, say, the year 2020? Will our SOX fixation fade? Will internal control be important to future businesses and economies? Will IS audit become more or less critical? What about the inevitable changes in technology? Will any of us have jobs??

Join Craig McGuffin in this breakfast session where we'll speculate, contemplate, and generally mull over the role of the auditor in 2020. As we gaze into the future, we'll consider issues such as:

How history will judge SOX and its potential successors, and how that will affect our work.

Whether financial markets will demand closer, more immediate, perhaps even continuous assurance over corporate activities, and how we can respond to meet those needs.

How changes in technology will help or hinder our activities.

What changes in society may alter expectations of the audit profession.

Whether we can be easily replaced.

SPEAKER PROFILE

Craig R. McGuffin, CA, CISA, CISM, is the Toronto-based principal of C.R. McGuffin Consulting Services, as well as a partner in 50 Mission Security Consortium. He has over 20 years of experience in the field of computer and network security. His B. Math (Hons.) from the University of Waterloo gave Craig a strong background in computer science, and he has worked as an information systems auditor and consultant, obtaining experience in all major computing and network environments.

Craig is the co-author of two books on networking technology, and is an award-winning and popular speaker on the use of computer technology, controls, and security delivered through university courses, ISACA training seminars, and conferences on six continents.



RESPONDING TO INCIDENTS

Thursday, October 19th, 2006 8:30am - 5:00pm 7.0 CE Hours

The world of computing, and in particular the Internet, is subject to a wide range of security-related threats. No matter what type and how many countermeasures are deployed, security-related incidents continually occur. Trends over the last few years in fact indicate that not only are more incidents occurring, but their impact and severity is greater. For example, perpetrators are gaining unauthorized access to banking systems using means that are very difficult to detect; resulting in huge losses. Incident response has become a mainstream activity, partly out of necessity, but also because increasingly more organizations realize that a security practice that does not achieve a reasonable balance between controls deployment and incident response cannot be effective. This one-day course provides a thorough coverage of the major aspects of responding to incidents, starting with planning and going on to day-by-day activities in which those who respond to incidents must engage. The goal is to teach attendees the things they need to do in real life operations. Developed by the founder of the Department of Energy’s Computer Incident Advisory Capability (CIAC), the course includes a variety of case studies and exercises to make it as real and relevant as possible. Topics covered include:

An introduction to incident response Sizing the threat A methodology for incident response Forming and managing an incident response team

The course is designed for a wide range of attendees. Much of the information deals with policies, procedures, and administrative/management considerations. Technical information is included at appropriate points in the course with the intention of helping system and network administrators know exactly what to do, as well as to familiarize less technically proficient attendees about some of the technical side of incident response. Having at least some knowledge of and practical experience with Windows, Unix and Linux systems as well as networking is helpful in understanding the technical side of the course, but is not required.

SPEAKER PROFILE

Eugene Schultz, Ph.D., CISSP is a Principal Engineer with Lawrence Berkeley National Laboratory and teaches computer science courses at the University of California at Berkeley. He is the author/co-author of four books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, and the latest on incident response. He has written over 100 published papers. Gene is the Editor-in-Chief of Computers and Security, and was the Editor-in-Chief of Information Security Bulletin from 2000 through 2001. He has received the NASA Technical Excellence Award; the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards; and has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory, he was the founder and original project manager of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC) and a co-founder of FIRST, the Forum of Incident Response and Security Teams. He has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.



UNDERSTANDING CObIT

October 23rd & 24th, 2006 8:30am - 5:00pm 14.0 CE Hours

Control Objectives for Information and related Technology (CobiT), helps meet the multiple needs of management by bridging the gaps between business risks, control needs and technical issues. CobiT has been developed as a generally acceptable standard for good Information Technology security and control practices that provides a reference framework for management, users, and IS auditors, but more importantly, a comprehensive guidance for management and business process owners. The CobiT framework provides a tool for the business process owner that facilitates the discharge of this responsibility.

This 2-day workshop on CobiT4.0 will comprise:

A short introduction to IT Governance, its alignment, value delivery, risk management and performance measurement, will be given. A major element of IT Governance is the adoption of a control framework for which CobiT is the internationally accepted standard. How IT Governance and CobiT relate will be explained.

A walkthrough of the CobiT framework and concepts will be performed, specifically covering its Control Objectives, Management Guidelines and Maturity Models. The walkthrough will show how this material is being used, and introduce new Control Practices.

CobiT will then be compared to other standards like BS7799. Results of some recent international surveys will help understand how enterprises use CobiT and how mature they are relative to the CobiT Maturity Models. A quick maturity assessment will be performed.

Other CobiT products such as CobiT Online, CobiT QuickStart, Implementation Guide and the CobiT Security Baseline, will be introduced, where time permits.

While IT Assurance aspects will be pointed out throughout the presentation, a specific separate section will cover the new assurance guide, its content and principles, and the detailed assurance steps developed for each control objective.

Short exercises on IT Governance awareness and how business goals drive IT goals will be handed out. A more elaborate exercise is also part of the workshop, for determining important control objectives based on business and IT goals and on how to formulate assurance activities for these control objectives. These exercises will focus on Project and Change Management, Security and on the IT organization.

SPEAKER PROFILE

Erik Guldentops is Executive Professor at the Management School of the University of Antwerp (UAMS), where he teaches on the subjects of IT risk management, control, security, audit and governance. He maintains a limited number of high level consulting relationships. He is Advisor to the Boards of the IT Governance Institute and the Information Systems Audit and Control Association (ISACA). He directs ISACA's CobiT Projects, with the objective to set, enhance and maintain the internationally accepted standard for control and governance over IT.

Erik is past president of the Benelux Chapter of ISACA and served as ISACA international executive vice president with responsibility for research. He holds graduate and post-graduate degrees in computer science and is a Certified Information Systems Auditor (CISA) as well as a Certified Information Security Manager (CISM).



COMPUTER FORENSICS IN 2006

Thursday, October 26th, 2006 8:00am – 9:30am 1.5 CE Hours

This session will focus on the description of specific computer forensic strategies for the recognition of fraud, as opposed to presenting simple generalities. These strategies will be reinforced through real life case studies that, will be both informative and amusing.

The areas that will be covered will be:

Forensic Fundamentals In House Developments - First Responder Training for I.T. Staff Countering Fraud with Forensics Case Studies involving Fraud and Digital Forensics The changing landscape of technology - new threats and new measures

SPEAKER PROFILE

Jason F. Conley began his career in the private law enforcement sector in 1992. He first developed strong investigation skills whilst working for various enterprises, including two Fortune 500 companies. His knack for utilizing technology in investigations led him to pursuing a career in computer forensics. Jason has been successful in applying computer forensics in various cases including those involving sensitive data theft, fraud, policy violations, harassment, threats, document tampering, sabotage, and much more. Jason is the President, Digital Forensics Canada and is also an associate professor at Seneca College, teaching computer forensics and data mining in the Forensic Accounting program. Jason is a strong advocate of personal development and professional networking. He is a Certified Protection Professional, and as a Certified Computer Examiner. Jason is a member of the International Society for Forensic Computer Examiners, High Technology Crime Investigation Association, ASIS International, Association of Certified Fraud Examiners, and Council of Private Investigators - Ontario.



FUNDAMENTAL FORENSICS FOR AUDITORS AND INFORMATION SECURITY PROFESSIONALS

November 7th & 8th, 2006 8:30am - 5:00pm 14 CE Hours

Description: Traditional forensics professionals use fingerprints, DNA typing, and ballistics analysis to make their case. Infosec professionals have to develop new tools for collecting, examining and evaluating data in an effort to establish intent, culpability, motive, means, methods and loss resulting from e-crimes. This overview seminar will introduce the attendee to the broad field of cyber forensics and present the various tools and techniques designed to maintain control over organizational assets, digital or otherwise. This seminar covers computer forensics theory and methodology. It is not limited to the use of a specific software tool.

Audience: This seminar is intended for internal and external audit professionals, General Counsels, Chief Security Officers, Controllers, InfoSec professionals, and anyone interested in obtaining a better understanding of cyber forensics.

Objectives: After completing this seminar, participants will be able to:

Identify, establish and maintain a physical "chain of custody" Pinpoint computer security risks and remedies Determine incident responses and priorities in a cyber forensic investigation Develop policies for the preservation of computer evidence Implement solid computer forensics processing methods and procedures Develop the documentation of computer forensics findings for executive management review

Dr. Marcella's seminar is based on research and findings from his book , Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, published by Auerbach Publications.

SPEAKER PROFILE

Dr. Albert J. Marcella, CISA brings a wealth of professional and academic experience in the field of IT audit and security to his role as CEO of Business Automation Consultants, a global information technology and management-consulting firm.

Prior to establishing the company in 1984, Dr. Marcella served as senior IT auditor for Dun & Bradstreet Corporation, where he established and formalized the organization's IT audit function. His distinguished career is also highlighted by positions at Hartford Insurance Company, serving as a systems audit consultant, and Uniroyal Corporation, where he worked as an IT auditor designing and executing operational, financial, and information technology audits in the United States and abroad.

In addition to his current duties as CEO of Business Automation Consultants, Dr. Marcella is a Professor of Management at Webster University, where he teaches doctoral and graduate computer resource management courses. Dr. Marcella also has previous academic experience with Millikin University, having taught Management Information Systems for 10 years, in the university's Tabor School of Business.

In 2000, Dr. Marcella earned honors from the Institute of Internal Auditors, which presented him with the Leon R. Radde Educator of the Year award, recognizing his contributions to the advancement of internal auditing and education in colleges and universities. He has taught IT audit seminar courses for the Institute of Internal Auditors (IIA); the Information Systems Audit and Control Association (ISACA); and has been recognized by the IIA as a Distinguished Adjunct Faculty Member, and by ISACA as a certified COBIT trainer.

Dr. Marcella earned a Ph.D. in Management with an emphasis in Information Technology from Walden University in Minneapolis; a Masters of Business Administration in Finance from the University of New Haven in Connecticut; and a Bachelor of Science degree in Business Administration with a dual major in Management Information Systems and Management from Bryant College in Rhode Island.


http://www.businessautomationconsultants.com/published-books.html

http://www.businessautomationconsultants.com/published-books.html


SOX COMPLIANCE

Thursday, November 16th, 2006 8:30am – 5:00pm 7.0 CE Hours

The Sarbanes-Oxley Act demonstrates firm resolve by the US Congress to improve corporate responsibility. The Act was created on July 30, 2003 to restore investor confidence in US public markets, which was damaged by business scandals and lapses in corporate governance. This Act directed the Securities and Exchange Commission (SEC) to establish the Public Corporation Accounting Oversight Board (PCAOB) to regulate public accountants and to issue auditing standards.

Since the implementation of the Act companies both large and small have been spending considerable time and effort in preparing themselves for their first assessment. This evaluation process however does not go away.

This session will cover the following areas: Identify the best practices, Key lessons learned, Common pitfalls that were experienced and how to avoid them, Obtaining a balance between application and general controls, The usage of baselines Sustainability End User Computing Optimizing the Process

SPEAKER PROFILE

Sujauddawla (Suja) is a Senior Manager of the Risk and Resilience group of KPMG where his primary role is to support SOX integrated audits from both an attestation and advisory standpoint.

Suja is a Chartered Accountant and is a member of the Ontario Institute of Chartered Accountants. He is also a member of the Institute of Chartered Accountants of England & Wales and is a Certified Information Systems Auditor.

He has considerable experience in the IT audit field having worked in a number of large public accounting firms in both England and Canada.



HOW TO STAY ABREAST OF IT IN A FAST PACED WORLD

Thursday, November 30th, 2006 8:00am – 9:30pm 1.5 CE Hours

Staying abreast of new technology in the fast paced world of IT is a challenge many of us face. Whether we are a CIO, a Director of IT or an auditor, events speed on regardless of our desire to slow things down and take a breather. On the one hand, it’s why many of us love this field; the constant change challenges and invigorates us, leaving us fresh and excited even after decades in the business. On the other hand, attempting to manage and control the incessant change in our organizations leaves us frustrated and tired. What a dichotomy!

How do we stay on top of it all when each year it seems new technology, new systems and new ideas continue to permeate the field? This breakfast session explores the issues, ideas and methods for maintaining our equilibrium, our zeal and our desire to keep current in this exciting field. From setting aside time each year, to using technology such as blogs and RSS, we explore the many ways we can expand our knowledge and stay abreast of the changing world of IT.

SPEAKER PROFILE

Barry Lewis is President of Cerberus, a firm specializing in the delivery of information security training and consulting. He has over 35 years of experience in the computer field, and has spent the last 25 years specializing in Information Security. He began work in the consulting field in 1987 and worked for two major audit firms before starting his own company in 1991 and joining Cerberus in 1993. Attempting to stay on top of the constant changes in IT has been a challenge he has taken on for over 30 years.

He is co-author of several books, including Computer Security for Dummies, Teach Yourself NT Server in 21 Days and Teach Yourself Windows 2000 Server in 21 Days. His newest book, Wireless Networks for Dummies, was released in September 2004. His books have been translated into more than a half-dozen languages around the world. Barry lectures and consults worldwide on numerous security topics, including Windows, wireless networking, security best practices, network penetration and Firewalls.



BUSINESS CONTINUITY PLANNING

Thursday, December 7th, 2006 8:30am – 12:00pm 3.5 CE Hours

Business Continuity Management (BCM) is the development of strategies, plans and actions that provide protection or alternate modes of operation should your enterprise experience an interruption. BCM includes the following activities:

Emergency management (addressing crisis situations) Work Area Recovery (traditional business continuity planning) Information technology applications and infrastructure recovery (often referred to as disaster recovery

planning) Continuity risk assessments.

The overall intention is to address significant business disruptions, which may take the form of a prolonged or permanent:

Loss of physical facilities. Loss of information (voice/data/image) technology services and vital records. Loss of essential personnel.

This session will deal with: What constitutes an adequate business continuity plan. What steps should be taken to create one. How can an auditor attest to the sufficiency of the BCP?

This session is primarily designed for qualified auditors who must conduct business continuity audits or participate in the program. However business continuity coordinators, plan administrators and other involved in BCP will benefit from the session.

Representatives from Protiviti, a leading independent risk consulting firm, will outline preparation and recommended activities for developing and executing Business Continuity Management. Our speakers will provide real life examples and ideas for implementing effective strategies and solutions for business continuity management

SPEAKER PROFILE

Darren Jones is an Associate Director in the Technology Risk practice of Protiviti, and is based in Toronto. He has over 17 years of industry and consulting experience, and has consistently been at the forefront of innovating security and risk management techniques on behalf of organizations around the world. Darren has worked in the capital markets, insurance, and banking and trust sectors. Prior to joining Protiviti, Darren was responsible for Security and Critical Infrastructure Solutions at the Toronto Stock Exchange. He also previously served on the senior executive of an international managed security services and incident response company, and was responsible for IT security related operations in twelve countries. Darren is responsible for providing our banking, capital markets and insurance clients in Canada with enterprise risk and technology risk consulting services. Darren has direct, hands-on experience in assisting large multinational financial organizations as well as entrepreneurial brokerages and mutual fund dealers in addressing their technology-based control challenges.

Shanda Chronowich is a Certified Business Continuity Planner (CBCP) and a manager with Protiviti based in Toronto. Shanda has worked extensively with leading organizations executing risk assessments, business impact analysis, strategy, plan development, training, testing, crisis management and assessment experience. Shanda has event management experience as well as a broad base of experience across several industry sectors. Shanda has over 16 years of Mutual Fund experience, with 11.5 years of Project Management, and 11 years of Business Continuity experience. Shanda’s continuity experience includes developing plans for regional sales offices, distribution centres,



call centres, and all other business units for Fidelity Investment Canada. As well Shanda has extensive Emergency Response and Event Management experience.

SECURING WEB APPLICATIONS AND DATA

Thursday, December 7th, 2006 1:00pm – 5:00pm 3.5 CE Hours

Protecting personal information that is collected, used or disclosed in certain circumstances has become a requirement through current legislation and internal organizational requirements.

Personal information can be collected through e-commerce mechanisms and should be adequately protected to ensure that confidential information is secure. Organizations need to ensure that consumer confidence, reputation risk and brand integrity are adequately addressed.

Today, the use of web applications is prevalent. During the last several years, there have been a significant surge in the volume of web application specific vulnerabilities that are disclosed to the public. Questions continue to be raised about the adequacy of protection for the ever-increasing array of sensitive data migrating its way to the web.

This session will outline the necessary requirements to ensure that the appropriate controls are in place to adequately secure web based applications and data. It will explore risk and control issues surrounding web applications and solutions to secure the infrastructure and enable control over data transmission and storage.

SPEAKER PROFILE

Tara Kissoon is a Senior Manager within Visa Canada’s Risk and Security services. Tara’s focus is on risk assessments, security reviews, key management and smart card technology. She represents Visa Canada on several International Working Groups. Tara has over 15 years experience in various aspects of Information Technology.

Tara’s diverse experience includes security reviews of complex network architectures, facilitating multi disciplined risk assessments, conducting various workshops and forums, and leading Information system audits specializing in system development, web architectures, application and database reviews and SOX compliance.

Tara taught at Seneca College, where she was responsible for the development, delivery, and evaluation of the information technology curriculum. She was appointed to represent her college on several advisory committees and developed the first security course at Seneca College.

Tara is a Certified Information System Security Professional (CISSP); a Certified Information Systems Auditor (CISA); and has achieved various industry certifications.



NEGOTIATION SKILLS

Thursday, January 18th, 2007 8:30am - 12:00pm 3.5 CE Hours

Being able to negotiate is a life skill that can benefit you not only as an auditor but in all walks of life. Understanding the key aspects of negotiation will help you:

Lead in the negotiation process Recognize the tactics the other side is employing Understand and avoid being manipulated Have a win-win outcome.

This workshop on the fundamentals of negotiation will include:

Types of Negotiation: To first identify interests, rights and power and know what are the three types of negotiation.

Nature of Negotiation and Conflict: Defines conflict, and what it costs, then how issues escalate. Defining/Analyzing Interests: Starting with the triangle of satisfaction and identifying common interests. Core Negotiation Skills: Identifying positions of interest and using developing skills.

SPEAKER PROFILE

Gary T Furlong C.Med, LL.M has extensive experience in negotiation, mediation, alternative dispute resolution, and conflict resolution. Gary is currently on the executive of the Ontario Bar Association ADR Section, is past President of the ADR Institute of Ontario, and holds a Master of Laws (LL.M.) in ADR from Osgoode Hall Law School, as well as the Chartered Mediator designation. Gary is a Fellow of the International Academy of Mediators. Gary has authored “The Conflict Resolution Toolbox”, for Wiley & Sons (2005), and “The Construction Dispute Resolution Handbook”, for LexisNexis (2004).

As a trainer and facilitator, Gary has worked with all levels of government and governmental agencies in the areas of training, negotiation, conflict assessment, mediation, and conflict systems design consulting. In addition, Gary has worked extensively with major Canadian corporations such as the Royal Bank of Canada and Purolator Courier. Gary teaches negotiation at Queen’s University Industrial Relations Centre, and teaches mediation at York University. Gary also teaches continuing education courses for the Project Manager’s Institute and the Ontario Real Estate Association.

As a mediator and neutral, Gary has worked in the areas of workplace, harassment, wrongful dismissal, commercial, shareholder, and organizational conflicts. Gary is one of the leading Partnering facilitators both in the construction industry, as well as in the area of joint ventures and strategic alliances. Gary is a mediator for a number of organizations, including the Ontario College of Teachers, the Law Society of Upper Canada, and the Professional Engineers of Ontario.

Gary is a graduate of Stanford University in California, and is a principal with Agree Dispute Resolution. Gary was recently awarded the McGowan National Award of Excellence by the ADR Institute of Canada.



PRESENTATION POWER FOR AUDITORS

Thursday, January 18th, 2007 1:00pm - 5:00pm 3.5 CE Hours

WHY? To learn how to become more powerful, professional and persuasive presenters.WHAT? The material covered addresses the three components – Voice, Words and Physiology.HOW? This highly participative session gives participants an opportunity to explore and practice leading edge tools and techniques that enhance any presentation, from the official stand up situation, to the team around the board room table, and the one-on-one communication. It also introduces tools that increase how much the listener retains by up to 200%.

Many professionals today have the knowledge required for their position. The challenge can come in how they deliver that knowledge clearly and effectively, and ensure they get the message across. This session will help individuals to develop their own style and empower themselves in this area.

Tools include: Voice techniques guaranteed to include your audience and not push them away Use of analogies to ensure message retention Heightened confidence in communicating with the client and managing the relationship.

SPEAKER PROFILE

Kelly Burnett is the President of Calyx Consulting. She is the author of the Calyx communication workshops and has over 10 years experience training business people to improve their presentation and communication skills.

Kelly is a graduate of the Royal Academy of Music, London, England, a certified NLP Instructor and a graduate of International NLP Trainers Training. She is also an experienced actress, director and playwright.

Kelly has brought the Power of Projection seminars to a wide range of clients which include MTS Allstream Inc, Canadian Tire Corp, Canada Revenue Corporation and Imax Corp.



PROJECT RISK MANAGEMENT

Thursday, February 15th, 2007 8:30am - 12:00pm 3.5 CE Hours

Competitive environment, demanding customers, increased regulatory requirements and the complexities of business only corroborate the importance of effective project management in order to achieve business success.

While some risks are common across projects, there are others which are specific to the circumstance. What are the critical factors that make one project a success and another one a failure? It is certain every project will have unknowns, the key though is how to predict & manage for them.

With failure not an option, the successful delivery of projects is critical to all organizations regardless of size. It is critical to manage IT project risks given the extensive reliance of business on IT.

This session will explore the Types of IT project risk Risk mitigation techniques Available tools Generic application of risk management techniques.

SPEAKER PROFILE

Ujjwal Malhotra is a Certified Project Management Professional and a Certified Information Systems Auditor. Ujjwal has over 10 years of experience in profession & industry. Ujjwal has expertise in Information Technology consulting; Project Management; Risk management; Business Process Analysis and Improvements; Controls assurance and auditing; Data analysis and transformation. Ujjwal has assessed and analyzed IT environments with respect to IT risk, IT organizational structure, IT processes, IT GAP analysis and the selection and deployment of technologies to meet an organization’s business needs. Ujjwal has analyzed various (both financial and operational) processes to identify process improvement and re-engineering opportunities.

Ujjwal has a detailed knowledge of IT governance models and IT audit methodologies, including the CoBIT and COSO frameworks, and has applied his knowledge and experience in assisting organizations achieve the Sarbanes-Oxley (SOX) 404 requirements. Ujjwal is with Royal Bank Financial Group as Senior Program Manager.



RISK ANALYSIS TOOLS

Thursday, February 15th, 2007 1:00pm - 5:00pm 3.5 CE Hours

As Technology opens up new business opportunities, it also magnifies the risks both in terms of complexity and magnitude. While the Millennium brings with it New Paradigms for Information Management, it is the successful Management of IS Risks that ensure organizational survival in the long run.

What is it then that often goes wrong? In the pursuit for technological excellence and business leadership, are we ignoring the basic issues of IS RISK MANAGEMENT? What is the role of BEST PRACTISES? How do we translate Best Practices into action points? And what is the role of IS governance? These will be some of the issues the session will seek to address.

SPEAKER PROFILE

Charan Kumar Bommireddipalli is a Certified Information Systems Auditor, a Fellow of the Institute of Chartered Accountant of India, a Certified Fraud Examiner and a Certified Internal Auditor. He has over 17 years of experience in profession & industry. Charan currently serves as the member of the program committee for the North American CACS conference and is a member of the Toronto Chapter - University Relations and Research Committee. He has previously served on the Education Board at ISACA International, the ASIA CACS Conference Committees and is the Founding President of the New Delhi Chapter of ISACA. Charan’s previous speaking engagements include the Oceania CACS – Australia, ASIA CACS and Euro CACS. He is currently with KPMG Toronto.



IT INFRASTRUCTURE LIBRARY (ITIL)

Thursday, March 8th, 2007 8:30am - 12:00pm 3.5 CE Hours

This half day workshop is an overview of the ITIL framework for Executive Management and Auditors who wish to better understand the value proposition of an IT Service Management approach. Key questions such as cost, benefits and proven strategies for success will be covered.

The purpose of this workshop is to educate and inform using case studies from organizations around the globe that have successfully justified and implemented ITIL. The key to ensuring your ROI is to drastically reduce the learning curve on such a project by leveraging the lessons from other successful implementations. This requires a balanced perspective of the People, Process and Product elements of your Service Improvement Project.

This workshop demonstrates the Strategic, Tactical and Operational benefits of such an undertaking and includes practical advice for Senior Management to better understand their options.Specifically the following areas are covered:

Business and IT alignment A basic overview of the ITIL framework How to use process maturity as a benchmark to identify your current status and target specific improvements How to build a business case for IT Service Management Strategies for costing and accounting IT services Proven techniques for applying best practices How to ensure the Project Management activities are aligned with Service Management goals Organizational design and cultural change implications The role of technology and how to maximize it’s value How to create a measurement framework for continuous improvement Open discussion on customer specific issues and considerations

The goal of the session is to identify common issues and suggested approaches in the context of an IT ServiceManagement implementation.

SPEAKER PROFILE

Gerry Geddes is an IT management and support professional with over 27 years experience who has managed large IT projects, run IT Divisions and provided Executive Consulting and Education to many Fortune 500 IT leaders globally. He represents Quint Wellington Redwood at speaking engagements internationally. He is accountable for the oversight and management of major implementation projects globally.

Recognized as one of the top IT Service Management consultants in the world, Gerry has extensive experience as a conference speaker and educator. He is a business process specialist focusing on Business and IT Alignment and Organizational Change Management. This involves a process of benchmarking, analysis and recommendations followed by coaching, mentoring, and the transfer of knowledge.



SECURE VoIP FRAMEWORK

Thursday, March 8th, 2007 1:00pm - 5:00pm 3.5 CE Hours

Voice over IP (VoIP) (the transmission of voice over packet-switched IP networks) is one of the most important emerging trends in telecommunications. As with many new technologies, VoIP introduces both security risks and opportunities. VoIP has a very different architecture from traditional circuit-based telephony, and these differences result in significant security issues. Lower cost and greater flexibility are among the promises of VoIP for the enterprise, but VoIP should not be installed without careful consideration of the security problems introduced. This seminar explains some challenges of VoIP security for agency and commercial users of VoIP, and outlines steps needed to help secure an organization’s VoIP network.

SPEAKER PROFILE

Ian King is currently a Senior Consultant at HiTech Communication Systems, based in Toronto. As a seasoned consultant, Ian has established his technology professional services practice to specialize in Telecommunications and Security strategy development for forward-looking clients.

He has a proven track record with over 10 years of accomplishments in multinational telecommunications, enterprise software and ICT professional services. He is a frequent seminar leader and presenter at client demonstrations and understands the challenges of integrating communication technologies with the corporate framework and business practice.



SUCCESSFUL APPLICATION DESIGN:AUDITING THE PROCESS DEVELOPMENT LIFE CYCLE

Thursday, April 12th, 2007 8:30am – 5:00pm 7.0 CE Hours

Description: Managing software projects are difficult under the best circumstances. You can reduce the difficulty and improve your organization's chances of success by applying known industry best practices for software project management. The process development life cycle (PDLC) is a common methodology for systems development in many organizations. This methodology features distinctive phases, each of which records the progress of the systems analysis and design project. The potential for abuse, inefficiencies, and the potential to deliver application systems, which do not meet the needs of the end-user, warrants the involvement of IT and user management as well as the audit function in most all software development efforts.

This seminar will examine the basic elements of the PDLC process and how the process of designing new systems has (and continues to) evolve. Attendees will also discuss strategic system design methodologies, and how the auditor can be an effective change agent within this process.

Audience: This seminar is intended for internal and external audit professionals, project managers and project leaders who wish to learn better ways to plan and manage their software development projects, Controllers and their management who have responsibility for funding new application development, application end users charged with project team responsibilities, and anyone interested in obtaining a better understanding of and general introduction to auditing and controlling application development.

Objectives: After completing this seminar, participants will be able to:

Interpret the requirements for PDLC application development from a base of confidence and understanding Confidently advise management on specific controls necessary for successful application development Find managing application development projects easier Discuss with both end users and management, how successful systems are developed and maintained Lay the foundation for successful application development projects, which includes planning the project,

estimating the work, and tracking progress Discuss the Capability Maturity Model (CMM) as a model of management practices for improving the quality

of software Recognize that one of the goals of the PDLC approach is total quality assurance through process-related

improvements throughout an entire organization

SPEAKER PROFILE

Dr. Albert J. Marcella, CISA brings a wealth of professional and academic experience in the field of IT audit and security to his role as CEO of Business Automation Consultants, a global information technology and management-consulting firm.

Prior to establishing the company in 1984, Dr. Marcella served as senior IT auditor for Dun & Bradstreet Corporation, where he established and formalized the organization's IT audit function. His distinguished career is also highlighted by positions at Hartford Insurance Company, serving as a systems audit consultant, and Uniroyal Corporation, where he worked as an IT auditor designing and executing operational, financial, and information technology audits in the United States and abroad.

In addition to his current duties as CEO of Business Automation Consultants, Dr. Marcella is a Professor of Management at Webster University, where he teaches doctoral and graduate computer resource management courses. Dr. Marcella also has previous academic experience with Millikin University, having taught Management Information Systems for 10 years, in the university's Tabor School of Business.



In 2000, Dr. Marcella earned honors from the Institute of Internal Auditors, which presented him with the Leon R. Radde Educator of the Year award, recognizing his contributions to the advancement of internal auditing and education in colleges and universities. He has also taught IT audit seminar courses for the Institute of Internal Auditors (IIA); the Information Systems Audit and Control Association (ISACA); and has been recognized by the IIA as a Distinguished Adjunct Faculty Member, and by ISACA as a certified COBIT trainer.

Dr. Marcella earned a Ph.D. in Management with an emphasis in Information Technology from Walden University in Minneapolis; a Masters of Business Administration in Finance from the University of New Haven in Connecticut; and a Bachelor of Science degree in Business Administration with a dual major in Management Information Systems and Management from Bryant College in Rhode Island.



ALTERNATE TOOLS AND TECHNIQUES FOR GETTING AUDIT ASSURANCE

Thursday, May 17th, 2007 8:30am - 12:00pm 3.5 CE Hours

The focus on corporate governance in today’s marketplace is increasing the need for organizations to be vigilant across all aspects of their business. Requirements for compliance with the Sarbanes-Oxley Act and CEO/CFO Certification of internal controls have forced internal audit and internal control groups to look for more efficient and effective methods of gaining assurance.

Periodic manual testing of control effectiveness is a significant effort for organizations and given the limited time and resources available, organizations are looking for ways to sustain their efforts and optimize the overall cost of compliance. Alternative approaches, include using technology to continuously monitor controls. Although not an entirely new concept, it is emerging as a popular technique since it is a key ingredient of sustainable compliance and helps organizations achieve it in an efficient and cost effective manner.

This session will discuss concepts, tools and techniques that allow organizations to obtain assurance on their control environment.

SPEAKER PROFILE

John Heaton is a Senior Manager within Deloitte’s Enterprise Risk services, where he is focused on SOX Sustainability. Previously he was with consulting firms where he was responsible for the setup of the Application Support Centres in North America and Europe, and provided remote application maintenance and development services to clients across North America using global resources from Taiwan, China, India, Australia and New Zealand. He has over 18 years of business experience in North America, South America and Europe. John has over ten years of experience with ERP Applications, including implementing and assessing system security, in addition to over four years of experience designing and managing post-implementation support teams. John is a Chartered Accountant, a Certified Information Systems Security Professional and a Certified Information Systems Auditor.



HOW TO DERIVE MORE VALUE FROM IT COMPLIANCE WORK – INTEGRATE MULTIPLE INITIATIVES – SOX, BASEL, ISO, COBIT, ITIL

Thursday, May 17th, 2007 1:00pm - 5:00pm 3.5 CE Hours

IT organizations are faced with many pressures - to meet the demands of the business, reduce cost, comply with regulations and manage risk. Sarbanes-Oxley and Bill 198 are common regulatory requirements with which most public companies need to comply. There are many frameworks that management can use to support their compliance objectives as well as meet the needs of the business, reduce cost, and manage risk. Some of the most common frameworks are:

Control objectives for information and related Technology Val IT Information Technology Infrastructure Library ISO 17799 for information security Capability Maturity Model

Often compliance and process improvement initiatives are treated separately, without a common approach or strategy leading to duplication of effort and systems. Multiple compliance initiatives may also result in excessive project costs and wasteful expenditures.

In this session we will explore:

IT pressures and challenges Business regulatory environment and IT implications, including Sarbanes-Oxley, Bill 198 and Base II IT frameworks and inter-relationships IT governance and improvement approaches

o Assessing and improving IT governance and processeso Integrating multiple IT compliance and process improvement initiatives using industry-accepted

frameworkso Role of the CIO and business managemento Role of internal audito Key success factors for your governance and process improvement initiative

SPEAKER PROFILE

Przemek Tomczak is an Associate Director in the Technology Risk practice of Protiviti in Toronto. He is a Chartered Accountant and a CISA with a B.Commerce from the University of Toronto. His experience includes helping customers manage risk and improve the effectiveness of Information Technology. He is currently assisting clients in complying with Sarbanes-Oxley, Bill 198 and Canadian Investor Confidence Measures, improving IT governance, processes, and controls. Przemek speaks regularly on internal control over financial reporting, IT governance, compliance risks and controls.

His past work history includes experience as a Principal Consultant at PricewaterhouseCoopers, Principal Consultant at EMC, and a Manager at Cap Gemini Outsourcing Services in Toronto.



SECURING AND AUDITING LINUX SYSTEMS

Thursday, June 7th, 2007 8:30am – 5:00pm 7.0 CE Hours

Use of the Linux Operating System is increasingly popular -- some estimates indicate that close to one-third of data centres include some use of Linux, especially in support of an organization's web sites and web-enabled applications. As a result, the security of Linux is vital to the protection over access to these important business systems and the information they process. But can Linux be adequately secured? And how does one audit a Linux system to see if proper security is in place?

During this session, you will learn the answers to important questions about Linux security, and receive practical advice on how to audit a Linux system. The seminar starts with a brief introduction to key Linux concepts and facilities. Next, we examine Linux security facilities for user identification and authentication, access control, and system monitoring. Common security problems and exposures are highlighted, along with Linux-based tools and techniques that can be used to find weaknesses and assess the state of system security. In-class demonstrations using a Linux system will help convey and reinforce important concepts.

SPEAKER PROFILE

Craig R. McGuffin, CA, CISA, CISM, is the Toronto-based principal of C.R. McGuffin Consulting Services, as well as a partner in 50 Mission Security Consortium. He has over 20 years of experience in the field of computer and network security. His B. Math (Hons.) from the University of Waterloo gave Craig a strong background in computer science, and he has worked as an information systems auditor and consultant, obtaining experience in all major computing and network environments.

Craig is the co-author of two books on networking technology, and is an award-winning and popular speaker on the use of computer technology, controls, and security delivered through university courses, ISACA training seminars, and conferences on six continents.



ISSUES IN CYBER SECURITY

Thursday, June 21st , 2007 8:30am – 5:00pm 7.0 CE Hours

Ira Winkler will be presenting a number of mini-seminars on security, espionage, and risk management. Ira’s underlying philosophy is that security is a process. It is not about focusing on the prevention of incidents, but on the management of risk. Throughout this program, Ira will discuss how losses occur, from a spy’s perspective and then discusses how commercial organizations can apply this information and lessons learned from the Intelligence Community to implement cost effective Risk Management/security programs. This program includes some of Ira’s most notorious case studies and personal experiences.

This session also includes Ira’s very popular “Zen and the Art of Cybersecurity” presentation, which discusses a variety of issues related to information security with regard to how to think about and apply information security.

SPEAKER PROFILE

Ira Winkler, CISSP is President of the Internet Security Advisors Group. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He obtained this status by identifying common trends in the way information and computer systems are compromised. He did this by performing penetration tests, where he physically and technically “broke into” some of the largest companies in the World. He also investigated crimes against these companies, and identified cost effective ways for them to protect their information and computer infrastructure. He continues to perform these penetration tests, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association.

Ira is the author of the riveting, entertaining, and educational book, Spies Among Us. He is also a regular contributor to ComputerWorld.com.

Mr. Winkler began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst. He moved onto support other US and overseas government military and intelligence agencies. After leaving government service, he went on to serve as President of the Internet Security Advisors Group and Director of Technology of the National Computer Security Association. He was also on the Graduate and Undergraduate faculties of the Johns Hopkins University and the University of Maryland.

Mr. Winkler has written the book Corporate Espionage, which has been described as the bible of the Information Security field, and the bestselling Through the Eyes of the Enemy. Both books address the threats that companies face protecting their information. He has also written over 100 professional and trade articles. He frequently appears on TV on every continent and has been featured in magazines and newspapers including Forbes, USA Today, Wall Street Journal, San Francisco Chronicle, Washington Post, Planet Internet, and Business 2.0.



CERTIFIED INFORMATION SYSTEMS AUDITOR (CISA) DESIGNATION

Many corporations believe that the employment of a Certified Information Systems Auditor (CISA) is one of the most important components of safeguarding an organization’s assets. Information technology changes rapidly, and vulnerabilities and potential exposures must be kept in check. CISA certified professionals bring to their organizations and their clients valuable knowledge of the most effective information systems (IS) audit, control and security methodologies and an awareness of the unique requirements particular to certain IS environments.

From Switzerland to Singapore, from Australia to Argentina, from the United States to the United Kingdom, more than 50,000 professionals worldwide have earned the CISA designation.

This achievement recognizes their expertise, signals their desire to serve their organization with distinction, and shows their intent to accomplish this through a program that has global respect. The CISA designation is the only professional certification program devoted exclusively to the field of IS audit, control and security. It is the only one in this field with global recognition.

The CISA program, sponsored by the Information Systems Audit and Control Association (ISACA), has a respected track record for serving professionals and their organizations. It was established in 1978 to:

Evaluate individual competence in the field; Provide a mechanism for maintaining that competence; and Give management criteria for personnel selection and promotion.

A CISA professional has passed a rigorous examination and has at least five years of IS audit, control or security experience (or equivalent teaching experience). To retain certification, the CISA professional must participate in continuing education programs, which ensures prompt updates of fast-moving technology and its applications.

The CISA examination takes place twice a year in June and December. The Toronto ISACA Chapter will be offering preparation courses for the CISA exams in November 2006 and Spring 2007. The preparation courses are designed to prepare the exam writer by following a structured curriculum that mirrors the CISA exam content and provides helpful study tips. Each preparation course is led by qualified industry instructors who will assist in providing clarification and real life examples to the CISA Review Manual content. For more information regarding the preparation, courses please send your inquiries to [email protected].


mailto:[email protected]


CERTIFIED INFORMATION SYSTEMS MANAGER (CISM) DESIGNATION

“The security of the knowledge and information stored on our information systems is critical in today’s changing environment. The information security professional is playing an increasingly important role in developing policies, programs and people to help assure the security of these systems. The challenge to business and government organizations is to determine whether they are qualified, competent information security professionals to ensure that their systems meet legal requirements and are secure from unauthorized access and destruction by hackers and terrorists.” - Robert S. Roussey, CPA, University of Southern California.

The CISM (Certified Information Security Manager) is ISACA’s groundbreaking credential earned by over 5,200 pro-fessionals in its first two years. It is for the individual who must maintain a view of the "big picture" by managing, de -signing, overseeing and assessing an enterprise's information security.

The CISM is not an entry-level certification. It is specifically developed for the information security professional who has acquired proven experience working on the “front lines” of information security. Individuals with five years or more experience managing the information security function as an enterprise or performing such duties will find the CISM most tailored to their knowledge and skills.

The CISM defines the core competencies and international standards of performance that information security managers are expected to master. It provides executive management with the assurance that those who have earned it have the experience and knowledge to offer effective security management and consulting services.

The CISM examination measures expertise in the following areas: Information Security Governance Risk Management Information Security Program Management Information Security Management, and Response Management

A CISM professional has passed a rigorous examination and has at least five years of Information security experience (or equivalent teaching experience). To retain certification, the CISM professional must participate in continuing education programs, which ensures prompt updates of fast-moving technology and its applications.

The CISM examination takes place twice a year in June and December.

The Toronto ISACA Chapter will be offering preparation courses for the CISM exams in November 2006 and Spring 2007. The preparation courses are designed to prepare the exam writer by following a structured curriculum that mirrors the CISM exam content and provides helpful study tips. Each preparation course is led by qualified industry instructors who will assist in providing clarification and real life examples to the CISM Review Manual content. For more information regarding the preparation, courses please send your inquiries to [email protected].




ISACA GLOBAL CONFERENCES AND EDUCATIONAL PROGRAMS

Event Dates LocationISACA Training Week 28 August – September

1, 2006Ottawa, On, CANADA

Asia-Pacific CACS 31 August – September 1, 2006

Bangalore, INDIA

Information Security Management Conference

18 – 20 September, 2006

Caesars Palace, Las Vegas, NV, USA

Network Security Conference 18 – 20 September, 2006

Caesars Palace, Las Vegas, NV, USA

COBIT User Convention 28 – 28 September, 2006

Washington, DC, USA

ISACA Training Week 9 – 13 October, 2006 Budapest, HUNGARY

Sarbanes-Oxley Symposium 12 – 13 October, 2006 Washington DC, USALatin CACS 22 – 25 October, 2006 Bogota, COLOMBIA

COBIT User Convention 26 – 27 October, 2006 Copenhagen, DENMARK

COBIT User Convention 2 – 3 November, 2006 Canberra, AUSTRALIA

ISACA Training Week 6 – 10 November, 2006 Dallas, TX, USA

Network Security Conference 13 – 15 November, 2006

Amsterdam, THE NETHERLANDS

Information Security Management Conference

13 – 15 November, 2006

Amsterdam, THE NETHERLANDS

ISACA Training Week 4 – 8 December, 2006 Orlando, FL, USA

EuroCACS 18 – 21 March, 2007 Vienna, AUSTRIA

North American CACS 22 – 26 April, 2007 Gaylord Texan Resort & Convention Center, Grapevine, TX, USA

International Conference July 2007 SINGAPORE



INFORMATION NOTIFICATION FORM

Dear Reader,

Please fill out the following form if you or someone else would like to be on our mailing list. We will send out a FREE copy of this booklet and fax/email our monthly notification of upcoming sessions and events.

Name(Last) (First) (Middle)

Company Name

Address(Number) (Street)

(City) (Province) (Postal Code)

Business Phone ( )

Home Phone ( )

FAX ( )

E-Mail

Send me a copy of the 2006/2007 Continuing Professional Education Session booklet.

Include me on the monthly FAX EMAIL notification list of upcoming events.

Contact: Rashna DarogaEmail: [email protected]

Mail: Information Systems Audit and Control Association ISACA - Toronto ChapterP.O. Box 6544Station AToronto, OntarioM5W 1X4



COUPON ORDER FORM

Company Name:

Address:

Contact Person:

Telephone:

Fax:

E-mail:

Order Details

Quantity Total Cost

Book Type MA @ $750 (Member, 10 Half-day session coupons)

Book Type NA @ $950 (Non-Member, 10 Half-day session coupons)

TOTAL

GST included. GST Registration No. R123951709.

Please make cheques payable to The ISACA - Toronto Chapter. Coupons are not accepted for Joint or Multi-day Sessions. Coupon Expiry Date: June 30th, 2008.

Mail completed form and cheque to: Information Systems Audit and Control AssociationToronto Chapter - Program Committeec/o Cheryl KickseeMetro Toronto Police4620 Finch Avenue EastToronto, Ontario M1S 4G2







CHAPTER COMMITTEES

PRESIDENT

Arturo Lopez, President PricewaterhouseCoopers Inc. 416-941-8219 [email protected]

Romina Carlorosi PricewaterhouseCoopers Inc. 416-941-8383 x14249

[email protected]

Toni Mesi PricewaterhouseCoopers Inc. 416-941-8383 x14214

[email protected]

VICE PRESIDENT

Lisa Allen, Vice President Deloitte & Touche LLP 416-601-6441 [email protected]

SECRETARY

Jeff Bhagar, Secretary Scotiabank 416-933-2554 [email protected]

Eduardo Francia Scotiabank 416-866-7219 [email protected]

Ron McLean Scotiabank 416-866-4025 [email protected]

TREASURY

Larry Leung, Treasurer PricewaterhouseCoopers Inc. 416-218-1481 [email protected]

Usuff Currim PricewaterhouseCoopers Inc. 416-228-1940 [email protected]

CERTIFIED INFORMATION SYSTEMS AUDITOR / CERTIFIED INFORMATION SECURITY MANAGER

Jennifer Boyce, Director Deloitte and Touche LLP 416-643-8276 [email protected]

COMMUNICATIONS

Ian Steingaszner, Director Magna International Inc. 905-726-7408 [email protected]

Raj Devadas KPMG 416-777-8458 [email protected]

CONTINUING EDUCATION COMMITTEE

Bob Darlington, Director Canadian Pacific Railway 416-595-3242 [email protected]





George Davis - Registrar Retired 705-487-3130 [email protected]

Russell Dyer RBC Financial Group 416-955-6732 russell.dyer@ rbc.com

Laureen Ellis Scotiabank 416-866-5295 [email protected]

John Heaton Deloitte & Touche 416-643-8225 [email protected]

Cheryl Kicksee Toronto Police Services 416-808-4858 [email protected]

Ian King Net Intergration 416-995-7162 [email protected]

Raul Mangalindan KPMG 416-777-3385 [email protected]

Matt Marshall 416-694-3843 [email protected]

Mohammad Sharifullah KPMG 416-777-8444 [email protected]

Srinivas Tejomurty Protiviti 647-288-4940 [email protected]

MARKETING

Nina Vivera, Director KPMG 416-777-3033 [email protected]

Raj Devadas KPMG 416-777-8458 [email protected]

Karen Nemani 2Keys Corporation 416-577-3222 [email protected]

Denzil Luna Management Board

Secretariat

416-325-1138 [email protected]

Ben Omiyi KPMG 416-777-8914 [email protected]

MEMBERSHIP

Margaret Lee-You, Director

Sun Life 416-204-3756 [email protected]

RESEARCH AND UNIVERSITY RELATIONS

Baskaran Rajamani, Director

Deloitte & Touche LLP 416-643-8457 [email protected]

Jager Bhoohe CGI 905-363-3825 [email protected]

Paul Johns Deloitte & Touche LLP 416-601-5850 [email protected]

Dharmesh Joshi Deloitte & Touche LLP 416-775-7298 [email protected]

Cameron Jue Deloitte & Touche LLP 416-601-5275 [email protected]

Charan Kumar KPMG 416-777-8997 [email protected]

Kush Sharma Deloitte & Touche LLP 416-601-6634 [email protected]










TECHNOLOGY

Behram Faroogh, Director Tactical Business Solutions 416-930-3530 [email protected]

Sanjev Chib Moneris Solutions 416-734-1726 [email protected]

Patricia Goh Bank of Nova Scotia 416-866-6507 [email protected]

PAST PRESIDENT

Patricia Goh - Immediate Past President

Scotiabank 416-866-6507 [email protected]

Marian Soon Shiong Scotiabank 416-866-6719 [email protected] Li City of Toronto Rhodora Pangilinan Scotiabank 416-866-7685 [email protected]

CHAPTER ADMINISTRATIVE SUPPORT

Rashna Daroga eAdmin Services Ltd 905-501-8798 [email protected]



Documents

· Web viewCheck or Call (416) 410 - 2246 Remember to check the session location before attending since venues can change due to availability