2019 May Training Session When: May 1, 2019 - 1:00 PM - 4:00 PM ESTWhere: RTP HQRegistration: WebsiteCost: ISACA-RTC Members - Free (Log in to register to ensure discounted fee) Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35 All Others: $50CPEs: Upto 3Handouts: Will Be Uploaded When available Session I - Cybersecurity Risk Management and Network Security Auditing Cybersecurity threats are becoming more prevalent and breaches are highly publicized. Board of Directors and Audit Committees alike are continuing to ask how management is addressing this threat and how they are managing the risk of a data breach. Leveraging the NIST Cybersecurity Framework and approaches to cybersecurity risk quantification via the Factor Analysis of Information Risk (FAIR) Methodology, we have helped clients simplify the concepts of cybersecurity, show members how their organization ranks amongst their peers in relation to InfoSec maturity, and provide management targeted recommendations on how to prioritize and address gaps within their controls to ultimately mitigate risks to the company. We will discuss this approach, and leading practices to effectively audit and assess technical network security controls, such as logging and monitoring, configuration management, and incident response. Speaker: Daniel Stone, CISA, CPA Daniel is a Senior Manager within the Internal Audit and Financial Advisory (IAFA) practice focused on Technology Audit. Daniel has 6 years of experience in leading and performing IT general and application controls assessments for SOX compliance. Daniel also has significant experience with Cybersecurity Risk Assessments, primarily using the NIST Cybersecurity Framework, and audits of technical security controls including hardware and network device configuration management, encryption, vulnerability management, and identity management. Session II - Topic: Robotic Process Automation, Process Mining and Next Generation Auditing The objectives of "Next Gen" IA functions may be straightforward, but the means by which they achieve these objectives include a range of innovative approaches and tools, that must be tailored to specific organizations and their needs. Process mining tools can fundamentally change the way that we analyze processes and perform audits with automation in walkthroughs, revealing process variants and complexities, and identifying areas that do not comply with intended process design. Along with potential areas for Robotic Process Automation (RPA) within internal audits own activities, the audit function should have a role in identifying risks and providing guidance around control and design enhancements across the adoption of RPA in the business. Speaker: Gregg Wishna, CISA Gregg is an Associate Director in Protiviti’s Internal Audit and Financial Advisory group. Gregg has over 13 years consulting and audit experience with Protiviti; leading projects and working closely with Senior Management on Internal Audit and Data Analytics initiatives. In addition to Internal Audit, Gregg has led several Data Management consulting projects, with a focus on Data Governance, Business Intelligence, and Process Improvement. In this capacity, Gregg has helped to develop strategy and new programs to enhance the overall use of organization data through new technologies and processes to produce impactful reporting and analytics capabilities for the business and internal audit. This event is related to Training Internal Audit
2019 May Training Session When: May 1, 2019 - 1:00 PM - 4:00 PM ESTWhere: RTP HQRegistration: WebsiteCost: ISACA-RTC Members - Free (Log in to register to ensure discounted fee) Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35 All Others: $50CPEs: Upto 3Handouts: Will Be Uploaded When available Session I - Cybersecurity Risk Management and Network Security Auditing Cybersecurity threats are becoming more prevalent and breaches are highly publicized. Board of Directors and Audit Committees alike are continuing to ask how management is addressing this threat and how they are managing the risk of a data breach. Leveraging the NIST Cybersecurity Framework and approaches to cybersecurity risk quantification via the Factor Analysis of Information Risk (FAIR) Methodology, we have helped clients simplify the concepts of cybersecurity, show members how their organization ranks amongst their peers in relation to InfoSec maturity, and provide management targeted recommendations on how to prioritize and address gaps within their controls to ultimately mitigate risks to the company. We will discuss this approach, and leading practices to effectively audit and assess technical network security controls, such as logging and monitoring, configuration management, and incident response. Speaker: Daniel Stone, CISA, CPA Daniel is a Senior Manager within the Internal Audit and Financial Advisory (IAFA) practice focused on Technology Audit. Daniel has 6 years of experience in leading and performing IT general and application controls assessments for SOX compliance. Daniel also has significant experience with Cybersecurity Risk Assessments, primarily using the NIST Cybersecurity Framework, and audits of technical security controls including hardware and network device configuration management, encryption, vulnerability management, and identity management. Session II - Topic: Robotic Process Automation, Process Mining and Next Generation Auditing The objectives of "Next Gen" IA functions may be straightforward, but the means by which they achieve these objectives include a range of innovative approaches and tools, that must be tailored to specific organizations and their needs. Process mining tools can fundamentally change the way that we analyze processes and perform audits with automation in walkthroughs, revealing process variants and complexities, and identifying areas that do not comply with intended process design. Along with potential areas for Robotic Process Automation (RPA) within internal audits own activities, the audit function should have a role in identifying risks and providing guidance around control and design enhancements across the adoption of RPA in the business. Speaker: Gregg Wishna, CISA Gregg is an Associate Director in Protiviti’s Internal Audit and Financial Advisory group. Gregg has over 13 years consulting and audit experience with Protiviti; leading projects and working closely with Senior Management on Internal Audit and Data Analytics initiatives. In addition to Internal Audit, Gregg has led several Data Management consulting projects, with a focus on Data Governance, Business Intelligence, and Process Improvement. In this capacity, Gregg has helped to develop strategy and new programs to enhance the overall use of organization data through new technologies and processes to produce impactful reporting and analytics capabilities for the business and internal audit. This event is related to Training Internal Audit
When: May 1, 2019 - 1:00 PM - 4:00 PM ESTWhere: RTP HQRegistration: WebsiteCost: ISACA-RTC Members - Free (Log in to register to ensure discounted fee) Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35 All Others: $50CPEs: Upto 3Handouts: Will Be Uploaded When available Session I - Cybersecurity Risk Management and Network Security Auditing Cybersecurity threats are becoming more prevalent and breaches are highly publicized. Board of Directors and Audit Committees alike are continuing to ask how management is addressing this threat and how they are managing the risk of a data breach. Leveraging the NIST Cybersecurity Framework and approaches to cybersecurity risk quantification via the Factor Analysis of Information Risk (FAIR) Methodology, we have helped clients simplify the concepts of cybersecurity, show members how their organization ranks amongst their peers in relation to InfoSec maturity, and provide management targeted recommendations on how to prioritize and address gaps within their controls to ultimately mitigate risks to the company. We will discuss this approach, and leading practices to effectively audit and assess technical network security controls, such as logging and monitoring, configuration management, and incident response. Speaker: Daniel Stone, CISA, CPA Daniel is a Senior Manager within the Internal Audit and Financial Advisory (IAFA) practice focused on Technology Audit. Daniel has 6 years of experience in leading and performing IT general and application controls assessments for SOX compliance. Daniel also has significant experience with Cybersecurity Risk Assessments, primarily using the NIST Cybersecurity Framework, and audits of technical security controls including hardware and network device configuration management, encryption, vulnerability management, and identity management. Session II - Topic: Robotic Process Automation, Process Mining and Next Generation Auditing The objectives of "Next Gen" IA functions may be straightforward, but the means by which they achieve these objectives include a range of innovative approaches and tools, that must be tailored to specific organizations and their needs. Process mining tools can fundamentally change the way that we analyze processes and perform audits with automation in walkthroughs, revealing process variants and complexities, and identifying areas that do not comply with intended process design. Along with potential areas for Robotic Process Automation (RPA) within internal audits own activities, the audit function should have a role in identifying risks and providing guidance around control and design enhancements across the adoption of RPA in the business. Speaker: Gregg Wishna, CISA Gregg is an Associate Director in Protiviti’s Internal Audit and Financial Advisory group. Gregg has over 13 years consulting and audit experience with Protiviti; leading projects and working closely with Senior Management on Internal Audit and Data Analytics initiatives. In addition to Internal Audit, Gregg has led several Data Management consulting projects, with a focus on Data Governance, Business Intelligence, and Process Improvement. In this capacity, Gregg has helped to develop strategy and new programs to enhance the overall use of organization data through new technologies and processes to produce impactful reporting and analytics capabilities for the business and internal audit.
