ISACA North Texas Chapter

01/04/2022

There's a new North Texas Chapter event that you might be interested in - check it out today!

Present and Future of Virtual Spaces

Cost: FREE
Possible CPE Credit: 1 CPE for full attendance
Format: Online Webinar
Registration Link: https://us06web.zoom.us/webinar/register/WN_Vi-q4TC4QpOjkQDyNLcu4Q

Present and Future of Virtual Spaces
Virtual corporate and sports environments are evolving and experiencing unprecedented change. IT virtual spaces are changing the face of what constitutes modern participation and productivity. Understanding how they operate, their capabilities, and how they are driven by and influence IT is crucial.

Objectives
• 1 – Breaking down the asynchronous state of communication
• 2 – Differences in communication in a virtual and live environment
• 3 – How technology can add value to a rapidly evolving connected world

Speaker Bio
Brent Kisil – Team Founder – ProPacts Corporate Experiences
Brent Kisil is a serial entrepreneur and B.Comm Graduate with a PMP designation. He has run his own ventures for the past 12 years with 1 previous successful exit. His current venture, ProPacts builds digital stadium experiences replicating the live game experience in a virtual setting.

Event Start Date: 21 Jan, 2022 12:00 Central Standard Time

If you have any questions about this event, please contact us.

Thanks,
North Texas Chapter

Virtual corporate and sports environments are evolving and experiencing unprecedented change. IT virtual spaces are changing the face of what constitutes modern participation and productivity. Understanding how they operate, their capabilities, and how they are driven by and influence IT is crucial....

03/04/2021

ISACA North Texas 2021 Spring Seminar: Fundamentals of Auditing Business Process Automation
-------------------------------------------------------------------------
Starts: Apr 7, 2021 8:30 AM (CT)
Ends: Apr 8, 2021 5:00 PM (CT)
ISACA North Texas 2021 Spring Seminar: Fundamentals of Auditing Business Process Automation
NEW Date: April 7-8, 2021
Time: 8:30 AM to 5:00 PM (each day)
Fee: $499.00 for Members, $549.00 non-Members

FEE Notes:
All non-members of ISACA must create an account during registration.
CPE: 16
Format: Online

Is your company using or going to use RPA to automate business processes?
If YES, then this course is for you

In the quest toward enhanced speed to market, lower expenses and improved customer engagement, enterprises of all shapes and sizes are looking to see how automation can give them the advantage over their competition and aide in maintaining the increased pressure of regulatory compliance. Determining what solution best fits, a given entity can be challenging as automation solutions can range from simple macros to functional specific tools generally used for IT process automation to robotic and cognitive automation tools including Robotic Process Automation.

In this two-day session, attendees will be provided with a high-level overview of RPA and related technologies that are driving the transformation of IT, audit and business processes.

Attendees will learn through lecture and small group activities about the evolution of software development and how automation demands new approaches to securing software, the importance of governance and ethics in automation, the various business processes where automation is making a difference and how to understand workflows and gain tips for assessing automation.

Agenda:
Evolution of software development
Automation Explained
Governance (and Management) of Automation
Understanding Workflows–Automation of IT and Business Processes
Ethics of Automation
Automation tools and best practices
Audit considerations for RPA and Beyond

By the end of the event attendees will have heard and participated in several exercises to get a better feel of the activities that aide in determining, building and assessing automation initiatives.

Mary Siero is an executive level Information Technology Consultant and the President of Innovative IT, a leading North Carolina based information technology consulting firm that specializes in IT operational, compliance and security consulting.

Ms. Siero’s career includes ten years as a Chief Information Officer in the healthcare industry, and five years in the gaming industry as Vice President of IT Operations/ Chief Information Security Officer, both heavily regulated industries. She has over 40 years’ experience in engineering and technology from industries such as Healthcare, Government, Education, Gaming and Hospitality, Consumer Products, and Manufacturing.

Registration Dates
Registration Ends Tuesday, April 6, 2021
Pricing Information
Registration Price
Member $499.00
Non-member $549.00

02/23/2021

Leveraging Compliance Automation for Our Cloud-First World
When: Mar 19, 2021 from 12:00 PM to 1:00 PM (CT)
Cost: FREE
Possible CPE Credit: 1 CPE for full attendance
Format: Online Webinar

Attendees of this presentation will gain insight into:

What is driving change and how will it play out?
What are the implications for security, compliance, and audits?
What is the right level of automation to increase efficiency but not incur additional risk?
Why will automation augment and not replace IS audit, control, and security professionals?
How are compliance automation tools being adopted today?
Objectives:

Digital transformation impacts on security and compliance
Trends in cloud compliance automation and compliance testing automation
New challenges and new tools

Speaker Bio:
Scott Schwan
Co-founder and CEO of Shujinko

Mr. Scott Schwan is a co-founder and serves as Chief Executive Officer at Shujinko. Previously Scott was the director of cloud engineering at Starbucks, where he led a team of talented DevSecOps engineers practicing infrastructure and security as code to build a shared platform for Starbucks development teams. Prior to Starbucks, Scott was a technical leader at CARDFREE, Tommy Bahama, PricewaterhouseCoopers, and SAP. He has a background in security and infrastructure engineering that is heavily focused on PCI, retail, e-commerce, mobile order and pay (MOP), and loyalty.

Location
Online Instructions:
Url: http://zoom.us/webinar/register/WN_e5_qfN3uQICFxpJsW-h35g
Login: Please register your attendance on Zoom.

02/09/2021

Upcoming Event **UPDATE
Information Security & Internal Audit: Partners in Protection
and **Communicating with People who Don’t Think Like You
------------------------------------------------------------------
When:
Friday, February 19, 2021
12:00 PM - 2:00 PM Central
Where: https://zoom.us/webinar/register/WN_Ww9qPKEfSbWdwnJQWTiEYA
Learning Objectives:
• The IT risk management process
• Identify common values shared across Information Security and Internal Audit teams.
• Identify distinguishing factors, such as operational responsibilities for Information Security and independence requirements for Internal Audit.
• Identify system reports that both teams should obtain and review.
• Identify common approaches to reporting risk; qualitative vs. quantitative.
• Discuss common training objectives and career paths.

The ISACA North Texas chapter is extending the February event offering to members with the ability to earn one additional CPE.

Members are able to register for the extended free webinar using the included Zoom link and hear from Nate Howe, Chief Information Security Officer at The University of Texas at Dallas and Jamie Shine, Auditing Manager at QuickTrip. Members who have previously registered do not need to re-register.

12pm - 1pm
Information Security & Internal Audit: Partners in Protection
Organizations must take risks to remain competitive, though risk acceptance should be deliberate and never reckless. Two teams stand ready to help organizations manage risks related to information assets and technology, with somewhat different approaches and constraints. Despite differences, Nate Howe makes the case that the Information Security and Internal Audit teams are natural partners who should recognize and build upon their common objectives and passions. By appreciating each other and identifying opportunities to align, organizations will be best prepared to defend networks and achieve compliance.
1pm - 2pm
Communicating with People who Don’t Think Like You
As auditors, communication is critical. Understanding your audience and being able to navigate different communication styles will help you become a trusted advisor in your company and to your clients. We will address common barriers to effective communication and identify ways in which we can become more effective communicators to our audit clients and audit team members, taking into account differences in personality, gender, generation, culture, and values.
The chapter is offering 2 CPE for attending the entirety of this free webinar.

Organizations must take risks to remain competitive, though risk acceptance should be deliberate and never reckless. Two teams stand ready to help organizations manage risks related to information assets and technology, with somewhat different approaches and constraints. Despite differences, Nate Ho...

01/19/2021

Upcoming Event
________________________________________
Information Security & Internal Audit: Partners in Protection
When:
Friday, February 19, 2021
12:00 PM - 1:00 PM Central
Where: https://zoom.us/webinar/register/WN_Ww9qPKEfSbWdwnJQWTiEYA
Learning Objectives:
• The IT risk management process
• Identify common values shared across Information Security and Internal Audit teams.
• Identify distinguishing factors, such as operational responsibilities for Information Security and independence requirements for Internal Audit.
• Identify system reports that both teams should obtain and review.
• Identify common approaches to reporting risk; qualitative vs. quantitative.
• Discuss common training objectives and career paths.

Register today for our free webinar; registration is first come, first served. Hope you can join us!

The ISACA North Texas chapter is offering its members a free remote learning opportunity and the ability to earn 1 CPE.

Members will be able to register for the free webinar using the included Zoom link and hear from Nate Howe, Chief Information Security Officer at The University of Texas at Dallas.

Bio:
Nate Howe began his professional career in IT Audit, serving organizations including Arthur Andersen, Nasdaq, and Ameriquest Mortgage. Nate served Western Federal Credit Union as VP of Risk Management, leading information security, internal audit, insurance, physical security, and facilities. Currently, Nate serves The University of Texas at Dallas in the dual role of CISO and Adjunct Professor.

Nate is a graduate of Boston University with a degree in Business Administration and concentration in Management Information Systems. He also achieved his MBA from University of California at Irvine. Nate obtained certifications including CISSP, CISA, SANS GIAC (GLEG, GCPM, GCFW, GCIH), MCSA, AWS Cloud Practitioner and CompTIA Cloud+, Network+, RFID+, and Security+.

Information Security & Internal Audit: Partners in Protection
Organizations must take risks to remain competitive, though risk acceptance should be deliberate and never reckless. Two teams stand ready to help organizations manage risks related to information assets and technology, with somewhat different approaches and constraints. Despite differences, Nate Howe makes the case that the Information Security and Internal Audit teams are natural partners who should recognize and build upon their common objectives and passions. By appreciating each other and identifying opportunities to align, organizations will be best prepared to defend networks and achieve compliance.

The chapter is offering 1 CPE for attending the entirety of this free webinar, so please sign up at the earliest.

Organizations must take risks to remain competitive, though risk acceptance should be deliberate and never reckless. Two teams stand ready to help organizations manage risks related to information assets and technology, with somewhat different approaches and constraints. Despite differences, Nate Ho...

12/22/2020

Upcoming Event
________________________________________
Auditing Information Technology Risks
When:
Friday, January 15, 2021
12:00 PM - 1:00 PM Central
Where: https://zoom.us/webinar/register/WN_VCNRhIjSQo2JnVF5juAj5w
Learning Objectives:
• The IT risk management process
• IT risk management roles and responsibilities
• Performing the IT risk audit
• Example controls for auditing IT risks
• Example tools and techniques for enhancing auditor IT risk knowledge and skillset
Example tools and techniques for enhancing auditor IT risk knowledge and skillset
-----------------------------------------------------------------
Register today for our free webinar; registration is first come, first served. Hope you can join us!

The ISACA North Texas chapter is offering its members a free remote learning opportunity and the ability to earn 1 CPE.

Members will be able to register for the free webinar using the included Zoom link and hear from Justus Ekeigwe, Technology Risk Manager – Principal; Charles Schwab.

Bio:
Justus has more than 20 years of experience in the audit, risk management and governance of enterprise IT. In his current role, he provides oversight of technology governance and architecture risk in the second line of defense. His previous roles included stints at JPMorgan Chase, Morgan Stanley and Deloitte.

Justus is widely recognized for his volunteering effort and commitment to ISACA; first as a Student volunteer at the London Chapter, and subsequently as Committee Chair for COBIT Development Initiatives at the Los Angeles Chapter. He has served as Facilitator for CISA Review classes at the ISACA North Texas Chapter. Justus has the following certifications: CISA, CISM, CRISC.

Auditing Information Technology Risks:
Information technology (IT) risks are business risks due to utilization of information technologies —specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. It consists of IT-related events and conditions that could potentially impact the business. These IT-related events and conditions grow in size and sophistication as enterprises enhance and expand their adoption of technologies.

The goal of auditing information technology risks is to provide assurance that IT-related enterprise risk does not exceed risk appetite and risk tolerance; the impact of IT risk to enterprise value is identified and managed; and the potential for compliance failures is minimized.

We will be offering 1 CPE for attending the entirety of this free webinar, so please sign up at the earliest.

Sincerely,
ISACA North Texas

This presentation will cover the following scope: • The IT risk management process • IT risk management roles and responsibilities • Performing the IT risk audit • Example controls for auditing IT risks • Example tools and techniques for enhancing auditor IT risk knowledge and skillset Inf...

12/02/2020

Upcoming Event
________________________________________
Conducting Your First Social Media Audit

When: Friday, December 11, 2020
12:00 PM - 1:00 PM Central
Where: https://zoom.us/webinar/register/WN_sq4Gsr2xRcCAlDuCm-Trbg

Learning Objectives:
• Recognize the risks that are associated with use of social media platforms
• Familiarize relevant configuration settings to review on specific social media platforms

Register today for our free webinar; registration is first come, first served. Hope you can join us!

The ISACA North Texas chapter is offering its members a free remote learning opportunity and the ability to earn 1 CPE.

Members will be able to register for the free webinar using the included Zoom link and hear from Ali Subhani, Director of Internal Audit at Collin College.

Bio:
Ali Subhani serves as the Director for Internal Audit at Collin College. He is a Certified Internal Auditor, Certified Information Systems Auditor and a GIAC Systems and Network Auditor. Prior to joining Collin College, Ali served as the Executive Director of Audit Services at Texas Woman’s University. His prior experience has also included managing the IT Audit function at UT- Dallas.

Conducting Your First Social Media Audit:
With the increased integration of social media into our daily lives, we are far better connected than the generations from the past. However, this interconnectivity allows ‘news’ to spread around the world in seconds. What does this mean for you and your organization?

Learn how you can evaluate whether risks associated with the use of these evolving forms of communication are being adequately managed at your organization and in your personal life.
We will be offering 1 CPE for attending the entirety of this free webinar, so please sign up at the earliest.

With the increased integration of social media into our daily lives we are far better connected than the generations from the past. However, this interconnectivity allows ‘news’ to spread around the world in seconds. What does this mean for you and your organization? Learn how you can evaluate w...

10/27/2020

Meeting Date: Nov 9 2020
Time Slot:
Speaker / Title: Clay Risenhoover, CPA, CISA, CISM, CISSP, CIA
Speakers Bio: When Clay Risenhoover installed his first network professionally, "The Golden Girls" and "Murder, She Wrote" were still on TV. Since then, Clay has held positions in software development, technical training, network administration, IT management, higher education and consulting. These days, he's president of a small IT management consulting firm and a Principal Instructor and course author for the SANS Institute. He also serves as a faculty research advisor to graduate students of the SANS Technology Institute. Clay holds a number of professional and technical certifications, including CPA/CITP, CISA, CISM, CISSP, and CIA.
Contact Info: Clay Risenhoover
200 Red Oak Drive
Durant, OK 74701
580-380-6877
Session Title: PowerShell for Audit, Compliance and Security
Description: As the velocity of IT operations increases, automation is becoming critical for auditors and compliance professionals. In this session, we will cover the basics of using PowerShell for common infosec, compliance and audit tasks. We will make heavy use of demonstrations to explore the object-oriented nature of the shell, important commands for getting help, and how to select, sort, filter and transform results from native Windows tools. We will compare the Windows and Core versions of PowerShell and discuss when it may be appropriate to use PowerShell on non-Windows systems.
Learning Objectives:
- Foundational PowerShell commands
- Getting help
- Extracting system and domain data for analysis
- Selecting, sorting, formatting and saving data
- Exporting results in common structured formats
Presentation: Please provide a copy of your presentation no later than the Friday before the session. Unless you have objections, we will post your presentation on our website the Monday before our meeting in .pdf format.

Session Title: Beyond CSVs: Visualization using PowerShell, Excel and Grafana
Description: Presenting data to management and operations staff visually is often preferable to dlivering a ZIP file full of CSVs. In this session, we will explore how to use data extracted from our environments to present tactical and strategic visualizations to the organization. Beginning with ad-hoc, tactical, automated import into Microsoft Excel for use in pivot tables and charts, we will then move on to using dashboard tools like Grafana to visualize trends in measurements over time. The session will focus on demonstrations of the techniques discussed.
Learning Objectives:
- Use the ImportExcel PowerShell module to build functional spreadsheets from scripts
- Use PowerShell to format data for import into time-series databases
- Use Grafana to display time-series data in dashboards
Presentation: Please provide a copy of your presentation no later than the Friday before the session. Unless you have objections, we will post your presentation on our website the Monday before our meeting in .pdf format.

09/25/2020

Upcoming Event
________________________________________
The Clutter That’s Choking AppSec
When: Friday, October 16, 2020
12:00 Noon - 1:00 PM Central
Where: https://zoom.us/webinar/register/WN_VLKSOBAVS9ih_YEgYUnCfQ

Learning Objectives:
• Learn how software product teams can manage application vulnerabilities better
• Learn how application security teams become more productive keeping in mind the current constraints of limited bandwidth and increasing tasks
• Learn how product engineering teams maintain the balance of finding bugs early and fixing bugs early

-------------------------------------------------------------------------
Dear Member,

Register today for our free webinar; registration is first come, first served. Hope you can join us!

The ISACA North Texas chapter is offering its members a free remote learning opportunity and the ability to earn 1 CPE.

Members will be able to register for the free webinar using the included Zoom link and hear from Rahul Raghavan.

Bio:
Having worked on both the building and breaking sides of product engineering, Rahul appreciates both the constraints and the opportunities of imbibing security within the software lifecycle. This understanding created a natural segue for we45’s custom security solution engineering and enhanced AppSec service delivery models for its global customers.
As an active DevSecOps Marketer, Rahul works closely with the offices of CTOs and CIOs in the setting up of cross functional skill building and collaboration models between engineering, QA and security teams to build and manage software security maturity frameworks. Rahul is Certified Information Systems Auditor (CISA) and is a regular speaker at global conferences, seminars and meetup groups.

Abstract:
Increasingly shorter agile development sprints and mandatory security assessments are putting pressure on product teams to deliver secure applications faster than ever. Further, inorganic adoption of security tooling sometimes creates information overload that does more harm than good.
What’s going wrong:
• Results from SAST, DAST and SCA tools create large vulnerabilities data sets that are difficult to act upon.
• Automated scan results from security tools are replete with false positives and duplicate entries that make remediation troublesome.
• Manual methods of triaging vulnerability data sets are inefficient and lower productivity.
• Improper vulnerability management increases friction between security and engineering teams.
What you will glean from this talk:
• How automated methods of vulnerability correlation and de-duplication can significantly reduce your AppSec testing time.
• How to effectively integrate vulnerability remediation with the engineering workflow.
• Understand the basic anatomy of a vulnerability to effectively prioritize and fix security bugs faster and better!

What you should care about:
Without a change in approach, application security professionals and engineering teams will continue to delay development schedules and product release dates, or risk releasing a product that is not entirely secure.

Who should attend:
• Security professionals who face problems managing vulnerabilities.
• Engineering teams who find the current vulnerability remediation workflow problematic.
• CISOs who want to lay down a mature and efficient AppSec Program.

We will be offering 1 CPE for attending the entirety of this free webinar, so please sign up at the earliest.

Sincerely,
ISACA North Texas

Increasingly shorter agile development sprints and mandatory security assessments are putting pressure on product teams to deliver secure applications faster than ever. Further, inorganic adoption of security tooling sometimes creates information overload that does more harm than good. What’s goin...

09/22/2020

09/08/2020

Members will be able to register for our free webinar using the included Zoom link and hear from Curtis Simpson who has more than fifteen years of diversified information technology experience with direct information security and management experience in positions of increasing responsibility at Sysco, a Fortune 50 corporation.

Curtis will be presenting "Unpatched, Unprepared, Unprotected: How IoT and OT Vulnerabilities Remain Unaddressed". As businesses continue to transform themselves through technology, the growth in deployment and implementation of connected devices is exploding like never seen before. These are not devices in the traditional sense (PCs, laptops, mobile devices), but rather purpose-built to perform very specific tasks. They are devices that run our business, drive our manufacturing lines, or track and deliver healthcare to patients. These devices are essentially the new endpoint with operating systems, applications, and a network stack connected to networks and even the internet. However, they are rarely ever designed or built with security in mind.

Join Armis CISO Curtis Simpson as he speaks to this ever-growing enterprise risk, corresponding evolution in bad actor strategies, related implications, and examples of how enterprises are already being impacted. He will discuss recent changes to the large and ever-growing attack surface at the intersection of OT, IT and IoT, and speak to the recent disclosure from the NSA and CISA.

We will be offering 1 CPE for attending the entirety of this free webinar, so please sign up at the earliest.

More information:

https://engage.isaca.org/northtexaschapter/events/eventdescription?CalendarEventKey=1b999ae0-afd3-45e3-90ee-e14c5b810489&CommunityKey=216d5192-1574-4421-9bfa-6b470d758889&Home=%2fnorthtexaschapter%2fevents%2frecentcommunityeventsdashboard

Registration:

https://zoom.us/webinar/register/WN_Iv-rdOkEQy-F8MftvJ_rhQ

Welcome! You are invited to join a webinar: Unpatched, Unprepared, Unprotected: How IoT and OT Vulnerabilities Remain Unaddressed. After registering, you will receive a confirmation email about joining the webinar.

09/02/2020

Upcoming Event
________________________________________
Unpatched, Unprepared, Unprotected:
How IoT and OT Vulnerabilities Remain Unaddressed
When: Friday, September 18, 2020; 12:00 Noon - 1:00 PM CST
Where: https://zoom.us/webinar/register/WN_Iv-rdOkEQy-F8MftvJ_rhQ
Objectives: Learn how to effectively underscore the need for security; Learn how IoT security is impacting your home and work life; Participate in scenarios
_____________________________________

The ISACA North Texas chapter is not meeting in person during the month of September. The chapter is offering its members a free remote learning opportunity and the ability to earn 1 CPE.

Members will be able to register for our free webinar using the included Zoom link above and hear from Curtis Simpson who has more than fifteen years of diversified information technology experience with direct information security and management experience in positions of increasing responsibility at Sysco, a Fortune 50 corporation.

Curtis will be presenting "Unpatched, Unprepared, Unprotected: How IoT and OT Vulnerabilities Remain Unaddressed". As businesses continue to transform themselves through technology, the growth in deployment and implementation of connected devices is exploding like never seen before. These are not devices in the traditional sense (PCs, laptops, mobile devices), but rather purpose-built to perform very specific tasks. They are devices that run our business, drive our manufacturing lines, or track and deliver healthcare to patients. These devices are essentially the new endpoint with operating systems, applications, and a network stack connected to networks and even the internet. However, they are rarely ever designed or built with security in mind.

Join Armis CISO Curtis Simpson as he speaks to this ever-growing enterprise risk, corresponding evolution in bad actor strategies, related implications, and examples of how enterprises are already being impacted. He will discuss recent changes to the large and ever-growing attack surface at the intersection of OT, IT and IoT, and speak to the recent disclosure from the NSA and CISA.

We will be offering 1 CPE for attending the entirety of this free webinar, so please sign-up at the earliest.

Please don't forget to register for the free webinar; registration is first come, first served. Hope you can join us!

Sincerely,
ISACA North Texas