The Password -December 2012

1 The Password - december 2012file:///C|/Users/Jeff/Documents/ISAC A/SP Web Site/Uploads to SP Site/ [12/9/ 2012 9:04:37 PM]The Password - december 2012 The Newsletter of isaca - North Texas ChapterDecember 2012In This Issue:Letter from the PresidentMeeting Agenda for our december 13, 2012 Luncheon MeetingISACA North America Computer Audit Control & Security (NA CACS) Conference, Dallas - SAVETHE DATE!!!! April 15-17, 2013 News from the Education CommitteeCertification Updates and ResourcesISACA North Texas LinkedIn GroupCurrent Job Postings2013 SANS Training Opportunities in DallasISACA IS Audit and Assurance Standards Exposure DraftNews from isaca InternationalLetter From the PresidentWell the elections are finally over, the turkey has been carved and eaten and the competitiveshopping season has begun.

2 It must be december !Our december meeting takes place Thursday, december 13, 2012 at the Crowne Plaza Hotelin Addison. Our theme this month has a Cloud Computing tone. Joe Krull with PwC starts ourpre-lunch session discussing Cloud Security and Privacy and why we might be cautiouslyoptimistic these two aren t mutually exclusive. Our lunch session features Rick Link withCoalfire presenting What is FedRAMP? and Bimal Sheth with E&Y discusses Compliance forthe Cloud during our post-session. Please register for this meeting on our web site Chris Jordan and the Education committee have been busy planning our 2013 Spring on in this newsletter to learn about the date, topic and location of this event early IIA Dallas Chapter Research Committee needs your help!

3 They are conducting a researchproject on 'Mobile Computing', and would like your input! The link to this survey is: wishes to each of you for a safe and Merry Christmas!Greg Streder, CISA JCPenney Company, IncPresident - isaca North Texas Password - december 2012file:///C|/Users/Jeff/Documents/ISAC A/SP Web Site/Uploads to SP Site/ [12/9/ 2012 9:04:37 PM][Top]Meeting Agenda for our december 13, 2012 Luncheon MeetingThis month our meeting is at Crowne Plaza in Addison. The theme for the meeting is Cloud is our last luncheon of the year and tis the season for gift giving! Don t miss out on great speakers and theyear-end Christmas gift courtesy of isaca North Texas! You have until noon on Wednesday, december 12th to register online for this the event you are unable to attend after you've registered, please contact for assistance with canceling your reservation.

4 This will help us keep our event registration feesreasonably Session - 10:30 AM - 11:20 AMCloud Security and Privacy - Cautious OptimismJoe Krull, Director, Risk Assurance, PricewaterhouseCoopersThis presentation will expose attendees to basic cloud computing principles and underlying technologies. It willinclude a discussion of both opportunities and risks associated with cloud computing and a matrix ofrecommended controls to reduce cloud computing risks. The presentation will introduce available resources toassist in cloud risk assessments and provide a status report on the current activities of the Cloud will learn to:Define key terms and generally accepted definitions associated with cloud computing and virtualization anunderlying technologyIdentify common threats and attacks to cloud platforms and servicesIdentify opportunities and use cases for cloud computingIdentify recommended controls to reduce risks associated with cloudProvide attendees with useful resources to continue learning about cloudPre-Luncheon registration begins at 10:00 Session - 12:20 PM - 1:20 PMWhat is FedRAMP?

5 Rick Link, Managing Director, Southwest Region, Coalfire Systems, stands for the Federal Risk and Authorization Management Program and administered by the USGeneral Services Administration (GSA). It was enacted in december 2011 and requires all federalorganizations that use, or plan to transition to, a cloud environment to implement the FedRAMP program forcloud security controls. For private organizations that are not related to federal agencies or departments, FedRAMP is not , the program is strongly recommended for consistency and will gain an understanding of:What is the FedRAMP Program and Process?What Does 3 PAO, ATO, and JAB Mean?Defining the Cloud: 5 4 AssessmentsLunch registration begins at 11:15 AM. Lunch is served no later than 11:45 Luncheon Session - 1:30 PM - 2:30 PMThe Password - december 2012file:///C|/Users/Jeff/Documents/ISAC A/SP Web Site/Uploads to SP Site/ [12/9/ 2012 9:04:37 PM]Compliance for the CloudBimal Sheth, Senior Manager, Advisory Services, Ernst & Young LLPAs organizations move into the Cloud they face different compliance needs.

6 This presentation will focus onhelping Cloud customers and providers understand the different reporting options available to focusing on utilizing SOC 2 reports to meet multiple compliance needs for Cloud customers andreducing the cost of compliance for Cloud will learn to:Identify the different SOC report options for Cloud environmentsUnderstand SOC reporting trends for Cloud providersIdentify their compliance needs and how SOC reports can assist from a Cloud Customer perspectiveFor complete details, including CPE information and to register, click the buttons DetailsRegisterCopies of the presentations for this meeting will be made available at , before the meeting if Drury, CISAR aytheonVP of Programs - isaca North Texas North America Computer Audit Control & Security (NA CACS)Conference, Dallas - SAVE THE DATE!

7 !!! April 15-17, 2013 The isaca North America Computer Audit Control & Security (NA CACS) Conference is coming to Dallas,Texas! The NA CACS is the world s leading conference for IT audit, security, governance, and riskprofessionals. The NA CACS attracts the best and brightest with its content-rich and thought-provokingsessions that delve into some of the biggest challenges facing IT audit and security professionals. What is in it for me?Customized learning experience - Choose the sessions that matter most to you and your networking - Interact face-to-face with colleagues in an environment ideal for unparalleledknowledge your knowledge - Broaden your understanding of new research and projects being developedacross the globeSharpen your skills - Expand your expertiseEarn up to 38 CPEs.

8 What's In It For Your Organization?Exceptional value for training dollars - Receive from every session full documentation that can beshared with colleagues at the officeExclusive access to industry experts - Tried and tested solutions to problems facing your organizationfrom those who have been in your role before. Discover what works and doesn t work from experiencedand successful professionalsInteract with leading vendors - All your organization s vendors in one place at the InfoExchange. Getanswers directly from vendors. Discover new products that will decrease the expense to your organizationThe Password - december 2012file:///C|/Users/Jeff/Documents/ISAC A/SP Web Site/Uploads to SP Site/ [12/9/ 2012 9:04:37 PM]and increase the by 18 February 2013 and Save $200!

9 Rick Link, CISA, CISM, CISSP, CGEITC oalfire Systems, President - isaca North Texas Chapter from the Education CommitteeSave the date! The Spring Seminar is nowconfirmed for February 27-28, 2013 and will address Auditing andSecuring Cloud-Based Services. The seminar will be hosted at GM Financial, Arlington. Further details will beposted on the chapter website soon!Also, additional committee members are always welcome!I sincerely hope you can take advantage of our training opportunities next year and look forward to seeing youat the december meeting! Thank Jordan, CISAW eaver, LLCVP Education - isaca North Texas Chapter Updates and ResourcesCertification Renewal Changes in 2013 - Certification renewal fees for members will increase to US$45 (from $40).

10 Non-member fees will not change. We instituted a fee increase for non-members lastyear, and through careful planning, we were able to postpone the fee increase to members until this are pleased we were able to maintain the member rate at $40 for seven years. Among other efforts,these fees support the costs related to the ISO/ANSI certification process, the CPE tracking program andthe job practice updates of the isaca certifications. isaca also continually communicates the value ofthe isaca certifications in the global marketplace so that they continue to be held in high regardworldwide. The pricing for certification renewals is: MembersNon-Members1st Certification$45$852nd Certification$45$853rd Certification$25$504th Certification$25$50 CPE Reporting - A new online CPE reporting system is being launched with the 2013 renewal year.