May 2017 AGM Luncheon Event – Membership and CPE Meeting

Please join us, enjoy some very interesting sessions and earn CPE credits. We are excited to announce our Annual General Membership Meeting (AGM).

Date: May 23rd

Location:  Cottonwood Grille, 913 W River St, Boise, ID 83702

  • 11:30 – Arrival, sign-in, networking
  • 12:00Lunch Served
  • 12:15 – 12:45 – Welcome, Announcements, Board Position Intros, Elections, Scholarships, Updates, Member Recognition
  • 12:45 – 1:00 Break
  • 1:00 – 1:50 Cyber Security Insurance, Herman Doering
  • 1:50 – 2:00 – Break 
  • 2:00 – 2:50 – AICPA’s new Cybersecurity Risk Framework Attestation, Anders Erickson
  • 2:50 – 3:00 – Break 
  • 3:00 – 3:50 – WannaCry Ransomware Analysis, Capt Kyle “Reno” Erickson
  • 4:00 – Social Hour

Cyber Security Insurance, Herman Doering

Biography of Herman Doering, HIPAA SME:
In February, 2009, joined St. Luke’s Health System as the corpor
ate Information Systems Security Officer responsible for HIPAA and PCI Compliance and the HIPAA Security policies and procedures utilized throughout St. Luke’s. Is also responsible for HIPAA Security training. Is a member of the Idaho Health Data Exchange (IHDE) Privacy and Security subcommittee of the IHDE Board. 
Previously served as Sr. Consultant and HIPAA Subject Matter Expert (SME) with BEST Consulting; Venturi  Technology Partners; and COMSYS from 1999 – 2009. Provided consulting on Transactions and Code Sets, the Privacy Rule and the Security Rule. Conducted HIPAA educational seminars for healthcare  entities in Boise, Salt Lake City, Portland, Olympia, Sacramento, and Reno.  Was a charter member of the HIMSS HIPAA SIG. Established and hosted the monthly Boise HIPAA Council. Was a member of the Idaho Medical Association (IMA) HIPAA Coordinating Council and conducted numerous IMA HIPAA Privacy andSecurity seminars.  Spoke at the Idaho Hospital Association on how to conduct and implement a HIPAA Security program. Assisted HIPAA attorneys, such as Kevin West of Hall Farley Oberrecht &; Blanton, PA, and Kim Stanger of Holland & Hart, LLP. Have also provided HIPAA or security consulting to the State of California – Alcohol and Drug Programs, The SEGAL Company in New York, Saltzer Medical Group and Saint Alphonsus Regional Medical Center in Idaho.

AICPA’s new Cybersecurity Risk Framework Attestation, Anders Erickson

Anders Erickson is the Director of Cyber Security Services at Eide Bailly, LLP and has over 15 years of experience providing IT risk and security solutions within the private and public sectors. Anders assists clients in establishing a culture of security within their organization. He leads organizations through the process of identifying their cyber security risks and brings practical solutions to help manage and mitigate those risks. Anders is a Certified Information Systems Security Professional, Certified Information Systems Auditor as well as Certified in Risk and Information Systems Control. He graduated from Brigham Young University with a Masters of Information Systems Management.
The AIPCA has recently released a framework that provides companies with a method to describe and report on their cybersecurity risk management program.  This framework requires a CPA to attest to the controls that implement that program.  The purpose of this report is to boost stakeholder’ confidence in the organization’s management of cybersecurity risks.  
In this session, we will discuss the following:
* Applying the AICPA framework for cybersecurity reporting.
* Key elements of description criteria.
* Value and key aspects of the reports.
* Preparing for cybersecurity examinations.

WannaCry Ransomware Analysis, KYLE “Reno” ERICKSON, Capt, ID ANG

I am the Chief of Weapons and Tactics for the 224 Cyber Operations Squadron in the Idaho Air National Guard.  As the Chief of Weapons and Tactics, it is my responsibility to ensure the members of my unit are trained on the most current tactics, techniques, and procedures on the systems that we use and those of our adversaries. The 224 COS mobilizes using the United States Cyber Command’s Cyber Protection Team construct to protect mission partner networks using a methodology to identify mission requirements, identify security vulnerabilities, and provide proactive defense.
Prior to my current assignment, I was an instructor at the Cyber Warfare Operations, Weapons Instructor Course at Nellis AFB, Nevada teaching defensive and offensive cyber operations.  I have a Bachelor’s of Science in Computer Science from the University of Texas at Dallas and a Masters of Information Security from Western Governors University.
I will be presenting an analysis of the WannaCry malware.  This will include functionality of the malware and its exploitation mechanisms and the fallout it has created.

ISACA NJ Chapter Exam Preparatory Classes

The ISACA NJ Chapter is offering exam preparatory classes for CISA, CISM, and CRISC over 3 Saturdays in the April/May/June 2017 time frame, each to prepare the attendees for the official ISACA certification exam.

All classes are broadcasted live and are very cost effective. Instructor Jay Ranade, is a well-known instructor who has been teaching these classes all over the world since 2006.

CISM Exam Review Webinar – (3 days, live broadcast webinar) Saturday, May 6May 13May 20 / 2017 9:00 AM – 5:00 PM (EST).

CISA Exam Review Class (onsite & live broadcast webinar) – (3 days) Saturdays, May 27,  June 3, and June 10, 2017 9:00 AM – 5:00 PM (EST).

April 19, 2017 CPE Luncheon

Topic: IT Focus Areas- PCAOB Inspections

Join us for this presentation by Kanika Saraiya, Advisory Manager KPMG

Time and Location: April 19th, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

There will be no cost for this month’s CPE Event!

Presentation Summary: PCAOB Inspections and key changes in new SSAE 18 over SSAE16.

Kanika Saraiya is an Advisory Manager in KPMG’s US Portland office with close to 9 years of experience in advising clients on Business Process Analysis, IT Strategy, Outsourcing, IT Governance, IT restructuring, IT Project Advisory, ERP Advisory, SOX Advisory, SOX 404 testing, SOC attestation and IT reviews, Risk Assessments, Internal and External Audits. Kanika has served industries internationally ranging from Oil and Gas, Automobile, Telecommunications, Healthcare, Retail, Hi-tech, Manufacturing to IT and ITES. Kanika has international experience of working on clients in Europe, China, India and USA.

March 15, 2017 CPE Luncheon

Topic: Cybersecurity – Now It’s Personal

Join us for this presentation by Daniel Johnson, Internal IT Auditor, Boise Cascade

Time and Location: March 15th, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

Presentation Summary: “Cybersecurity – Now It’s Personal” is an hour-long discussion on what individuals need to know about how cybersecurity can affect them away from the office and what safeguards they should be implementing to stay safe. We’ll cover some basics like the cybersecurity landscape, passwords, and phishing. Then we will look at personal data encryption, lost/stolen/end-of-life device security, and the Internet of Things at a “what it means to me” level. Whether you’re a complete cybersecurity noob or a professional security specialist, there will be something for everyone to take home from this event.

Daniel Johnson has seven years’ experience as an external IT auditor with Pricewaterhouse Coopers where he worked for clients such as Nike, Xerox, and Microsoft before becoming an internal IT auditor for Boise Inc / Boise Cascade in 2012. Daniel has always had an interest in security, particularly cybersecurity and is currently on a company cybersecurity awareness team that prevents, tracks, and responds to company incidents and raises awareness for employees.

2017 ISACA Boise Technical Skills Seminar

Title:                 Practical Application of COBIT by Leveraging Multiple Frameworks

Date/Time:       Thursday, May 11th, 9:00am – 5:00pm

 Location:        Boise Plaza, 1111 West Jefferson, Boise ID

 CPEs:              8 CPE hours

 Pricing: (ISACA PayPal Invoice will be sent after RSVP received)

  • $200 ISACA Member Early Bird Price
  • $250 non-ISACA Member Early Bird Price
  • $250 ISACA Member Normal Price (after April 14th)
  • $300 non-ISACA Member Normal Price (after April 14th)

Learning Objectives: After completing this session, the participant will be able to:

  • Recognize the various framework altitudes in the GEIT ecosystem and how they can be collectively used to align with enterprise needs using COBIT as the core.
  • Understand a model to synchronize various frameworks and standards such as COBIT, ITIL, TOGAF, PRINCE2, PMBOK, NIST, ISO38500, ISO27000, ISO20000, ISO31000, and many more.
  • Gain practical advice on how to implement, modify, manage and control processes using the COBIT implementation model.

General Description: In the IT Governance environment there are multiple frameworks, models and standards to choose from.  A challenge for most organizations is simply understanding what all of these are, and which ones are applicable or appropriate for them.  Some common questions include: If we’re using ITIL, should we consider COBIT?  How do ISO standards fit into my model?  Should I be using Project Management models if I already use COBIT? In this insightful presentation on frameworks and standards integration, explore the many models that are available today:  what they are, how they fit, and why choose them. Most importantly, we will learn how integrate several frameworks to create a more holistic approach to leveraging multiple best practices under a single model.

Speaker Bio:

As a nationally known governance expert in the areas of Information Controls, Risk, Cybersecurity, and Service Management, Mark’s background spans leadership roles from CIO to Management and IT Consulting. With over 25 years of professional experience Mark has led large teams in outsourced IT arrangements, conducted Portfolio, Service Management and information governance activities for major project teams, managed enterprise applications implementations, and implemented governance processes across multiple industries. Additionally, Mark holds the CRISC, CGEIT, COBIT, PRINCE2 and ITIL Expert certifications. Mark has presented at multiple global ISACA events and was awarded the ISACA John Kuyers award for Best Speaker/Conference contributor in 2016

Click here for Agenda.