February 19, 2020 CPE Luncheon

Topic:  Cyber Hygiene

Join us for this presentation by Dr. Kimberlee Ann Brannock, Senior Security Advisor, HP Worldwide Security Practice

Time and Location: February 19th, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

RVSP link to be posted at a later date…

Security it is in our DNA.  Dr. Kimberlee Ann Brannock will provide real world examples of how to demonstrate good cyber hygiene by understanding how to identify, prioritize and respond to risks.  The discussion will include outlining the holistic relationship amongst technology, people and processes, along with establishing a security posture baseline and the development of a roadmap to plan, manage, and maintain control of your data and thus demonstrate good cyber hygiene. One of the take aways is to make good cyber hygiene such a habit it gets into you and your organization’s DNA.

As a Senior Security Advisor, Dr. Kimberlee Ann Brannock brings extensive knowledge and experience in compliance, risk, governance, IT, Information Security and privacy to help drive and shape HP’s worldwide security practice.

As well as working with the HP security business unit, HP R&D, HP Labs, HP Business Units, HP Product Teams, and HP Global Functions to ensure HP’s leadership role in security, Dr. Brannock also educates clients on the importance of security including such items as security governance (exempli gratia (e.g.): security policies, security procedures, processes, standards and specifications) risk, compliance and information security for imaging and printing (includes devices, data, documents).

During her 20-year tenure at HP, Dr. Brannock has led the HP initiative toward stronger
cybersecurity, stronger privacy, better and stronger cybersecurity governance, risk,
compliance, and information security, including better and stronger cybersecurity
services, processes and procedures. Dr. Brannock served on the HP Compliance
Community Forum, the HP Federal Compliance Council, the HP Regulatory Compliance
Review Board, the HP Policy Review Team, and the HP PCI Council (pre-split), and the PCI Security Standards Council Board of Advisors representing HP.

Pre HP Company split (approximately $122 Billion USD per annum company), Dr.
Brannock was an HP Cybersecurity Manager, leading several global Cybersecurity
Initiatives including the WW PCI Program, and worked on Separation Management Office activities prior to the Hewlett Packard split, focusing on cybersecurity with the aim of successfully supporting both companies leading to the split as it related to all things
cybersecurity. This led to determining the Cybersecurity function in existence would
move over to Hewlett Packard Enterprise, leading to a huge opportunity to build out the
Cybersecurity global function from scratch, which Dr. Brannock seized.

Dr. Brannock moved into the role of Senior Security Advisor in 2017 after serving as HP’s Cybersecurity Manager for Governance, Risk, Compliance and Information Security. Here, she built HP’s Cybersecurity operation from the ground up, as a result of Hewlett-Packard Company splitting from a $122 Billion USD company into two companies worth $50+ billion USD each.

Before HP, Dr. Brannock began her career by building a family dot-com retail business,
which her family liquidated and sold in mid-2000. In tandem, Dr. Brannock continued to
work in technology security, advising with several companies, including HP (prior to joining HP), to help them understand issues such as IT consumption, governance, risk,
compliance, security, IT and Cybersecurity budgeting, IT and Cybersecurity strategy,
innovation, IT implementation, IT operations and security operations.

Dr. Brannock holds degrees in accounting, corporate accounting, business, business
administration, management information systems, and a professional doctorate
specializing in technology and law (jurisprudence) for which she received a distinguished scholar award. In addition, Dr. Brannock is a PhD Candidate in Information Technology, Information Assurance and Cybersecurity.

She also holds several credentials, including the CGRCM-IT, CISA, CSOXM, and PMP.

Dr. Brannock participates in several organizations including ISACA, IAPP, ISSA, PMI, PCI , SSC and in June 2017 finished serving more than two years on the PCI Security Standards Council Board of Advisors, which is a standards (including data security standards) setting body for the payment card industry.

December 18, 2019 CPE Luncheon

Topic:  DevSecOps: Bringing the Security –The Missing Link in Delivering on the Promise of Business Velocity and Quality to DevOps

Join us for this presentation by Robert Clyde – Immediate Past Chair of ISACA International’s Board of Directors

Toys-for-Tots Donation Opportunity 

Time and Location: December 18th, at Albertsons HQ, 250 E Parkcenter Blvd @ 11:30 AM to 1:30 PM. (1.5 CPE will be given for this meeting)

No cost for this CPE Event with an unwrapped toy donation for Toys-for-Tots.

Presentation Summary:  There is one constant in all our lives – change! Change is accelerating driven by disruptive technologies which are fueling innovative business models across every vertical from Banking to public services. To succeed with Innovation at speed, IT organizations must accelerate their release velocity – and do it with greater quality, security, assurance, and availability! Enter DevOps!

For most organizations, the transition to DevOps starts small, in a single team or a new project with cobbled together open source solutions, with security often an afterthought. To scale effectively, deploying daily or hourly or even more frequently, requires organizations treat security and audit as a first-class citizen – engaged in all aspects of the development and deployment lifecycle. Rob will share market trends, tips and techniques to incorporate audit and security needs into the complete DevOps lifecycle – delivering DevSecOps.

 After completing this session, you will be able to:

  • Explain the core DevOps and DevSecOps principles
  • Understand your role in DevOps and how to move to DevSecOps
  • Identify the key components of DevSecOps
  • Analyze select the appropriate audit and security techniques to incorporate into the DevSecOps processes and methodology

Robert A. Clyde is the immediate past chair of ISACA’s board of directors, independent board director for Titus, and executive chair of the board of directors for White Cloud Security. He serves as an executive advisor to BullGuard Software. Previously, he was CEO of Adaptive Computing, CTO at Symantec and a co-founder of Axent Technologies and Clyde Digital.

Rob Clyde

2019 Ethics Seminar (Partnered between ISACA and IIA)

2019 Ethics Seminar Topic:   Warning, AI is Watching!

Join us for this presentation by Dr. Brian Steverson – Gonzaga University

Time and Location: December 10th, at Albertsons HQ, 250 E Parkcenter Blvd @ 2:00 – 4:00 PM (Please park in a non-reserved parking space. Meet in the lobby at 1:45pm for security check-in.)

Pricing:
ISACA/IIA Member: $35
Students or ISACA / IIA Retirees: $10
Non-Members: $50

Warning, AI is Watching!
Auditing, financial reviews and fraud investigations involve the gathering, generation, and analysis of information. Modern information technologies, like data mining algorithms and artificial intelligence driven data analytics, will increasingly become necessary tools for auditors, fraud examiners, as well as other financial personnel. In this session we will discuss some of the ethical concerns that arise in the use of such information technologies as integral pieces in successful use of the data.

Dr. Brian K. Steverson is the John L. Aram Chair of Business Ethics in the School of Business Administration at Gonzaga University. Prior to assuming the Aram Chair, in 2008, he was a member of the Philosophy Department since 1992. He received his Ph.D. from Tulane University in 1991. He served as Faculty President at Gonzaga from 2014-2018. He was also a Faculty Regent from 2015-2018. His main areas of current scholarship are business ethics, professional ethics, and the ethics of entrepreneurship. His work has appeared in Environmental Ethics, the Online Journal of Ethics, Topics in Contemporary Philosophy, the Business and Professional Ethics Journal, the Journal of Ethics & Entrepreneurship, and the Journal of Jesuit Business Education. His The Ethics of Employment Screening for Psychopathy is in press with Lexington books. He is currently working on another book, An Ethics Primer for Fraud Examiners. He is also doing research with a colleague on entrepreneurs as agents of normative social change.

November 20, 2019 CPE Luncheon

Topic: Bridging the Gap Between IT and the Business

Join us for this presentation by Bill Spoehr – Albertsons Companies

Time and Location: November 20th, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

Presentation Summary:

ISACA and Protiviti have recently partnered to discuss tech partnerships, talent and transformation and said the following, “Organizations worldwide are focused on transformation. Some, in fact, can find themselves in a determined rush to automate, become more digital and bring in the latest advanced technologies. It is in these instances where IT audit can deliver value by providing a clear point of view on the underlying processes strategic technology projects are serving and by partnering effectively with the IT organization to ensure that these projects achieve their objectives, not only in terms of performance, but also in terms of appropriate controls. In the process, IT audit must have an agile, “next-gen” mindset and approach.”

Bill will discuss the challenges in achieving these goals in our November CPE event.

Biography:

As Chief Audit Executive responsible for all Internal Audit activities, Bill oversees a 25 person department based in 3 locations in the USA. Bill and his team report to the Audit Committee of the Board of Directors and execute a risk-based, rolling audit plan focused on business strategic risks and opportunities across IT (major initiatives include: cybersecurity, infrastruture, governance and risk, and IT operations), SOX compliance, supply chain and manufacturing, regulatory compliance, and various corporate functions.

Albertsons Companies is a leading food and drug retailer, headquartered in Boise, Idaho. One of the largest private companies in the United States with annual revenues of over $60 billion, the company operates stores across 35 states and the District of Columbia under 18 well-known banners including Safeway, Albertsons, Vons, Jewel-Osco, Shaw’s, Acme, Tom Thumb, Randalls, United Supermarkets, Pavilions, Star Market and Carrs.

Bill has extensive experience in financial and operational auditing and operations, and has developed and integrated corporate and operational teams in SEC accounting and reporting, GRC program development, and internal and external auditing.

Specialties: Auditing, Financial and IT GCC controls design and review, GRC matters, SEC reporting, Retail accounting and processes GAAP accounting compliance

October 16, 2019 CPE Luncheon

Topic:  Incident Response/Data Integrity

Join us for this presentation by Diego Curt, Chief Compliance Officer, Idaho Government.

Time and Location: October 16th, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

Summary:  How prepared are you in handling a major cyber incident? Have you setup your Cyber Incident Response capability for continuous improvement? When the cyber incident is over, can you produce metrics to help you improve your defenses? The State of Idaho recently overhauled their Incident Response capability to answer these questions and more. For many organizations, a cyber incident response capability is more reactionary than proactive in nature. In this presentation, you will learn how to apply NIST SP 800-53 Incident Response Controls in a practical way. How to utilize event recording and information sharing languages to derive meaningful metrics, and what the State of Idaho did to make it accessible throughout our great State.

Prior to June 2019, Diego was the State of Idaho’s Deputy Chief Information Security Officer and did more than set state-wide policy and direction to protect information system assets.  Using his more than 7 years IT Auditing and Performance Improvement experience within his 25-year IT career, he determined to apply and combine his unique education and experience in cybersecurity to simplify the implementation of major control frameworks such as NIST SP 800-53. Diego and a team of state agency personnel developed the State of Idaho’s first state-wide Incident Response capability based on best-practices. Diego is married to his best friend Dina and has three children all over 18 years of age. Diego is a U.S. Coast Guard veteran and loves to go out for a ride on his Harley when he can get the chance.