View
6
Download
0
Category
Preview:
Citation preview
OFFICERS
AND DIRECTORS
2005-2006
PRESIDENT Patricia A. Earl-Cole, CISA, CIA Lafarge North America (248) 447-2600 VICE PRESIDENT Brenda L. Karl, CISA Horn Murdock Cole (248) 633-2424
TREASURER Jamshid Sadaghiyani, CISA, CPA PricewaterhouseCoopers LLP (313) 394-6567
SECRETARY Michael A. Forrest, CISA Jefferson Wells (248) 226-1269
DIRECTORS
Arthur Abruzzo, CISA, CDP, CSP Amerisure Companies (248) 426-7944
Edward R. Barszcz, CIA, CFE Consultant (313) 278-3915
Paul L. Haley, CISA DTE Energy (313) 235-9244
Brandy A. Hanna, CISA, CPA Federal-Mogul Corporation (248) 354-2602
Donald K. Ledwith, CISA, CISSP, CSP Cindrich Mahalak & Company (586) 296-1155 ex. 241
John W. McCormick, CISA, CIA Horn Murdock Cole (248) 471-3075
John L. Quaine II, CISA, CPA, CIA Blue Cross Blue Shield of MI (313) 225-7663
Carrie Schrader, CISA, CBM, CFE KPMG LLP (313) 230-3222
Andrea M. Stromar, CISA
Jason A. Thompson Ford Motor Company (313) 598-3788
Douglas S. Wahr, CISA, CISSP The Auto Club Group (313) 436-7277
James M. Watson, CISA, CIA Ford Motor Company (313) 594-0609
Karine F. Wegrzynowicz, CISA, CIA Lafarge North America (248) 447-4726
Susan A. Yamin, CPA Comerica Inc. (313) 222-7730
Robert V. Yanik, CISA Blue Cross Blue Shield of MI (313) 225-7345
VOLUME 20, #8 REGION 2, CHAPTER 8 APRIL, 2006
Monthly Meeting
Wednesday, April 19, 2006
Member Madness Month
Pre-Dinner Topic: “Disaster Recovery and Business Continuity” James C. Hanlon Jr., CISSP, President & CEO, JC HanlonConsulting, Inc.
After-Dinner Topic: “Disaster Recovery and Business Continuity” James C. Hanlon Jr., CISSP, President & CEO, JC HanlonConsulting, Inc.
Date: Wednesday, April 19, 2006
Time: 4:30-5:00 Registration/Networking 5:00-6:00 Before-Dinner Presentation 6:00-7:00 Dinner 7:00-8:00 After-Dinner Presentation
Location: Tapestry (See map and directions on page 11) 24580 Evergreen Southfield, Michigan 48075 (248) 356-5602
Cost: $25.00 Members (For April only, a member may sign up at the member rate and bring a guest free. This does not apply to members who have a certificate for a
‘free’ evening) $35.00 Non-Members (For April only, a member may sign up at the non-member rate and bring a guest free. This does not apply to non-members who have a certificate for a ‘free’ evening) $10.00 Students and Retirees
Reservations will be taken by Suzanne McCormick. Please make reservations by NOON on Friday, April 14. You can make your reservation online at isaca-det.org or e-mail your reservation to Suzanne McCormick at jsmccor65@aol.com. If you do not have access to the Internet, call Suzanne at (248) 471-3075. Please include your name, certification, company, telephone number, and whether you are a Member, Non-member, Student or Retiree. All e-mail reservations will receive a personal confirmation that the reservation was received. Walk-ins are welcome.
Visit our web site at: isaca-det.org
DATABYTE
DATABYTE
_xààxÜ yÜÉÅ à{x cÜxá|wxÇà Dear Members, This year is passing by us quickly, and I am amazed at our meeting growth approaching our April meeting. I want to thank Paul Williams, Grey Hat Research Corporation, for an outstanding meeting. Although I wasn’t able to attend the meeting, I have heard nothing but wonderful feedback from those that were there. Our joint training conference with the IIA was once again a success, and I want to thank our Joint Seminars Committee, sponsors and vendors for that experience. It has been our goal this year to serve our membership and help foster your professional growth knowledge. We have been able to achieve that with an added training session this year during last August, as well as some sponsored events during the year for the meetings themselves. Once again we are going to sponsor a Member madness meeting for our April meeting. It will be the same format as the October meeting where there is one paid person and a guest can attend for free. Non-members will be at the non-member rate with a guest for free, and members will be at the member rate with a guest for free. We look forward to your participation in our activities this year as well as our motivation to bring you a professional program that will foster growth in your IT audit career. Our board has a collective goal to serve you our membership, and we are honored to carry out that responsibility. This year we have worked hard to bring our chapter many new ideas and different types of programs. I hope that these ideas and programs have helped improve your continuing education insight. If you have more thoughts, ideas for us, or you feel that we are falling short of our goals, please contact me at Patricia.Earl-Cole@lafarge-na.com. I wish to round out our year with the board with your input, and enhance your membership with ISACA as Membership Chair. Page 2
Please remember that the May meeting is our last meeting of the year, and we have some wonderful things planned for that meeting as well. I welcome any questions that you may have, and please feel free to contact me at Patricia.Earl-Cole@lafarge-na.com . Patti Earl-Cole, CISA, CIA President Detroit Chapter ISACA
THIINK SPRING
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
ADVERTISE IN THE
DETROIT CHAPTER DATABYTE ¼ PAGE AD - $25 ½ PAGE AD - $50
FULL PAGE AD - $100 SEND YOUR AD TO THE
FOLLOWING SUZANNE McCORMICK JSMCCOR65@AOL.COM
OR 248-471-3075
DATABYTE
SPEAKER INFORMATION
James C. Hanlon Jr., CISSP President and CEO
JC Hanlon Consulting, Inc. Jim's career has spanned over 31 years in various management roles within the Security, IT, Education, Healthcare, and Automotive industries. Jim left his position with a Tier 1 automotive supplier to develop a premier Business Continuity/Disaster Recovery, Security, and IT consulting and services firm. JCHanlon Consulting boasts IT Architects, Legal, Internal Audit, Security Officers, and BCP/DR Planners, from Fortune 150 and other mid to small sized businesses. Jim’s goal is to help organizations find responsible solutions for their compliance and other business needs. Jim had served in eighteen countries on four continents while developing and managing; information security, training, DR, and IT project groups along with national & global support centers for various organizations. Career highlights have included:
• Developed the first commercial 24x7, network incident response teams in the Detroit Metropolitan Area in 1987
• Responsible for the development and management of business continuity/disaster recovery plans for 200+ manufacturing plants, financial, and IT Services organizations
• Developed enterprise security policies, standards, and procedures
• Creation of physical security steering committees • Developed response plans for C-TPAT, SOX, FFIEC,
NCUA, and HIPAA compliance • Developed and managed international project
management and IT engineering teams • Awards by NATTS/CCA for development of
nationally recognized adult education model • Held a Top Secret security clearance while serving in
the US Air Force Affiliations:
• Board Member DDSEC (Downtown Detroit Security Executive Council) and GLBRG (Great Lakes Business Recovery Group)
• Secure Member FBI - Infragard Michigan and Pennsylvania and NCORP – the USCG National Council on Readiness and Preparedness
• Member ISACA, ISSA (Information Systems Security Association), HTCIA (High Technology Crime Investigation Association), AIAG (Automotive Industry Action Group), ASIS
Page 3
PRE-DINNER and AFTER- DINNER INFORMATION
“Disaster Recovery and Business Continuity”
At a time when we have experienced unprecedented issues that should drive home the message that organizations need to develop or improve their Business Continuity and Disaster Recovery programs, we find BCP&DR practitioners struggling to gain the momentum they need to get their programs to a level of being integrated into the business culture. We will explore some of the challenges as well as some new ideas and methods to aid in this effort.
Shown above with our Program Chair, Paul Haley, was the popular March pre-dinner and after-dinner speaker, Paul Williams from the Gray Hat Research Corporation Show below is Paul William
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
YEAR AT A GLANCE
April 5, 2006 Final Registration Deadline for the June 2006 CISA and CISM Exams April 14, 2006 Reservations due by noon for the April 19 ISACA dinner meeting April 19, 2006 Deadline for articles, information and advertisement for the May issue of the Databyte April 19, 2006 Chapter Meeting – Tapestry James C. Hanlon Jr., CISSP, President & CEO, JC Hanlon Consulting Inc. “Disaster Recovery and Business Continuity” May 12, 2006 Reservations due by noon for the May 17 ISACA dinner meeting May 17, 2006 Chapter Meeting – Tapestry Kim Winnik, Blue Cross Blue Shield of Michigan “Ethics” Derrick Buckingham, CISA, CISSP, CISM, Blue Cross Blue Shield of Michigan “Security Risk Assessment” June 10, 2006 Summer 2006 CISA and CISM Exams
Page 4
Information Systems Compliance Specialist at Federal-Mogul
You will be responsible for coordinating Federal-Mogul's Sarbanes-Oxley Section 404 and 302 Information Systems compliance efforts specifically around financial statement processes for SAP and other legacy systems. You will be required to manage large and diverse teams of stakeholders within and outside of Information Systems including Finance, Internal Audit, ethics and compliance. You will be integral to our sustaining activities and a change agent whom will drive new efficiencies and re-engineer internal control processes and practices. Prior experience developing audit plans, testing controls, and working with Sarbanes-Oxley are desirable as well as superior communications skills, business process management, issue management and leadership skills. Job Requirements: To be successful in this position, you must possess:
- Strong background in accounting, controls assessment, and process improvement - 5-7 years of Information Technology experience is required - 2-5 years of Information Technology Audit experience is preferred (specifically IT General Controls and
Application Reviews) - in Public Accounting and/or Internal Audit - Well developed knowledge of COBiT and COSO - SAP or ERP Experience preferred - Sarbanes-Oxley Experience - BS in Financial/Accounting Information Systems, Accounting, or Management Information Systems is
required - CISA and/or CIA certification a plus
Federal-Mogul Corporation is a leading global supplier offering a comprehensive portfolio of quality products, trusted brands and creative solutions to the automotive and other industries. The Company utilizes its engineering and materials expertise, proprietary and innovative technology, manufacturing skill, distribution flexibility and marketing power to create value for its stakeholders. The Company's principal customers include many of the world's foremost original equipment manufacturers of vehicles and industrial products, aftermarket retailers and wholesalers. Headquartered in Southfield, Michigan, Federal-Mogul's rich heritage began in Detroit, Michigan in 1899. Today, Federal-Mogul employs more than 45,000 people in 29 countries. Interested, qualified candidates are encouraged to submit a resume to on Federal-Mogul.com by clicking on the "Careers" link.
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
New Detroit Chapter Members
Pulsi Jason Alexander Sumeer Dosanjh Nathanael J. Ross Samantha Balinski Christine M. Filary Thomas Schneider
Krysta Bartnick Edward M. Flanagan Sam Shim Thomas C. Bartol Mahendran Govinda David Soubly Brooke L. Bauer John Heymes Sily Sudhir
Todd J. Bauer Bheshaj K. Krishnappa Kurt M. Weirich Spiros Borotis John F. Mbaga Charles Williams
Sean M. Cassady Adam F. Mbaga Lily B. Yeoh Yogesh Chavarkar Indira Nandyal Mujee Yoosufani
Sarah Cook Alvin B. Riddle
Recent ISACA Certifications CISA Certification
Aubrey L. Blakely Rocklin C. Dunlap Jason A. Thompson Rick E. Bober Donna Kischuk Bruce A. Wilson
Gregory D. Boehmer John Pilch
The Following People Passed the CISA CISM Exam Given in December of 2005
CISA Exam
John S. Gilmour Julia O’Neill
William L. Wayland
CISM Exam
Greg J. Avesian Mark S. Henry Philip Schuster Timothy R. Hellebuyck Abhishek R. Narula Kasi S. Viswanathan
Peter J. Reuter
The people who passed the CISA or CISM Exam in December of 2005 will be receiving certificates for a free May17, 2006 ISACA meeting and dinner. If you passed the exams and your name was not in the above list, you may have marked the box indicating that HQ was not to release the results to the local chapter.
Shown at left with our Program Chair, Paul Haley, is the February pre-dinner speaker, Charles T. Oxender.
Page 5
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
ARE YOU MISSING OUT On the benefits of Certification?
Register now for the June 10 Exam Deadline for Registration for June 10 Exam is April 5, 2006
FREE CISA – CISM Exam Review Class The Detroit Chapter is once again proud to present an exam review class for those registered or considering to take the either the CISA or CISM exam. Both classes will be held at the Blue Cross Blue Shield facility in Southfield, Michigan in separate rooms. See the schedule below. There is no charge for the class, but the review manual from ISCA International is recommended. Books and study aids can be ordered online from the ISACA bookstore for the CISA or CISM. Please register via the website www.isaca-det.org, or e-mail your registration to Mike Forrest at michael.forrest@jeffersonwells.com.
You will receive directions to BCBSM facility and a class schedule via e-mail in April.
CISA & CISM Exam Review Class Schedule: Saturday, April 29, 2005 8:00 a.m. to 5:00 p.m. Thursday, May 4, 2006 6:00 p.m. to 9:00 p.m. Thursday, May 11, 2006 6:00 p.m. to 9:00 p.m. Thursday, May 18, 2006 6:00 p.m. to 9:00 p.m. Thursday, May 25, 2006 6:00 p.m. to 9:00 p.m.
Remember, the CISA Exam content has changed for 2006 based on ISACA’s job practice study. The content areas for the June 2006 examination are:
• IS Audit Process – 10% Provide IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its information technology and business systems are protected and controlled.
• IT Governance – 15% To provide assurance that the organization has the structure, policies, accountability, mechanisms, and monitoring practices in place to achieve the requirements of corporate governance of IT.
• Systems and Infrastructure Lifecycle – 16% To provide assurance that the management practices for the development/acquisition, testing, implementation, maintenance, and disposal of systems and infrastructure will meet the organization’s objectives .
Information Continued on Page 7 Page 6
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Exam Information Continued From Page 6
• IT Service Delivery and Support – 14%
To provide assurance that the IT service management practices will ensure the delivery of the level of services required to meet the organization’s objectives.
• Protection of Information Assets – 31% To provide assurance that the security architecture (policies, standards, procedures, and controls) ensures the confidentiality, integrity, and availability of information assets.
• Business Continuity and Disaster Recovery – 14% To provide assurance that in the event of a disruption the business continuity and disaster recovery processes will ensure the timely resumption of IT services while minimizing the business impact.
Register via the website www.isaca-det.org, or e-mail your registration to Mike Forrest at michael.forrest@jeffersonwells.com. Registration: Name: E-mail address: Day Time Phone No. Employed by: Registered for the CISA ______ CISAM______
Need CPEs For Your Certification? Exam Writer’s Program Program Objectives In order to continue to offer an examination that measures a candidate’s knowledge of current audit, security and control practices, new questions are regularly required for the CISA and CISM Examinations. The CISA/CISM Item Writer Program was designed to have professionals in the field of IS audit, control and / or security write questions for the CISA/CISM Exam Pools. Questions are sought from experienced practitioners who can develop items that relate to the application of sound audit principles and practices. Continuing education hours and cash payments are offered as incentive to question writers. How You Can Participate In This Important Program If you are interested in participating in the CISA Item Writer Program, please contact the Certification Department at ISACA International:
Phone: 847.590.7471 Email: cisa@isaca.org or cism@isaca.org
Page 7
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
At the March Student Night meeting, students attended form Eastern Michigan University, Oakland University, Wayne State University and the University of Detroit Mercy.
Page 9
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Shown on the left with Paul Haley and Dr. D. Robert Okopny are the March Student Scholarship winners, Marijana Adzic and Ben Abbott.
Page 10
DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
TAPESTRY 24580 Evergreen
Southfield, Michigan 48075 (248) 722-1547
Tapestry is located near major freeways. It is ¼ mile from Highway 10 (the Lodge) and just 1 mile south of I-696 on Evergreen. Tapestry is south of the Speedway Gas station that is located on the SE corner of the Lodge and Evergreen. Tapestry is on the East side of Evergreen Road and is a single story dark beige building. (It was previously a Bill Knapp’s restaurant)
From the Troy Area: Take I-75 South to 696 West. Take 696 West to Exit #11 Evergreen Road. Turn left onto Evergreen Road. Tapestry is just over a mile (1.1) on the left hand side (East side) of Evergreen.
From Detroit: Take The John C. Lodge MI-10 North out of Detroit. Take the Lodge North until the Ten (10) Mile Evergreen Road Exit. Turn left onto Evergreen Road. Evergreen is the first major intersection off of the Lodge. Tapestry Restaurant is only a tenth of a mile on Evergreen on the left hand side (East side).
From Farmington/Novi Area: Take 696 East (Walter P. Reuther) to the John C. Lodge MI 10 South. Follow the John C. Lodge MI 10 for 2 ½ miles to the Evergreen Ten (10) Mile Road Exit. Follow the service drive to Evergreen Road (past 10 Mile Road) and turn Right. Tapestry is less than a tenth of a mile on Evergreen on the left hand side (East side).
From Dearborn/South/Southwest Area: Go to Telegraph Road. Take Telegraph North to Nine (9) Mile Road. Turn right onto Nine Mile to go East. Take Nine Mile for approximately 2 Miles to Evergreen and turn left. Take Evergreen North less than a mile and Tapestry is on your right (East) before 10 Mile Road.
Page 11
696
39
10
Evergreen Road
Southfield Road
Lahser Road
Berg R
oad
Telegraph Road
24
John C. Lodge Freeway
11 Mile road
10 Mile road
9 Mile road
Tapestry24580 Evergreen
Southfield, Mi 48075
Northwestern Highway
DINNER BUFFET
FIELD GREENS with Mandarin Oranges & Raspberry Vinaigrette SLICED SIRLOIN with Red Wine Reduction and Crispy Onions BREAST OF CHICKEN with Apples and Whole-grain Mustarg SWEET CORN with Peppers and Onions GRALIC MASHED YUKON GOLD POTATOES VANILLA ICE CREAM with Chocolate Sauce OPEN BAR BEER AND WINE ONLY NO OTHER LIQUOR AVAILABLE
(VEGETARIAN PLATE AVAILABLE BY PRE-REGISTRATION ONLY)
DATABYTE
SUZANNE McCORMICK, EDITOR 30032 FINK AVENUE FARMINGTON HILLS, MI 48336 (248) 471-3075 Jsmccor65@aol.com
April 5, 2006 Final Registration Deadline for the June 2006 CISA and CISM Exams April 14, 2006 Reservations due by noon for the April 19 ISACA dinner meeting April 19, 2006 Deadline for articles, information and advertisement for the May issue of the Databyte April 19, 2006 Chapter Meeting – Tapestry James C. Hanlon Jr., CISSP, President & CEO, JC Hanlon Consulting Inc. “Disaster Recovery and Business Continuity”
The Month At A Glance
Menu – April 19, 2006 The Chapter must provide the number of reservations by NOON on the Friday before the meeting. To ensure that we can accommodate those who wish to attend and the facility can provide the best service possible, please make your reservations early. If you have made a reservation and cannot attend, please call Suzanne McCormick at (248) 471-3075. Your cooperation is greatly appreciated.
MARCH DRAWING WINNERSRick Kugel
Srinivas MysoreMike Stolarczyk
Michael Yaskanin
Recommended