opening keynote brent bushnell - isaca€¦ · opening keynote brent bushnell ... engagement for...

OPENING KEYNOTE

BRENT BUSHNELL CEO of Two Bit Circus, a Los Angeles-based

experiential entertainment company

GROW YOUR NETWORK. ENHANCE YOUR KNOWLEDGE.

Connect with experts, inspiring minds and dynamic professionals in information systems audit, assurance, control and security, and business from around the globe. Earn up to 39 CPE hours at invaluable workshops and breakout sessions. Secure new knowledge, state-of-the-art techniques and leading-edge solutions that will help you bring fresh value to your enterprise and advance your career.

Join the industry’s movers and shakers at ISACA®’s industry-leading conference for business and information systems audit, compliance, control and security professionals, North America CACS Conference, in Las Vegas, Nevada, USA from 1 – 3 May 2017.

Acquire new tools and techniques, grow your expertise, your network of experts, and meet leaders in technology and business. Be better prepared for the fast-changing world of information systems audit, control and security.

#NACACS

NORTH AMERICA CACS 2017

OPENING KEYNOTEMonday, 1 May | 8:30AM

The Importance of Hard ProblemsIn this high-energy talk, Brent will dive deep into why the only problems worth solving are the hard ones. One part carny irreverence, one part futuristic fun, and one part change the world, you won’t want to miss it!

Most recently Bushnell’s team launched STEAM Carnival, a modern re-imagining of the midway to inspire kids about science, technology, engineering, art and math. Previously, he was the on-camera inventor for the ABC TV show Extreme Makeover: Home Edition. He is a co-founder of Anti-Aging Games creating casual games to reduce the risk of early memory loss, and a founding member of Syyn Labs, a creative collective combining art and engineering to create high engagement for large brands and brands including Google and Disney, and responsible for the viral hit Rube Goldberg music video for OK Go that garnered 40 million views on YouTube. In his spare time, Brent mentors teens in game development and entrepreneurship via programs such as Spark and NFTE.

BRENT BUSHNELL CEO of Two Bit Circus, a Los Angeles-based experiential entertainment company

KEYNOTE SPEAKER

EARN UP TO 39 CPE HOURS!www.isaca.org/CACSbr17

START FOLLOWING BRENT ON TWITTER NOW @BRENTBUSHNELL

GAIN FRESH KNOWLEDGE AND NEW SKILLS FROM EXPERTS BEGINNING SATURDAY, 29 APRIL.

North America CACS 2017 is bigger than ever—with over 90 different sessions to choose from. You have the most options to design the conference experience you want and build your expertise, ability, and value in more ways than ever before! These sessions offer in-depth insight on emerging trends, best practices and business-critical challenges, and provide the tools and techniques you need to survive and thrive in the increasingly complex world of information systems audit, assurance, control, and security. Learn from industry experts and innovators—many from top global organizations—as they lead you through hands-on participation, interactive discussions and engaging case studies that will help you work smarter, faster, and with more confidence upon your return to your enterprise.

CHOOSE FROM OVER 90 SESSIONS ACROSS 9 DIFFERENT TRACKS:

AUDIT & ASSURANCE

AUDIT & ASSURANCE—ADVANCED

SECURITY/CYBERSECURITY—MANAGERIAL

SECURITY/CYBERSECURITY—TECHNICAL

INTEGRATED RISK MANAGEMENT

DATA ANALYTICS & BIG DATA

LEADERSHIP DEVELOPMENT & CAREER MANAGEMENT

GOVERNANCE

INDUSTRY TRENDS & INSIGHTS

ISACA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education (CPE) on the National Registry of CPE sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE sponsors through its website: www.learningmarket.org.


#NACACS


SESSIONS

Sessions:

111 SCADA and IoT

121 The Rise of Fintech and the Impact on IA

131 The IoT: What does this mean to IA?

141 Auditing Network Devices

211 Agile & Compliance

221 Machine Learning for Auditors

231 Auditing Cybersecurity

241 Auditing for HIPAA Compliance

251 Leverage Data Analytics in Internal Audit

311 NIST Cybersecurity Audit/Assurance Program

Sessions:

112 Navigating Third Party Risk Management

122 Cloud Security Strategy & Considerations

132 Zero Trust Networks for Audit & Compliance

142 Protecting Sensitive Data in the Cloud

212 IT Audit—From Big Brother to Big Partner

222 Impact of AI on Audit and Assurance

232 An Auditor’s Guide to Assessing Crypto

242 AICPA Cyber-Risk Management Reporting Framework

252 How Analytics Can Transform Internal Audit

312 Compliance in the Clouds

Advance your knowledge and skills, and optimize your information systems auditing and assurance expertise. Take a proactive approach to avoiding the negative consequences of non-compliance. Return to your enterprise with a greater ability to identify risks and opportunities related to creating value for enterprises through information and technology. Designed by and for IT audit and assurance professionals, this track enables individuals and organizations to formulate robust plans for audit career growth and retention.

Increase your knowledge of advanced audit tools and techniques to prepare for today’s complex technical environment. This track covers methodologies of information technology you need to know to understand the audit concerns in the IT environment. It will emphasize advance IT audit concepts through case studies and real world examples. Attendees will gain an understanding of basic IT audit concepts that can be used to facilitate integrated audit efforts within their organization. The track will also provide attendees the opportunity to learn auditing techniques of IT applications supporting key business processes.

TRACK 1: AUDIT & ASSURANCE

TRACK 2: AUDIT & ASSURANCE—ADVANCED

Sessions:

113 Threats and Challenges in Healthcare

123 Using Internal Audit for Info Security

133 Top 10 Cyber-Risks

143 Enterprise Cybersecurity Governance

213 Internet of Things

223 Technical Implementation of NIST/FFIEC CSF

233 What Auditors Need to Know: Mobile Security

243 Practical Approach to Cybersecurity

253 Security Monitoring and Attack Detection

313 Cybersecurity: Threat to Banks

Sessions:

114 Conducting a Phishing Awareness Program

124 Encryption: Policy to Practice

134 Threat Intelligence—Exploiting Hackers

144 Canaries in a Coal Mine…

214 Your Responsibility in Cloud Security

224 Cybersecurity Kill Chain

234 Prioritize Vulnerability Remediation

244 Learning from Failure

254 Application Security & Why You Should Care

314 FFIEC Cybersecurity Assessment Tool

Embrace expert insights and delve into how security issues and the growing cyber security threat to enterprises worldwide impact the role and demands on audit and assurance, as well as security professionals. Advance your expertise in identifying threats, assessing enterprise security, lowering risk and improving assurance for enterprises in a variety of industry verticals. Topics in this track focus on providing tools and guidance of greatest value.

Increase your ability to recognize threats and vulnerabilities associated with the enterprise IT infrastructure and advance your understanding of how to respond to the increasing cyber risks by utilizing security tools and techniques to protect against them. Attendees will be exposed to multiple cybersecurity technologies, processes, and procedures, learn how to analyze the threats, vulnerabilities and risks present in these environments, and develop appropriate strategies to mitigate potential cybersecurity problems.

TRACK 3: SECURITY/CYBERSECURITY—MANAGERIAL

TRACK 4: SECURITY/CYBERSECURITY—TECHNICAL


#NACACS


SESSIONS

Sessions:

115 Cyber Risk is Biz Risk

125 Managing ERP Cloud Risks and Controls

135 Managing Emerging Technology Risk

145 Creating a Risk Resilient Culture

215 Resilient ERM Framework—Startup to Listed

225 Transactional Security Risk Assessment

235 Raising the Bar: Cyber Risk Management Oversight and Reporting

245 Modeling an Asset Risk Management Program

255 Consequences That Matter—IT Risk

315 Audit & Security: Combating Emerging Threats

Sessions:

116 Evolution of Risk Assessments with D&A

126 Fraud Detection Using Data Analysis

136 Analytics Success: Why Now & How To?

146 Transforming IT Audit with Analytics

216 Why Analytics Fails and How to Fix It

226 Cross-Functional Methodology for Analytics

236 Proactive Compliance Data Analytics Program

246 Where Audit Analytics Meets Open Source

256 Creative Visualization for Data Analytics

316 Building a Fraud & Spend Review Program

Understand the core concepts of Risk Management. It is an important part of a sound governance program. This track will provide an overview of integrated risk management and explain IT Risk across the enterprise. It will cover complicated techniques and approaches in both IT, business, and leadership. Learn to develop IT Risk’s message and explain consequences. Learn to understand risk culture of the enterprise, develop a basic roadmap and guidelines that can be implemented at various levels within the enterprise.

Understand the role Data Analytics and Big Data play in today’s environment and their use in audit and assurance, including examples of best practices. Attendees will hear real world examples of the implementation of advanced techniques and concepts. Attendees will also gain insights into key considerations for an analytics program and learn how to apply analytics to help manage an audit engagement. Learn to leverage analytics to augment audit strategy and identify multiple usages of analytics in audit.

TRACK 5: INTEGRATED RISK MANAGEMENT

TRACK 6: DATA ANALYTICS & BIG DATA


Sessions:

117 Soft Skills: The Key to Employee Success

127 How to Prepare to Pass the CISA® Exam

137 10 Must Have Skills for the 2020 CISO

147 How to Build and Grow Your IT Security Team

217 Tips for Effective Presenting

227 How to Communicate Effectively in an Audit Engagement

237 Geek Speak to Business Speak, 2.0

247 Digital Skills and Talent Management

257 IS Audit Tips in Dealing with the IT Crowd

317 Security Strategies—Rally the Workforce

Sessions:

118 Help Management Understand SOC Reports

128 What’s Missing in IT Security Governance?

138 Using COBIT® 5 in Support of RMF

148 BIA: The Root of Security & Recovery Plans

218 “GEAR” Up with a new GRC Model & Benefits

228 Understanding and Evaluating SOC Reports

238 How to Apply COBIT 5 in Govt: The CBN Story

248 Using COBIT 5 to Solve Real World Problems

258 Vendor Management with COBIT 5

318 A Risk-based Approach to Data Governance

Gain insights and strategies that can help reinforce or build on your credibility and career. Embrace the “soft skills” that leaders in private and public sectors count on. Improve your communications and presentations abilities, and better manage your agenda, projects and people—to take your enterprise and role to the next level and the levels beyond.

Better understand what a Big Data environment looks like from an audit and governance perspective. See how it’s changing the face of opportunity, and creating challenges for audit, governance and security professionals. Identify keys to building a sustainable data analytics program matched with your your enterprise’s needs. Leverage expert perspectives on the processes and technologies that need to be managed and how they will impact short- and long-term success.

TRACK 7: LEADERSHIP DEVELOPMENT & CAREER MANAGEMENT

TRACK 8: GOVERNANCE

Join in the discussion of what is coming next and how it will impact your role, your enterprise and the world we know. Interact in smaller groups and gain insights on a wide range of topics currently impacting assurance, risk, security, privacy, particularly those that will impact your future role and success of enterprises everywhere.

TRACK 9: INDUSTRY TRENDS & INSIGHTS

#NACACS

WORKSHOPS


CONFERENCE WORKSHOPS

Hone your skills in cutting-edge workshops on hot-button issues that impact your field of information systems. New this year, each 2-day pre-conference workshop has a 1-day post-conference counterpart that enables you to take lessons learned in the topic area to the next expert level. Choose from exciting interactive sessions in audit, compliance, risk, governance and cyber security. Sign up today!

EARN 14 CPE HOURS BY ATTENDING ONE OF THE PRE-CONFERENCE WORKSHOPSSaturday, 29 April 9:00AM – 5:00PM and Sunday, 30 April 9:00AM – 5:00PM

WS1: COBIT® 5 FOUNDATION

Mark Thomas, CGEIT, CRISC President | Escoute After completing this workshop, you will be able to understand: • How IT management issues are affecting organizations. • The need for an effective framework to govern and manage enterprise IT. • How COBIT meets the requirement for an IT governance framework. • How COBIT is used with other standards and best practices. • The functions that COBIT provides and the benefits of using COBIT. • The COBIT Framework and all the components of COBIT. • How to apply COBIT in a practical situation.

TAKE THE COBIT EXAM AT NORTH AMERICA CACS 2017Monday, 1 May 2017 After completing Workshop 1: COBIT 5 Foundation, attendees will have the opportunity to take the COBIT 5 Foundation exam at the conference for an additional US $150! The exam will take place on Monday morning, before the opening keynote presentation.

A study session will also be held on Sunday evening.


WS2: CYBERSECURITY FUNDAMENTALS

WS3: APPLIED DATA ANALYSIS

Todd J. Fitzgerald, CISA, CISM, CGEIT, CRISC Global Director, Info Security | Grant Thornton International, Ltd After completing this workshop, you will be able to: • Understand basic cyber security concepts and definitions. • Define network security architecture concepts. • Recognize malware analysis concepts and methodology. • Identify computer network defense (CND) and vulnerability assessment tools, including open source tools and their capabilities. • Explain network systems management principles, models, methods, and tools. • Distinguish system and application security threats and vulnerabilities. • Classify types of incidents (categories, responses, and timelines for responses). • Outline disaster recovery and business continuity planning. • Comprehend incident response and handling methodologies. • Understand security event correlation tools, and how different file types can be used for atypical behavior. • Be aware of the basic concepts, practices, tools, tactics, techniques, and procedures for processing digital forensic data. • Recognize new and emerging information technology and information security technologies.

TBA After completing this workshop, you will be able to: • Better understand which IS audit phases and which automated data analysis procedures will be beneficial, either in the planning phase, testing phase or follow-up phase. • Learn techniques to apply data analysis to the IT event tracking systems to better understand the enterprise environment to aid annual planning, engagement planning and testing planning. • Gain practice accessing and analyzing Active Directory data. • Obtain techniques to analyze logical access data as it relates to segregation of duties, phantom access, access policy configuration and adherence. • Compare system configuration files to determine drift. • Apply analysis techniques to multiple files associated with change management.

#NACACS

WORKSHOPS

WS4: CISA® PREP COURSE

Kenneth Schmidt, CISA R&M Consulting After completing this workshop, you will be able to: • Learn the specific requirements for passing the CISA Exam and attaining your Certification. • Utilize ISACA materials to prepare for and pass the CISA Exam. • Learn successful methods of “how to” evaluate exam questions and answers, including analysis and explanations. • Review useful, proven information on study and exam time management. • Complete and review a mock exam, with every question and answer explained.

#NACACS

Tuesday, 2 May | 6:30PM – 9:00PM

CRANK YOUR IDEAS UP A GEAR Wind back to the age of H.G. Wells and Jules Verne and experience the future as they saw it. Join fellow attendees for a fantastic journey that will spark wonder and innovation. The Tuesday evening networking event pays homage to the creative and surreal imaginings of modern Steampunk. As a conference attendee, enjoy complimentary food, beverages and entertainment in the Chelsea Theater at the Cosmopolitan Hotel. Guest tickets will also be available for US $150.



EARN 7 CPE HOURS BY ATTENDING ONE OF THE POST-CONFERENCE WORKSHOPSWednesday, 3 May 1:30PM – 5:30PM and Thursday, 4 May 9:00AM – 12:30PM

WS5: THE INTERSECTION OF IT AND ASSURANCE BY LEVERAGING COBIT® 5

Mark Thomas, CGEIT, CRISC President | Escoute After completing this workshop, you will be able to: • Recognize the applicable products in the COBIT 5 product family needed to develop a holistic approach to assurance. • Understand the elements of creating a value-based approach to developing an assurance strategy for IT. • Appreciate the intersection of balancing performance and conformance with respect to assurance of IT services.

WS6: USING RISK SCENARIOS

Lisa Young, CISA, CISM Vice President, Service Delivery | Axio Global After completing this workshop, you will be able to: • Understand the context for risk management in business terms. • Define Risk scenarios and risk factors. • Understand when to use or develop risk scenarios. • Express and describe the impact of risks in business terms. • Determine if your risk management process/program is mature enough for using risk scenarios.

Join us for exciting networking opportunities throughout the conference.

WELCOME RECEPTION Sunday, April 30 | 5:30PM – 6:30PM

NETWORKING RECEPTIONMonday, 1 May | 5:15PM – 7:15PM

NETWORKING RECEPTIONMonday, 1 May | 7:15PM – 8:45PM

Connecting Women Leaders in Technology

ENGAGE. EMPOWER. ELEVATE.

WORKSHOPS


WS7: CYBERSECURITY FOR AUDITORS

WS8: IT AUDIT: TAKING THE NEXT STEP

Russell Horn, CISA, CRISC John Edward McMurray, CISA President Asst. Director, Security Services CoNetrix CoNetrix

Stephanie Alexis Chaumont, CISA Security and Compliance Consultant CoNetrix

After completing this workshop, you will be able to: • Audit an organization’s cyber security posture. • Evaluate cyber security inherent risk. • Define audit evidence requests needed to evaluate an institution’s cyber security controls. • Be aware of basic policies, practices, technologies, tools and controls used to enhance cyber security. • Examine ways to assess an organization’s cyber security maturity. • Recognize new and emerging cyber-attacks, threats, and vulnerabilities. • Discuss cyber security frameworks and assessment tools currently available. • Understand and use the ISACA NIST Cybersecurity Framework Audit Work Program.

Nathan A. Anderson, CISA, CRISC Divisional Vice President, Internal Audit Sears Holding Corporation

After completing this workshop, you will be able to: • Conduct risk assessments and develop the audit plan. • Milestones and metrics for managing operational audits and compliance activities. • How to effectively communicate with leadership including: – writing impactful audit reports. – managing outstanding audit issues. – reporting to the audit committee. • Understand measures and metrics for successfully governing internal audit. • Consider strategies for: – Optimizing and enhancing Internal Audit workpapers. – Optimizing compliance activities. • Hiring and developing an effective team.


#NACACS

LOOKINGTO SAVE MORE

ON CACS?

Enjoy Member Discounts Non-members, start enjoying the benefits of ISACA membership today. As a member, you will save US $200 on registration for this conference, and save more on hundreds of other ISACA products. This offer expires 30 days after completion of the conference. Don’t miss this opportunity—apply today!

Your North America CACS 2017 Conference and workshop fees include:

Group DiscountsISACA offers discounts to organizations sending 4 or more employees to a single conference. Please contact ISACA’s Training & Education Department for more details at +1.847.660.5505 or [email protected].

Register and pay BY 25 April 2017* Member ...............................US $1,745 Non-member .......................US $1,945

Register and pay AFTER 25 April 2017** Member ...............................US $1,945 Non-member .......................US $2,145

One-Day WorkshopMember ...............................US $650 Non-member .......................US $850

Two-Day Workshop Member ...............................US $850 Non-member .......................US $1,050

*All registration fees must be paid in full by midnight on 25 April 2017 or regular registration rates will apply. **If registration fees are paid after midnight on 25 April 2017, onsite registration rates will apply. See website for details.All fees are quoted in US dollars. The entire registration fee must be received by ISACA before your registration will be considered paid in full. Cancellation Deadline: 31 March 2017. Cancellation policy and other details can be found at www.isaca.org/CACSbr17

Workshop PricingWorkshops have limited capacities and will only be available on a first-come, first served basis. Be sure to register and pay today to secure a seat in your preferred workshop.

• Continental breakfast

• Lunches

• Morning and afternoon refreshment breaks

• Access to networking events

• Wireless internet access in all meeting spaces

• Access to the Expo Hall

• Access to Vendor Spotlight Education Sessions

Save with Online Registration be 25 April

MAXIMIZE YOUR SAVINGS

THANKS TO OUR SPONSORS!

PLATINUM

GOLD

DeloitteKPMGProtivitiPwC

SAI Global

BRONZE

Capital One GCA Technology Services

QualysR-CAP

SILVER

CyberArk Software Maclear SecZetta

SSH Communications Security

Save On Your Stay For the best possible North America CACS experience, stay at the host hotel—The Cosmopolitan of Las Vegas. In addition to the convenience and instant access to all conference activities, ISACA’s special conference and group rates offer the splendors of the lavish Cosmo at impressive discounts!

THE COSMOPOLITAN OF LAS VEGAS 3708 Las Vegas Boulevard SouthLas Vegas, NV 89109Phone: 702.698.7000

ISACA’s North America CACS Room Rate: US $254 + tax, single/double occupancy

Group Rate Deadline: 3 April 2017*

Group Reservation Link: https://resweb.passkey.com/go/SISAC7

*Book your room today! There are a limited number of rooms available at ISACA’s Group Room Rate and reservations will be handled on a first-come, first served basis. All reservations made after the deadline or after the room block fills are subject to space and rate availability. In order to guarantee hotel reservations, guests will be required to provide a credit card and will be charged a deposit equal to one night’s rate plus tax. Cancellations with full refund will be allowed up until 72 hours prior to the arrival date of the reservation.

ACCOMODATIONS, VENUE AND REGISTRATION

3701 Algonquin Road, Suite 1010Rolling Meadows, IL 60008 USA

NORTH AMERICA CACS 2017 GIVES YOU THE OPPORTUNITY TO:

• Gain tools and resources immediately applicable to your role and goals

• Choose from more cutting-edge sessions and workshops than ever

• Connect with highly respected IS/IT and business professionals

Register at www.isaca.org/CACSbr17

© 2017 ISACA. All Rights Reserved.

PRST STDU.S. POSTAGE

PAIDMUNDELEIN, IL 60060

PERMIT NO. 370

REGISTER ONLINE & SAVE BY 25 APRIL

opening keynote brent bushnell - isaca€¦ · opening keynote brent bushnell ... engagement for...

Documents