North America CACS Presentations and Descriptions 




WS1–COBIT 5 Foundations

Mark Thomas


Learn the importance of an effective framework to enable business value. Delve into the elements of ISACA’s evolutionary framework to understand how COBIT 5 covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach.

After this workshop, you will be able to understand:

  • How IT management issues are affecting organizations
  • The need for an effective framework to govern and manage enterprise IT
  • How COBIT meets the requirement for an IT governance framework
  • How COBIT is used with other standards and best practices
  • The functions that COBIT provides and the benefits of using COBIT
  • The COBIT Framework and all the components of COBIT
  • How to apply COBIT in a practical situation

WS2–Cybersecurity Fundamentals

Jeff Roth


Why become a cyber security professional? The protection of information is a critical function for all enterprises. Cyber security is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of Information Technologies (IT). The CSX Fundamentals workshop is designed for this purpose, as well as to provide insight into the importance of cyber security, and the integral role of cyber security professionals. This workshop will also prepare learners for the CSX Fundamentals Exam.

After this workshop, you will be able to:

  • Understand basic cyber security concepts and definitions
  • Define network security architecture concepts
  • Recognise malware analysis concepts and methodology
  • Identify computer network defense (CND) and vulnerability assessment tools, including open source tools and their capabilities
  • Explain network systems management principles, models, methods, and tools
  • Distinguish system and application security threats and vulnerabilities
  • Classify types of incidents (categories, responses, and timelines for responses)
  • Outline disaster recovery and business continuity planning
  • Comprehend incident response and handling methodologies
  • Understand security event correlation tools, and how different file types can be used for atypical behavior
  • Be aware of the basic concepts, practices, tools, tactics, techniques, and procedures for processing digital forensic data
  • Recognise new and emerging information technology and information security technologies

WS3–CISA Cram Course

Al Marcella


Join fellow CISA exam candidates along with a CISA-certified trainer for a unique exam prep experience. The CISA Exam Prep Course is an intensive, cram-style course that will cover some of the more challenging topics from the CISA job practice. Drill through sample exam items, ask your most pressing questions and get the answers to build your confidence as you prepare for exam day.

After this workshop you will be able to:

  • Learn the specific requirements for passing the CISA Exam and attaining your Certification
  • Utilize ISACA materials to prepare for and pass the CISA Exam
  • Learn successful methods of "how to" evaluate Exam questions and answers, including analysis and explanations
  • Review useful, proven information on study and exam time management
  • Complete and review a mock exam, with every question and answer explained

WS4–Develop and Implement a Risk Management Process

Lisa Young


Risk management broadly defines the process used by organizations to identify, analyze, and address risks that can interrupt or disrupt the organization’s ability to carry out its core functions and meet its mission. Unlike other types of enterprise risks, operational risks emanate from the day-to-day activities and business processes used to meet the strategic objectives of the organization. This session will explore all of the components needed for a successful risk management process in your organization.

After this workshop you will be able to:

  • Set the context for risk management
  • Risk Taxonomy – a common language for describing risk
  • Understand how to use risk scenarios
  • Express risk in business impact terms using risk Impact Criteria
  • Quantify your Cyber and IT risk exposures using Impact Criteria
  • Risk Management Process – how it all works together

WS5–Cybersecurity for Auditors

Instructor Coming soon!

Cyber security focus is a requirement for any organization today, but how can a company know and understand what their cyber security posture is? A strong cyber security audit program with qualified, capable auditors and a robust work program or standard is a must. During this workshop, we will dig into the details of cyber security audit. We will evaluate the ISACA NIST Cybersecurity Framework Audit Work Program as well as various cyber security frameworks and tools including the NIST Cybersecurity Framework and the FFIEC Cybersecurity Assessment Tool.

After this workshop, you will be able to:

  • Audit an organization’s cyber security posture
  • Evaluate cyber security inherent risk
  • Define audit evidence requests needed to evaluate an institution’s cyber security controls
  • Create awareness of basic policies, practices, technologies, tools and controls used to enhance cyber security
  • Examine ways to assess an organization’s cyber security maturity
  • Recognize new and emerging cyber-attacks, threats, and vulnerabilities
  • Discuss cyber security frameworks and assessment tools currently available
  • Apply the principles of the ISACA NIST Cybersecurity Framework Audit Work Program

WS6–Leverage Data Analytics in Internal Audit

Michael Kostanecki


During this course you will learn how to use Data Analytics to increase internal audit effectiveness, identify opportunities to analyze various data sources leading to powerful insights and resulting in improved decision making. This will be demonstrated by reviewing various Data Analytic techniques and scenarios which will include real world client examples and applications with demos using ACL Analytics and other tools.

After this workshop you will be able to:

  • Create automated processes to eliminate routine manual analysis and increase internal audit effectiveness
  • Learn how to use and translate data into a “story” about key characteristics or past trends
  • Combine different data sources to increase opportunities for driving management insight
  • How to capture data and what data to capture to achieve objective and the analyzation of data
  • How to translate the data into a summary report meaningful to senior management

WS7–PCI Data Security Standard

Rex Johnson




Alan Gutierrez Arana


The Payment Card Industry Data Security Standard (PCI DSS) released version 3.2 in October of 2016 to address current threats to payment card security. Many of the changes were introduced as best practices, but became a requirement in 2018. This has created additional effort to be taken to meet compliance, especially for those entities with complex cardholder data environments. In this workshop we will discuss the following topics:

  • Understanding the card payment process: the role played by merchants, acquirers, card brands and service providers
  • Review the current threats and trends in payment card security
  • Defining and reducing your cardholder data environment scope
  • Using third party service providers: who is accountable?
  • Business as Usual activities to meet compliance effectively and efficiently

After this workshop you will be able to:

  • Understand the different actors and elements of the card payment process
  • Understand the changes and updates present in the latest version of the PCI DSS
  • Learn how the outsource of payment related processes can facilitate (or not!) your PCI compliance.
  • Identify and recognize technologies and solutions that could assist in reducing the scope of the PCI DSS assessment

Return to Event Page >>