North America CACS Presentations and Descriptions 


Attendee has limited or no prior knowledge or experience or are new to the subject matter. Beginner sessions are geared toward attendees who are new to the field and seeking to learn basic concepts. Beginner’s sessions are intended to help attendees who seek to build foundational knowledge in an effort to gain a working knowledge of the topic.

Attendee has a working knowledge of the topic covered but is not yet an advanced practitioner. Intermediate sessions are geared toward delegates who have some competence in the subject under discussion resulting from prior training, education and/or work experience. Delegates who seek to build upon foundational knowledge, refine and better hone their skills, and advance their understanding of the topic may wish to consider intermediate-level sessions.

Advanced Technical
Attendee has a high level of technical understanding of the topic under discussion. Advanced technical sessions are geared toward delegates that have already achieved a high degree of technical competence in the subject of discussion resulting from extensive training in the area and supplemental work experience. Delegates, who wish to build upon intermediate knowledge, achieve mastery in a specific technical area, or build upon existing technical skills may wish to consider advanced technical sessions.

Advanced Managerial
Attendee has a high level of understanding of managerial concepts. Advanced managerial sessions are geared toward attendees that have already achieved a high degree of leadership competence in the subject of discussion resulting from extensive training in the area and several years of work experience. Attendees, who wish to build upon intermediate knowledge, achieve mastery in a specific managerial area, or build upon existing leadership skills may wish to consider advanced managerial sessions.


WS1-COBIT 5 Foundation

Mark Thomas, CGEIT, CRISC

COBIT 5 is the only business framework for the governance and management of enterprise IT. Launched in April 2012, COBIT 5 helps maximize the value of information by incorporating the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems.

Learn the importance of an effective framework to enable business value. Delve into the elements of ISACA’s evolutionary framework to understand how COBIT 5 covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach.

After completing this session, you will be able to:

  • How IT management issues are affecting organizations
  • The need for an effective framework to govern and manage enterprise IT
  • How COBIT meets the requirement for an IT governance framework
  • How COBIT is used with other standards and best practices
  • The functions that COBIT provides and the benefits of using COBIT
  • The COBIT Framework and all the components of COBIT
  • How to apply COBIT in a practical situation

WS2-Cybersecurity Fundamentals

Todd J. Fitzgerald, CISA, CISM, CGEIT, CRISC
Global Director, Info Security
Grant Thornton International, Ltd

Why become a cyber security professional? The protection of information is a critical function for all enterprises. Cyber security is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of Information Technologies (IT). The CSX Fundamentals workshop is designed for this purpose, as well as to provide insight into the importance of cyber security, and the integral role of cyber security professionals. This workshop will also prepare learners for the CSX Fundamentals Exam.

After completing this session, you will be able to:

  • Understand basic cyber security concepts and definitions
  • Define network security architecture concepts
  • Recognize malware analysis concepts and methodology
  • Identify computer network defense (CND) and vulnerability assessment tools, including open source tools and their capabilities
  • Explain network systems management principles, models, methods, and tools
  • Distinguish system and application security threats and vulnerabilities
  • Classify types of incidents (categories, responses, and timelines for responses)
  • Outline disaster recovery and business continuity planning
  • Comprehend incident response and handling methodologies
  • Understand security event correlation tools, and how different file types can be used for atypical behavior
  • Be aware of the basic concepts, practices, tools, tactics, techniques, and procedures for processing digital forensic data
  • Recognize new and emerging information technology and information security technologies

WS3-Applied Data Analysis

*Participation in this workshop requires you to bring a laptop that allows you administrator privileges for installing software. You must have permission to read data and copy it from a USB (or an optical DVD drive) on your laptop.

Michael T. Hoesing, CISA
First Data Corp



After completing this session, you will be able to:

  • Better understand which IS audit phases and which automated data analysis procedures will be beneficial, either in the planning phase, testing phase or follow-up phase
  • Learn techniques to apply data analysis to the IT event tracking systems to better understand the enterprise environment to aid annual planning, engagement planning and testing planning
  • Gain practice accessing and analyzing Active Directory data
  • Obtain techniques to analyze logical access data as it relates to segregation of duties, phantom access, access policy configuration and adherence
  • Compare system configuration files to determine drift
  • Apply analysis techniques to multiple files associated with change management

WS4-CISA Prep Course

Kenneth Schmidt, CISA
R&M Consulting



After completing this session, you will be able to:

  • Learn the specific requirements for passing the CISA Exam and attaining your Certification
  • Utilize ISACA materials to prepare for and pass the CISA Exam
  • Learn successful methods of "how to" evaluate Exam questions and answers, including analysis and explanations
  • Review useful, proven information on study and exam time management
  • Complete and review a mock exam, with every question and answer explained

WS5-The Intersection of IT and Assurance by Leveraging COBIT 5

Mark Thomas, CGEIT, CRISC


The purpose of this course is to gain an understanding of various activities involved when determining an assurance approach to IT using the COBIT 5 product family.

After completing this session, you will be able to:

  • Recognize the applicable products in the COBIT 5 product family needed to develop a holistic approach to assurance.
  • Understand the elements of creating a value-based approach to developing an assurance strategy for IT.
  • Appreciate the intersection of balancing performance and conformance with respect to assurance of IT services.

WS6-Using Risk Scenarios

Lisa Young, CISA, CISM
Vice President, Service Delivery
Axio Global



After completing this session, you will be able to:

  • Understand the context for risk management in business terms.
  • Define Risk scenarios and risk factors
  • Understand when to use or develop risk scenarios
  • Express and describe the impact of risks in business terms
  • Determine if your risk management process/program mature enough for using risk scenarios

WS7-Cybersecurity for Auditors

Russell Horn, CISA, CRISC

Cyber security focus is a requirement for any organization today, but how can a company know and understand what their cyber security posture is? A strong cyber security audit program with qualified, capable auditors and a robust work program or standard is a must. During this workshop, we will dig into the details of cyber security audit. We will evaluate the ISACA NIST Cybersecurity Framework Audit Work Program as well as various cyber security frameworks and tools including the NIST Cybersecurity Framework and the FFIEC Cybersecurity Assessment Tool.

Please note: this workshop will provide an overview of cyber security and spend the majority of time focusing on the auditing of cyber security concepts. Therefore, an understanding of the fundamental concepts of cyber security is required. ISACA strongly encourages attending the CSX Fundamentals 2-Day workshop prior to attending this Cybersecurity for Auditors workshop in order to gain a full base understanding for cyber security. Cybersecurity Fundamentals is being offered as a pre-workshop (see WS2 above).

After completing this session, you will be able to:

  • Audit an organization’s cyber security posture
  • Evaluate cyber security inherent risk
  • Define audit evidence requests needed to evaluate an institution’s cyber security controls
  • Be aware of basic policies, practices, technologies, tools and controls used to enhance cyber security
  • Examine ways to assess an organization’s cyber security maturity
  • Recognize new and emerging cyber-attacks, threats, and vulnerabilities
  • Discuss cyber security frameworks and assessment tools currently available
  • Understand and use the ISACA NIST Cybersecurity Framework Audit Work Program

WS8-IT Audit: Taking the Next Step

Nathan A. Anderson, CISA, CRISC
Divisional Vice President, Internal Audit
Sears Holding Corporation

 Nathan switched from IT Audit consulting to IT Audit Manager in industry several years ago. The learning curve was high and he learned as part of an excellent team as he progressed from manager to director, and eventually to divisional vice president. In this session, he’ll give his insights on how to succeed in the critical roles performed by IT Audit leaders.

After completing this session, you will be able to:

  • Conducting risk assessments and developing the audit plan
  • Milestones and metrics for managing operational audits and compliance activities
  • How to effectively communicate with leadership including:
    • writing impactful audit reports
    • managing outstanding audit issues
    • reporting to the audit committee
  • Understand measures and metrics for successfully governing internal audit
  • Consider strategies for:
    • Optimizing and enhancing Internal Audit workpapers
    • Optimizing compliance activities
  • Hiring and developing an effective team

COBIT 5 Foundation Exam

Monday, 1 May 2017 | 7:30 – 9:00AM
Earn the COBIT 5 Foundation Certificate! Attendees can take the COBIT 5 Foundation Exam for an additional US $150! For those who have registered to take the COBIT 5 Foundation Exam onsite, please note that this exam will begin promptly at 8:00AM Please allow yourself extra time to get breakfast and check in for the exam before the start time.

Exam information:

  • Bring a picture ID to the exam
  • This is an unassisted (closed book) paper based exam
  • Exams, answer sheets, and pencils will be provided
  • Computers, tablets, and phones are not needed
  • Drinks are allowed; however, food is prohibited
  • Your exam proctor will provide any additional instructions the day of the exam

Return to Event Page