2016/17 Monthly Education Sessions

Shadow IT - The not so hidden risk?

Date:Wednesday, 18th January 2017
Time:12:00 - 2:00PM
Cost:ISACA Members - $25; Future Members - $30; Students - $20 (Students - Please bring valid student ID)

Location:NYIT, 701 W Georgia St #1700 – Canada room (NYIT is located at the intersection of Georgia & Granville)

Light lunch is included.

Presentation overview:

New technology capabilities, such as cloud services and big data analytic tools, offer companies unprecedented new abilities to deliver new services or improve existing ones. At the same time a common feedback from business users is that there is limited innovation coming from centralized corporate or enterprise IT services. For other organizations, the costs or delivery speed of internal IT services are seen as an obstacle causing the business to look elsewhere.

These factors have given rise to so called ‘shadow IT’ where new IT services are established directly by the business or teams without the involvement or even knowledge of corporate IT. In some instances, entirely new IT teams form within the business. While it is easy to dismiss such occurrences as governance failures, lack of awareness, or policy violations, there is often more to the story.

The adoption of any IT services introduces potential risks, compliance, and reliability concerns, but with shadow IT these risks often remain hidden. Shadow IT needs attention from IT leadership and audit professionals, but they are often the last to learn about them.

This session will explore real-world examples of shadow IT ‘gone wrong’ but also some success stories. The broader risks will be explored along with strategies for managing such risks.

Speaker overview:
Joost Houwen has been involved with organizations in a variety of industries, including financial services, healthcare, and utilities, assisting them with a range of information technology and security projects. Joost has a passion for effective security and is sought out by clients looking for a practical perspective on information security or compliance.

With over 15 years of professional IT experience, Joost’s areas of expertise include strategy, policy development, process improvement and program management. Joost is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and a former Payment Card Industry (PCI) Qualified Security Assessor (QSA.) He holds a Bachelor of Science degree and Graduate Diploma in Business Administration. Joost has been involved in a variety of security professional and grass roots organizations where he actively worked to bring the local security community together..

*  *  *  *  *  *  *  *  *  *

How to implement NIST Cybersecurity Framework using COBIT 5

Date:February 16 – 17, 2017
Time:8:30 a.m. to 5:00 p.m.

Location:Deloitte, 2800-1055 Dunsmuir St, Vancouver, BC

Presentation overview:

This two-day course is based on the ISACA Guide, ‘Implementing NIST Cybersecurity Framework Using COBIT 5’, which provides guidance in the implementation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) through a seven-step process, aligned with COBIT5 principles.

The purpose of this course is to provide candidates’ knowledge and understanding of the CSF, its goals, the implementation steps, and the ability to apply this information.

The course material is supported by practical exercises and case-based scenarios. Candidates learn how to apply the NIST Cybersecurity Framework (CSF) through the seven-step process.

Target Audience:

Internal and external auditors
IT auditors
IT consultants
IT management
Cybersecurity & Information Security professionals
Individuals who are involved in improving cybersecurity programs.


Participants are highly recommended to read the following ISACA publications before the course:

COBIT 5 Framework
COBIT 5: A Business Framework for the Governance and Management of Enterprise IT
Implementing NIST Cybersecurity Framework Using COBIT 5

Course Details: Module 1: Introduction; Module 2: COBIT 5 Review; Module 3: Overview to the CSF; Module 4: CSF Structure ; Module 5: Prioritize and Scope; Module 6: Create a Current Profile ; Module 7: Conduct a Risk Assessment & Create a Target Profile ; Module 8: Determine, Analyze, and Prioritize Gaps ; Module 9: Implement Action Plan ; Module 10: Action Plan Review & Life Cycle Management.

 Cancellations/Transfers & Refunds

All cancellations/transfers must be received in writing - please send an email to [email protected]. Telephone or verbal cancellations/transfers will not be accepted. Cancellations or transfers of registration at least 10 calendar days prior to the course will result in a full refund. Cancellations or transfers received less than 10 calendar days but more than 3 full* business days prior to the course are subject to an administration fee of $50 for full and half day courses, or $25 for executive breakfasts and luncheons, or hold on credit for use towards a future event.

Cancellation requests received less than 3 full business days prior to the course date (statutory holidays are not considered business days) will not be accepted and the full cost of the seminar will apply, with no credits or refunds. No-shows, registrants who register but do not show up for a seminar will also be responsible for the full cost of the seminar, with no refunds or credits. In such cases, substitution of attendee is permitted up to and including the day of the seminar.