Events 

 

2016/17 Monthly Education Sessions


A practical approach to managing the security of iOT (internet of things) devices in your organization

Date:Thursday, 8th December 2016
Time:12:00 - 2:00PM
Cost:ISACA Members - $25; Future Members - $30; Students - $20 (Students - Please bring valid student ID)

Location:MNP, Suite 2200, MNP Tower, 1021 West Hastings Street, Vancouver , BC V6E 0C3 (near Waterfront and Burrard Skytrain stations)

Light lunch is included.

Presentation overview:

There has been a lot of hype around the risks associated with iOT devices and this hype materialized in the large scale DDOS attacks against DYN this October. Many of us are left wondering what exactly does iOT mean anyways? Smart fridges. Nest Thermostats. IP CCTV Cameras? Attendees will leave with an understanding of what kind of iOT devices might be present in their networks, common attack vectors and practical strategies for mitigating iOT related risks. Through the use of a iOT security hygiene checklist practitioners can identify where their organizations fall on the iOT security capability maturity model.

Speaker overview:
Ryan Wilson, BCom, CISA brings more than 15 years of experience delivering mission critical technology solutions to the healthcare, construction, insurance, pharmaceutical and banking industries. Having received his Certified Information Systems Auditor Designation, Ryan is responsible for the security, reliability and availability of Kubera’s transaction processing systems. His diverse experience includes designing, installing and operating mission critical infrastructure for publicly traded financial institutions, 2010 Olympics, BC Hydro and Cirque Du Soleil. In 2013 Ryan enabled any British Columbian to see a doctor from their iphone anywhere they have internet access for free by launching the Medeo telemedicine service. Ryan serves as the Chief Technology Officer of Kubera Payments delivering technology, security and strategy consulting to clients in Canada, USA, UK and India.

*  *  *  *  *  *  *  *  *  *

Shadow IT - The not so hidden risk?

Date:Wednesday, 18th January 2017
Time:12:00 - 2:00PM
Cost:ISACA Members - $25; Future Members - $30; Students - $20 (Students - Please bring valid student ID)

Location:NYIT, 701 W Georgia St #1700 – Jordan room (NYIT is located at the intersection of Georgia & Granville)

Light lunch is included.

Presentation overview:

New technology capabilities, such as cloud services and big data analytic tools, offer companies unprecedented new abilities to deliver new services or improve existing ones. At the same time a common feedback from business users is that there is limited innovation coming from centralized corporate or enterprise IT services. For other organizations, the costs or delivery speed of internal IT services are seen as an obstacle causing the business to look elsewhere.

These factors have given rise to so called ‘shadow IT’ where new IT services are established directly by the business or teams without the involvement or even knowledge of corporate IT. In some instances, entirely new IT teams form within the business. While it is easy to dismiss such occurrences as governance failures, lack of awareness, or policy violations, there is often more to the story.

The adoption of any IT services introduces potential risks, compliance, and reliability concerns, but with shadow IT these risks often remain hidden. Shadow IT needs attention from IT leadership and audit professionals, but they are often the last to learn about them.

This session will explore real-world examples of shadow IT ‘gone wrong’ but also some success stories. The broader risks will be explored along with strategies for managing such risks.

Speaker overview:
Joost Houwen has been involved with organizations in a variety of industries, including financial services, healthcare, and utilities, assisting them with a range of information technology and security projects. Joost has a passion for effective security and is sought out by clients looking for a practical perspective on information security or compliance.

With over 15 years of professional IT experience, Joost’s areas of expertise include strategy, policy development, process improvement and program management. Joost is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and a former Payment Card Industry (PCI) Qualified Security Assessor (QSA.) He holds a Bachelor of Science degree and Graduate Diploma in Business Administration. Joost has been involved in a variety of security professional and grass roots organizations where he actively worked to bring the local security community together..

*  *  *  *  *  *  *  *  *  *

How to implement NIST Cybersecurity Framework using COBIT 5

Date:February 16 – 17, 2017
Time:8:30 a.m. to 5:00 p.m.
Cost:CA$650.00

Location:Deloitte, 2800-1055 Dunsmuir St, Vancouver, BC

Presentation overview:

This two-day course is based on the ISACA Guide, ‘Implementing NIST Cybersecurity Framework Using COBIT 5’, which provides guidance in the implementation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) through a seven-step process, aligned with COBIT5 principles.

The purpose of this course is to provide candidates’ knowledge and understanding of the CSF, its goals, the implementation steps, and the ability to apply this information.

The course material is supported by practical exercises and case-based scenarios. Candidates learn how to apply the NIST Cybersecurity Framework (CSF) through the seven-step process.

Target Audience:

Internal and external auditors
IT auditors
IT consultants
IT management
Cybersecurity & Information Security professionals
Individuals who are involved in improving cybersecurity programs.

Prerequisites:

Participants are highly recommended to read the following ISACA publications before the course:

COBIT 5 Framework
COBIT 5: A Business Framework for the Governance and Management of Enterprise IT
Implementing NIST Cybersecurity Framework Using COBIT 5

Course Details: Module 1: Introduction; Module 2: COBIT 5 Review; Module 3: Overview to the CSF; Module 4: CSF Structure ; Module 5: Prioritize and Scope; Module 6: Create a Current Profile ; Module 7: Conduct a Risk Assessment & Create a Target Profile ; Module 8: Determine, Analyze, and Prioritize Gaps ; Module 9: Implement Action Plan ; Module 10: Action Plan Review & Life Cycle Management.


 Cancellations/Transfers & Refunds

All cancellations/transfers must be received in writing - please send an email to registration@isaca-vancouver.org. Telephone or verbal cancellations/transfers will not be accepted. Cancellations or transfers of registration at least 10 calendar days prior to the course will result in a full refund. Cancellations or transfers received less than 10 calendar days but more than 3 full* business days prior to the course are subject to an administration fee of $50 for full and half day courses, or $25 for executive breakfasts and luncheons, or hold on credit for use towards a future event.

Cancellation requests received less than 3 full business days prior to the course date (statutory holidays are not considered business days) will not be accepted and the full cost of the seminar will apply, with no credits or refunds. No-shows, registrants who register but do not show up for a seminar will also be responsible for the full cost of the seminar, with no refunds or credits. In such cases, substitution of attendee is permitted up to and including the day of the seminar.