2016/17 Monthly Education Sessions
Shadow IT - The not so hidden risk?
Wednesday, 18th January 2017
12:00 - 2:00PM
ISACA Members - $25; Future Members - $30; Students - $20 (Students - Please bring valid student ID)
NYIT, 701 W Georgia St #1700 – Canada room (NYIT is located at the intersection of Georgia & Granville)
Light lunch is included.
New technology capabilities, such as cloud services and big data analytic tools, offer companies unprecedented new abilities to deliver new services or improve existing ones. At the same time a common feedback from business users is that there is limited innovation coming from centralized corporate or enterprise IT services. For other organizations, the costs or delivery speed of internal IT services are seen as an obstacle causing the business to look elsewhere.
These factors have given rise to so called ‘shadow IT’ where new IT services are established directly by the business or teams without the involvement or even knowledge of corporate IT. In some instances, entirely new IT teams form within the business. While it is easy to dismiss such occurrences as governance failures, lack of awareness, or policy violations, there is often more to the story.
The adoption of any IT services introduces potential risks, compliance, and reliability concerns, but with shadow IT these risks often remain hidden. Shadow IT needs attention from IT leadership and audit professionals, but they are often the last to learn about them.
This session will explore real-world examples of shadow IT ‘gone wrong’ but also some success stories. The broader risks will be explored along with strategies for managing such risks.
Joost Houwen has been involved with organizations in a variety of industries, including financial services, healthcare, and utilities, assisting them with a range of information technology and security projects. Joost has a passion for effective security and is sought out by clients looking for a practical perspective on information security or compliance.
With over 15 years of professional IT experience, Joost’s areas of expertise include strategy, policy development, process improvement and program management. Joost is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and a former Payment Card Industry (PCI) Qualified Security Assessor (QSA.) He holds a Bachelor of Science degree and Graduate Diploma in Business Administration. Joost has been involved in a variety of security professional and grass roots organizations where he actively worked to bring the local security community together..
* * * * * * * * * *
How to implement NIST Cybersecurity Framework using COBIT 5
February 16 – 17, 2017
8:30 a.m. to 5:00 p.m.
Deloitte, 2800-1055 Dunsmuir St, Vancouver, BC
This two-day course is based on the ISACA Guide, ‘Implementing NIST Cybersecurity Framework Using COBIT 5’, which provides guidance in the implementation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) through a seven-step process, aligned with COBIT5 principles.
The purpose of this course is to provide candidates’ knowledge and understanding of the CSF, its goals, the implementation steps, and the ability to apply this information.
The course material is supported by practical exercises and case-based scenarios. Candidates learn how to apply the NIST Cybersecurity Framework (CSF) through the seven-step process.
Internal and external auditors
Cybersecurity & Information Security professionals
Individuals who are involved in improving cybersecurity programs.
Participants are highly recommended to read the following ISACA publications before the course:
COBIT 5 Framework
COBIT 5: A Business Framework for the Governance and Management of Enterprise IT
Implementing NIST Cybersecurity Framework Using COBIT 5
Module 1: Introduction; Module 2: COBIT 5 Review; Module 3: Overview to the CSF; Module 4: CSF Structure ; Module 5: Prioritize and Scope; Module 6: Create a Current Profile ; Module 7: Conduct a Risk Assessment & Create a Target Profile ; Module 8: Determine, Analyze, and Prioritize Gaps ; Module 9: Implement Action Plan ; Module 10: Action Plan Review & Life Cycle Management.