Past Chapter Events 

 

Below provides a listing of past chapter events that have been hosted by the ISACA Ottawa Valley Chapter or in conjunction with other industry associations.

--------------------------------------------------------------------------------------------------------

ISACA OVC 2014-2015 AGM with Presentation (Successful Content-Aware DLP Deployments)
Date: June 2, 2015
Location: 
Sheraton Hotel - 150 Albert Street (Ottawa, ON)

Reliable and accurate information flows are essentials for business, so monitoring and detection are must-have controls. But many monitoring technologies have focused on very specific channels and use cases, and tying together their outputs to improve their collective accuracy has proven elusive. Because of the pressure from advanced threats, organizations have to bring to bear new technology as well as more human effort. Knowing how to shift the focus from looking at individual data items to looking at the use and exchange of information in context will be critical.

Panelists: Lawrence Dobranski, Scott Wright, Alex Rau, Adam Gray, Daria Riber (moderator)

--------------------------------------------------------------------------------------------------------

Systems Security Life-Cycle (SSLC) ITSG-33 Practical Implementation & Breakfast  
Date: February 19, 2015
Location:
Navy Mess - 78 Lisgar Street (Ottawa, ON)

The System Security Life-Cycle provides an example of the detailed procedures that each federal government department should document. SSLC picks up where ITSG-33 left off. Annex 2 names over 40 Security Assessment and Authorization (SA&A) process artefacts but does not provide definitions, purpose, scope, templates, examples, or instructions about any artefact. The step-by-step SSLC is accompanied by over 40 templates that were composed over a three-years period involving extensive industry-wide research. Such sources as DIACAP, NIACAP, Bank of Canada, FINTRAC, PWGSC, and Infrastructure Canada were consulted during the preparation of the SSLC. From these sources a best-of-breed process was developed. The SSLC is scalable to 4 assurance levels based upon Sensitivity, Criticality, and Exposure. The reader/attendee is encouraged to modify the SSLC to suit the needs of the organization.

Speaker: Colin MacLeod Simpson, CISSP, ITILv3

--------------------------------------------------------------------------------------------------------

High Assurance IT Security Auditing - A Threat-Centric View 
Date: January 22, 2015
Location:
Navy Mess - 78 Lisgar Street (Ottawa, ON)

Our speaker will present a revealing IT Security Audit methodology that has been proven in several of the most technically dependent government departments and private industry organizations. This high assurance methodology centres on a threat-centric view, to generate compelling results that map directly to business goals. The methodology introduces the concept of matching the reality that cyber-threats pose to organizations today, with equally real testing procedures and methodologies. It presents a proven structure that leverages and models the reality on how threats operate in real-world scenarios and how testing procedures need to modernize by integrating people, process and technology. Examining real-world examples, the speaker will highlight how this methodology outperforms current approaches, to conclusively measure an organizations ability to defend and respond to those entities that represent a material threat to an organization and its IT systems.

Speaker: Rikki Sorensen

--------------------------------------------------------------------------------------------------------

IT/IM Risk Assessments and Security Audits 
Date: December 3, 2014
Location:
Navy Mess - 78 Lisgar Street

An internal audit function must consider an organization’s IT security posture, as it is a foundational element for almost all business processes, and security is often not fully considered - or not considered at all - through traditional audits of functional or program areas. Furthermore, there is an increasing level of awareness and expectations related to IT security; with major IT security breaches reported weekly, impacting the reputation and financial results of organizations.

Through technology and other business process transformation, the IT environment is often complex and dynamic within an organization. Given this, a security audit must first consider an organization’s entire IT audit universe, and determine those areas of highest inherent risk that merit further attention. This is done through an IT security risk assessment framework that leverages leading practice (e.g., ISO, COBIT), with specific criteria customized to the organization’s industry and IT environment. The assessment provides valuable insight, acting as a planning tool to determine the ‘what’ and ‘when’ of an IT security audit. Given its dynamic nature and importance, components of IT security should typically be included in each annual audit plan.

Security components of higher inherent risk should be initially audited, and would generally include more frequent follow-up. These components typically include security governance, network security, and the managing of vendors. Although the move to third party IT service providers and ‘the cloud’ does not necessarily present more or less risk, it does introduce different risks that must be appropriately managed (and audited).


Speakers: Nancy Rector, CPA, CA, CISA, CIA, CISSP, CIPP/C, CRMA & Charity Lawson, CPA, CA, CISA

--------------------------------------------------------------------------------------------------------

Certification Exam Preparation Session (Free) 
Date: November 15, 2014
Location:
Ottawa, ON

The OVC Chapter hosted a free Exam Prep Session for the various certification exams scheduled for December 13, 2014. The objective of the session is to discuss exam preparation resources available, learn from past exam experiences, and to exchange knowledge with study group members.


Host: Alain Rocan, ISACA OVC President

--------------------------------------------------------------------------------------------------------

ISACA OVC 2013-2014 AGM with Presentation (Critical Infrastructure Protection Considerations for Enterprise Architecture)
Date: June 20, 2014
Location:
Ottawa Convention Centre (55 Colonel By Drive, Ottawa, ON)

This event will provide a brief overview of CCIRC, its role within Canada's Cyber Security Strategy, what it does and the value it offers organizations in other levels of government and critical infrastructure. Mr. Turbide will also impart some insight into the types of incidents reported to the centre and the recurring issues.

Speaker: Frank Turbide, GCFW, GCFA, GCIH, OPST

--------------------------------------------------------------------------------------------------------

PCI Data Security Standard 3.0 Update
Date: March 6, 2014
Location: Navy Mess - 78 Lisgar Street


Gain insights into the latest compliance requirements established by the Payment Card Industry Security Standards Council (PCI SSC), and how the requirements within the PCI Data Security Standard (DSS) can be leveraged within your organization for on-going compliance or evaluations of your security and control programs. We will share some of our experiences and lessons learned in helping our clients comply with the PCI DSS, from large private sector retail organizations to Public Sector organizations, including some that have not been mandated to comply with the Standard.

Presenters: Mike Abbott, David Greenham

--------------------------------------------------------------------------------------------------------

Why Watching the Watchers Isn't Enough: Canadian Surveillance Law in the Post-Snowden Era
Date: December 18, 2013

As the tidal wave of disclosures on widespread U.S. surveillance continues - there is now little doubt that the U.S. government has spent billions creating a surveillance infrastructure that covers virtually all Internet and wireless communications question of Canada's role in these initiatives remains largely shrouded in secrecy. The Canadian government has said little, but numerous reports suggest that agencies such as the Communications Security Establishment Canada are engaged in similar kinds of surveillance. This includes capturing metadata of Internet and wireless communications and working actively with foreign intelligence agencies to swap information obtained through the data mining of Internet-based surveillance. The revelations have led many to call for improved oversight over Canadian intelligence agencies. Yet is simply beefing up oversight enough? This talk will argue that it is not, exploring why Canadian surveillance laws have failed to keep pace with current surveillance technologies.

Presenters: Dr. Michael Geist

--------------------------------------------------------------------------------------------------------

ISO 27002
Date: November 28, 2013
Location: Navy Mess - 78 Lisgar Street - Crow's Nest

Speaker: Steve Tremblay, PMP, CGEIT, ITIL Master, DPSM, ISO/IEC 20000 Auditor/Consultant Manager & ISO/IEC 27002 Expert, TIPA Lead Assessor for ITIL. Mr. Tremblay will be providing an overview of the changes between the 2005 and 2013 editions of ISO27001 and ISO27002. He will also unveil major updates that the future holds on security standards.

--------------------------------------------------------------------------------------------------------

Control Systems Security Workshop
Date: November 5-6, 2013

Public Safety Canada is hosting a control systems security worksthop at the Ottawa Convention Center and would like to extend an invitation to the ISACA Ottawa membership to attend this free event
--------------------------------------------------------------------------------------------------------

ISACA OVC AGM 2012-2013
Date: June 26 2013
Location: Royal Canadian Air Force Mess, 158 Gloucester St., Ottawa, ON, K2P 0A6

ISACA Annual General Meeting (AGM) and update.