North America CACS 2019 Conference: Computer Audit, Control and Security 


North America CACS 2018 Highlights

North America CACS 2018 Highlights Watch Now >>



Opening Keynote Speaker

Guy KawasakiGuy Kawasaki
Silicon-Valley based author, speaker, entrepreneur, and evangelist
More >>


Closing Keynote Speaker

Sekou AndrewsSekou Andrews
Poetic Voice, CEO/Founder, SekouWorld Inc.
More >>




Review highlights from 2018 CACS Conferences

North America CACS and EuroCACS: 2018 Conference Report

See What’s Next at North America CACS 2020. Registration is Open Now!



Stay ahead of trends and tools across your professional landscape. Join us at North America CACS 2019, 13-15 May in Anaheim, California, and be a part of the top conference for IS audit and security professionals!

North America CACS 2018 broke records! Don't miss next year's exciting encore with:

  • Dozens of new sessions for you customize toward your goals
  • More in-depth options for advanced learning
  • Enhanced networking opportunities

The 2019 North America CACS Brochure is now available for download!

2019 North America CACS Brochure


Choose from dynamic, timely topics that help you address challenges and learn innovative solutions.


Enjoy direct access to industry leaders, expert speakers and valuable resources.

Speed Networking takes the traditional values of face-to face networking and combines them with the latest smart-matching software. The result is a strategic, structured and rapid-fire networking event designed to help you share ideas, make new connections and build business relationships. Take advantage of this opportunity to network and earn an additional CPE credit hour. Learn More >>



Countdown to



Earn up to 40 CPE hours by attending this conference.

Join the Conversation

North America CACS Testimonials



Anaheim Marriott

700 West Convention Way
Anaheim, CA 92802

Phone: 714.750.8000
Hotel Website

See the Event Destination tab for more information.

Follow @ISACANews and join the North America CACS conversation by using the hashtag #NACACS.
Like ISACA on Facebook to stay informed.
Follow @ISACANews on Instagram to see behind the scenes photos of the conference.
Follow ISACA’s Company page on LinkedIn for updates.

Thank You to Our 2019 Premium Sponsors!













Nth generation



Qualys, Inc









The North America CACS Conference is the premier conference for Audit/Assurance, COBIT, Compliance, Risk, Security, and Strategy/Governance professionals. This year’s program will include sessions on:

As the program is developed, we will continue to add information to this page – check back frequently for updates!



ISACA will be hosting a variety of 1-day and 2-day workshops immediately before and after the North America CACS Conference in 2019 to help you maximize your time, travel and CPE! Information on these workshops will be posted soon, so be sure to check back for more details!

2-day Pre-Conference Workshops (14 CPE)
Saturday, 11 May & Sunday, 12 May 2019

1-Day Pre-Conference Workshops (7 CPE)
Sunday, 12 May 2019

1-Day Post-Conference Workshops (7 CPE)
Wednesday, 15 May & Thursday, 16 May 2019

New in 2019! Workshop materials will be electronically provided to attendees one week in advance of the conference. If you have not received materials by 3 May 2019 please contact

Cyber Hunt

The Cybersecurity Nexus Cyber Hunt is a live competition which pits participants against each other in a race against themselves and the clock to respond to a multipronged attack while concurrently conducting a penetration test against diverse asset sets. Participants will need to leverage capabilities from all cybersecurity domains, Identify, Protect, Detect, Respond, and Recover, in an attempt to outwit and outsmart other competitors and achieve the highest score! More >>

Tuesday Night Social Event:
Surfin’ Through the Decades

North America CACS Tuesday Night Social Event, Surfin’ Through the Decades, is an ISACA-Anniversary inspired event that will feature 5 different food trucks with a variety of culinary treats such as; tacos, sliders, mac & cheese, garlic shrimp over rice, mini funnel cakes and much more! Enjoy a libation with other conference-goers as you listen to live music or participate in interactive activities and games.

* Guest tickets are available for purchase. Must be 18 or older to attend this event. No one under the age of 18 will be permitted.


50th Anniversary Opening Platform

Featured at ISACA’s CACS conferences and other major events in 2019, ISACA marks its 50th Anniversary with a high-impact multimedia experience. Aligned to ISACA’s anniversary theme, “Honoring Our Past. Innovating Our Future”, the live presentations will kick off the Opening General Session and include videos, interactive experiences and inspiring leadership remarks and reflections. ISACA recaps its history, putting the spotlight on founding member interviews, historical artifacts, as well as prompting discussions on progress, challenges and visions of the future.

Opening Keynote Speaker

The Art of Innovation

Guy KawasakiGuy Kawasaki
Silicon-Valley based author, speaker, entrepreneur, and evangelist

The Art of Innovation explains how to create innovative services and products using tactical and practical techniques. Guy uses examples from ice making to telephony to digital photography to expose the truths of innovation. Key principles include: jumping to the next curve, breaking down the barriers, and thinking digitally and acting analogically.

Guy Kawasaki is the chief evangelist of Canva, an online graphic design tool. He is a brand ambassador for Mercedes-Benz and an executive fellow of the Haas School of Business (UC Berkeley). More >>

Closing Keynote Speaker

D.i.Y. Disruption - Sekou Andrews

Sekou AndrewSekou Andrew
Poetic Voice, CEO/Founder, SekouWorld Inc.

Innovation is the difference between ‘Why didn’t I think of that?’ and ‘Why didn’t I think LIKE that?’ As businesses scurry in pursuit of the “big I” of Innovation – exponential technologies, cultures of innovation, and the like - Sekou teaches leaders to see through the “little i” of an innovator, by innovating and disrupting yourself from within.

A week in the life of poetic voice, Sekou Andrews, could find him keynoting at a leadership conference, helping a Fortune 500 company with brand messaging, or performing for Barack Obama in Oprah Winfrey’s backyard. More >>

Tuesday Morning Concurrent General Sessions

From Disruptive to Daily Dependence: 50 Years and Future Tech

A Plenary Panel Discussion to Mark ISACA’s 50th Anniversary 2019

Thomas Phelps, VP of Corporate Strategy & CIO, Laserfiche

Kim Bollin, Vice President, Internal Audit, Workday, Inc.
Jenai Marinkovic, Chief Technology & Security Officer, Beyond
Ken Venner, Former CIO, SpaceX
Jedidiah Yueh, CEO, Delphix

ISACA professionals in the last 50 years have had to quickly assess new technologies, implementing support, control, audit, governance, risk assessment, and so much more, for their organizations, business enterprise and operations. As we look to the future – assessing and implementing technologies that are disrupting industries, and the tech that has yet to come – we can also learn from the past. More >>

The Future of IT Audit in the Age of Digital Disruption

Rob Clyde, CISM, NACD Board Leadership Fellow
Board of Directors Chair, ISACA
Board of Directors, Titus
Executive Chair, White Cloud Security

Your enterprise is adopting emerging technologies and exploring new pathways on its journey to digital transformation, and your role in IT Audit requires new approaches and skills as well. The threats to your enterprise are also evolving; more sophisticated cyberwarfare tools and hacking techniques mean that your role as IT auditor requires you to not only manage your data protection, privacy and cybersecurity programs, but you also need to remain agile to get ahead of the next threat. More >>



All activities will take place at the Anaheim Convention Center - North Building unless otherwise noted below.

Saturday, 11 May


8:00AM – 5:00PM

Registration Desk Open (Anaheim Marriott)

8:00AM – 9:00AM

Workshop Breakfast (Anaheim Marriott)

9:00AM – 5:00PM

(All Workshops will take place at the Anaheim Marriott)
WS1—CSX Penetration Testing Overview
WS2—COBIT 2019 Foundation Course
WS3—Cybersecurity Audit Certificate Program - SOLD OUT!
WS4—Blockchain, Blockchain Security, and Basics of Blockchain Auditing
WS10—Accelerated CSX Cybersecurity Practitioner Certification Workshop

12:30PM – 1:30PM

Workshop Lunch (Anaheim Marriott)

Sunday, 12 May


8:00AM – 6:00PM

Registration Desk Open (Anaheim Marriott)

8:00AM – 9:00AM

Workshop Breakfast (Anaheim Marriott)

9:00AM – 5:00PM

(All Workshops will take place at the Anaheim Marriott)
WS1—CSX Penetration Testing Overview
WS2—COBIT 2019 Foundation Course
WS3—Cybersecurity Audit Certificate Program - SOLD OUT!
WS4—Blockchain, Blockchain Security, and Basics of Blockchain Auditing
WS9—Building an Effective Security Program
WS10—Accelerated CSX Cybersecurity Practitioner Certification Workshop

12:30PM – 1:30PM

Workshop Lunch (Anaheim Marriott)

5:30PM – 7:00PM

Speed Networking (Anaheim Marriott)

Monday, 13 May


6:30AM – 8:00AM

Continental Breakfast

6:30AM – 7:30PM

Registration Desk & Innovation Exchange Open

8:00AM – 9:30AM

Opening 50th Anniversary Platform – Rob Clyde, Kelly Lin & David Samuelson
Opening General Session | The Art of Innovation – Guy Kawasaki

9:30AM – 9:45AM

Movement Break

9:45AM – 10:45AM

111—Performing IT Audits in the Era of Emoji’s, Meme’s & LOL’s
112—Review & Secure an Email Server
113—What Senior Executives (And Others) Want to See in Security KPI/Metrics
114—Securing Unstructured Data – What you Don’t Know Can & Will Hurt You
115—Resilient by Design: Hacking Your Way to Enterprise Compliance
116—Improving Organizational Investigations & Response Coordination with Playbooks
117—A Spectrum of Professions: The ISACA Global Community, Past, Present and Future
118—A New Rubric for IT Recruiting and Retention
119—Bridging the Gap Between Information Security & IT Audit
1110—Cloud Care: Tracking Assets at Your Network Edge

10:45AM – 11:15AM

Networking Break

11:15AM – 12:15PM

121—Understanding Covert Channels of Communication
122—Anatomy of a Nation-State Attack
123—Digital Risk Management: An Imperative for Auditors
124—Auditing Big Data Systems
125—Agile, DevOps & Compliance
126—Security Threats & Trends in 2019 & Impact on Threat Response
127—How Secure Are Your Vendors? Third Party Risk Management in Information Security
128—The IT Auditor of Tomorrow
129—Reduce Risk & Increase Productivity by Utilizing Cross Functional Collaboration
1210—Risk Scoring: Measuring Risk for GDPR, ISO27001, Vendors, Breaches, DPIAs & More

12:15PM – 1:45PM


12:40PM – 12:55PM

2019 ISACA Global Achievement Awards

1:45PM – 2:45PM

131—Understanding Attorney eDiscovery Requests in an Office 365 World
132—Is AI Becoming the Firewall of 2003? Finding the Just Right Use Cases For AI & ML
133—Strategic IT Governance: An Imperative for Success
134—Operationalize Your Data Map: Getting the Most Out of your Data Mapping Efforts
135—The New Privacy: GDPR, California Consumer Privacy Act, and the Future of Data Regulation
136—Breached! Lessons from the Biggies
137—Secure Cloud Solutions
138—Women Leaders in Tech: Remarkable Journeys
139—Being Relevant: Aligning Your Security Program with the Business
1310—Streamlining Compliance in today's Hybrid IT Environment

1:45PM – 5:45PM

Cyber Hunt

2:45PM – 3:00PM

Movement Break

3:00PM – 4:00PM

141—Incorporating Security Practices into Business Practices
142—Safeguarding Web Applications: A Different Perspective
143—Providing Assurance Over the Internet of Things – Is it Possible?
144—The Data Analytics Road to AI – ML : A Light in the Wormhole
145—What is Required in the HIPAA Risk Analysis?
146—Cyber Incident Response Planning
147—How to Ensure Vendor Compliance & the Mitigation of Third Party Risks
148—Building a Community for Gender Diversity in Technology
149—Communicating Your Cybersecurity Efforts to Stakeholders
1410—How Mature Privacy & Security Programs Build Trust

4:00PM – 4:30PM

Networking Break

4:30PM – 5:30PM

151—GDPR Audit Strategies & Lessons Learned
152—How to Operationalize Cybersecurity: Turning Policy into Action
153—Rethinking the Identity Risk Equation
154—What’s in Your Release? Analytics for DevSecOps
155—Data Sharing – Risks & Controls
156—An Auditor’s Guide to Incident Response Plans
157—Both Sides of the Coin: A Bilateral View of the Vendor Risk Management Process
158—Analyst View: Job, Skills, Pay Review & Forecast
159—Strategies for Getting Audit Working Effectively with Security & Risk
1510—Industry Trends & Game Changers Around IoT/EoT

5:30PM – 7:30PM

Networking Reception in Innovation Exchange

5:45PM – 6:15PM

Spotlight Sessions
SS1–Steps You Can Take to Optimize ITGC Testing with Automation and Continuous Monitoring

5:45PM – 6:15PM

Spotlight Sessions
SS2–Gaining 2-Second Visibility into Your Global IT Asset Inventory

5:45PM – 6:15PM

Spotlight Sessions
SS3–Security Ratings: A Mission Critical Tool for Vendor Risk Management

6:30PM – 7:00PM

Spotlight Sessions
SS4–Embrace Risk in Your Digital Transformation Journey

Tuesday, 14 May


7:00AM – 8:00AM

Continental Breakfast

7:00AM – 8:00AM

SheLeadsTech Networking Breakfast

7:00AM – 3:00PM

Innovation Exchange Open

7:00AM – 5:00PM

Registration Desk Open

8:00AM – 9:15AM

From Disruptive to Daily Dependence: 50 Years and Future Tech  Panel Sessions
The Future of IT Audit in the Age of Digital Disruption

9:15AM – 9:30AM

Movement Break

9:30AM – 10:30AM

211—AWS for Auditors
212—Cloud Insecurity: The Need for Stronger Identity Management
213—Machine Identity Risk Program
214—Keeping Pace with Adoption of Disruptive Technologies & Auditing Their Risks
215—Why Companies Fail PCI DSS Assessments and What to Do About It
216—Part 1: When SIEM Is Not Your Friend
217—GDPR Article 28: Operationalizing Third & Fourth Party Vendor Risk Management
218—Built to Last: Creating Career Growth & Sustainability When Your World is Moving at Light Speed Panel Sessions
219—Auditing Artificial Intelligence: Cyber Risks, Governance and Business Concerns
2110—DevOps & Internal Audit: How I Learned to Love Controls

10:30AM – 11:00AM

Networking Break

11:00AM – 12:00PM

221—Preparing for the Security Audit – Is Your ERP Ready?
222—Legacy to Greenfield – Migrating to a Zero Trust Model with Microsegmentation
223—Blockchain & Cryptocurrency Emerging Regulations in the USA
224—Protect Your Data Against Insider Threats
225—COBIT 2019: Sharper Clarity, More Relevance and Tailorable to Meet Enterprise Governance Needs
226—Part 2: Extending your Incident Response Capabilities with Sysmon
227—Trust But Verify- Why Your Supply Chain is Weaker Than You Think
228—CISO/ISO Roundtable – What We Don’t Tell the Auditors: A No-holds-barred Discussion With CISOs  Panel Sessions
229—Expressing Cyber Risk: A Capital Markets Examination
2210—Why Automation is Key to a Successful Third-Party Risk Management Process

12:00PM – 1:30PM


12:00PM – 1:30PM

Tuesday Lunch Keynote | Evolution Around Compliance and Auditing for EOT/IOT in the Enterprise

1:30PM – 2:30PM

231—Using Network Forensic Techniques to Detect Threats
232—Identifying Critical Flaws in Hardened Active Directory Environments
233—Cyber Insurance: You Thought You Were Protected, but Are You?
234—DevSecOps Bringing the Security-The Missing Link in Delivering on the Promise of Business Velocity and Quality to DevOps
235—Chasing the Privacy Risk Monster Within your Organization
236—Incident & Breach Management: Building a Harmonized Response Plan for Privacy & Security Teams
237—Improve Your Vendor Management with COBIT 5
238—39 Ways to Work with the Board
239—Assessing Data Governance at Nationwide
2310—Turning Corporate Compliance Policies into Testable Compliance Requirements for the Mainframe

2:30PM – 300PM

Networking Break

3:00PM – 400PM

241—Designing Security Assessments for Building Automation Systems
242—Physical Data Security
243—Practical Threat Modeling
244—Building a Defensible Data Destruction Strategy For Structured & Unstructured Data
245—US Privacy: Practical Preparation Steps for the California Consumer Privacy Act (CCPA)
246—Don’t Panic! Practical Guide For Dealing With Security Incidents
247—SOC Reports: Reducing the Risk of Service Providers
248—Why Emotional Intelligence & Critical Thinking Skills are Essential
249—Compliance & Internal Audit – Comrades in Arms
2410—Top Emerging IT Internal Audit Issues

4:15PM – 4:45PM

Spotlight Sessions
SS7—Application Program Interface (API) Testing and the Impact on Cybersecurity
SS8—Understanding the Challenges with Compliance and Auditing Processes for the IOT/EOT Deployments
SS9—Process Mining: What’s This All About?

5:00PM – 6:30PM

Social Event: Surfin’ Through the Decades (Grand Plaza)

Wednesday, 15 May


7:00AM – 8:00AM

Continental Breakfast

7:00AM – 12:00PM

Registration Desk Open (Anaheim Convention Center – North Building)

8:00AM – 900AM

311—Emerging IT Audit Issues Panel  Panel Sessions
312—Leveraging the Cloud Platform to Reinvent How Sports Use Analytics
313—Risk Management: A Disruptive Process
314—The Future Pitfalls of Security: More Data, Less Information, More Noise, Less Signal
315—Using PCI DSS to comply with GDPR
316—Examining Issues in Cyber Law
317—Cloudy With a Chance of Legal Action
318—2019 State of Cybersecurity
319—The Cultural Elephant in the Room

9:00AM – 9:15AM

Movement Break

9:15AM – 10:15AM

321—Are Trust Stores Part of Your PKI Audit?
322—Security and the Internet of Everything Panel  Panel Sessions
323—The Dark Web: The Myths, Reality & The Risks
324—Intelligent Digital Automation
325—Bulletproof your GRC Program
326—It’s Only Baseball. Technology & Our National Pastime
327—Introducing the Trusted Partner Network
328—Tips for Effective Presenting
329—Building Resilience Through a Risk-Based ‘Cybermaturity’ Approach

10:15AM – 10:45AM

Networking Break

10:45AM – 11:55AM

Closing General Session | D.I.Y Disruption – Sekou Andrews
Leadership Brief – Brennan P. Baybeck

12:00PM – 1:00PM

Workshop Lunch (Anaheim Marriott)

12:00PM – 5:00PM

Registration Desk Open (Anaheim Marriott)

1:00PM – 5:00PM

(All Workshops will take place at the Anaheim Marriott)
WS5—Hands on Technical Survey of Cybersecurity – A Primer for Auditors
WS6—Hands-on Forensics for Audit
WS7—Launching an IT Audit Analytics Program, Starting with Value-add RPA - SOLD OUT!
WS8—Risk Management & Communication - SOLD OUT!

Thursday, 16 May


8:00AM – 12:00PM

Registration Desk Open (Anaheim Marriott)

9:00AM – 12:00PM

(All Workshops will take place at the Anaheim Marriott)
WS5—Hands on Technical Survey of Cybersecurity – A Primer for Auditors
WS6—Hands-on Forensics for Audit
WS7—Launching an IT Audit Analytics Program, Starting with Value-add RPA - SOLD OUT!
WS8—Risk Management & Communication - SOLD OUT!


Continuing Professional Education Credits

To maintain ISACA certifications, certification holders are required to earn 120 CPE credit hours over a three-year period in accordance with ISACA’s continuing professional education (CPE) policy. Attendees can earn up to 39 CPE credits; 18 by attending North America CACS 2019, 14 for the pre-conference workshops and 7 for the post conference workshops. ISACA conferences are Group Live and do not require any advanced preparation.

Please note that the session scanners at the Conference do not track CPE credit hours. You will still need to allocate your CPE hours in “My ISACA” following the conference. Certificates of Attendance will be accessible via your MyISACA account. To view your certificate, log into your account and navigate to the “myDOWNLOADS & CERTIFICATES” tab. There you will find a “MY CPE CERTIFICATES” section where all of your ISACA event CPE Certificates will live.

Your Certificate of Attendance details the maximum number of CPE hours you could have earned by attending this event. CPE policies for each ISACA certification, as well as details on how to report your CPE hours, are available here on ISACA’s website. Reporting can also be done by submitting information on the annual renewal invoice.

Conference Registration Fees

Register and pay after Friday, 10 May 2019
Member US $1,945
Non-member US $2,145

Two-Day Workshops
WS1—CSX Penetration Testing Overview US $1149 member/non-member
WS2—COBIT 2019 Foundation Course US $1000 member/non-member
WS3—ISACA’s Cybersecurity Audit Certificate Program   US $1249 member/non-member
WS4—Blockchain, Blockchain Security, and Basics of Blockchain Auditing US $1099 member/non-member
WS10—Accelerated CSX Cybersecurity Practitioner Certification Workshop US $1299 member/$1399 non-member

One-Day Workshops
WS5—Hands on Technical Survey of Cybersecurity US $899 member/non-member
WS6—Hands-on Forensics for Audit US $650 member/$850 non-member
WS7—Launching an IT Audit Analytics Program   US $650 member/$850 non-member
WS8—Risk Management & Communication US $650 member/$850 non-member
WS9—Building an Effective Information Security Program US $650 member/$850 non-member

Cancellation Deadline:

12 April 2019

Volunteers Needed! Are you interested in volunteering at North America CACS 2019? Check out the volunteer opportunities and save on your CACS registration today!

Justify your Attendance

Registration and Payment Policy

Registration submissions for this conference and any additional workshops are not processed, and a seat is not confirmed or reserved, until full payment is received. All submissions not paid in full will be placed on a waitlist and priority will be given to paid registrants in a payment first-come, first-serve basis. Space is limited, so it is highly recommended that payment is provided at the time of submission to guarantee a seat within the conference and all related events.

Registration rate is determined by the date payment is received by ISACA HQ and current membership status. Please plan accordingly, as it may take 10 or more business days for a wire transfer or mailed check to reach ISACA. Should we receive payment after a registration rate deadline, your account will be adjusted to reflect the current due amount. Entrance to the conference and all related events is contingent upon full payment.

Discounts for the Conference are available, detailed below. In order to verify eligibility for any of these discounts, please contact or +1.847.660.5670. Note that discounts cannot be credited to you after the transaction has been completed. All discounts are applied to the main conference registration fee, and cannot be applied to workshop registrations. 

You must be 18 years of age or older to attend this event.

Group Discounts

ISACA offers discounts to organizations sending 4 or more employees to a single conference. Group registrations must be processed in a single registration transaction. Please contact the ISACA Conference department for more details at +1.847.660.5670 or; cannot be combined with any other registration discount offerings.

Government Discounts

ISACA offers a $350 conference registration discount to government employees. Please contact the ISACA Conference department for more details and eligibility verification at +1.847.660.5670 or; cannot be combined with any other registration discount offerings.

Academic and Student Discounts

ISACA offers a $350 discount to academic institution employees and students. Please note that you must be an ISACA Student member in order to receive the student discount; additional membership and qualification details can be found here. For additional registration details and eligibility verification, please contact ISACA’s Conference Department at +1.847.660.5670 or; cannot be combined with any other registration discount offerings.

Cancellation Policy

All cancellations must be received by the published deadline to receive a refund of registration fees. A cancellation charge of US $295 will be subtracted from conference refunds, and US $250 per workshop for a two-day workshop and US $125 for a one-day workshop from workshop refunds. No refunds can be given after the cancellation deadline above. Attendee substitution is permitted at any time until the conference. If a nonmember is substituting a member, then there will be additional nonmember fees.

NOTE: Registration is contingent upon full payment of the registration fee. To guarantee registration, conference fees must be received by the published deadline. It may take 10 or more business days for a wire transfer or mailed check to reach ISACA, so please plan accordingly. If, for any reason, ISACA must cancel a course or event, liability is limited solely to the registration fees paid. ISACA is not responsible for other expenses incurred, including travel and accommodation fees. For more information regarding administrative policies, please contact the ISACA conference department.
Phone: +1.847.660.5670
Fax: +1.847.253.1443

Payment Methods

  1. Pay online at
  2. Mail your payment to:
    1055 Paysphere Circle
    Chicago, IL 60674 USA
  3. Bank Wires—send electronic payments in US dollars to:
    Bank of America
    135 S. LaSalle St.
    Chicago, IL 60603
    ABA #0260-0959-3
    ISACA Account #22-71578
    S.W.I.F.T. code BOFAUS3N
    * Please include attendees name on the Advice of Transfer.


ISACA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISACA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISACA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices. All materials used in the preparation and delivery of presentations on behalf of ISACA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISACA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers.

Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Not a member of ISACA? Join today!

When you register for the conference as a nonmember, the difference between member and nonmember conference fees can be applied towards ISACA membership. This means you can become a member at the international and chapter level for little to no additional cost; it just depends on your local chapter dues. To take advantage of this great offer, check the box on the registration form. For more information about ISACA membership, visit the web site at or contact the membership department at

NOTE: This offer expires 30 days after completion of the event. Nonmembers pay the nonmember conference fee when registering.

Consent Language for Photos, Audio and Video Recordings Taken at Events or for Marketing Purposes

I agree irrevocably and free of charge that ISACA or any third party who is acting on ISACA’s behalf may create images, videos and/or sound recordings of me (“works”) at the event for marketing purposes. For these purposes, the granting of rights in the works also includes the rights to adapt, reproduce, distribute, perform, making available to the public, broadcast, retransmit or sublicense the works to ISACA’s affiliates. The granting of rights in the works also includes all current and future media, goes beyond the repetition of an event and is not restricted to time or territory. View ISACA’s Privacy Notice >>


Business casual is appropriate for this and all ISACA conference events.

Welcome to Anaheim!

“I believe in being an innovator.” -Walt Disney. Join innovators of all kinds in Anaheim, California, for North America CACS 2019. Explore the city beyond the conference with new developments in the Packing District and the Center Street Promenade. Take in a baseball game with the Los Angeles Angels or experience the sights and sounds of Disneyland during your stay!

Conference Venue

Anaheim Convention Center (ACC) – North Building

800 W Katella Ave.
Anaheim, CA 92802

All conference events will take place at the Anaheim Convention Center, unless explicitly noted in the event schedule. ISACA highly recommends that attendees stay at the Anaheim Marriott, located next to the Convention Center – see full hotel details below.

Headquarter Hotel

Anaheim Marriott

700 West Convention Way
Anaheim, CA 92802

Phone: 714.750.8000
Hotel Website

The deadline for the ISACA group rate has now passed. Should you still need a reservation, please call the Anaheim Marriott directly at the number listed above to check if they still have rooms available. Please note that you will be subject to the current public room rates at this time.

Other hotel options within walking distance to the Anaheim Convention Center and the Anaheim Marriott include:

Hilton Anaheim
777 W Convention Way
Anaheim, CA 92802
Phone: 714.750.4321

Sheraton Park Hotel at the Anaheim Resort
1855 South Harbor Boulevard
Anaheim, CA 92802
Phone: 714.750.1811



Disneyland® Resort Theme Park

The Anaheim Marriott is located just two blocks from Disneyland®…and as a North America CACS Conference attendee, you are eligible for discounted tickets to the park!
View full details, pricing, and to purchase your specially-priced Disneyland® Resort Theme Park tickets >>

Want to add some magic at the end of a day at the conference? The Twilight Convention Ticket is also available by clicking the link above and offers special pricing for evening hours. Twilight Convention Tickets are valid after 4:00PM PST or up to four (4) hours before park closing (whichever is earlier). Park hours will officially be posted 8-weeks prior to the date, however during that time of year it is likely that the park will be open until 10PM or later during the week (and later on weekends).

These special tickets must be bought in advance in order to take advantage of the discounts, and are not are not available once you arrive at the Resort. The conference ticket store closes at 9:00PM PST on Sunday, 12 May 2019. Don't delay! Prices are subject to change without notice.

These specially priced tickets are intended only for guests that are participating in the North America CACS Conference. Only the registered attendee is allowed to purchase tickets from this discounted ticket store link, and they can purchase up to 6 tickets maximum. Disneyland® Resort Theme Park reserves the right to contact the ticket purchaser to request event registration confirmation. If it is discovered that the purchaser of the ticket is not participating or attending this event it will be considered a misuse of this offer and ticket, and the ticket(s) will be blocked and will not be eligible for a refund. In addition these tickets cannot be purchased for the purpose of being resold.



Please note: ISACA will never contact you with guest room promotions offering a better deal. With the advent of discount aggregators or housing “pirates,” if you experience a problem with a “pirate” reservation, ISACA cannot assist you. However, please know that ISACA staff will work with you to resolve issues that may arise if you make your reservation through the ISACA-provided housing registration link.


Transportation Information

Area Airports

John Wayne Airport (SNA)
13 miles/20 minutes from Anaheim Marriott

Los Angeles International Airport (LAX)
35 miles/45-60 minutes from Anaheim Marriott

LA/Ontario International Airport (ONT)
36 miles/45-60 minutes from Anaheim Marriott

Long Beach Airport (LGB)
18 miles/30-45 minutes from Anaheim Marriott

Discounted Shuttle Service

Karmel Shuttle Service is offering North America CACS attendees an $8 discount on shared van roundtrip airport transfers (per person) OR 10% discount on private van service for all area airports to the Anaheim Marriott and other hotels in the area! Reservations are required at least 12 hours in advance. To make your reservation, CLICK HERE and complete the online form or call Toll free 1.888.995.RIDE (7433) and use Promo Code: ISACA19 in order to receive your discount.

Thank You to Our 2019 Sponsors!




BlackBerry Limited (NYSE: BB; TSX: BB) enables the Enterprise of Things by providing the technology that allows endpoints to trust one another, communicate securely, and maintain privacy. Based in Waterloo, Ontario, the company was founded in 1984 and operates globally. For more information, visit and follow @BlackBerry.





Making great experiences requires trust. Only Adobe gives everyone — from emerging artists to global brands — everything they need to design and deliver exceptional digital experiences. Learn how we help ensure they are trusted experiences at



AuditBoard is a leading cloud-based platform transforming the way enterprises automate, collaborate and report in real-time on critical risk, audit and compliance workflows. The company offers a full suite of easy-to-use audit management and compliance solutions for SOX, controls management, operational audits, ERM and workflow management. AuditBoard’s clients range from industry-leading pre-IPO organizations to Fortune 50 companies looking to streamline their accounting and audit functions. For more information, visit



Expanse discovers your unknown Internet assets and what’s talking to them. We continuously discover, track, and monitor the dynamic global Internet edge for the world’s largest organizations. Our platform discovers an organization’s global Internet edge and identifies its IP space, known and unknown assets, and their configurations. We enrich those asset views with global flow data to link a complete picture of edge attack vectors to the communications that indicate a data breach, misconfiguration, or policy violation. F500 organizations like Capital One, CVS, Allergan, and many more trust Expanse to define and secure their global network edge.



Galvanize builds security, risk management, compliance, and audit software for some of the world’s largest organizations. We’re on a mission to unite and strengthen these different teams through the collective HighBond software platform. But we don’t just make technology—we provide tools that strengthen individuals so they can achieve great things and change the world in the process.



SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. The company’s approach to security focuses on identifying vulnerabilities from an outside perspective, the same way a hacker would. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information. For more information, please visit



Specialized Security Services, Inc. (S3) develops and maintains custom-tailored cyber security programs, so you can elevate security to where it belongs—top of mind and top down. We are a women-owned, global cyber security firm with headquarters in both Dallas, TX and London. For over two decades, our expert team has successfully assisted organizations with the implementation and oversight of their information security, privacy and regulatory compliance programs. S3 bridges the gap between your business goals, cyber security needs and compliance requirements to become your trusted and valued security partner for life.



For more than 30 years, Vanguard has safeguarded the mission critical data and applications for the United States and other governments and the world’s largest financial, healthcare and retail organizations. Vanguard Integrity Professionals is the largest independent provider of enterprise security software addressing complex security and regulatory compliance challenges. Vanguard continuously drives innovation in security software and technology to stay ahead of evolving regulatory requirements and an ever-changing threatscape. Led by some of the most knowledgeable minds in the cybersecurity industry our security solutions lead the industry.





Deloitte Risk and Financial Advisory helps organizations effectively navigate business risks and opportunities – from strategic, reputation, and financial risks to operational, cyber and regulatory risks – to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries.


KPMG provides audit, tax and advisory services and industry insight to help organizations negotiate risks and perform in today's dynamic and challenging environments. KPMG’s advisory risk consulting professionals help organizations transform risk into enduring competitive advantage while navigating their most complex business issues. Our people offer deep knowledge and insightful opinions to help you enhance risk and create value in a dynamic environment in which outcomes must be managed strategically and with agility. KPMG’s client focus, commitment to excellence, global mind-set, and consistent delivery build trusted relationships that are at the core of our business and reputation.


OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. According to The Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018, OneTrust "leads the pack for vision and execution." More than 2,500 customers, both big and small and across 100 countries, use OneTrust to implement their privacy, security and third-party risk programs, including modules such as OneTrust Vendor Risk Management, a centralized risk management platform for global security and privacy professionals. The software, available in 60+ languages, is backed by 50 awarded patents, integrates with 200+ technology partners, and can be deployed in the cloud or on-premise.


Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries.

We have served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

Qualys, Inc

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 10,300 customers in more than 130 countries. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds.




RSA Archer Suite empowers organizations of all sizes to manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer, organizations can quickly implement risk management processes based on industry standards and best practices—leading to improved risk management maturity, more informed decision-making and enhanced business performance.


ServiceNow makes work, work better for people. Our cloud-based platform and solutions deliver digital experiences that help people do their best work. Now, security, risk and IT teams can identify and prioritize security incidents, vulnerabilities, and enterprise risks quickly, and respond faster using digital workflows, automation, and orchestration. To find out more, visit




Alvaka’s mature Patch Management process enables organizations to reliably patch and validate thousands of hosts. Our US-based engineers work 24x7 to ensure systems and applications are patched within defined service windows, function when returned to duty, and are documented to satisfy management and auditors.



Darktrace is the world’s leading AI company for cyber defense. Its Enterprise Immune System is trusted to neutralize cyber-attacks in real time, protecting the cloud, SaaS, corporate networks, IoT, and industrial systems. Headquartered in San Francisco and Cambridge, UK, Darktrace has over 800 employees and 40 offices worldwide.



The Fastpath Assure® audit platform can track, review, approve and mitigate access risks across multiple systems from a single dashboard. The suite comes with a pre-configured SoD rule set specific to each ERP, and works across a variety of systems including SAP, Oracle (Cloud and EBS), NetSuite, Microsoft Dynamics, and more.



Headquartered in Chicago, LogicGate is a leading GRC process automation platform enabling organizations to centralize their governance, risk, and compliance programs. The agile and highly configurable self-service platform allows organizations to operationalize mission-critical risk and compliance activities without support from consultants or corporate IT. For more information, visit or follow us on Twitter at @LogicGateapp.



Netwrix empowers information security and governance professionals to reclaim control over sensitive and business-critical data, regardless of where it resides. Over 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits, and increase the productivity of IT teams.



Since 1991, Nth Generation has provided industry leading, consultative IT services, encompassing a suite of IT and security solutions. Whether your focus is IT security, compliance, cloud computing, hybrid IT, data analytics, artificial intelligence, or other transformative solutions, Nth has proven expertise to be your trusted industry advisor.



SecurityStudio Inc, is a leading SaaS-based product company that builds solutions to help organizations measure and improve their information security programs. FISASCORE, the flagship product, assesses the physical, administrative and technical controls of organizations. VENDEFENSE, a third-party risk management work-flow and automation tool, helps organizations measure and manage vendor security risk.


Tevora is a specialized management consultancy focused on cybersecurity, risk, and compliance services. Our experienced consultants are devoted to supporting CISOs in protecting their organization’s digital assets. We ensure the CISO has the tools and guidance needed to prevent and respond to threats.

Tevora: Go forward. We’ve got your back.



Supporting Sponsors








Incenter Technology


ISACA OrangeCounty



MIS Training Institute

Onspring Technologies






The Walt Disney Company


Unified Compliance Framework



Innovation Sessions

IN1: Why?, Sponsored by SecurityStudio
Monday, 13 May | 7:20AM – 7:40AM

IN2: Ground Truth Tests: Innovative Methods for Verifying Security Policies, Sponsored by Expanse, Inc.
Monday, 13 May | 10:50AM – 11:10AM

IN3: Artificial Intelligence and PCI Compliance, Sponsored by Tevora
Monday, 13 May | 1:10PM – 1:30PM

IN4: How to Automate Your Enterprise Risk Management Program—Driving Organizational Support for ERM, Sponsored by LogicGate, Inc.
Monday, 13 May | 4:05PM – 4:25PM

IN5: Achievable Cross-Platform SoD Analysis, Sponsored by Fastpath, Inc.
Tuesday, 14 May | 7:35AM – 7:55AM

IN6: High-Value Governance Intelligence: Creating Line of Defense 2.5, Sponsored by Deloitte & Touche LLP
Tuesday, 14 May | 10:35AM – 10:55AM

IN7: Staying Clear on CCPA Violations, Sponsored by Netwrix
Tuesday, 14 May | 1:00PM – 1:20PM

IN8: Embracing AI for Cyber Defense, Sponsored by Darktrace Limited
Tuesday, 14 May | 2:35PM – 2:55PM


For Sponsorship and Exhibitor Opportunities

Contact ISACA’s Sponsorship Department
Please address Sponsorship questions to:



Contact ISACA's Learning Solutions Department:
Tel: +1.847.660.5670
Fax: +1.847.253.1443
Click here to submit a question.

Media Inquiries

Contact the ISACA Communications Department:
Tel: +1.847.660.5512 or

Please address Sponsorship questions to: