Middle Tennessee Chapter of ISACA Calendar of Events
Upcoming Events
-
Protecting Your Applications from Backdoors: How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data
Date: Friday - September 24, 2010
Time: 11:00 – 1:00 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speaker: Erik Peterson
Session Description:
With the increasing practice of outsourcing and using 3rd party libraries, it is nearly impossible for an enterprise to identify the pedigree and security of the software running its business critical applications. As a result backdoors and malicious code are increasingly becoming the prevalent attack vector used by hackers.
Whether you manage internal development activities, work with third party developers or are developing a COTS application for enterprise, your mandate is clear- safeguard your code and make applications security a priority for internal and external development teams.
This session will cover:
- Prevalence of backdoors and malicious code in third party attacks;
- Definitions and classifications of backdoors and their impact on your applications; and
- Methods to identify, track and remediate these vulnerabilities.
Speaker Bio:
Erik Peterson is an Application Security Evangelist for Veracode with 15 years of application and information security industry experience. His professional experience includes senior & executive leadership roles for Hewlett-Packard, S.P.I. Dynamics (acquired by HP), GuardedNet (acquired by Micromuse) and Sanctum, Inc (acquired by IBM) where he was responsible technology strategy and product management.
Erik has also held information security positions for Moody’s Investors Service and SunTrust Bank and IT professional roles for the U.S. Embassy in Vienna, Austria and the United Nations International Atomic Energy Agency. Erik has spoken on the topic of application security at numerous industry events including HP Software Universe, OWASP, ISSA and ISACA and is a contributing member of the Cloud Security Alliance.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE for members.
CPE: 1 hour
Registration: RSVP Here
Past Events
-
Professional Ethics: A Preventive Maintenance Approach
Date: Friday - July 16, 2010
Time: 11:00 – 1:30 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speaker: Christopher Bauer, PhD, HSP, CFS
Session Description:
Dr. Bauer will provide a unique presentation designed to help assure that you and your organization are able to more easily "walk the talk" of great ethics. This program will reveal ethics risks that we may not know existed and what can be done to make sure those risks don't turn into costly ethical and legal problems on the job.
Speaker Bio:
Dr. Christopher Bauer is a licensed psychologist with over twenty-five years of experience as a trainer, speaker, author, and consultant on professional ethics and values-driven business strategies.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE for members.
CPE: 1 hour
Registration: RSVPs are no longer being taken. Thank you.
-
Middle Tennessee ISACA Chapter 2009–2010 Annual Meeting
Date: Friday - May 21, 2010
Time: 11:00 – 1:00
Location: Maggiano's Little Italy (valet parking available) - directions.
This event is limited to MEMBERS ONLY.
In order to get through our year end recap, 2009–2010 officer elections, and lunch within the time allotted, it is critical everyone arrive on time.
Registration: RSVPs are no longer being taken. Thank you.
-
Security and Audit of Microsoft Active Directory
Date: April 29-30, 2010
Time: 8:30-4:30 (Thursday and Friday)
Instructor: Ken Cutler, CISSP, CISM, CISA
Vice President – Information Security, MIS Training Institute
President and Principal Consultant – Ken Cutler & Associates (KCA)
Seminar Focus and Features:
Microsoft is a major player in both the IT infrastructure and application development arenas. Active Directory provides a significant anchoring point for all Microsoft related infrastructure and is rapidly assuming the role of an enterprise meta-directory for non-Windows environments. In this practical, intensive packed two-day seminar, you will learn a structured approach to securing and auditing Active Directory from end-to-end and from top to bottom. We will identify all key Active Directory and domain controller control points, as well as, common security risks, safeguards, and audit procedures. Key changes affecting security and audit in different versions of Windows servers will be highlighted. Forests, domains, directory services, Group Policy Object (GPO) control audit points and associated security and audit procedures within the Microsoft Active Directory architecture will be analyzed and demonstrated. You will gain awareness for selecting and using best-of-breed bundled, freeware, and commercial security and audit tools for Windows Domain Controllers and Active Directory control points. Topics covered include:
- Microsoft Windows Server and Active Directory Architecture
- Domains, Forests, and Associated Policy and Trust Relationships
- Types of Active Directory Objects and Domain Controller Roles
- TCP/IP and Microsoft Network Services Risk Analysis
- Enterprise Services: Lightweight Directory Access Protocol (LDAP), Kerberos
- Windows Domain Controller Configuration Security and Audit
- Domain Security Policy Management and Group Policy Objects (GPOs)
- Domain Controller and Active Directory Management, Security, and Audit Tools and Techniques
- Sources of Useful References for Active Directory and related Windows and Directory Services Topics
Note: The details of Windows Server access control security and audit are NOT covered in this course.
Prerequisites: Familiarity with Windows Server access controls and network fundamentals or equivalent knowledge is assumed.
Who Should Attend: Information Technology Auditors; Information Security Managers and Analysts; Information Technology Management; IT and Information Security Architects; System Administrators; Compliance Officers; Consultants
Bonus: You will receive a comprehensive “Windows Server and Active Directory Audit Data Collection Guide” and related checklists to enhance your audit plan development and execution and an extensive directory of Windows references and tool resources.
Cost: Members: $250.00; Non-Members: $490.00
CPE: 15 hours
Meals: Lunch will be provided each day.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. II - Cumberland Room
Nashville, TN 37203
Maps and Directions
Parking: Attendees should park in the Charlotte Avenue parking lot (i.e., across the railroad tracks behind HCA). Shuttles will be available from 8:00 to 8:30 and 4:30 to 5:00. A map of the HCA Corporate Campus is available on HCA's website.
-
Cyber Crime – The Mounting Threats
Date: Friday - March 26, 2010
Time: 11:00-1:00 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speaker: Scott Augenbaum – Supervisory Special Agent, Cyber Crime Squad for Federal Bureau of Investigation (FBI)
Session Description: External threats to corporate security will be discussed. Additionally, Agent Augenbaum will share some of his field experiences.
Speaker Bio:
Agent Augenbaum is a popular and dynamic speaker and has made many presentations on cyber security to various industry groups.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
Note: Our planned speaker was unable to attend and Agent Victor Rodriguez filled in at the last minute.
-
Security Incident Response Planning
Date: Friday - January 15, 2010
Time: 11:00-1:00 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speaker: Steve Arrington, CISA
Session Description: Security Incident Response Planning - keys to an effective, efficient, and consistent approach when responding to security incidents within an organization.
- Events and Incidents
- Incident Response Team
- Preparation and Readiness
- Detection and Analysis
- Containment, Eradication and Recovery
- Post Incident Activities
Speaker Bio:
Steve Arrington, CISA currently serves as a Senior IT Audit and Management Consultant for Robert Half Management Resources’ Salaried Professional Services division in Nashville, Tennessee. He has over twelve years of experience providing business management and IT audit related services. His technical experience spans all phases of the system-development life cycle as well as project management, IT risk assessment, IT audit, general controls audit, business continuity and disaster recovery planning, information systems security, incident response planning, ISO 27001 implementation, COSO and COBIT frameworks and methodology, Sarbanes Oxley (SOX) and Japanese SOX compliance for both business processes as well as information technology processes.
Steve lives in Manchester, Tennessee and received his BBA in Finance from Stephen F. Austin State University in Nacogdoches, Texas. Steve obtained the CISA certification in 2007.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
Presentation File: IT Security Incident Response
-
ISACA Nashville Training Day
Date: November 3, 2009
Time: 8:30-4:30 (Check-in at 8:00)
Course Description:
The Nashville ISACA Chapter will host a training event on Tuesday, November 3, 2009. The all day seminar will focus on IT related topics identified by Chapter members as part of the annual membership survey. The seminar will be divided into three two-hour sessions.
Session One: Network Auditing Essentials
This session will look at the weak links in network security, and the fundamental elements of performing a detailed security assessment of local and wide area networks using the latest security tools. Topics will include internal and external penetration testing, social engineering assessments, policy reviews, and employee training programs.
Speaker Bios:
Timothy Agee, CISA currently serves as an IT Audit and Consulting Manager for FDH Consulting, a division of Frasier, Dean & Howard, PLLC in Nashville. His expertise includes IT Risk Assessments, IT Audit, Business Continuity, Project Management, Systems Implementation, and Network Design and Management.
Timothy is a native of Lebanon, Tennessee and received his B.S. in Computer Information Systems from David Lipscomb University in 1996. Prior to joining Frasier, Dean & Howard, PLLC, he also served as the Director of Information Services for Saint Thomas Cardiology Consultants and the Director of Information Systems for Gospel Advocate Company. Timothy obtained the CISA certification in 2007.
Jacob Arthur currently serves as a Senior Consultant for FDH Consulting, a division of Frasier, Dean & Howard, PLLC in Nashville. His expertise includes Network Security Design and Assessment, IT Audit, Systems Implementation, Network Design and Management, and Virtualization Architecture and Deployment.
Jacob is originally from Nashville, Tennessee and received a B.S. in Computer Science, a B.S. in Accounting, and a Masters of Accountancy from Lipscomb University in 2008. Prior to joining FDH Consulting, he served as the Systems Architect and Administrator for Global Chemical Data, Inc. Jacob also holds the Subject Matter Expert designation on Windows Server 2003, and has assisted in the development of certification tests for Microsoft Learning. Jacob was also a recent finalist for the Nashville Chamber of Commerce’s Emerging Leader Awards.
Session Two: Comprised of Two Topics
Audit Logging and Monitoring Approach presented by Michael Sloan, Senior Manager, E&Y & Kyle Harvey, Manager, E&Y & Oracle Database Security Update presented by Susan Wolford, Manager, E&Y & Ahmad Sabbarini, Manager, E&Y
Session Three: Lessening the PCI burden and associated risk within the enterprise
Speaker Bio:
Pieter Penning is a Director in the PricewaterhouseCoopers (PwC) Advisory practice and serves as a national lead for our firm's PCI DSS (Payment Card Industry Data Security Standard) service delivery. Pieter has been with PwC for 10 years and he has extensive experience in assisting large organizations with strategic and tactical security projects across a broad range of security disciplines, compliance requirements and security and privacy standards. Pieter has authored thought leadership material for PwC and regularly presents our firm's point of view on PCI compliance and a broad range of related topics to our clients and industry groups. Pieter has extensive experience leading PCI post breach assessment and remediation engagements and helping some of the largest US companies with the definition of their PCI strategies. Pieter has led a large number of PCI, ISO 27000, HIPAA and privacy compliance gap assessments as well as controls rationalization and compliance cost and risk reduction engagements at some of the largest companies in the US. Pieter is one of the Director leads of the research that PwC is conducting on behalf of the PCI Security Standards Council into payment technologies. Pieter is a certified ISO 27001 Provisional Lead Auditor and holds the Certified Payment Industry Security Manager (CPISM), Certified Payment Industry Security Auditor (CPISA) and Certified Information Systems Auditor (CISA) certifications.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Parthenon II Room
Nashville, TN 37203
Maps and Directions
Cost: Member: $99.00
CPE: 7 hours
Meals: Lunch will be provided.
Registration: Registration begins for Middle TN Chapter Members on Wednesday, September 2, 2009. Members may register and pay via Acteva. Once registration reaches 54 attendees a waiting list will be created.
Registration fees will only be refunded less a $10 processing fee for cancellations made via email to training@isacanashville.org by the close of business on October 6, 2009.
Late cancellations and no shows are liable for payment in full. Substitutions are welcome.
Parking: Attendees should park in the Charlotte Avenue parking lot (i.e., across the railroad tracks behind HCA). Shuttles will be available from 8:00 to 8:30 and 4:30 to 5:00. A map of the HCA Corporate Campus is available on HCA's website.
Presentation Files:
- Performing a Comprehensive Network Security Review
- Audit Logging and Monitoring Approach
- Oracle Database Security Update
- Compliance with the PCI Data Security Standard
- Responding to PCI Data Breaches
-
ISACA/ISSA/InfraGard Joint Chapter Meeting - Panel Discussion
Date: Thursday - October 15, 2009
Schedule of Events: 5:30–6:30 Registration and Dinner; 6:30–8:30 Opening Remarks and Panel discussion; 8:30–9:00 Reception
Speakers:
Kim Jenny, Risk & Performance Management Officer – Pinnacle Financial Partners
Gary Seay, Chief Information Officer – Community Health Services
Brandon Dunlap, Managing Director of Research – Brightfly
Kent Landfield, Director, Risk and Compliance Security Research – McAfee
Meeting Description:
The Middle Tennessee ISACA chapter is pleased to announce our next meeting will be held on Thursday, October 15 in the Millennium Maxwell House Ballroom. This will be a joint meeting with the Information System Security Association (ISSA) and InfraGard. The meeting will be a panel discussion regarding how corporations today deal with increased regulatory compliance in the face of these tough economic times. The meeting will be held over dinner at no cost to members.
Location:
Millennium Maxwell House Ballroom
2025 Rosa L. Park Boulevard
Nashville, TN 37228
Maps and Directions
Cost: Event and dinner are free for members
CPE: 1 hour
-
Social Networking in the Enterprise: A Threat to More Than Just Your Productivity
Date: Friday - August 21, 2009
Time: 11:30-1:30 (lunch to be provided for those who RSVP). The presentation will start promptly at 12:00.
Speaker: Jason Schmitt – Director of Product Management, Purewire, Inc.
Session Description:
Learn how hackers are exploiting your employees' web surfing.
Speaker Bios:
Jason Schmitt is Director of Product Management for Purewire, Inc, a leader in Web security software as a service solutions. Jason was previously Vice President, Products for security video surveillance vendor Steelbox Networks, group product manager for web application security vendor SPI Dynamics and has a long history of work expertise in application development and security product management, product development and technical consulting. He often contributes articles to industry publications on Web security, secure software development, physical security and is the author of the book Secure ASP.NET AJAX Development published by Addison-Wesley Professional.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
-
Middle Tennessee ISACA Chapter 2008–2009 Annual Meeting
Date: Friday - May 15, 2009
Time: 11:30 – 1:00
Location: The Palm Restaurant (valet parking available - directions).
This event is limited to MEMBERS ONLY.
In order to get through our year end recap, 2009–2010 officer elections, and lunch within the time allotted, it is critical everyone arrive on time.
-
New Hacker Threats And Ways To Audit For Them
Date: Friday - March 20, 2009
Time: 11:00-1:00 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speaker: Stewart Fey – Senior Manager, IT Assurance Services for LBMC
Session Description:
This presentation will discuss some of the new non-traditional ways the bad guys can compromise the security of your network. Client side targeting and exploits are the new path into your network that hackers are using. We will discuss and demo Gsecdump, "Pass the Hash", malicious office documents, and malicious PDF documents and ways to ensure your network is protected.
Speaker Bio:
Stewart Fey is a Certified Information System Security Professional and Certified Information Systems Auditor, and has 10 years experience in the security and audit industry. His previous experience includes senior manager of IT Internal Audit with a fortune 100 healthcare company. Mr. Fey serves as LBMC’s technical security specialist having significant experience in security penetration and assessments in operating systems, applications, and network systems. He is active in the security and audit community and has published security related articles in various trade magazines.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
Presentation File: New Hacker Threats And Ways To Audit For Them
-
Yin and Yang: Security Detections and Measures for Risk Reduction
Date: Friday - January 30, 2009
Time: 11:00-1:00 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speakers:
TJ Bean
Michael Johnson
Session Description:
Learn how HCA’s Information Security Threat & Vulnerability Management team is addressing security risks across the organization. Yin, the proactive side of security, is focused on addressing vulnerabilities throughout the enterprise, while Yang, the reactive side of security, is focused on remediating incidents once they are identified. This yin-yang philosophy can be used by organizations of all sizes to enhance security and reduce business risks. TJ and Michael will share their strategies, techniques, and lessons learned throughout this endeavor. Additionally, the session will share how Internal Audit can get involved and benefit greatly through collaboration with their security team.
Speaker Bios:
TJ Bean is the Team Lead for the Vulnerability Management team within HCA’s Information Security department. TJ’s team is responsible for enterprise vulnerability scanning, as well as attack and penetration, compliance and control testing. TJ’s team is also performing asset-based risk assessments with interactive web reporting, the goal of which is to minimize risk exposure and drive remediation efficiencies. TJ has completed numerous IT certifications, including CCNA, MCSE 2K, MCSE NT+I, MCDBA, MCSA, CCA, Network+, A+, and studied Computer Science at the University of South Alabama.
Michael Johnson is the Team Lead for the Threat Management team within HCA’s Information Security department. Michael’s team is responsible for monitoring of intrusion detection systems (IDS), threat classification, and developing threat mitigation strategies. Additionally, his team leads investigations of any information security incidents, including data collection and forensic analysis. In addition to Michael’s eight years of experience at HCA, he served for 14 years in the Tennessee Army National Guard and United States Army Reserve. Michael has completed numerous certifications, including CCNA, CCNP, MCSE NT 4.0, CWNA, and studied at Middle Tennessee State University.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
-
Managing VoIP Security Course
Date: Monday, December 8, 2008
Time: 8:30-5:00
Course Description:
Middle TN ISACA along with IP3 is pleased to announce a 1 day (8 hours of CPE) “Managing VoIP Security Course.” Cost for ISACA members is only $99 and includes a light breakfast, lunch, snacks, and full training materials. Additionally, please feel free to pass this along to others who may find the class useful (non-member cost is only $150)! If you are interested in this great training opportunity, please try and register by Monday 11/24/08 as we need a minimum number of attendees to hold the class. This class is being partially subsidized by Middle TN ISACA as a membership benefit so we hope that you can make it! If you have any questions please feel free to contact Charlie Eadler. Course details are listed below and further details are attached.
With two-thirds of a new corporate phones being IP based, VoIP seems inevitable. It is essential to understand the profound new risks present in our converged enterprises. This session will teach you about the architecture, risks and strategies to ease the VoIP transition.
This is a topic for any individual or organization who is contemplating or have already rolled out VoIP in your network.
What you will receive:
-8 hours of Intensive Training Presented by IP3 Inc.
-Certificate of Completion for 8 CPEs
-Printed Course Materials
-Light Breakfast, Lunch and Snacks are included
-Raffle drawing for CISSP on-line course ($1095 value)
Register by Friday, November 21, 2008 and be entered into a drawing for a 10-week on-line CISSP Training Course (offer good for one year) $1095 value (iPod not included).
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost:
$99.00 for Middle Tennessee ISACA Chapter Members - use registration Code: ISACA99
$150.00 Non-Member Fees - use registration code: NM150
CPE: 8 hours
-
Data Loss Prevention from a Logical and Physical Security Perspective
Date: Thursday - October 16, 2008
Time: 5:30-8:00
Speakers:
Dan Geer, Verdasys VP and Chief Scientist Emeritus
Mike Flouton, Verdasys Director of Product Marketing
An FBI Physical Security Specialist
Meeting Description:
Please join us for the 3rd annual joint ISSA / ISACA / InfraGard chapter meeting. We will have presentations on data loss prevention from a logical and physical speaker perspective.
Speaker Bios:
Dan Geer is VP & Chief Scientist Emeritus with Verdasys. Dr. Geer has testified before Congress on multiple occasions and has served in formal advisory roles for the Federal Trade Commission, the National Science Foundation, the Treasury Department, the National Research Council, the Commonwealth of img/, the Department of Defense, the National Institute of Justice and the Institute for Information Infrastructure Protection.
Mike Flouton is Director of Product Marketing with Verdasys. With 10 years of experience in information risk management and compliance, Mike brings strategic insight culled from years of senior product management and advisory roles across diverse industry verticals. Prior to his tenure at Verdasys, Mike was responsible for product strategy and management at OpenPages, the recognized leader in the Governance, Risk and Compliance (GRC) space. Prior to OpenPages, Mike was a Product Manager with Cybertrust (formerly Trusecure/ICSA Labs) where he was responsible for their Information Security Risk and Compliance Management product offering. Prior to Cybertrust, Mike provided business process automation consulting for several Global 2000 companies. He is a member of ISACA (Information Systems Audit and Control Association) and INFORMS (the Institute for Operations Research and Management Sciences).
FBI the FBI has committed to providing a physical security speaker.
Location:
Belmont - Vince Gill Room
2002 Belmont Boulevard
Nashville, TN 37212
Maps and Directions
Cost:
Members: Event and dinner are free
Chapter Guests: $35
CPE: 2 hours
-
Ethical Hacking: Tools, Techniques and Methodologies
Date: Thursday - August 21, 2008
Time: 11:00-1:00 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speaker: Jayson Ferron, CIO for Interactive Security Training, LLC
Session Description:
Don’t let your network be the target of a malicious attack. Learn how hackers scan, identify and exploit your systems, before you become the next victim of a hacker. This seminar will discuss commonly used tools, techniques, and methodologies hackers use to infiltrate your corporate systems, giving you the knowledge to take the proper measures against attacks. This seminar will also discuss the advantages of attacking your own systems (while staying within legal limits) and assessing the security posture, vulnerabilities and exposures, so your organization can ensure they have adequately protected their network.
Speaker Bio(s):
Jayson Ferron CIO for Interactive Security Training, LLC. Jay’s work includes E-commerce, VPN work, security audit, workflow process, training, windows and Linux enterprise designs. Jay works on various projects that include training, Windows, Linux and UNIX security designs, network infrastructures, enterprise designs and installations...more...
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
Presentation File: Ethical Hacking: Tools, Techniques and Methodologies
-
Middle Tennessee ISACA Chapter 2007–2008 Annual Meeting
Date: Friday - May 9, 2008
Time: 11:00 – 1:00
Location: The Palm Restaurant (valet parking available - directions).
This event is limited to MEMBERS ONLY.
In order to get through our year end recap, 2007–2008 officer elections, and lunch within the time allotted, it is critical everyone arrive on time.
-
Truth & Deception - Linguistic Lie Detection
Date: Wednesday - April 2, 2008
Time:
11:00-12:30 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Immediately Following Lunch - 4:30 p.m. - Half Day Workshop
Speaker: Nejolla Korris, CEO for The Sponsorship Group
Course Description:
Identifying deception is a crucial component of any audit or investigation. Obtaining truthful information is critical to the fraud examiner, auditor or investigator. Discover how a truthful person speaks vs. an untruthful person. This introduction to statement analysis will change the way you interpret what others say. Participants will gain an understanding of how statement analysis can be used in any information gathering situation.
This half day session presents an overview of how statement analysis is used in business and investigative areas. Session participants learn the basics of information gathering and how to interpret the information they receive. In an interactive setting, attendees will be able to apply Statement Analysis basics to a variety of high profile media cases and see what the subject really meant. Information gathering basics will be covered in order assist the audit professional to gather necessary information for any investigative purpose. Session attendees will also analyze a complete statement and be able decipher the linguistic code within the body of the statement.
Speaker Bio(s):
Nejolla Korris is the Chief Executive Officer of The Sponsorship Group. The Sponsorship Group is consulting firm that specializes in workplace issues. Nejolla Korris provides investigative services, intelligence gathering, litigation support, statement analysis, employee audits and reference checks to corporations. Ms. Korris has a BA in Law from Carleton University. She is often referred to as an international expert in the field of linguistic lie detection. She is skilled in Scientific Content Analysis (SCAN), a technique that can determine whether a subject is truthful or deceptive. Korris has analyzed documents for fraud, arson, assault, international security, homicide and missing persons’ cases. This has caused some of her clients to dub her the “Human Lie Detector".
Ms. Korris is a popular speaker on Lie Detection, Fraud Prevention & Investigation and Workplace Fraud. Korris’ most popular topics include Truth & Deception: Linguistic Lie Detection, Effective Information Gathering, Workplace Fraud, Workplace Behaviors and Organizational Justice. She is a frequent presenter for The Institute of Internal Auditors, the American Society for Industrial Security, the American National Safety Council, the American Institute of Certified Public Accountants and the Association of Certified Fraud Examiners. Ms. Korris session on Linguistic Lie Detection was ranked the number one session at the Institute of Internal Auditor’s International Conference in Amsterdam this past summer.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: The entire event (lunch presentation and afternoon workshop) will provide 5 CPE hours.
-
Securing and Auditing Active Directory
Date: February 18-20, 2008
Time: 8:30-4:30 (Monday and Tuesday); 8:30-3:30 (Wednesday)
Course Description:
In this three-day, hands-on seminar you will gain the skills you need to perform a detailed audit of an Active Directory network. You’ll be guided through each step of the review, from scope and planning through evidence extraction and analysis, to writing up your findings. You’ll learn how to collect as much information as possible from the network so you don’t have to rely on interview questions, and learn how to efficiently determine which computers in the network should be reviewed. You will compare the differences between Active Directory running on Windows Server 2000, 2003, and 2003 R2 domain computers, find out about the new features in each version, and learn how to modify your methodology accordingly.
You will discover secrets for quickly extracting the evidence you need without wearing out your computer’s print-screen button or monopolizing your administrator’s time. You’ll determine which controls are important to review at each level, starting with forests down through trees to domains, domain-controllers and finally member servers. You’ll cover time-saving tips, including which kinds of trust relationships are important to assess and which aren’t; which pieces of evidence you need to extract for each domain controller; and which you can extract from just one. You’ll learn how to use resource kit utilities, shareware programs, as well as how to analyze results and identify risks. You’ll master techniques for assessing administrative authority in AD; identifying arcane risks associated with the forest root domain; and assessing forest, tree domain, organizational unit structure, and group policy.
You will gain an understanding of how Active Directory relates to Windows Server security and how AD’s Group Policy technology makes it possible to control Windows Server security settings centrally. You will learn how to determine whether crucial best practice techniques were followed in the design of your organization’s forests and domains. You'll discover crucial features of Active Directory’s monitoring capabilities that facilitate compliance with Sarbanes-Oxley requirements.
In this detailed seminar you will discover how to tell if your administrators are really reviewing security logs as often as they say they are and get pointers on detecting lax account management. At the conclusion of the course you will perform an audit of a network.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: Member: $749.00; Non-Member: $899.00
CPE: 8 hours
-
Virtualization
Date: Friday - January 18, 2008
Time: 11:00-12:30 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speaker: Chris Wolf, The Burton Group
Course Description:
Identifying deception is a crucial component of any audit or investigation. Obtaining truthful information is critical to the fraud examiner, auditor or investigator. Discover how a truthful person speaks vs. an untruthful person. This introduction to statement analysis will change the way you interpret what others say. Participants will gain an understanding of how statement analysis can be used in any information gathering situation.
This half day session presents an overview of how statement analysis is used in business and investigative areas. Session participants learn the basics of information gathering and how to interpret the information they receive. In an interactive setting, attendees will be able to apply Statement Analysis basics to a variety of high profile media cases and see what the subject really meant. Information gathering basics will be covered in order assist the audit professional to gather necessary information for any investigative purpose. Session attendees will also analyze a complete statement and be able decipher the linguistic code within the body of the statement.
Speaker Bio(s):
Chris Wolf is a senior analyst for Burton Group Data Center Strategies. He covers server virtualization and data center consolidation, data protection, management and classification, disaster recovery, and business continuity. Prior to joining Burton Group, Chris was a nationally recognized independent consultant, the CIS department head at the ECPI College of Technology, and consultant with CommVault Systems. With 14 years of experience in virtualization, data protection and recovery, high availability, and enterprise storage management, Chris is an industry leader in virtualization coverage. Chris also authored Virtualization: From the Desktop to the Enterprise, the first book published on the topic. His virtualization presentations and workshops are consistently amongst the highest rated sessions at conferences in both the US and Europe.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: The entire event (lunch presentation and afternoon workshop) will provide 5 CPE hours.
Presentation File: Virtualization in 2008
-
ISACA/ISSA/InfraGard Joint Chapter Meeting - Panel Discussion
Date: Thursday - October 11, 2007
Time: 5:30
Speakers:
Tom Buss, Director of Information Security for Deloitte Services LP
Bill Dieringer, Director of Information System Security for Vanguard Health Systems
Graeme Payne, Security Practice Partner for Ernst & Young
Meeting Description:
Topics include virtualization, mobile workforce/mobile device security, and security outsourcing.
Location:
Belmont - Vince Gill Room
2002 Belmont Boulevard
Nashville, TN 37212
Maps and Directions
Cost:
Members: Event and dinner are free
Chapter Guests: $30 (payable to InfraGuard)
-
Database Auditing Best Practices
Date: Friday - April 13, 2007
Time: 11:00-1:00 (lunch to be provided for those who RSVP). The presentation will start promptly at 11:30.
Speaker: Steve Migliore, Director for Application Security Inc.
Course Description:
Compliance requirements and an ever increasing number of security threats targeting database applications are causing companies to investigate ways to audit database activity. "Who has access, what did they do, when did they do it?" are just some of the questions that we need to have answers to in today's regulatory environment. This is an informative session that will cover the following topics:
-Factors driving database auditing requirements
-Access and Authentication Auditing
-Privileged and non-privileged user auditing
-Vulnerability and suspicious activity auditing
-Change auditing
-How does database auditing compliment your existing layered defense strategy
Speaker Bio(s):
Steve Migliore is a technology veteran with 18+ years of Enterprise and Government Software experience. As Director at Application Security, Inc. (AppSecInc), Mr. Migliore has been instrumental in the growth of the Company since its earliest stages. Mr. Migliore is responsible for the day-to-day direction of all Sales Operations, including: leading the Inside sales team, management of all sales support systems, new hire training and managing the sales-marketing relationship.
Prior to joining AppSecInc Mr. Migliore held various Sales and Sales Management positions at both large and small companies including: Baan, Responsys, Siebel Systems, Oracle, and Hewlett-Packard.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 1 Auditorium
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
-
Middle Tennessee ISACA Chapter 2006–2007 Annual Meeting
Date: Friday - May 11, 2007
Time: 11:15 – 1:00
Speaker: Stan Fromhold, CISSP. CISA
Location: The Palm Restaurant (valet parking available - directions).
This event is limited to MEMBERS ONLY.
In order to get through our year end recap, 2006–2007 officer elections, and lunch within the time allotted, it is critical everyone arrive on time.
-
Security and Audit of Unix
Date: March 5-7, 2007
Time: 8:00-5:00
Course Description:
In this hands-on, three-day seminar you will go through the steps to take to audit and analyze the security of a Unix-based system. You will begin by reviewing a typical Unix system that has been salted with common configuration errors for you to discover. You will evaluate the system’s user access controls, examine standard system logs, analyze the effect of file and directory permissions, search for special files that allow users extended capabilities, and evaluate the risks of system processes. You will learn how to use the Unix shell, the standard user interface, to navigate the system, test file and directory access controls, access and manage files, use the system search tools, and capture evidence with shell redirection. So that you can review shell scripts that control many of the operations of a Unix-based server, you’ll cover the basics of shell programming...more...
Speaker Bio(s):
Stan Fromhold is an Information Security and IT Audit Consultant specializing in network vulnerability assessments. Mr. Fromhold has more than 20 years of managerial and hands-on technical experience with various computer environments...more...
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Parthenon II Room
Nashville, TN 37203
Maps and Directions
Cost: Member: $649.00; Non-Member: $849.00
CPE: 22 hours
Meals: Breakfast and lunch will be provided.
Registration: Registration begins for Middle TN Chapter Members on Friday, November 10, 2006
ISACA members may complete a registration form and fax it to (866) 480-0690 or email it to training@isacanashville.org. Once registration reaches 30 students a waiting list will be created.
Registration fees will only be refunded for cancellations made via email to training@isacanashville.org by the close of business on February 17, 2007.
Late cancellations and no shows are liable for payment in full. Substitutions are welcome. more...
Registration for non-members will begin on Monday, January 1, 2007.
This class is limited to 30 people, so register now to ensure availability!
Payment Options:
Fees must be payable to ISACA – Middle TN Chapter
Mail to:
ISACA - Middle TN Chapter
PO Box 330443
Nashville, TN 37203
For your convenience, we now accept payment through PayPal!
-
Middle Tennessee ISACA Chapter Member Social
Date: Thursday - March 22, 2007
Time: 5:30 – 7:00
Location: Flying Saucer (map)
This event is limited to MEMBERS ONLY.
-
Current Trends and Successful Techniques for Conducting Penetration Testing
Date: Friday - January 12, 2007
Time: 11:30-1:00 (lunch to be provided for those who RSVP by January 1).
Speaker: Thomas Lewis, CISSP, MCSE, CISA
Session Description:
During this session we will discuss the recent trends in the vulnerability landscape. Current techniques for successful exploit will be explored. The session will focus on technical as well as non-technical aspects of penetration testing. We will discuss key tools used in current testing strategies and provide demonstrations as time permits. Many of the non-technical factors to be considered when conducting this type of testing will be discussed. These factors will include:
-Considerations when working with IT to plan and execute the scans
-Tips for effectively communicating the results of the scans
-Going forward: Evaluating against a baseline
-Report examples: Form and function
Speaker Bio(s):
Thomas Lewis has over 13 years experience assisting Fortune 500 clients and government entities with the development of security solutions for complex environments. His areas of expertise are security architecture design, risk assessment, network security, attack and penetration assessments and intrusion detection solutions. Thomas is responsible for the design, development and implementation of several information security departments. Additionally, he is a frequent speaker for local and national organizations including the Information Systems Security Association (ISSA), MIS Institute, Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditors (IIA). He has been quoted in publications such as The Tennessean, YAHOO! News, Business Wire, Nashville Business Journal and the Nashville City Paper. In addition to Thomas’ information security consulting experience, he also has several years experience with three of the “Big 5” accounting firms conducting information systems audit and other attest engagements. Thomas is the founding president of the Middle Tennessee ISSA chapter. He has been active within the ISSA organization on a local and international level.
Thomas is a Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Engineer (MCSE) and Certified Information Systems Auditor (CISA). He received his Master’s degree from the University of Tennessee and Bachelor’s degree from David Lipscomb University.
Location:
Hospital Corporation of America
One Park Plaza, Cumberland Room
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
Presentation File: Current Trends and Successful Techniques for Conducting Penetration Testing
-
Refresher Course for December CISA Exam
Date: December 4– 5, 2006
Course Description:
The Middle Tennessee Chapter is offering a CISA exam refresher course for anyone interested. The course is not intended to cover every subject area that could be addressed by the exam, but rather an opportunity to spend two days reviewing materials likely to be on the exam. The course will be taught by local ISACA membership and will follow the outline provided by the certification materials.We are anticipating holding the course at HCA on December 4th and 5th. If you are interested in the course and these dates will not work for you, please respond to this email with suggestions for alternate dates. If we receive significant feedback we will publish the alternative dates later this week. If you are not planning on attending, we would welcome this feedback as well.The course will include 16 hours of CPE as CISA exam preparation.
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 2, Iris Room
Nashville, TN 37203
Maps and Directions
Cost: Member: $50.00; Non-Member: $70.00
CPE: 16 hours (For CPA certificate holders, please note that the Tennessee State Board of Accountancy will allow individuals that pass the CISA exam 20 hours of CPE instead of the 16 hours for this course – see the TSCPA for additional information.)
-
Measuring and Facilitating IT Effectiveness
Date: Friday - November 10, 2006
Time: 11:30– 1:00 (lunch to be provided for those who RSVP by January 1).
Speaker: Matt Podowitz, CISA - Executive Director with Ernst & Young
Session Description:
Spending on information technology represents the largest line item outside of salaries for most companies. However executive management, business leaders and IT leaders have different priorities and expectations for these costs and the value they bring to the organization. Matt Podowitz will be discussing the new mandate for information technology and how organizations meet this mandate through increasing IT effectiveness. Included in the discussion is the role of IT audit in measuring and facilitating IT effectiveness.
Speaker Bio(s):
Matthew Podowitz is an Executive Director in Ernst & Young’s Technology & Security Risk Services working with clients to address matters of IT governance and IT effectiveness and realize the maximum possible return on their IT spending. Matthew is a career executive and business advisor focusing on strategic business and information technology management, corporate restructuring and strategic transactions such as mergers and acquisitions. more...
Location:
Hospital Corporation of America
One Park Plaza, Bldg. 1 Auditorium
Nashville, TN 37203
Maps and Directions
Cost: This event is FREE to members.
CPE: 1 hour
-
Middle Tennessee ISACA Chapter Member Social
Date: Thursday - October 19, 2006
Time: 5:30
Location: Flying Saucer (map)
The official RSVP deadline is 4:00 PM on Wednesday, October 11th. However, if you can respond sooner it will be greatly appreciated.
This event is limited to MEMBERS ONLY.
-
ISACA/ISSA/InfraGard Joint Chapter Meeting - Panel Discussion
Date: Thursday - September 14, 2006
Schedule of Events: 5:30–6:30 Registration and Dinner; 6:30–8:30 Panel discussion; 8:30–9:00 Reception
Speakers:
Moderator - Ray Wagner, Research Vice President, with Gartner
Information Technology Audit - Phil Billington, Vice President of Internal Audit, with HCA
Information Security – Fred Scholl, Senior Manager IS Security and Control, with Nissan USA
Physical Security - Matt Hollcraft, Chief of Security, with US Tobacco
Meeting Description:
The Middle Tennessee ISACA chapter is pleased to announce our next chapter meeting will be held on Thursday, September 14th. This will be a joint meeting with the Information System Security Association (ISSA) and InfraGard (the security partnership between the FBI and the private sector). The meeting will be held on Belmont University’s campus and we have been assured of dedicated parking spaces in their parking garage.
The meeting will be a panel discussion about the integration of Internal Audit, Information Security and physical security within your organization. Each chapter will be providing a speaker to address how their organization is approaching this integration from the perspective of their own discipline.
Location:
Belmont - Vince Gill Room
2002 Belmont Boulevard
Nashville, TN 37212
Maps and Directions
Cost:
Members: Event and dinner are free
Chapter Guests: $35 (professional), $25 (student)
-
Securing AS/400
Date: July 17-19, 2006
Time: 8:00–5:00
Location:
Hospital Corporation of America
One Park Plaza
Nashville, TN 37203
Maps and Directions
Cost: Member: $400.00; Non-Member: $600.00
CPE: 1 hour
Chapter Events
Application Security
September 24, 2010
Nashville, TN
International Events
Take Back Control
July 27, 2010
BrightTALK e-Symposium
Regional Chapters
Atlanta Chapter
Kentuckiana Chapter
Memphis Chapter
North Alabama Chapter
