- This event has passed.
IT Audit in Civilian and DoD Environments
February 14 @ 8:00 am - 4:30 pm ESTGWDC Member - $105, Other ISACA Member - $135, Non-ISACA Member: $150
The ISACA Greater Washington, D.C. chapter IT audit events attract the best and brightest with its content-rich and thought-provoking sessions that delve into some of the biggest challenges facing IT audit and security professionals. The conference will include dynamic, timely topics that help you address challenges and learn innovative solutions within the IT audit arena. Speakers will cover information security, risk management utilizing frameworks like NIST Cybersecurity, RMF and FISMA to protect information, operations and assets against natural or man-made threats. IT audit both in civilian and DOD environments will be discussed, as well as upcoming changes to the way Federal agencies, implement IT systems, communicate cyber threats, manage resources, lower operational costs, expand and protect access, and manage evolving cyber threats.
1. Guard Rails for the Digital Revolution - Theresa "Terry" Grafenstine
In an increasingly interconnected world, organizations that don’t innovate and broaden their technology footprint are at risk of losing market share. Internal audit has a critical role to play in acting as the “guard rails” for their organizations, but to truly add value, they must find a balance between providing assurance while supporting the new operational innovations. In this session, Ms. Grafenstine will discuss how emerging technologies, like robotic process automation and artificial intelligence, will drive the future of internal auditing, provide an overview of cyber trends and classic breach tactics, and offer strategies of how to communicate these and other cyber risks to the board and c-suite.
2. RMF 2.0 is Coming; Are You Ready? - William Wright, CPA, CISA, CEH, FITSP-A
NIST is in the process of revising the core publications that constitute the Risk Management Framework (RMF) in an effort Dr. Ron Ross calls “RMF 2.0.” On December 20, 2018 NIST published the first revised RMF publication, NIST Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. In this session Mr. Wright will summarize the major changes in SP 800-37 and discuss the impact on both auditees and auditors and what both groups should be doing now to prepare for the changes that are coming.
3. Data Analytics for IT Audit - Debra Gilkey and Bill Rickett
With an eye to the future, automation and analytical tools provide tremendous potential for evaluating incident trends and informing stakeholders. This presentation will cover how the OIG is keeping pace with current trends and future visions of data analytics within IT audit by using ServiceNow data to investigate and find potential vulnerabilities. Using this data allows for real time auditing and quick turnaround time to alert management to any important vulnerabilities detected. Bill and Debra will explain how they use performance analytics to identify operational events and then export reports for evidence as a visual, interactive, drill-down display within Microsoft Power BI. They will also discuss how they use these reports to serve a variety of stakeholders such as the Board of Governors, Postal Service executives, and OIG management.
4. IT Controls are Not Auditors - Laura Smith
Laura Smith will walk through some of her experiences working with control owners both in government and corporate organizations. She will discuss how, as an IT Auditor, she has evaporated the myth that CobIT, NIST, PCI, A-123 or insert framework flavor, is not only for the audit, but for Auditors too! That’s why it’s called a management control.
5. Supply Chain Security: The Risk X-Factor We Can No Longer Ignore - Panel hosted by Parham Eftekhari
Supply chain security is not a new concept, but like many risk variables it has only recently emerged as a hot button issue for organizations seeking to curb the rising tide of digital threats to their organizations. Civilian and DoD agencies in particular must understand how the growing diversity of their partner ecosystem impacts their risk posture, and how they can build requirements into their acquisition and audit programs to mitigate risk by requiring better security from the products coming into their environment, be it equipment, hardware, or software. In this session, Fellows from the Institute for Critical Infrastructure Technology, the nation’s leading cybersecurity Think Tank, will discuss emerging trends in supply chain security, and the important role agencies can play in spreading these principals throughout their partner ecosystem. Panel participants include:
- Wallace Sann, ICIT Fellow and VP WW Systems Engineering & Government CTO, Forescout
- Rob Roy, ICIT Fellow and Public Sector CTO, Micro Focus Government Solutions
- Don Maclean, ICIT Fellow and Chief Cyber Security Technologist, DLT
- Joseph Brendler, ICIT Fellow and Major General, US Army (Retired) / Principal Brendler Consulting, LLC
6. "Attack" Auditing: What You Can Learn from Cybercriminals to Protect Your Data - Nick Cavalancia
In our rush to put up a layered defense strategy that includes identifying when external and insider threats occur, many organizations tend to lean on best practices, forgetting that the enemy is constantly changing their tactics. This makes spotting threatening actions – whether proactively or reactively – a challenge. So, what lessons can we apply by looking at how cybercriminals act? In this interactive session, join security expert and technical evangelist, Nick Cavalancia, as he discusses what are we protecting and what’s at stake, understanding the enemy mentality through the cyber attack chain, and turning attack activity into actionable auditing.
7. Protecting Files from the Inside - David Balch
Data Security is a term that covers a broad spectrum of approaches. Perimeter solutions are vital to keeping external threats out, but what if those threats get in? What if those threats have been inside all along? This presentation will discuss the notion of a trusted insider threat and a solution to help protect your critical file assets utilizing real-time activity monitoring.
The ISACA GWDC Board of Directors and Officers would like to give a big “Thank You” to Netwrix and DefendX Software for being Event Sponsors for the IT Audit in Civilian and DoD conference!
Who should attend?
MEET THE PRESENTERS
Theresa Grafenstine, CPA, CIA, CISSP, CISA, CGEIT, CRISC, CGAP, CGMA
Managing Director, Risk and Financial Advisory at Deloitte
Terry is a leader in the international cybersecurity audit profession. She has over twenty-five years in executive leadership; leading change; developing high performing teams; managing innovation; and bringing strategic foresight to leaders at highest levels of public trust. Terry is currently a Managing Director in Deloitte’s Risk and Financial Advisory practice where she delivers IT audit, risk, and governance advisory services to senior leaders in both the government and commercial sectors. Prior to joining Deloitte, Terry served for eight years as the Inspector General of the U.S. House of Representatives, where she designed, managed, and delivered audit and investigative services, including a comprehensive cyber assurance program. Through her leadership roles as ISACA’s Global Chair, as a member of the AICPA board of directors, and as a founding member of the IIA’s American Center for Government Auditing, Terry has helped to advance the information technology, governance, internal auditing, and accounting professions and speaks globally on cyber security, internal auditing, leadership, and risk. She has received numerous awards and accolades, including FedScoop’s “Golden Gov Federal Executive of the Year,” the Greater Washington DC Society of CPAs “Government CPA Leader of the Year”, the NY Metropolitan ISACA Chapter’s “Joseph J Wasserman Cyber and Governance Leader of the Year,” and ISACAs “Common Body of Knowledge” and “Best International Conference Speaker of the Year” awards.
William Wright, CPA, CISA, CEH, FITSP-A
Manager, IT Audit at Kearney & Co, PC
William is an IT Audit Manager with 40 years of IT experience in DoD prior to entering the field of IT audit four years ago. He has experience in conducting both FISMA evaluations and financial statement audits (using FISCAM to audit information systems) for federal government clients. He also has an extensive education and training background, currently teaching economics as an adjunct associate professor for UMUC. He maintains the training material for CISA and FITSP-A review courses and assists in conducting the courses at Kearney & Co. He holds master’s degrees in Accounting and Financial Management, National Resource Strategy, and Operations Research.
Manager, Data Analytics at USPS OIG Office of Audit
Bill joined the OIG in 2000 as an audit manager in the Atlanta, GA, field office. Presently, Bill is responsible for providing data analytics to support Information Technology audits and other projects as needed. Bill has over 25 years combined experience with the OIG and U.S. Army Audit Agency. One of his most significant projects was working in the Republic of Panama as the U.S. withdrew its Department of Defense components before the Panama Canal Treaty expired in December 1999. Bill also served 10 years in the Army with duty assignments in Texas, Indiana, Italy, and Germany. He is a graduate of the University of Georgia with a Bachelors in Business Administration and a Masters in Accountancy. Bill holds a CPA certificate in Georgia and is a member of ISACA and the IIA.
Data Analyst at USPS OIG Office of Audit
Debra joined the OIG as a Program Analyst Information Technology (IT) Audit Evaluator in September 2017 and she is based out of the Eagan, MN, field office. Debra serves as the Data Analyst and is the ServiceNow SME for the USPS OIG Technology directorate. Prior to working at the OIG, Debra was a Service Level Manager in the Postal Service’s Service Management Organization where she evaluated and audited industry advances in technology for developing and maintaining the Postal Service’s business information systems. She uses her ServiceNow and ITILv3 certifications to monitor and manage the Quality of Service by comparing actual performance with pre-defined expectations. She oversaw the policy and standard developments and modifications that helped define IT Service Level Requirements by auditing reports and implementing Service Improvement Plans. Debra is a member of ISACA.
Cybersecurity SME at The Ambit Group, LLC
Ms Smith is a Cybersecurity Subject Matter Expert for The Ambit Group, LLC. She has been in system development since punch-cards and green-bar paper. Having been involved in the creation of corporate and government systems through technical documentation, user and integration testing, configuration and change management, and business process and requirements, when she says she understands management controls her experience backs her up. Ms Smith is a GOLD Certified Information Systems Auditor (CISA), was in the inaugural accreditation class to be Certified in the Governance of Enterprise IT (CGEIT), and also is a Certified Internal Auditor (CIA). Additionally, she is in the process of obtaining the Certified Information Privacy Profession (CIPP) accreditation. Ms. Smith is a graduate of Oklahoma City University and is a native Texan.
LinkedIn - https://www.linkedin.com/in/laura-smith-8733695/
Executive Director at the Institute for Critical Infrastructure Technology
Parham Eftekhari is the Executive Director of the Institute for Critical Infrastructure Technology (ICIT), the nation’s leading cybersecurity Think Tank. Combining 15 years of technology experience with a lifelong passion for leadership and community engagement, Parham is privileged to advise executives at some of the world’s top public and private sector organizations, build strategic alliances, and create thought leadership programs focused on national security and cybersecurity issues. Parham has developed or contributed to over 100 educational briefings and events at institutions including Congress, the World Bank, and C-SPAN and regularly contributes to technology focused publications and media engagements.
Twitter - @ICITorg / @ParhamTech
Instagram - @parhamtech_
Founder / Chief Techvangelist at Techvangelism
Nick Cavalancia is a Microsoft Cloud and Datacenter MVP, has over 25 years of enterprise IT experience, is an accomplished consultant, speaker, trainer, writer, and columnist, and has achieved industry certifications including MCSE, MCT, Master CNE, Master CNI. He has authored, co-authored and contributed to nearly two dozen books on various technologies. Nick regularly speaks, writes and blogs for some of the most recognized tech companies today on topics including cybersecurity, cloud adoption, business continuity, and compliance.
Vice President, Technology & Strategic Alliances at DefendX Software
David Balch is an accomplished communicator, with more than 30 years of experience in information technology infrastructure design, sales, marketing and technical leadership. David began his career as a relational database application programmer for companies with clients in government, healthcare, and retail markets. His effective communication skills, combined with a deep technical background led to customer-facing sales-engineering roles, where he spent more than 17 years architecting, implementing and presenting complex IT infrastructure solutions and leading technical teams for companies such as EMC and IBM. David now focuses most of his energies helping companies develop effective strategic plans and related messaging for their various products, solutions and markets.
ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.
Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.
Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible. We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.
SPONSOR THIS EVENT
Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: N/A
- Delivery Method: Live in person event