Information Systems Audit and Control ... - ISACA - Toronto Chapter

Document Sample
Information Systems Audit and Control ... - ISACA - Toronto Chapter Powered By Docstoc
					ISACA - Toronto Chapter                                      2009/2010 Continuing Professional Education

        Information Systems Audit and Control
                           TORONTO CHAPTER


                                         TABLE OF CONTENTS

      Page 2              A Message from the Continuing Education Committee
      Page 3              2009/2010 Board Members
      Page 4-5            Continuing Professional Education Series - Schedule
      Page 6              Continuing Professional Education Series - Registration Form
      Page 7-20           Continuing Professional Education Series - Session Descriptions
      Page 21-26          Continuing Professional Education Series – Speakers Profile
      Page 27             COBIT User Group / Security Special Interest Group
      Page 28             Information on Certified Information Systems Auditor Designation
      Page 29             Information on Certified Information Systems Manager Designation
      Page 30             Information On Certified In The Governance Of Enterprise IT
      Page 31             ISACA Global Conferences and Educational Programs
      Page 32             Coupon Order Form
      Page 34-36          Chapter Committees

Telephone 416-410-2246                                    1
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

                          A Message from the Continuing Education Committee

The 2009/2010 ISACA Toronto Chapter Education year will have some changes to our education offerings as we try out
some evening sessions in Kitchener-Waterloo. We will also be presenting two audit days (December 3, 2009 and June
10, 2010

Some of the sessions that will be presented are as follows:

    •    New and topical – The ITGI Risk IT Framework
    •    Technical in nature – Securing Remote Access and Laptop Security/Securing Mobile Devices
    •    Audit specific - Auditing E-Mail Confidentiality, Privacy and Retention;

For up to date information on all sessions please refer to the Chapter website at

We want to remind everyone that if you register for a session and then realize that you are not going to be able to take
part, please let us know. This will help us ensure that we do not have to turn people away because of a lack of space. This
will also help us ensure that we have the correct amount of refreshments and copies available at the session.

We are setting up the ability to handle credit card payments via the chapter website so this should be available soon.

If you would like information with regards to ISACA membership please visit the ISACA International website at:

We thank you for your continued support and patronage and hope that you will be able to join as at one or more of our

Bob Darlington
Director, Continuing Education
ISACA Toronto Chapter

Disclaimer. Please note that the opinions expressed during our technical sessions are those of
the presenter and do not necessarily express the opinions of ISACA International or the
Toronto Chapter.

Telephone 416-410-2246                                    2
ISACA - Toronto Chapter                                            2009/2010 Continuing Professional Education

                                    2009/2010 BOARD MEMBERS

President                     Lisa Allen             Deloitte & Touche LLP

Vice President                Margaret Lee-You       Bell Canada      

Secretary                     Jeff Bhagar            Scotiabank       

Treasurer                     Jaideep K.Khatau       PricewaterhouseCoopers

Director, CISA/CISM           Laureen Ellis          Scotiabank       

Director, Communications      Ian Steingaszner       Magna International Inc

Director, Continuing          Bob Darlington         Canadian Pacific 

Director, Marketing           Nina Chow              KPMG             

Director, Membership          Raul Mangalindan       Bell Canada      

Director, Research and        Baskaran Rajamani      Deloitte & Touche LLP
Academic Relations

Director, Technology          Behram Faroogh         PricewaterhouseCoopers

Immediate Past President      Arturo Lopez           PricewaterhouseCoopers

Past President                Patricia Goh           Scotiabank        

Administrative Assistant      Rashna Daroga          eAdmin Services Ltd.

                           Chapter Mailing Address:
                                   Information Systems Audit and Control Association
                                   P.O. Box 6544,
                                   Station A
                                   Toronto, Ontario
                                   M5W 1X4

Telephone 416-410-2246                                    3
ISACA - Toronto Chapter                                           2009/2010 Continuing Professional Education


  2009     Location     Hrs         Time                          Session                        Speaker        Page
Sept 22    Toronto        2   8:30am – 10am    SSIG - 2009 Data Breach Investigations      Wade Baker            7
Sept 29   Kitchener/      2   5:30pm – 7:30 pm Top 10 Web Vulnerabilities                  Dave Miller           7
Oct 8     Mississauga     4   8:30am - 12:00pm Securing Remote Access                      John Tannahill        8

Oct 8     Mississauga     4   1:00 pm – 5:00 pm Laptop Security                        Faisal Malik              8
                                                                                       James Li
Oct 15     Toronto        4   8:30am - 12:00pm Getting more from IT Governance through Charan Kumar              9
                                                IT Audit
Oct 15     Toronto        4   1:00 pm – 5:00 pm The ITGI Risk IT Framework             Robert Fabian             9

Oct 28     London         4   8:30am - 12:00pm Social networking (Facebook, etc.)          Barry Lewis           10

Nov 5     Kitchener /     4   8:30am - 12:00pm Improving Software Quality through        Dr Gary Cort            10
           Waterloo                            Capability Maturity Model Integration
Nov 10     Toronto        2   5:30pm – 7:30 pm SSIG - Security Awareness on a Shoestring Catalin Bobe            11

Nov 17     Toronto        2   8:30am – 10:30am COBIT User Group-Cost Effective Control Alan Beveredge            11
                                               In Tough Times

Dec 3      Toronto        8   8:30 am - 5:00 pm AUDIT DAY
                                                Audit Day Agenda                                                 11
                                                Your Communications Matters              Debbie Matters         12-14
                                                Value-for-money IT Project Audits;       Gabriel
                                                                                         Rodriguez, Rachel
                                                 How To Do More With Less                Atkin
                                                 Managing Outsourcing Agreements         Ian King
                                                 IFRS Conversion: Managing Technology Fionna Lawrence
                                                 and Information Systems;                Maruf Raza
                                                 Vendor Management and Planning the Site Charan Kumar
                                                 Visit                                   R. Vankrimpen
                                                 Auditing Project Management;
                                                                                         M. Sharifullah

Dec 3      Toronto            5:00 pm – 8:30 pm Certification Recognition and Network
Jan 21     Toronto        8   8:30 am - 5:00 pm Ethical Hacking and Digital Forensics      Robert Beggs          14

Jan 26     Toronto        2   8:30am – 10am      SSIG.-Identity and Access Management      Rosa Caputo           15
                                                 Implementation                            Kshamit Dixit
                                                                                           Simon Baker
Jan 28     Kitchener      2   5:30pm – 7:30 pm E-Mail Confidentiality, Integrity and       Stewart Wolfe         16
           Waterloo                             Retention Requirements
Feb 4     Mississauga     8   8:30 am - 5:00 pm TBD                                        TBD                   16

Telephone 416-410-2246                                    4
ISACA - Toronto Chapter                                                   2009/2010 Continuing Professional Education

  2009     Location       Hrs            Time                              Session                             Speaker    Page
Feb 11      London          4    8:30am - 12:00pm Outsourcing IT Operations and                          Bob Darlington    16
Mar 4      Toronto          8    8:30 am - 5:00 pm Database Security and Audit                           John Tannahill    17

Mar 18     Toronto          2    8:30am – 10:30am COBIT User Group-The RISK IT Silver                    Robert Fabian     17
Mar 30     Toronto                                IT Audit Conference                                    TBA               17
– Apr 1
Apr 8       London          4    8:30am - 12:00pm Virtualization                                         Albert Alberti    18

Apr 22    Mississauga       4    8:30am - 12:00pm Auditing Active Directory                              Barry Lewis       18

Apr 22    Mississauga       4    1:00 pm – 5:00 pm Audit and Security over Internet                      Barry Lewis       19
                                                   Information Services (IIS)

May 6      Toronto          8    8:30 am - 5:00 pm Auditing Applications: Building and                   Reza Kopaee       19
                                                   Managing Secure Software for Online

May 13     Kitchener        4    8:30am - 12:00pm Securing Remote Access                                 Nish Bhalla       20
May 20     Toronto          2    8:30am – 10:30am COBIT User Group-TBD                                   TBD               20

May 27     Toronto          2    5:30pm – 7:30 pm SSIG-Systems Hardening and What It                     Rajiv Bhushan     20
                                                  Really Means

Jun 10    Mississauga       8    8:30 am - 5:00 pm Audit day – Multiple Sessions - TBD                   TBD               20

 *        More information on this session will be announced closer to the date. Please watch the chapter website
          ( )
 CE       Continuing Education Hour

 TBD      To Be Determined

 TBA      To Be Announced

Telephone 416-410-2246                                    5
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education


Session                                                             Members                       Non-Members
All Day (8:30am – 5:00 pm)                                             $180                             $220

Morning (8:30 am – 12:00 pm)                                           $90                              $110
Afternoon (1:00 pm – 5:00 pm)
Evening Sessions (5:30pm – 7:30pm)                                     $35                               $45
CobiT User Group & Security Special Interest Group                     $20                               $20

GST included. GST registration number: R123951709

* Advanced registration and payment is required for all multi-day sessions.

                                                    REGISTRATION FORM



            Name &                                  Company              Telephone          Member      AM/PM/       CISA
          Email address                                                                      (Y/N)       DAY         (Y/N)

Email Rashna Daroga            or         On-line form
Call: (416) 410 – 2246
Make cheques payable to ISACA - Toronto Chapter.                Charge cards will NOT be accepted.
To avoid disappointment and to assist us with logistics, please register at least 2 days before the session. If you register
for a session and then realize that you're not going to be able to attend please notify us at least 24 hours in advance. This
will help us ensure that no one is turned away when we have available space.
Check                                   or          Call (416) 410 - 2246
Remember to check the session location before attending since venues can change due to space availability.

Telephone 416-410-2246                                    6
ISACA - Toronto Chapter                                   2009/2010 Continuing Professional Education

        Tuesday, September 22nd, 2009                       Tuesday, September 29th, 2009
             8:30am - 10:00am                                     5:30pm - 7:30pm
                  Toronto                                       Kitchener/Waterloo

         INVESTIGATIONS REPORT                              2 CE Hours
         2 CE Hours

SPEAKER: Wade Baker                                SPEAKER: Dave Miller

Building upon the findings from the 2008 Data      Topic will start out by covering the most current web
Breach Investigations Report, Verizon Business     vulnerabilities affecting corporate networks today.
will share new analysis and findings from          Leveraging the SANS Top 20, we’ll focus in on the
real-world security incidents that took place      most current issues affecting business today, with a
in 2008.                                           specific focus on the most common application,
                                                   network, and web vulnerabilities observed in the wild
Did you know that 285,000,000 records were         today.
compromised among breaches Verizon Business
investigated in 2008 alone?                        We’ll examine how the two most common web
                                                   attacks are exploited, SQL injection and cross-site
Don’t miss your opportunity to hear more of what   scripting. We’ll discuss why so many web
we found.                                          applications are being created with vulnerabilities
                                                   right out of the gate, and talk about ways to mitigate
The discussion will walk you through:              some common mistakes in web development.
• New Findings
• New Trends                                       We’ll look at some real-world issues facing business
• Updated Recommendations                          as a result of these vulnerabilities, and finally discuss
                                                   plans of attack and preventative maintenance, with a
                                                   specific focus on whitelisting, one of the most
                                                   effective and over-looked tools in our security arsenal

Telephone 416-410-2246                                    7
ISACA - Toronto Chapter                                              2009/2010 Continuing Professional Education

           Thursday, October 8th 2009                                    Thursday, October 8th 2009
               8:30am - 12:00pm                                               1:00pm - 5:00pm
                  Mississauga                                                   Mississauga

         4 CE Hours                                                   4 CE Hours

SPEAKER: John G. Tannahill                                   SPEAKERS: Faisal Malik, James Li

Remote access is used in today’s organizations to meet a     Laptops carry sensitive and confidential data of the
number of business requirements. These include:              organization and its clients. The workforce in North
                                                             America is highly mobile and employees are using Laptops
•   Business Partner connectivity using Virtual Private      from their homes, client's sites, hotels, airports etc. to
    Networks (VPN)                                           access information from the corporate servers to perform
•   Employee VPN access                                      their job. Thus, the data on Laptops needs to be protected
•   Vendor Support access                                    as any other server in the Data Centre hosting confidential
•   Terminal Services access                                 information. This is extremely important primarily due to
•   Remote support via network services such as SSH          the Regulatory requirements such as 'Privacy' or agreement
                                                             with clients who demand secrecy and protection of their
Different types of architectures and technologies can be     data with service providers.
deployed to provide this functionality. This ½ day session
will discuss security and control considerations for using   Key components of laptop security entail various security
remote access solutions. Areas of coverage include:          tools and the challenge is to centrally manage the
                                                             configuration of these tools and monitor compliance.
•   Security architecture and design
•   Use of IPSec and SSL VPN                                 After attending this session, participants will be able to
                                                             attain high level understanding of the following:
•   Use of Firewall technologies
•   Securing network services such as RDP and SSH
                                                             1.   How the traditional network perimeters have changed
•   Authentication and Access controls
•   Use of Encryption                                        2.   Hard drive encryption, data backup and restoration
•   Client-side security considerations                      3.   Laptop build and de-commissioning process
•   Key audit objectives and audit steps
•   Audit tools for testing remote access security           4.   Patch management, anti-virus/anti-spyware,
                                                                  vulnerability assessment etc.
                                                             The session will include examples from the actual
                                                             experience of the presenters.

Telephone 416-410-2246                                    8
ISACA - Toronto Chapter                                               2009/2010 Continuing Professional Education

           Thursday, October 15th 2009                                   Thursday, October 15th 2009
                8:30am - 12:00pm                                              1:00pm - 5:00pm
                    Toronto                                                       Toronto

         4 CE Hours                                                       4 CE Hours

SPEAKER: Charan Kumar                                         SPEAKER: Robert Fabian

Technological innovations have enriched our lives. It has     We've seen spectacular organizational failures because
integrated businesses and institutions around the world. In   risks were not properly managed. Risk is important for
this increasingly complex and interconnected society,         organizations, and for the people within organizations.
economic crisis and legislative compliance in one part of     Everyone within the enterprise who has management
the world impacts another.                                    responsibilities related to IT value delivery needs to pay
                                                              attention to IT risk.
 Management’s constant endeavor to be resource efficient
and yet manage to ride over unexpected turbulence can be      A best practices IT risk framework is required. ITGI has
facilitated by making IT Governance more relevant to the      led the way by developing the Risk IT Framework. Risk IT
organization.                                                 provides help and guidance with IT Risk Governance, IT
                                                              Risk Evaluation, and IT Risk Response.
This session will explore how IT auditors can be leveraged
to get more from IT Governance.                               This half-day workshop will examine risk management at
                                                              the enterprise level and risk management within IT. The
                                                              workshop will provide those attending with an introduction
                                                              to, and an overview of, the tools and techniques that can be
                                                              used for effective and efficient IT risk management within
                                                              the enterprise. If you need to pay attention to IT value
                                                              delivery, then you also need to pay attention to IT risk
                                                              management. This workshop is for you.

                                                              Those attending will develop an understanding of:
                                                              • the role of risk in the enterprise;
                                                              • the role of IT risk within enterprise risk;
                                                              • relationship between Cobit, Val IT, & Risk IT;
                                                              • the three Risk IT domains;
                                                              • the nine Risk IT processes; &
                                                              • practitioner IT risk tools & techniques.

Telephone 416-410-2246                                    9
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

          Wednesday, October 28th 2009                                    Thursday, November 5th 2009
               8:30am - 12:00pm                                                8:30am - 12:00pm
                    London                                                   Kitchener / Waterloo

         4 CE Hours                                                      THROUGH CAPABILITY MATURITY MODEL
                                                                         INTEGRATION (CMMI)
                                                                         4 CE Hours

SPEAKER: Barry Lewis                                            SPEAKER: Dr Gary Cort

Social Networking (Facebook, twitter, linked-in) + New          Beginning in the early 1990’s, the Software Engineering
Wireless technology                                             Institute’s (SEI) Software Capability Maturity Model
                                                                (CMM) set the standard for process-driven software
In this informative and lively session we will explore the      development. Its five Maturity Levels provided a
growing use of new technologies in business and their           framework for benchmarking software development
potential social and security implications for our              processes, an objective measurement system for measuring
organizations.                                                  process capability, and a proven set of criteria for
                                                                implementing software-engineering best practices.
Should they be allowed? Are they already in use? Are they
risks or can they benefit our business? Technologies such       Now officially retired (and no longer supported) by the
as twitter, facebook and instant messaging are tools the
                                                                SEI, the CMM has been replaced by a re-architected,
younger generation accept and use without question. Can
                                                                supercharged model: the Capability Maturity Model
business adapt to this new reality and benefit or is it a fad
that has no place in our business life?                         Integration (CMMI®). In this presentation the speaker will
                                                                first introduce the significant and innovative changes that
Coupled with these social network tools are new wireless        have been introduced with the CMMI and contrast this
technologies like WiMax and LTE coming to a phone near          dynamic new model with its CMM progenitor.
you. How will we adapt to all this and will we be able to
manage the potential risks? There is change afoot, and it is    The speaker will then demonstrate how the CMMI can be
fast approaching. This session will help prepare you.           applied to build a fully functional, layered, SDLC that
                                                                addresses not only the obvious engineering issues most
                                                                commonly associated with software development life
                                                                cycles, but also key orthogonal disciplines without which a
                                                                useful life cycle cannot exist in the real world. The speaker
                                                                will further demonstrate the applicability of these
                                                                principles and the overall CMMI framework for a variety
                                                                of life cycles ranging from conventional Waterfalls through
                                                                risk-based Spirals to the most nimble Agile approaches.

                                                                Throughout, the speaker will focus on the flexibility and
                                                                adaptability of the CMMI criteria and on the model’s built-
                                                                in framework for ensuring effective deployment of the
                                                                resulting SDLC, whatever its structure happens to be.

                                                                ®CMMI is a registered service mark of the Software
                                                                Engineering Institute, Carnegie-Mellon University

Telephone 416-410-2246                                    10
ISACA - Toronto Chapter                                         2009/2010 Continuing Professional Education

         Thursday, November 10th 2009                           Wednesday, November 17th 2009
               5:30pm - 7:30pm                                        8:30am – 10:30am
                   Toronto                                                 Toronto

         SHOESTRING                                               CONTROL IN TOUGH TIMES
         2 CE Hours                                               2 CE Hours

SPEAKER: Catalin Bobe                                    SPEAKER: Alan Beveredge

This presentation will describe the components of a      In tough economic times, internal control projects are
full security awareness program. How the program         often the second thing cut right after the training
should be built so that the recipient (no matter what    budget. This decision invariably increases the risk to
level) will buy into it and help him/her adopt a long    the company which may have long term effects and
lasting positive-security behavior.                      these effects may actually prevent the company from
                                                         weathering the financial storm.
The presentation will point out ways of delivering the
program with minimal resources, while achieving its      This presentation will discuss how to maintain a cost
goals and fulfilling its requirements.                   effective internal control program during hard
                                                         financial times through effective prioritization and
                                                         cost benefit analysis.


                                    Thursday, December 3rd, 2009
                                           8:30am - 5:00pm
                                          SESSION: AUDIT DAY
                                       SPEAKERS :MULTIPLE SPEAKERS
                                               8 CE Hours


  8:30am – 9:45am         Your Communications Matters
  9:45am – 11:00am        Value for Money IT Project Audits
 11:00am – 11:20am        Coffee Break
 11:20am – 12:50pm        How to do More with Less
 12:50pm – 2:00pm         Lunch
  2:00pm – 3:15pm         Managing Outsourcing Agreements          IFRS Conversion: Managing Technology
                                                                   and Information Systems
  3:15pm – 3:30pm         Coffee Break
  3:30pm – 5:00pm         Vendor Management and Planning the       Auditing Project Management
                          Site Visit

Telephone 416-410-2246                                    11
ISACA - Toronto Chapter                                              2009/2010 Continuing Professional Education

Thursday, December 3rd, 2009 - AUDIT DAY

SPEAKERS: Debbie Matters                                     SPEAKERS: Gabriel Rodriguez, Rachel Atkins

Have you ever felt as though your colleague or client just   Auditing of IT projects is now a generally accepted
doesn’t ‘get it’? Do you sometimes feel frustrated because   practice in major internal audit departments. Many IT
the meeting is not going as planned, resulting in missed     auditors, however, focus mainly on general controls and
deadlines? Do you ever catch yourself wondering when         application controls when auditing an IT project. A major
someone will get to the point and you are not sure how to    risk often overlooked is the value-for-money of project
make it happen? If so, this 75 minute session will provide   spending. Industry surveys have repeatedly shown that
you with insight and techniques to reduce your frustration   large organizations on average spend half of their IT
and make you an even more effective communicator.            money in systems and infrastructure development and the
In this session, we will:                                    success rate is not very high. This can translate to a lot of
• Explore the power of effective listening and the habits    lost dollars.
     that reduce the probability of miscommunication,
     including practical techniques to tactfully gather      This session will look at how auditors, many of whom
     information with ease                                   have accounting training, can add value to project
                                                             managers by examining the value expected and obtained
• Discover techniques to effectively execute meetings to
                                                             from the money invested.
     ensure that time is not wasted, that objectives are
     achieved, and that frustration is avoided               The common goal for properly initiated projects is to
• Identify differing communication styles and                provide value to the organization. The reality that success
     approaches for each style to maximize cooperation and   rates for IT projects are not great indicates there is
     reduce anxiety                                          significant room for improvement. Given our economic
                                                             conditions, organizations must go beyond the traditional IT
• Explore presentation techniques to get your message
                                                             audit to ensure project investments are applied
     across while gaining cooperation from colleagues and    intelligently.
• Recognize the impact of body language and micro-           After attending this session participants will have an
     messages that sometimes result in miscommunication      understanding of the following:

                                                             A. The reality that IT spending is still expected to
                                                                increase even in these economic times and IT project
                                                                success rates are not great;
                                                             B. A proposed approach to systematically conduct value-
                                                                for-money IT project audits; and
                                                             C. Performing value-for-money IT project audits will go
                                                                a step further to ensure an organizations’ project
                                                                investments are used economically, efficiently and

Telephone 416-410-2246                                    12
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

Thursday, December 3rd, 2009 - AUDIT DAY

                                                               THE SITE VISIT
SPEAKER: Ian King                                              SPEAKER: Raymond Vankrimpen
Like so many companies today, both large and small,            Organizations are increasingly outsourcing non-core
doing more with less has become the staple; and the same       activities to help meet their business objectives.
can be said for just as many IT managers. This leads us to
question of; how do you implement projects on a limited        Organizations that are currently exploring outsourcing
budget and truly appreciate the need for customer              options or those that are already outsourcing need to
satisfaction? The simple answer is, by evaluating your         learn how to manage their vendors effectively. At some
needs and executing on a baseline target.                      point in the outsourcing arrangement a site visit should be
A recent report of two large organizations by Gartner,
achieved a six to eight percent reduction in operating cost.   Organizations should be aware of the sensitivities of the
Remarkable, there was also an associated redeployment of       vendor for these visits. Additionally, organizations
operating staff, between 15% and 20%, with consistent or       should have clear objectives of what they hope to achieve
higher service levels.                                         during these site visits.
Ian King has been helping enterprise companies for the         After attending this session, participants will be able to
past 20 years streamline productivity and enhance              understand:
performance. The strategies and techniques Ian will discuss    1. When and how often site visits should occur
have proved invaluable to assisting organizations make the     2. Vendor’s sensitivities for a site visit
most out of their scares IT resources.                         3. The objectives an organization should have in
                                                                   performing site visits
Join this special 90 minute presentation and you will learn    4. Development of a communication protocol with the
the sure step process and tools that are essential for every       vendor
IT manager in this turbulent economy
                                                               The session will bring in examples from the actual
                _________________                              experience of the presenters

SPEAKERS: Maruf Raza, Charan Kumar

Growing interactivity between various entities around the
globe and their interdependence has highlighted the need for
common standards. Emergence of IFRS reflects the
evolution of global standards and its universal acceptance.

Technology and systems adaptability are one of the various
critical components that influence the successful
implementation of an IFRS conversion.

 This session will explore what’s involved in an IFRS
conversion, the technology and systems challenges that one
can expect and how to prepare to avoid them.

Telephone 416-410-2246                                    13
ISACA - Toronto Chapter                                                 2009/2010 Continuing Professional Education

                                                                            Thursday, January 21st 2010
Thursday, December 3 , 2009 - AUDIT DAY                                          8:30am - 5:00pm

SPEAKER: Mohammad Sharifullah                                             8 CE Hours

In today’s fast changing environment, the sustainability         SPEAKER: Robert Beggs
and growth of an organization is significantly dependent on
their ability to timely respond to those changes. This is        To maintain your network’s security, you must be able to
often accomplished through strategically aligned corporate       understand, and respond to the attacks that you will be
programs and projects.                                           facing. Using the Backtrack DVD, this session provides a
                                                                 hands-on demonstration of the tools and methods used to
As these projects are crucial to the organizations’ survival,    assess a network’s security. Demonstrations will focus on
senior management and the boards frequently seek                 the most common attacks, emphasizing the ones that are
assistance from audit. Audit involvement may include             known to be occurring in the wild, particularly “zero-day”,
independent and objective assurance services or advisory         or recently announced attacks. The goal is to enable
services either for the entire project or for a specific phase   students to integrate open-source tools into their own
from project initiation to benefit realization.                  organization’s practices of ethical hacking or other forms
                                                                 of security testing.
This interactive session will provide the participants with
tips and techniques on how to effectively plan and execute       After reviewing network security from the attacker’s
the project audit assignments with limited resources and         perspective, students will review the principles and
timely communication of findings to the right stakeholders.      practices of agile incident response. Students will learn the
                                                                 basics of the response process, and will have the
                                                                 opportunity to do a hands-on investigation of a live system
                   __________________                            that has been compromised. The training session will
                                                                 emphasize the importance of analyzing the physical
                                                                 memory, and tools and approaches used to extract
SESSION: MANAGING OUTSOURCING AGREEMENTS                         information from the memory will be demonstrated. Once
SPEAKER: TBA                                                     the live system has been evaluated, an overview of the data
                                                                 forensics process will be given.

More information on this session will be announced closer        By the end of the day, students will understand how attacks
      to the date. Please watch the chapter website              work, how to recognize them, and how to initiate an
               ( )                        effective response to minimize damage and costs while
                                                                 supporting legal investigation.

                                                                 All attendees will receive a copy of all software used
                                                                 during the presentation.

Telephone 416-410-2246                                    14
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

           Thursday, January 26th 2010                          IMPLEMENTING ENTERPRISE USER PROVISIONING
               8:30am - 10:00am                                 (LOGICAL AND PHYSICAL ASSETS) AND SINGLE SIGN-
               Location - Toronto                               ON - BY: KSHAMIT DIXIT, TORONTO HYDRO

SESSION: SSIG – IDENTITY AND ACCESS                             Information Security expands the horizons with newer
MANAGEMENT IMPLEMENTATION                                       technology drivers. Physical security is no longer effective
         4 CE Hours                                             without appropriate access controls from logical security.
                                                                Enterprise access governance needs to cover physical
SPEAKERS:                                                       assets including ID badges.
This topic will be addressed from a number of different
perspectives by three very knowledgeable individuals. The       This session will provide you with some of the best
areas that will be discussed are:                               practices and experiences in convergence of Physical and
                                                                Logical Security. Use of Identity and Access Management
                                                                is pivotal to achieving success. Learning in optimized
•   Re-Designing IAM Business Processes presented by
                                                                processes, convergence of people skill-sets in both areas of
    Rosa Caputo                                                 logical and physical security and in the application of IAM
•   Implementing Enterprise User Provisioning (Logical          technology make this happen. Often IAM initiatives are
    and Physical Assets) and Single Sign-on presented by        flagged as Single Sign On.
    Kshamit Dixit
•   IAM – The Contrarian View – Why You May Not                 This session will focus on some of the key components to
    Need It! presented by Simon Baker                           getting it right from the get go.

                                                                IAM - THE CONTRARIAN VIEW - WHY YOU MAY NOT
A successful IAM implementation requires a solid                NEED IT! – BY: SIMON BAKER, CIBC MELLON
foundation of business processes that address the full
lifecycle management of user identities. This often begins      Identity and Access Management solutions are positioned
with pre-boarding of users (before they begin employment)       within the technology and risk management sectors as the
and ends with the off-boarding process. There are many          solution to ease pains with user provisioning, access
business processes to be considered for IAM process re-         management and regulatory compliance. IAM is not a
design as well as types of employees, contractors,              silver bullet for addressing access related concerns,
consultants, partners and vendors.                              ensuring compliance with regulatory bodies and satisfying
                                                                audit requirements! Simon will address when IAM is
Industry analysts have highlighted the criticality of getting   required but the overall theme is to challenge conventional
the business processes right first, before the technology is    thinking on the subject. There are right and wrong reasons
even considered. And for good reason, a successful IAM          for implementing IAM.
implementation effort is often seen as 80% process and
20% technology. Projects that focus on the technology           This discussion will focus on why you don't need Identity
aspects often wind up being unsuccessful.                       Management and what vendors aren't telling you.

This presentation addresses the complete set of business
processes needed for a successful IAM implementation,
including accountabilities, process re-
engineering/development, timing, POC and

Telephone 416-410-2246                                    15
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

           Thursday, January 28th 2010                                   Thursday, February 11th 2010
                5:30pm - 7:30pm                                               8:30am - 12:00pm
              Kitchener/Waterloo                                                   London

         AND RETENTION REQUIREMENTS                                     APPLICATIONS
         2 CE Hours                                                     4 CE Hours

SPEAKER: Stewart Wolfe                                         SPEAKER: Bob Darlington

This will be an interactive session to provide participants    Outsourcing is a common practice and takes many forms
with an over-all understanding and answering questions         from the outsourcing of data centers and call centers
and concerns regarding e-mail confidentiality, integrity and   through to application support and the development and
retention requirements including:                              operation of application systems. This session will look at
                                                               why companies outsource various activities and the pros
•   What is Information Security and why is messaging          and cons of each. We will also look at why companies are
    confidentiality and integrity important?                   retrenching and bringing outsourced activities back inside.
•   Overview of Public and Symmetrical message
    encryption technologies used to ensure that message        This session will discuss outsourcing not only from the
    confidentiality and integrity are maintained               contract perspective, but also the key activities that must be
                                                               considered as part of the initial investigation and what
•   Auditing messaging systems (MS Exchange, Domino)           needs to be incorporated into our operating plan.
•   WebTrust and Public Key Infrastructure (PKI) audits        This session will be led by Bob Darlington who has been
•   Typical messaging system audit exposures                   involved in a number of outsourcing projects. This session
                                                               will encourage the discussion of outsourcing issues along
•   Messaging retention requirements and the growing           with identification of potential resolution of these issues.
    need to maintain evidence for court
•   Beyond email: a look at Web 2.0 and Instant
    Messaging confidentiality, integrity and retention


                Thursday, February 4th 2010
                  8:30am - 5:00pm


More information on this session will be announced closer
      to the date. Please watch the chapter website
               ( )

Telephone 416-410-2246                                    16
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

             Thursday, March 4th 2010                                      Thursday, March 18th 2010
                 8:30am - 5:00pm                                               8:30am - 10:30am
                     Toronto                                                       Toronto

         8 CE Hours                                                     SILVER BULLET
                                                                        2 CE Hours

SPEAKER: John Tannahill                                        SPEAKER: Robert Fabian

The focus of this session will be on the audit, control and    Wouldn't it be nice if we had silver bullets to slay the
security issues related to the use of database management      devils and dragons we face in IT? Is the Cobit Risk IT
systems in today’s business environments. A specific focus     framework a candidate? Risk IT is a field proven approach
of the session will be security and audit of Oracle 10g/11g;   to the identification, mitigation, and management of IT
and Microsoft SQL Server 2005/2008 environments.               risks. It's the other side of the Val IT framework, providing
                                                               risk balance for different value targets. It's not a silver
Learn practical approaches and techniques for evaluating       bullet, but it is a tool that should be in the kit bag of every
the implementation of database security and control.           IT project or service or audit manager.

Live demonstrations using Oracle and SQL Server                This session provides an introduction to and an overview
database environments will reinforce the principles            of the Cobit Risk IT framework. It will start you on the
presented.                                                     road to the intelligent identification, mitigation, and
                                                               management of IT risks. Not only will you do a better job
1.   Database Security & Control                               addressing IT risks, but you will also be able to
                                                               demonstrate that you have used proven best practices in
•    Database versions                                         your approach to IT risk.
•    Architecture and components
•    Security Configuration
•    Data dictionary
•    Database connections                                                    ____________________
•    Identification and authentication
•    Password administration
•    System and object privileges
•    Audit trails and security logs                                IT Audit Conference at the Sheraton
•    Role of operating system security
                                                                              Centre Hotel
2.   Auditing Databases                                                          Toronto

•    Audit Testing Approaches                                               March 30 - April 1, 2010.
•    Audit & Control objectives
•    Key Audit Steps
•    Audit Checklists                                            More information on this conference will be announced
•    Audit Tools and Techniques                                        Shortly. Please watch the chapter website
•    Database Vulnerability and Penetration Testing                   )

Telephone 416-410-2246                                    17
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

             Thursday, April 8th 2010                                       Thursday, April 22nd 2010
                8:30am - 12:00pm                                                8:30am - 12:00pm
                     London                                                        Mississauga
                                                                SESSION: AUDITING ACTIVE DIRECTORY
         4 CE Hours
                                                                         4 CE Hours
SPEAKER: Andrew Alberti                                         SPEAKER: Barry Lewis
Virtualization is one of the key buzzwords in our industry.     This half-day workshop will provide attendees with an
It shows up as part of green data centre strategies, high       understanding of Active Directory, the core of Windows
availability designs, testing designs, cost saving strategies   based security and the driving force behind many of the
and even cloud computing. What is virtualization and why        weaknesses seen in corporate implementations.
should you care?
                                                                You will gain a clear understanding of the Active Directory
Andrew will present an introduction to virtualization across    architecture and its Domains, Forests and Trees and how
a variety of technologies. He will discuss the benefits of      these elements are tied together to customize your
virtualization including hardware, cost and energy savings.     implementation of Windows. In addition, you will discover
He will also discuss some of the challenges introduced          how to help ensure an effective Organizational Unit
through virtualization including software licensing, asset      deployment will improve security and control rather than
tracking, and event, performance and capacity                   weaken it.
                                                                Attendees will also learn all about Administrative rights
Finally he will conclude by looking at the risks and            and how to ensure that an accurate assessment of where
controls related to virtualization and at some approaches to    they reside within Active Directory is made during your
the management of those risks.                                  audit. You will complete this course with a full
                                                                understanding of this critical component of Windows and
                                                                ensure that your own implementation of it is accurate,
                                                                secure and effective.

                                                                Key learning objectives include:
                                                                • Recognize the importance of Active Directory to
                                                                    Windows security;
                                                                • Learn to organize and structure Active Directory to
                                                                    facilitate improved controls
                                                                • Understand the tools and techniques available to
                                                                    analyze Active Directory
                                                                • Understand which parts are critical and which might
                                                                    be optional
                                                                • know the key steps in auditing this environment

Telephone 416-410-2246                                    18
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

            Thursday, April 22nd 2010                                         Thursday, May 6th 2010
                1:00pm - 5:00pm                                                  8:30am - 5:00pm
                  Mississauga                                                        Toronto

          4 CE Hours                                            BUSINESS
                                                                         8 CE Hours
SPEAKER: Barry Lewis
                                                                SPEAKER: Reza Kopaee
In this informative half day session, we explore the security
                                                                Internet has increased productivity by eliminating
and audit of Microsoft’s Internet Information Services
                                                                constraints such as time, location and speed of delivery of
(IIS). You will learn common security mis-configurations
                                                                service. The Internet Technology assists in building better
and how to ensure the minimum install by default to reduce
                                                                services and strengthening customer relationship,
some of those risks.
                                                                employee satisfaction, and true partnership with other
                                                                organizations. However, along with this productivity
Additionally, the session covers how to effectively manage
                                                                comes the risk of cyber attacks from anywhere and
authentication and how to use configuration locking and
                                                                anytime. These attacks often result in direct financial and
IIS lockdown features as well as other security and
                                                                reputation loss.
configuration controls. An audit checklist for IIS will be
provided to attendees to enable you to perform a
                                                                Organizations have traditionally concentrated on general
reasonable audit of your organization’s IIS installations.
                                                                protection measures such as Access Control, Traffic
                                                                Encryption (eg: SSL), and Network security. These
                                                                general countermeasures while necessary are proven
                                                                inadequate in protecting Internet Applications. Many high
                                                                profile companies with multiple layers of perimeter
                                                                controls are finding their applications vulnerable. Social
                                                                networking applications exacerbate this situation.

                                                                To increase trust, organizations must understand and
                                                                mitigate software security risks when they acquire,
                                                                outsource, implement or host applications—not only
                                                                because of customer, business partner, and employee
                                                                expectations, but also because of stringent security and
                                                                privacy regulations. Software engineering facts clearly
                                                                show that the cost of securing a flawed application is
                                                                far more expensive than building it securely in the first

                                                                Our speaker will highlight the elements of secure software
                                                                and how organizations can effectively acquire, integrate,
                                                                outsource, develop, assess, and manage software security
                                                      Aligning software security with business objectives and
                                                      enterprise security policies
                                                  • Identifying threats and mitigating controls
                                                  • Integrating security with enterprise processes such as
                                                      SDLC, PMLC, Quality Assurance
                                                  • Assessing of the security posture of an application
                                                  • Managing application security risks within the
                                                  • Implementing privacy compliant software
                                                  The session will bring in examples from the actual experience
Telephone 416-410-2246                                                19
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

                                                               of the presenter.

             Thursday, May 13th 2010                                         Thursday, May 27th 2010
                8:30am - 12:00pm                                                5:30pm - 7:30pm
               Kitchener/Waterloo                                                   Toronto

         4 CE Hours                                                     IT REALLY MEANS
                                                                        2 CE Hours

SPEAKER: Nish Bhalla                                           SPEAKER: Rajiv Bhushan
Today, with the help of technology, the world truly is flat.   This presentation will cover all the basic issues with
An employee or contractor can be down the street or in a       hardening servers:
coffee shop in Japan and work as if he were sitting inside     • Why?
your office.                                                   • Why not?
                                                               • Why have different standards for build, operations,
Extranets, VPNs, VOIP, satellite networks, wireless and
                                                                   applications, etc, ...
dial-ups have made it easy and cost effective to work
                                                               • Why should you audit against your standards: build,
remotely. Have they made it secure?
                                                                   operations, etc, ...
                                                               • What about hardening standards for legal reasons,
Nish Bhalla, the founder of Security Compass Inc., will
                                                                   such as SOX, PIPEDA, ...
provide real case studies around common attack surfaces
and defences with respect to remote access.                    • What tools can you find to help with this process,
                                                               • How can you customize industry standards to do help
                                                                   you do what you need,
                                                               • What to pick between the different standards,
                                                               • And the biggest problem, how can I do it?

               __________________________                                     ___________________

             Thursday, May 20th 2010                                         Thursday, June 10th 2010
                8:30am - 10:30am                                                 8:30am - 5:00pm
                    Toronto                                                        Mississauga

SESSION: COBIT USER GROUP - TBD                                SESSION: AUDIT DAY
         2 CE Hours                                                     8 CE Hours

SPEAKERS: TBD                                                  SPEAKERS: TBD

More information on this session will be announced             More information on this session will be announced
closer to the date. Please watch the chapter website           closer to the date. Please watch the chapter website
( )                                     ( )

Telephone 416-410-2246                                    20
ISACA - Toronto Chapter                                               2009/2010 Continuing Professional Education

                                              SPEAKER PROFILES

Andrew Alberti is currently a Certified IT Architect with the IT Strategy and Architecture practice within IBM Canada.
He is an IT Architect with twenty five years of experience at IBM Canada, specializing in solutions for e-business
infrastructure and the banking industry. He has led virtualization designs (Intel and Unix), high availability assessments,
data centre moves, server consolidation projects, infrastructure designs and ITIL process reviews.

Rachel is a Senior Manager in the Deloitte Enterprise Risk Services practice, and has more than 10 years of professional
information technology program and project management experience. She has successfully planned and implemented
information technology strategies to satisfy a range of client needs and expectations. Her experience includes
multidisciplinary management across a range of geographies for a collection of clients. In combination with these roles in
management and leadership, Rachel has participated on engagements in an advisory capacity identifying project and
program risks, assessing impacts and recommending best practices or additional alternatives to manage the risk. Her
academic background includes a Bachelor of Science Degree in Applied Mathematics and Physics and, along with a PMP
designation; she has also passed the CISA exam (Certified Information System Auditor).

Simon has been responsible for Enterprise Information Security at CIBC Mellon since 2001. CIBC Mellon is 50 - 50
jointly owned by CIBC, a leading North American financial institution, and BNY Mellon, a global financial services
company. The two main lines of business are asset servicing and issuer services. During his time with CIBC Mellon
Simon has implemented and maintained programs including access management, compliance testing, vulnerability, risk
management and security architecture aimed at ensuring the 'right' level of control is in place.

Wade is the director of Risk Intelligence for Verizon Business. In this role, he oversees the collection, analysis, and
distribution of all internal and external data relevant to better understanding and managing information risk. The output
from these activities is used to improve Verizon’s services, inform personnel and clients, and provide credible influence
to the constant evolution of security planning.

Wade has nearly 15 years of experience in the IT and security industries. His background spans the technical-managerial
spectrum from system administration and web development to risk management and corporate decision-making. Since
joining Verizon Business (and previously with Cybertrust and TruSecure), Baker has led a team in building one of the
largest repositories of information security risk metrics in the world. He has innovated several offerings and
methodologies for Verizon Business and is the creator, author, and primary analyst for the Data Breach Investigations
Report series.

Prior to his tenure at Verizon Business, Baker spent 5 years on the faculty of two major research universities, most
recently in the Pamplin College of Business at Virginia Tech. He also ran a consulting firm providing IT services to
companies and educational institutions. In what seems like a former life, he began his professional career as an
environmental scientist in Mississippi.

Wade has a bachelor’s degree in business development and a master’s degree in information technology from the
University of Southern Mississippi. He is in the final phase of obtaining his Ph.D. in Business Information Technology at
Virginia Tech; his doctoral dissertation examines the challenges of managing information risk in the extended enterprise
and provides a model for improved decision support.

A researcher at heart, Wade’s work on various topics has been published in a number of highly-rated academic journals,
professional magazines, and books. His research for the President’s Information Technology Advisory Council was
Telephone 416-410-2246                                    21
ISACA - Toronto Chapter                                               2009/2010 Continuing Professional Education

featured in the 2005 Report, “Cyber Security: A Crisis of Prioritization.” He frequently speaks at academic and trade
conferences as well as corporate events around the world.

Robert Beggs is the founder and CEO of DigitalDefence. As leader of Canada's leading incident response and forensics
consultancy, he has served clients in the banking, insurance, brokerage, and mortgage industries, as well as several small
and medium enterprises from a variety of market verticals. He has been responsible for the technical leadership and
project management of more than 300 consulting engagements, including policy development and review, standards
compliance, attack and penetration testing of wired and wireless networks, third party security assessments, incident
response, and other consulting projects. His experience with military, financial, and other systems related to critical
infrastructure have prepared him to provide a high degree of practical security.

Before working as a Senior Consultant to one of Canada's largest financial institutions, Robert was employed by Netigy,
a global network and security infrastructure firm based in San Jose. He has also worked for Nortel Networks in the
Systems Engineering group as a specialist responsible for developing new IP-based services for global
telecommunications clients. Robert is the lead instructor for DigitalDefence, providing instruction in ethical hacking,
incident response, live system analysis, malware analysis, and data forensics. Robert is a founder and proud sponsor of
the Toronto Area Security Klatch, TASK, North America’s largest user group focused solely on security issues. He holds
an MBA in Science and Technology from Queen’s University, and is a Certified Information Systems Security
Professional and a Certified Information Systems Auditor.

Alan is the Chief Information Security Officer at Davis + Henderson, Canada’s leading provider of services to Financial
Institutions. He has degrees in Electrical Engineering, Adult Education and Leadership Development and has been
working in Information Technology for over 30 years

Nish is the Founder of Security Compass, is a frequent speaker on emerging security issues. He has spoken at reputed
Security Conferences such as RSA, Blackhat, ShmooCon, RECon, HackInTheBox, and many others.

Mr. Bhalla has not only coauthored and contributed to many books including "Buffer Overflow Attacks: Detect, Exploit
& Prevent" & "Hacking Exposed: Web Applications, 2nd Edition", but has written many articles for sites like and He has also been interviewed by magazines such as CSOMagazine,
Government News, and DarkReading.

Prior to starting Security Compass, Nish provided consulting and training services for a variety of organizations including
Foundstone, Sun Microsystems, Lucent Technologies, TD Waterhouse & The Axa Group. 

Rajiv is an IT professional, has worked in a large variety of industries such as weather forecasting, security,
telecommunications, to the movie industry. Rajiv has extensive experience in Information Technology with Security,
Operations, Education, Auditing, and DR. He has worked as a Security Consultant with companies in Toronto and New
York City. Rajiv is currently engaged as a DR expert with the Government of Ontario. With a belief that knowledge is
best used when it is shared, he has been teaching part-time for over 10 years and given presentations at many
security conferences.

After attaining a pilot license, 5 year-degree in Aerospace Sciences and 8 years of working in aviation, Catalin’s
professional life took an unexpected turn by getting into computer networks and IT training. That was 18 years ago.
While working for the Bank of Montreal, he delved into a new field: information security where Catalin had the unique
privilege and opportunity to work under the guidance and leadership of a great mind: the late Dr. Robert Garigue.

Telephone 416-410-2246                                    22
ISACA - Toronto Chapter                                              2009/2010 Continuing Professional Education

At the beginning, he designed and implemented secure networks and administered cryptographic systems for the bank.
Later he focused on risk management, governance and awareness.

In 2006, Catalin was instrumental in initiating a joint venture between Bank of Montreal and Ontario Information &
Privacy Commissioner to create an awareness brochure about the risks of identity theft while traveling.

        "Catalin Bobe initiated a partnership between my office and the Bank of Montreal and proposed the subsequent
        development of our popular joint publication, Reduce your Roaming Risks: a Portable Privacy Primer. This
        brochure, which advises mobile workers about protecting themselves and their clients from identity theft and
        privacy breaches greatly benefited from the expertise, experience and leadership that Catalin brought to the
        project                                                                                                team.
        --Ann Cavoukian, Ph.D., Information and Privacy Commissioner of Ontario."

Catalin is an accomplished speaker, former member of Toastmasters International and accredited instructor/facilitator.
His professional designations are: CISSP, CISM, CISA and SSP CNSA Certified Professional.

Rosa Caputo is principal and founder of KeyData Associates, a consulting firm specializing in Identity Management, IT
Security, Risk Management, and Regulatory Compliance.
Rosa is a leading industry consultant who has assisted organizations throughout North America in developing IAM
strategies, roadmaps, business cases and governance for successful implementation. KeyData’s clients are Fortune 2000
companies across North America among the following industry sectors: financial institutions, energy/utilities,
government, retail, telecom and technology. Rosa is a recognized industry expert in Identity Management and has
assisted organizations in both turning around failed IdM projects and getting the initiatives approved and funded. She is
often invited to speak at conferences and specialized IAM events throughout North America and has published
extensively on this topic.

Dr. Gary Cort has over twenty years of software industry experience on projects spanning aerospace, communications,
biomedical, financial, in simulated, and real time environments. Specializing in software engineering, project
management, configuration management, and software metrics, Dr. Cort has led large-scale software projects for NASA,
the US Department of Energy, and the Los Alamos National Laboratory, where he also served as Quality Officer. Prior to
joining Research In Motion, where he holds the position of Vice-President, Software Quality, Dr. Cort co-led the world-
wide CMMI deployment effort for Intel Corporation.

Dr. Cort works with Fortune 500 companies throughout the world to dramatically improve software project capabilities.
Dr. Cort is a former Adjunct Professor of Software Engineering at the University of New Mexico and currently serves on
various standards and advisory boards. Dr. Cort is the Chairman of ISO Technical Committee 176, Quality Management
and Quality Assurance, which is responsible for the ISO 9001 family of standards.

Dr. Cort holds a Ph.D. degree in Physics from Texas A&M University and is an ASQ Certified Software Quality
Engineer. Dr. Cort has enjoyed a long and productive relationship with the Software Engineering Institute. He is a
certified SCAMPI High-Maturity Lead Appraiser and CMMI Instructor as well as one of the authors of the SCAMPI

Bob has over 32 years experience in the Information Systems, and Audit and Control field. He has worked as an IS
Auditor, Systems Analyst, Application Developer, Systems Software Programmer and Computer Operator. Bob is a
regular presenter. He has delivered sections of the Certified Information Systems Auditor (CISA) review course run for
the ISACA, Toronto Chapter as well as having presented at the 2000 CACS Conference. Bob, CIA, CISA is a past
President of the ISACA Toronto Chapter and is currently the Director of Continuing Education.


Telephone 416-410-2246                                    23
ISACA - Toronto Chapter                                              2009/2010 Continuing Professional Education

Kshamit brings over 18 years of experience in engineering and information technology. Kshamit is responsible for
Information and Cyber Security for Toronto Hydro Corporation. Founding Chairman of Smart Network Council Security
Committee, Washington DC, he serves on the Board of Directors of both the Utilities Telecom Council and the Smart
Networks Council, Washington DC. He is with Toronto Hydro for the past 10 years and specializes in Information
Security and regulatory compliance. At Toronto Hydro, he has implemented the Cyber Security Framework with ISO
17799 and CobiT compliance. He is currently implementing the enterprise IAM program.

Robert led development of the CIPS Risk Management Practice Guide and was an external reviewer in the development
of the Cobit Risk IT framework. He has more than 40 years experience in the IT field as a consultant, manager, and
academic. His articles appear frequently in the trade press and he is a regular presenter at conferences and seminars.

Ian King has a 20-year track record of successful technology integration, corporate management, sales, and operations.
He has demonstrated a knack for creating elegant information technology solutions in his roles as a network designer,
software developer, project manager, implementation consultant, and problem solver for small businesses, new ventures,
and global enterprises.
Among his esteemed accomplishments include:
• Achieving 10% cost reduction by project managing upgrades for MPLS structure
• Creating verification and validation techniques for early life cycle testing
• Analyzed project cost and avoided over runs while maximizing revenues
• Designed reseller training initiatives ensuring effective market penetration
• Resolved operational flow by evaluating, mapping and documenting procedures

Reza is a senior manager at Deloitte Enterprise Risk Services. Reza is the National Leader of Deloitte’s Information
Protection Consulting Services in Canada. He has been instrumental in developing Deloitte’s global methodology for
effective information protection strategy and implementation controls. Reza has over 12 years of practical experience in
large IT transformations, Risk Management, and Application security. In the past ten years he has worked with various
banks and governments around the world to secure their critical applications.

Charan is a Principal with Fernhill Associates Inc. Toronto. He is a Certified Information Systems Auditor, Certified in
the Governance of Enterprise IT, a Fellow of the Institute of Chartered Accountants of India, a Certified Fraud Examiner
and a Certified Internal Auditor. With over 20 years of audit and consulting experience, both as a practitioner and in
industry Charan has been involved in a wide variety of Information Systems projects globally that include Systems
Development & Implementation, Control Reviews, IT Governance and IT Assurance. Prior to Fernhill Associates,
Charan was teaching as full time Faculty at York University, Toronto and was with leading BIG 4 accounting firms
during his career.

Charan is currently a member of the Toronto Chapter - University Relations and Research Committee and has previously
served on the Education Board at ISACA International, the ASIA CACS Conference Committees and the North
American CACS Conference Committee. He is the Founding President of the New Delhi Chapter of ISACA. Charan has
spoken at various conferences including the ISACA International Conference held in Canada (Toronto).

Barry is President of Cerberus and has over 36 years of experience in information technology, specializing in Information
Security for the last 27 years. He began work in the consulting field in 1987 and worked for two major audit firms before
starting his own company in 1991 and joining Cerberus in 1993.

He was awarded the John Kuyers Best Speaker/Conference Contributor Award in 2008.He is co-author of numerous
books, including Computer Security for Dummies, Teach Yourself Windows 2000 Server in 21 Days and Wireless
Networks for Dummies. His books have been translated into numerous languages around the world. Barry lectures and

Telephone 416-410-2246                                    24
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education

consults world-wide on numerous security topics, including Windows Active Directory, governance, wireless networking
and vulnerability testing.

James works at Deloitte & Touche LLP as a Senior Analyst IT Security. He has more than 6 years of industry experience
in Information Security, specializing in Application Security, Penetration Test, Risk and Vulnerability Management,
Laptop Security and Compliance. He also spent 5 years in Graduate Schools researching on Security Requirements
Modelling, Intrusion Detection and Cryptography. The research results have been published in two security conference
papers. James has achieved both Master’s and Bachelor’s degrees in Computer Science/Engineering and has his CISSP

Faisal is currently the Information Security Officer at Deloitte & Touche LLP managing firm’s information security.
Primary responsibility includes development of security policies, security standards, processes, procedures and
architectures in line with the security strategy and monitoring their compliance. He has more than 14 years of
international experience in managing broad range of IT initiatives while participating in planning and implementation of
security solutions. Faisal has a degree in Electrical Engineering and is a Certified Information Systems Auditor and
Certified Information Systems Security Professional.

Debbie Matters, BA, BEd, principal facilitator and training consultant with Your Communication Matters Inc., brings her
knowledge and experience from 17 years in the pharmaceutical, financial, and educational industries into the delivery of
the educational sessions.

Your Communication Matters Inc. focuses on enhanced awareness, education and providing tools and techniques
necessary to focus on what matters, enabling professional and personal optimization.

Dave Millier is well-known in the Canadian High-Tech marketplace, where he's been helping customers with their
security and networking needs for over 16 years. His career has taken many interesting turns; he has operated numerous
businesses including a successful consumer ISP, a retail computer operation, a data hosting facility and business ISP, a
boutique consulting firm, and most recently his organization Sentry Metrics, where as the co-founder he created and
brought to market the industry-leading Security and Risk Compliance Dashboard theSentry.

Over the years Dave has presented at many network and security conferences including IT360, Security and Network
World and Comdex, among others. He has been involved in the design, engineering, and implementation of many
enterprise corporate networks and security solutions , and has driven the deployment of numerous 300+ node VPN
networks for both educational and government clients. His areas of expertise include in-depth knowledge of firewalls,
IDS/IPS, and logfile analysis, corporate governance and compliance, and he has extensive exposure to most commercial
security products in use today.

Dave has acted as the Director of Security for a start-up online Investment firm, and supported them through a successful
purchase by a much larger online trading company. Dave assists as a security advisor to the senior management of a
number of Canadian organizations, acting as a translator of sorts between the various technologies available today and the
diverse needs of every business, allowing his clients to continue to build their businesses with confidence.
Maruf is a Partner at Collins Barrow, Toronto. He is a Chartered Accountant and has been actively involved in IFRS
conversion projects for many of their public company clients.

Gabriel is an Associate Partner in the Deloitte Enterprise Risk Services practice and has successfully delivered best
practices-based IT management solutions and business management solutions to a wide variety of clients including
financial institutions, consumer business, utilities, manufacturing, the public sector and media. He has over nineteen years
of experience in Project/Program Management, Financial and Operational Re-engineering, System Implementation,
Marketing and managing enterprise wide change initiatives. His academic background includes a Masters Degree in
Telephone 416-410-2246                                    25
ISACA - Toronto Chapter                                              2009/2010 Continuing Professional Education

Finance, a Bachelor Business Administration with majors' in Finance, Marketing, and Science and is a PMI Certified
Project Management Professional (PMP). He has proven management, financial, marketing and information system
experience across several industries and disciplines, with a sharp focus on business development. Gabriel is part of the
leadership group that manages services related to Portfolio, Program and Project Management services for clients across
several industries.

Mohammad has extensive experience in the fields of audit and project management. For the last twelve years he has been
involved in auditing large programs and projects in both the private and public sectors. He has also developed project
management frameworks and methodologies for both core project management offices and internal audit functions.
Mohammad is one of the pioneers from the audit profession to get involved with the Project Management Institute and
obtained his PMP designation in 2001. For the last twelve years Mohammad has been volunteering with several
professional organizations in Toronto, including ISACA, IIA and PMI. He has conducted several training sessions on
audit and project management Mohammad was also involved in developing the course materials for the PMP preparation
course for PMI Southern Ontario Chapter and has facilitated the course. Mohammad is a CISA, CIA, PMP, CCSA,
CGAP and CA from Bangladesh

John is an independent Information Security and Audit Services Consultant. His current consulting work areas are
focused on information security in large information systems environments and networks, requiring detailed knowledge
of the major operating systems encountered. Particular areas of technical security expertise include:
• Windows 2003
• Unix (including Solaris, AIX & Linux)
• Oracle; Microsoft SQL Server & DB2
• Network and Firewall security.

John is a frequent speaker in Canada; USA and Europe on the subject of Information Security. He is a member of the
Institute of Chartered Accountants of Scotland and has CISM and CGEIT certifications.

Raymond delivers consulting and audit expertise in the areas of risk management, information security, data quality and
integrity to many industry sectors. He has over 10 years of sound technical experience with network infrastructure,
systems and databases. Mr. Vankrimpen’s current focus is in the delivery of service audit reports, including Section
5970, SAS70, WebTrust and SysTrust. He has proven expertise in the delivery of information technology audits for
large complex organizations which typically include PKI, application, network and server infrastructure. This experience
includes the implementation and audit against statutory and compliance standards such as: Sarbanes Oxley, Canadian
CEO/CFO Certification and CobIT/COSO.

Raymond has presented in several forums on many different subjects including:
• Wireless security – INFONEX
• Protecting Organizations Against SPAM – ISSA
• Web Privacy and Security- IAPP
• Management Information Systems – University of Toronto

Stewart is a Senior Manager and leads the KPMG Eastern Canada Information Security team as well as the Software
Compliance & Asset Management service lines. Stewart has over 16 years of experience in the Information Technology
field including 10 years focused on IT security. Stewart is CISA and an ISACA member in good standing. While
employed with IBM for 9 years, Stewart worked in various roles including as an e-Mail architect and designed e-mail
systems for Canadian banks and large insurance companies. Stewart has designed and implemented several PKI (secure
email) systems using both VeriSign and Identity Based Encryption technologies. Some of the secure mail initiatives that
Stewart has been involved with have been deployed by large organizations globally and are still in wide use today.
Stewart has always worked in a customer facing role and has had clients that varied across multiple industries ranging
from the Financial, Industrial, Retail, Government and Small Business sectors.

Telephone 416-410-2246                                    26
ISACA - Toronto Chapter                                2009/2010 Continuing Professional Education

Telephone 416-410-2246                                    27
ISACA - Toronto Chapter                                               2009/2010 Continuing Professional Education

                                              COBIT USER GROUP
 Successful organizations understand the benefits of information technology (IT) and use this knowledge to drive
shareholders’ value. They recognize the critical dependence of many business processes on IT, the importance of
delivering the value promised by IT, the need to comply with increasing regulatory compliance demands and the benefits
of managing risk effectively. To aid organizations in successfully linking business and IT goals to meet today’s business
challenges, the IT Governance Institute® (ITGITM) has published incremental update 4.1 of Control Objectives for
Information and related Technology (COBIT®)

COBIT is an IT governance framework and supporting tool set that allows management to bridge the gap between control
requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT
control through organizations.

The COBIT User Group has been formed to help users capitalize on their learning and experience of COBIT through
information sharing. The User Group will be meeting a number of times throughput 2009/2010.

                                 SECURITY SPECIAL INTEREST GROUP

“The security of the knowledge and information stored on our information systems is critical in today’s changing
environment. The information security professional is playing an increasingly important role in developing policies,
programs and people to help assure the security of these systems. The challenge to business and government
organizations is to determine whether they are qualified, competent information security professionals to ensure that their
systems meet legal requirements and are secure from unauthorized access and destruction by hackers and terrorists.” -
Robert S. Roussey, CPA, University of Southern California.

The ISACA Security Special Interest Group has been formed with the needs of the Security Professional in mind.

The aim of this group is to educate and promote best practices through the sharing and collaboration among members in
the promotion of Information Technology Security knowledge resulting the increase of protection and value to the
participating organizations.

Telephone 416-410-2246                                    28
ISACA - Toronto Chapter                                                 2009/2010 Continuing Professional Education


Many corporations believe that the employment of a Certified Information Systems Auditor (CISA) is one of the most
important components of safeguarding an organization’s assets. Information technology changes rapidly, and
vulnerabilities and potential exposures must be kept in check. CISA certified professionals bring to their organizations
and their clients valuable knowledge of the most effective information systems (IS) audit, control and security
methodologies and an awareness of the unique requirements particular to certain IS environments.

From Switzerland to Singapore, from Australia to Argentina, from the United States to the United Kingdom, more than
50,000 professionals worldwide have earned the CISA designation.

This achievement recognizes their expertise, signals their desire to serve their organization with distinction, and shows
their intent to accomplish this through a program that has global respect. The CISA designation is the only professional
certification program devoted exclusively to the field of IS audit, control and security. It is the only one in this field with
global recognition.

The CISA program, sponsored by the Information Systems Audit and Control Association (ISACA), has a respected track
record for serving professionals and their organizations. It was established in 1978 to:

•   Evaluate individual competence in the field;
•   Provide a mechanism for maintaining that competence; and
•   Give management criteria for personnel selection and promotion.

A CISA professional has passed a rigorous examination and has at least five years of IS audit, control or security
experience (or equivalent teaching experience). To retain certification, the CISA professional must participate in
continuing education programs, which ensures prompt updates of fast-moving technology and its applications.

The CISA examination takes place twice a year in June and December.

The preparation courses are designed to prepare the exam writer by following a structured curriculum that mirrors the
CISA exam content and provides helpful study tips. Each preparation course is led by qualified industry instructors who
will assist in providing clarification and real life examples to the CISA Review Manual content. For more information
regarding the preparation, courses please send your inquiries to or check on the chapter
website at

Telephone 416-410-2246                                    29
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education


“The security of the knowledge and information stored on our information systems is critical in today’s changing
environment. The information security professional is playing an increasingly important role in developing policies,
programs and people to help assure the security of these systems. The challenge to business and government
organizations is to determine whether they are qualified, competent information security professionals to ensure that their
systems meet legal requirements and are secure from unauthorized access and destruction by hackers and terrorists.” -
Robert S. Roussey, CPA, University of Southern California.

The CISM (Certified Information Security Manager) is ISACA’s groundbreaking credential earned by over 5,200
professionals in its first two years. It is for the individual who must maintain a view of the "big picture" by managing,
designing, overseeing and assessing an enterprise's information security.

The CISM is not an entry-level certification. It is specifically developed for the information security professional who has
acquired proven experience working on the “front lines” of information security. Individuals with five years or more
experience managing the information security function as an enterprise or performing such duties will find the CISM
most tailored to their knowledge and skills.

The CISM defines the core competencies and international standards of performance that information security managers
are expected to master. It provides executive management with the assurance that those who have earned it have the
experience and knowledge to offer effective security management and consulting services.

The CISM examination measures expertise in the following areas:
• Information Security Governance
• Risk Management
• Information Security Program Management
• Information Security Management, and
• Response Management

A CISM professional has passed a rigorous examination and has at least five years of Information security experience (or
equivalent teaching experience). To retain certification, the CISM professional must participate in continuing education
programs, which ensures prompt updates of fast-moving technology and its applications.

The CISM examination takes place twice a year in June and December.

The preparation courses are designed to prepare the exam writer by following a structured curriculum that mirrors the
CISM exam content and provides helpful study tips. Each preparation course is led by qualified industry instructors who
will assist in providing clarification and real life examples to the CISM Review Manual content. For more information
regarding the preparation, courses please send your inquiries to or check on the chapter
website at

Telephone 416-410-2246                                    30
ISACA - Toronto Chapter                                                2009/2010 Continuing Professional Education


Boards and executive management have long understood the need for enterprise and corporate governance. As
information technology (IT) has become more important to the achievement of enterprise goals and delivery of benefits,
there has been an increasing realization that governance must be extended to IT as well. IT governance is an integral part
of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the
organization’s IT sustains and extends the organization’s strategies and objectives.

ISACA recognized this shift in emphasis in 1998, and formed the IT Governance Institute (ITGI) to focus on original
research, publications, resources and symposia on IT governance and related topics. To support and promote this
significant body of work, ISACA and the ITGI are proud to offer a certification program for professionals charged with
satisfying the IT governance needs of an enterprise.

Taking a lead role in the establishment and management of information technology infrastructure and processes,
individuals playing a role in IT governance provide significant support to the Board of Directors and executive
management. The certification program recognizes those who have the necessary level of professional knowledge,
personal skills, and business experience to maximize the contribution made by information technology to an
organization's success while managing and mitigating risks posed by IT.

This certification will benefit the individual, through recognition of their professional knowledge and competencies; skill-
sets; abilities and experiences, and will enhance their professional standing. It will also add value to the organizations
they support through the demonstration of a visible commitment to excellence in IT governance practices.

The CGEIT examination takes place twice a year in June and December.

For more information regarding the certification please send your inquiries to or check on
the chapter website at

Telephone 416-410-2246                                    31
ISACA - Toronto Chapter                                   2009/2010 Continuing Professional Education

                                ISACA GLOBAL CONFERENCES AND
                                    EDUCATIONAL PROGRAMS

                                     Event                  Dates                    Location
                          IT Governance, Risk and   14-16 October, 2009       Henderson, Nevada
                          Compliance Conference

                          Training Week             2-6 November, 2009        San Francisco, California

                          Information Security      9-11 November, 2009       Amsterdam, The
                          Management                                          Netherlands

Telephone 416-410-2246                                    32
ISACA - Toronto Chapter                                                 2009/2010 Continuing Professional Education

                                                 COUPON ORDER FORM

Company Name:


Contact Person:




Order Details

                                                                                         Quantity           Total Cost

Book Type MA @ $850 (Member, 10 Half-day session coupons)

Book Type NA @ $1050 (Non-Member, 10 Half-day session coupons)

GST included. GST Registration No. R123951709.

Please make cheques payable to The ISACA - Toronto Chapter.
Coupons are not accepted for Joint or Multi-day Sessions.
Coupon Expiry Date:                June 30th, 2011.

Mail completed form and cheque to:               Information Systems Audit and Control Association
                                                 Toronto Chapter - Program Committee
                                                 c/o Cheryl Kicksee
                                                 Toronto Police College
                                                 70 Birmingham Street
                                                 Toronto, Ontario M8V 3W6

Telephone 416-410-2246                                    33
ISACA - Toronto Chapter                                             2009/2010 Continuing Professional Education

                                 CHAPTER COMMITTEES
Lisa Allen, President         Deloitte & Touche LLP           416-601-6441

                                                   VICE PRESIDENT
Margaret Lee-You, Vice-       Sun Life Financial              416-496-4270

Jeff Bhagar, Secretary         Scotiabank                     416-933-2554
Eduardo Francia                Scotiabank                     416-866-7219

Jaideep K. Khatau             PricewaterhouseCoopers LLP      416-814-5846
Anna Bollers                  PricewaterhouseCoopers LLP      416-941-8383
                                                              x 14193
Romina Carlorosi              PricewaterhouseCoopers LLP      416-814-5786
Stephen Dias                  PricewaterhouseCoopers LLP      416-815-5132
Umair Faizan                  PricewaterhouseCoopers LLP      416-941-8271
Mahendra Mehta                PricewaterhouseCoopers LLP      416-941-8383
                                                              x 14574
Robert Mendonca               PricewaterhouseCoopers LLP      416-869-8687
Bashir Sahabooleea            PricewaterhouseCoopers LLP      416-815-5289

                           SECURITY MANAGER
Laureen Ellis                 Scotiabank                      416-866-5295
Zaki Abbas                    Great-West Life                 416-967-2000
C.K.Lung                      CGI                             416-332-8388

Ian Steingaszner, Director    Magna International Inc.        905-726-7408
Raj Devadas                   KPMG                            416-777-8458

                               CONTINUING EDUCATION COMMITTEE

Bob Darlington, Director     Canadian Pacific                 416-595-3242
Thomas Bernard               eHealth Ontario                   905-823-6403
Leila Bridgewater                                             647-501-4080
Aurora Di Pasquale           Manulife                         519-594-7097
Telephone 416-410-2246                                    34
ISACA - Toronto Chapter                                           2009/2010 Continuing Professional Education

Russell Dyer                RBC Financial Group              416-955-6732   russell.dyer@
Sharon Farnell              University of Western Ontario    519-661-2111
Arunasis Gupta              Grant Thornton                   416-360-5003
John Heaton                 Deloitte & Touche                416-643-8225
Darryl Jam                  KPMG                                  
Cheryl Kicksee              Toronto Police Service           416-808-4858
Ian King                             416-995-7162
Peter Kingsman              Manta Group                      647-886-9992
Prem Kokal                  Ministry of Finance              416-212-2367
Vik Kulkarni                Moneris                          416-734-1082
Sean Lee                    Region of Peel                   905-791-7800
Dheeraj Makhija             PricewaterhouseCoopers Inc.      905-949-7300
Michael Malcolm             Research In Motion               519-888-7465
Matt Marshall                                                416-694-3843
Paul Martinello             Central 1 Credit Union           905-282-8453
Kevin Meaney                Economical Insurance             519-570-8396
John Mooney                 McCormick                             
Talbot Shawn Murphy                                               
Martha Nicholas-Camacho     Manulife Financial               519-594-4247
Emily Ofosu                 Deloitte & Touche LLP                 

Harry Poon                  Goldpals Inc.                    647-829-7248
Marc Prive                  TD Bank                          519-873-7875
Estrella Santos             Aviva Canada                     416-288-5267
Mohammad Sharifullah        Workplace Safety & Insurance     416-344-4533
Atif Siddiqui                                                416-939-2843
Cecilia Tam                 London Life                           
Srinivas Tejomurty
Traci Van Geel              APEx                             519-433-9796
Qamar Zaman                 Asia Holding Co                  905-826-8217

                           CobiT USER GROUP ORGANIZING COMMITTEE
Bob Darlington, Director    Canadian Pacific                 416-595-3242
Alan Beveridge              Davis + Henderson                416-360-1777
Marion Birch                                                 416-706-6119
Anna Edwards                Sunlife Financial                416-979-6174
Robert Fabian                                                416-769-1885
Michael Gerochi             Mind Mappers Inc                 416-628-5575

Peter Kingsman              Manta Group                      647-886-9992

Bob Darlington, Director    Canadian Pacific                 416-595-3242
Catalin Bobe                Secure Base                      647-230-1378
Chris Anderson              Grant Thornton                   416-360-4977
David Dunn                  Independent Electricity System         
                            Operator (IESO)
Frank Vicich                                                       
June Leung                                                         

Keesje Pouw                                                        
Muhammad Shahid             TD Bank Financial Group          416-308-3211
Telephone 416-410-2246                                    35
ISACA - Toronto Chapter                                                    2009/2010 Continuing Professional Education

Murray Rosenthal               City of Toronto                       416-397-9825
Nebechi Okoye-Onuoha           CIBC                                  416-710-5551
Rajiv Bhushan                  Ontario Provincial Government         416-325-2858
Rosa Caputo                    KeyData Associates                    416-614-3259
Roy Ng                         Ryerson University                             
Ruwanmali Prematilake          Torstar Corp                          416-865-3980


Nina Chow, Director              KPMG                                 416-777-3033
Parimal Barot
Raj Devadas                      KPMG                                 416-777-8458
Denzil Luna                      Management Board Secretariat         416-325-1138
Ben Omiyi

Raul Mangalindan, Director       Bell Canada                          905-614-3386
Nandish Samani                                                        416-935- 6375

                                  ACADEMIC RELATIONS AND RESEARCH
Baskaran Rajamani,             Deloitte & Touche LLP              416-643-8457
Nitin Bedi                     Independent Consultant             647-287-2334
Rajiv Bhatnagar                Toronto Hydro Electric System      416-542-3125
Jager Bhoohe                   Cyberklix Inc.                     905-363-3825
Sanjay Chadha                  KPMG LLP                           416-777-3844
Sharon Farnell                 The University of Western          (519) 661-2111 x
                               Ontario                            85435
Paul Johns                     Deloitte & Touche LLP              416-601-5850
Charan Kumar                   Fernhill Associates                416-670-6476
Asif Mohammed                  Deloitte & Touche LLP              416-601-6398
Rajesh Varma                   Infocreative Inc.                  647-286-5666
Siva Velummylum                Professionals Training Institute   (416) 446-2858

Behram Faroogh, Director         PricewaterhouseCoopers LLP           416-930-3530
Amin Muhammadi                   SCI Inc.                             647-286-0892
Ricky Chandarana                 PricewaterhouseCoopers LLP           647-261-7425
Patricia Goh                     Scotiabank                           416-866-6507

                                                     PAST PRESIDENT
Arturo Lopez, Immediate Past     PricewaterhouseCoopers Inc.          416-941-8219

Telephone 416-410-2246                                    36
ISACA - Toronto Chapter                                            2009/2010 Continuing Professional Education

Toni Mesi                       PricewaterhouseCoopers Inc.   416-941-8383

Patricia Goh - Past President   Scotiabank                    416-866-6507
Marian Soon Shiong              Scotiabank                    416-866-6719
Carmen Li                       City of Toronto               416-392-8353
Terry Hung                      PricewaterhouseCoopers        416-815-5001

                                  CHAPTER ADMINISTRATIVE SUPPORT
Rashna Daroga                   eAdmin Services Ltd           905-501-8798

Telephone 416-410-2246                                    37

Shared By: