OFFICERS AND BOARD MEMBERS 2005-2006 OFFICERS PRESIDENT Mike Field Liberty Mutual Insurance EXECUTIVE VICE PRESIDENT Jack Hines Raytheon ASSISTANT VICE PRESIDENT Mark Rosa, CPA, CISA Staples, Inc TREASURER Erica Hague-Antos, CISA Wolf & Co RECORDING & CORRESPONDING SECRETARY Valerie Fitton Harvard Pilgrim Health Care BOARD MEMBERS Breakfast Meetings Dennis Huaman Jim Murphy Bylaws, Policies, & Procedures Jane Graffum CISA Coordinator Tony Giroti CISM Coordinator Marybeth Panock Hospitality and Attendance Tricia O'Donnell Program & Seminar Martin Dolphin Matthew J. Putvinski University Liaison John Beveridge Webmaster, Membership Bob Buchanan Past Presidents Camille Rigney Don O'Keefe Consultant to the Board Norm Kelson
Featured Chapter Events
Compliance with the Sarbanes-Oxley Act: ESSAGEFEATURED CHAPTER EVENTS What Happened and What’s Next
David S. Marshall, MBA, CISA, CFE - Principal, Infotech Global Audit and Security, Inc John C. Blackshire, Jr. CPA - President, The Accountware Group, Inc. The Sarbanes-Oxley Act of 2002 is the most important piece of legislative work impacting the governance of publicly-held corporations in the history of the United States. Its impact, good and bad, will be discussed in detail, along with the requirements for compliance. The target audience for this seminar includes IT auditors, internal auditors, CISA’s, CISSP’s, controllers, accountants, compliance managers, information technology managers, CFOs, CIOs, CEOs, security personnel, business and financial analysts, and risk managers.
Cost: $75 (Members) $125 (Non-Members) CPEs: 7 Date/Time: January 12th, 2006 8:30 am – 4:30 pm Location: Regis College, Weston, MA
To view the specific topics covered in this course and to pre-register, click here.
Other Chapter Events Boston Breakfast Meeting Emerging Trends in Privacy and Security Legislation
Date: January 18th, 2006 Location: METLIFE BUILDING, Boston, MA
Pre-registration required one week in advance. Contact Dennis Huaman at 617-605-6000 or at firstname.lastname@example.org. For more information, click here.
Did you know?
Seminar fees can be paid by credit card. We can accept major bank credit cards including VISA, MasterCard, Discover, and American Express. ISACA NE now offers an online credit card payment option when you register for a seminar or for the CISA/CISM review courses. If desired, participants can continue to pay for seminars with personal or company check, or cash. Advertisers are also welcome to pay for their web and newsletter ads by credit card.
In This Issue
Upcoming Chapter Events..………… President’s Message…..……………. ISACA News………………………….. Sponsors.......................................... CISA and CISM Certification……….. ISACA National Conferences ...…… Job Postings…………………………. 1 2 3 3 4 5 6-7
Page 1 of 7
C JANUARY 2006
Happy January Everyone! The Board members would like to take this opportunity to thank each of you, along with Your company, for your membership, participation, and ongoing support of our chapter! Your active support is vital to the long-term success of the chapter, and will help foster the sharing of ideas, knowledge, and professional relationships for years to come. If you are a New England chapter member and are interested in joining the 2006/2007 New England board, please contact Michael Field at Michael.Field@Libertymutual.com. In January, ISACA will be introducing an updated logo and tagline. Please be sure to visit www.isaca.org for details. The organization’s growth in numbers and recognition during recent years has been impressive – it’s not just for IT auditors anymore! As I’ve noted before, efforts are underway in Rhode Island to form a chapter in Providence. This chapter will operate independently from the New England chapter and will serve IT Audit and Security professionals in Rhode Island. Members who live or work in eastern Connecticut and southern Massachusetts are welcome to join the Rhode Island chapter as well. If you are interested in joining our new sister chapter, need more information, or would like to serve as an officer or board member, please contact Camille Rigney at email@example.com. The New England chapter plans to keep close ties to the new chapter and conduct joint seminars and trainings that will benefit both memberships. Don’t Forget! On Wednesday January 18, the first 2006 monthly Boston breakfast meeting will be held at Metlife. The topic will be ―Security certification Process and Value - (using outside certifiers and what they can address‖ Please contact Dennis Huaman at firstname.lastname@example.org to register. The chapter will also hold a day long seminar on Sarbanes-Oxley at Regis College on Thursday, January 12. Visit www.isacane.org for additional information and to register. And looking ahead, we will be holding another 3-day road show for our March seminar. The topic is ―Network Security‖ and the seminar will be held March 14 at Boston College (Boston, MA), March 15 at UNH (Durham, NH) and March 16 at Amica Insurance (Lincoln, RI). And, our annual meeting will be held May 17 at FENWAY PARK in Boston, MA! Save this date on your calendars now!!! Did you know that we’ve upgraded our website to accept online credit payments? When you visit the ―Seminars‖ page, you can register and pay for a seminar by clicking on ―register me‖. It’s that easy! We will no longer be using our credit card machine to accept payments at seminars and meetings. Payment by credit card will only be accepted online. If you are interested in placing an ad on our website, you can still pay by credit card by contacting Erica Hague at email@example.com. ISACA will be holding the spring 2006 CISA and CISM exams on June 10, 2006. Look for details on www.isaca.org. The New England chapter will be offering both a CISA and CISM review course in the spring. Look for details this winter on www.isacane.org. Best Regards, Michael Field 2005/2006 ISACANE President
Page 2 of 7
ISACA Adopts New Logo and Tagline, Reflecting Organization’s Expanding Role in IT Governance
Rolling Meadows, IL, USA (December 2005) —To convey its broadened scope of professional expertise, the Information Systems Audit and Control Association will use only its acronym—ISACA— after January 1, 2006. The association has also adopted a new tagline to further define and explain its acronym: ISACA: Serving IT Governance Professionals.
Out with the old…
In with the new…
―ISACA is changing its logo to reflect the expanded professional niche we serve. We have seen an increasing number of information security professionals in our membership, and we are committed to providing pertinent programming and research to our constituents,‖ said Everett Johnson, CPA, international president of ISACA. ―In addition, we find that our members are eager for information on IT governance, privacy, control, risk management and the entire gamut of IT control and governance-related activities.‖ ISACA remains committed to serving the fields of assurance and control, which, along with information security, are included under the broader, encompassing umbrella of IT governance. ―We realized that all of the professions we serve fall under the IT governance banner,‖ said Johnson. ―Each one of those professions has an important role to play in ensuring that organizations exercise effective governance.‖ The New England Chapter has followed overall trends. ―Our chapter includes members with a variety of job titles, from auditors to security managers. ISACA’s new tagline more accurately reflects the fact that the association and its chapters serve a broad range of professionals in the field of IT governance,‖ said Michael Field, president of the New England Chapter. Founded in 1969, ISACA has more than 47,000 members and 170 chapters worldwide. ISACA administers the Certified Information Systems Auditor (CISA) designation, earned by more than 40,000 professionals since its inception in 1978, and the Certified Information Security Manager (CISM) designation, earned by 5,200 professionals in its first three years. ISACA also sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. Its research affiliate, the IT Governance Institute, was created in 1998 and publishes COBIT, the internationally recognized IT governance framework widely used for Sarbanes-Oxley compliance. For additional information, please visit www.isaca.org.
ISACA New England Sponsors
Deloitte & Touche LLP KPMG Ernst & Young ACL Services Ltd http://www.us.deloitte.com/ http://www.us.kpmg.com/ http://www.ey.com/ http://www.acl.com/ Page 3 of 7 CaseWare IDEA Inc. MIS Training Institute Wolf & Company http://www.caseware-idea.com/ http://www.misti.com/ http://www.wolfandco.com/
CISA and CISM Certification
Registering for the CISA or CISM Exam
The CISA designation has been a globally accepted standard of achievement in the information systems (IS) audit, control and security field since 1978, and has been recognized by many governments and major business groups around the world. Earning the CISA designation helps assure a positive reputation as a qualified IS audit, control and/or security professional. When are the the next CISA and CISM Exams? The next exams will be offered on Saturday, June 10th, 2006. What are the deadlines and costs? On or before February 8th 2006, registration fees for either the CISA or CISM exam are: ISACA member: US$340 Non-member: US$460 After February 8th and through April 5th 2006, registration costs: CISM, the Certified Information Security Manager is ISACA's next generation credential and is geared toward experienced information security managers and those who have information security management responsibilities. CISM is designed to provide executive management with assurance that those earning the designation have the required knowledge and ability to provide effective security management and consulting. ISACA member: US$390 Non-member: US$510 Candidates can save US$35 on the exam registration fee by registering online at www.isaca.org/examreg Visit ISACA’s website for more information about the CISA and CISM certification programs or click here.
Preparing for CISA and CISM Certification Exams
What do the CISA and CISM exams cover? The CISA examination tests a candidate's knowledge of IS audit principles and practices as well as technical content areas. The exam covers one process and six content areas (domains) and those tasks that are routinely performed by a CISA. For specific detail please go to http://www.isaca.org/cisacontentareas. The CISM exam covers five information security management areas, each of which is further defined and detailed through task and knowledge statements. Specific details can be found at www.isaca.org/cismcontentareas. Both certifications also require candidates to meet minimum requirements for professional experience. The New England chapter will be offering both a CISA and CISM review course in the spring. Watch for details this winter in the e-newsletter or on www.isacane.org. The recommended Examination Reference Materials include: CISA and CISM Review Manuals CISA and CISM Review Questions, Answers and Explanations Self-study materials can be found by going to the ISACA web site at http://www.ISACA.org. Web sites for additional study materials are available at: http://www.srvbooks.com and http://www.micromash.net.
Page 4 of 7
ISACA Training Week
Presented by ISACA, Training Week provides a unique educational experience. If you are an IS/IT audit, control or security professional in need of proven strategies and techniques for meeting the challenges you face every day, join your peers at Training Week. These intensive events, led by accomplished practitioners, offer in-depth coverage on the topics important to you. Training Week provides a great way to earn valuable continuing professional education (CPE) hours while learning more about your profession. Upcoming Training Weeks:
27 February - 3 March 2006 - Anaheim, CA
Courses Offered Fundamentals of IT Auditing IT Audit Practices Information Security Management
5 - 9 June 2006 - Philadelphia, PA
Courses Offered Fundamentals of IT Auditing Information Security Management Uncovering Network Security Vulnerabilities: Controls and Techniques
For more information, click here.
North America CACS
The world’s leading conference for IT assurance, security and governance professionals. North America CACS was designed by members of the Information Systems Audit and Control Association® (ISACA®) and is tailored to the needs of IT professionals. It is the world’s leading conference for IT governance, control, security and assurance. Network with your international peers at the largest forum anywhere of Certified Information Systems AuditorTM (CISA®) and Certified Information Systems Manager® (CISM®) holders. Industry experts from around the world will be on hand to provide solutions and practical approaches to equip you to meet the challenges ahead. The 2006 conference will offer 70 sessions and seven optional workshops, all designed to increase your knowledge and technical proficiency. 7-11 May 2006 Royal Pacific Resort at Universal Orlando®, a Loews Hotel Orlando, FL USA For more information, click here.
Page 5 of 7
Immediate position available Blue Cross Blue Shield of Massachusetts, Boston office
Position Summary: As a valued member of the Audit & Controls team, this position is expected to perform numerous complex IT projects and engagements to assist management in meeting its objectives. This will be accomplished by simultaneously performing multiple traditional IT-related audits, compliance reviews, operational readiness assessment, risk assessments, and special projects . This includes working as both an individual contributor as well as supervising staff on all projects phases from planning through field work, reporting and follow-up. In addition, a key requirement of this position is to build relationships and influence appropriate actions across the organization. Qualifications: Strong and effective interpersonal skills which are demonstrable in written and verbal communications. Track record of building and maintaining effective business relationships Proven ability to fulfill many roles on various assignments from contributing team member, independent project auditor, and supervisor of audit staff with minimal daily supervision and direction. Successfully demonstrate results-driven orientation and ability to handle multiple complex assignments, set and adjust priorities, rapidly engage new assignments based on criticality and within a timely and professional manner Ability to define project objectives, take ownership of delivery of assignments, and effectively communicate with clients and leadership alike Deep understanding of: information technology, IT general and application controls, experience with identifying mitigating controls and deficiencies in those controls, and practical application of best practices for resolution; systems development life cycle (SDLC) and change management; understanding and experience in all IT related activities in the completion of Sarbanes Oxley and Type II SAS70s Experience requirements: Bachelor’s degree in a business discipline or information systems 8 - plus years of professional experience, five years with significance systems exposure Supervisory experience and knowledge of insurance and/or healthcare a plus MBA and/or professional certifications (CIA, CISA, CISM, etc.) are a plus Experience in system integration, application implementation, database/warehouse management/administration, web infrastructure, data centers are all a plus
QUALIFIED CANDIDATES, PLEASE APPLY ONLINE AT: www.bcbsma.com/careers Laura Horlitz, Senior Recruiter, Blue Cross Blue Shield of Massachusetts, firstname.lastname@example.org
Page 6 of 7
Resources for Job Seekers
To review previous months’ career advertisements, visit the archive on the ISACANE website at http://www.isacane.org/career_ads.htm. Members can also benefit from career resources and job listings on the ISACA International website. Click here to link to the ISACA Career Centre online.
Resources for Employers and Recruiters
Job positions may be advertised in our e-newsletter or through our World Wide Web page. Fees are $50 for a ¼ page, $100 for a ½ page and $200 for a full page (8 1/2 by 11 inch) for either the newsletter or the web page. (Thus, a full size page on both the newsletter and the web would cost $400.) Job Ad Posting Process Create an ad in MS Word, formatted as you wish, including hypertext links. Newsletter ads will run in the next month's emailing and web ads will be posted within a week and stay up until September 1 or until requested to be taken down. To place an advertisement in the ISACA New England Chapter (ISACANE) home page please email position information to Robert Buchanan at email@example.com or call at (617) 727-6200 x173. To place an advertisement in the ISACA New England Chapter (ISACANE) e-news letter please email information to Heather Fowles at firstname.lastname@example.org.
Views and opinions contained in this e-newsletter are solely those of the author and do not necessarily represent or reflect the views or opinions of the New England Chapter of ISACA. In the event you have any questions concerning this newsletter, please contact the author directly. The e- newsletter is published the first week of each month from September through May. Members are invited to submit brief articles, book reviews or IT audit or security management tips. Submissions should generally not exceed one page and must be received by the 15th of the month for consideration for the following month’s e-newsletter. For more information, please contact the editor, Heather Fowles, at email@example.com.
Page 7 of 7