The Password D E C E M B E R , 2 0 1 6

Letter from the President

I hope this letter finds you all doing well and having had a nice
Thanksgiving. It is hard to believe it is December already and the
holiday season has begun. This a good time to take stock of your
CPE requirements and get some training before the end of the year.
Of course, three CPE credits may be earned by attending our
December meeting where we would be glad to see you!

INSIDE THIS Our December meeting takes place Thursday, December 8th at the
ISSUE: Brittany George
Chapter President Dallas Marriott Las Colinas located at 223 West Las Colinas Blvd,
Irving, TX 75039. We will have a special gift to celebrate the holiday
Letter from the 1 season and thank our members for their support during 2016 so
President dont forget to register and attend the December meeting! The
presentations for the day will include:
Next Meeting 2
Agenda:
Luncheon
10:30 AM (Pre-Luncheon Meeting)
"Trust but Verify A Guide to Testing Results in a Cost Effective Manner" presented by Eric
Next Meeting: 3 Ballantyne Managing Principal of Information Security at General Datatech, L.P. (GDT)
Pre &
Post-Luncheon 12:20 PM (Luncheon Meeting)
"Cybersecurity Threats and the Road Ahead " presented by John Ansbach, Executive
In the News 4
Director and General Counsel of General Datatech, L.P. (GDT)
Conferences & 5
Training 1:30 PM (Post-Luncheon Meeting)
Opportunities "Refining and Measuring Security Risk and Assurance" presented by Nitin Salvi, Manager
Cybersecurity and Compliance.
Certifications 6
Exam Updates
Please take advantage of the opportunities your ISACA North Texas chapter membership offers
2016-2017 7 you. Invest in yourself and your career. Whether attending monthly chapter meetings,
ISACA NTX educational seminars, certification reviews or networking events, I look forward to meeting
Board &
YOU at one of these events this year!
Coordinators

ISACA NTX 8 Brittany George, CISA, QSA

Events Policy Weaver
President ISACA North
Career 9 Texas Chapter
Opportunities &
Payment Chart president@isaca-
northtexas.org

November Speakers Clay Risenhoover and

Trip Hillman Austin Hutton

1
 PAGE 2 December Meeting Agenda
When: Thursday, December 8, 2016
Where: Marriott Dallas
Did you enjoy CACS last year? This year its in Vegas! Be sure to get
Luncheon

registered! 223 West Las Colinas Boulevard

Irving, TX 75039
Time is running out! Get your colleagues to join ISACA by December
31stat
Luncheon registration opens to 11:15
win a tablet
am or other prizes!
Lunch served no later than 11:45
Many of usam
think we have all the right answers...but how many of us
Speaker at 12:20 pm know the right questions? Submit your certification exam questions to
Topic: ISACA
Cybersecurity and get
Threats andPAID!
the Road Ahead
Presenter: Havent
John Ansbach, evenDatatech
General taken that test yet? The June 2014 exams are now open
(GDT)
for registration.
Scenes from our June meeting...
Description: In this session we will review current corporate cybersecurity threats and attacks and
The 2013 IT Risk/Reward barometer examines plans and perceptions of
the growing impacts of the same. Well then discuss suggested responses to those threats and attacks (non-
many of the hot topics in our field, taken from members around the
techincal, and a few technical) and how companies and their risk management professionals can prepare to
world. landscape. Emphasis will be placed on defending against insider
defend against an increasingly insecure
Have
threats, especially spear/phishing, BEC aand
passion
otherfor helpingengineered
specially out your fellow
cyberIT geeks? Want
campaigns to do
directed more
towards
within the community? Become an ISACA volunteer!
unsuspecting and untrained employees.

Speaker Bio: John Ansbach serves as Executive Director and General Counsel of General Datatech,
L.P. (GDT), a global technology solutions provider that supports commercial enterprises with cybersecurity,
cloud, managed services, Internet of Things, and networking, storage and compute solutions. In this role,
John is responsible for all the legal affairs of GDT, as well as the companys information security, internal IT,

...and elsewhere
global operations and internal audit functions. John is a 1996 graduate of the University of Texas School of
Law, and he is a Certified Information Privacy Professional for the U.S. Private Sector (CIPP/US). He also
publishes his own technology blog (ansbachblog.com) focused on cybersecurity and the Internet of Things.

How much is too much when it comes to IT risk management?

about:
Objectives - Attendees will learn
The current state of cybersecurity
Microsoft
threatshas joined the FIDO (Fast IDentity Online) alliance in an
The impacts of those threats attempt to move away from passwords to more secure means of
Strategies and tactics that can be deployed to Sounds great...but surely nobody will ever guess 123456
authentication.
resists and defend against cyberisthreats
your password?

Program Level: Basic

Category: Specialized Knowledge & Applications
Prerequisites/Advance Preparation: None
Recommended CPE Hours: 1 per session

November Door Prize Winners

**Note about Presentations: ISACA North Texas can only post
presentations from monthly meetings that are provided by the speaker
with their permission. If a presentation is not on the website it either
Tmeans
H E PweA Shave
S W not
O R been
D granted permission or the speaker has not Pre & Post Luncheon on next page
provided us the presentation to post yet.
2
THE PASSWORD PAGE 3

Pre-Luncheon 10:30 AM (Pre-Luncheon registration begins at 10:00 am)

Topic: Trust but Verify - A guide to testing results in a cost-effective manner"
Presenter: Eric Ballantyne, Managing Principal of Information Security at General Datatech (GDT)

Description: Weve all been there. A potential audit finding is in question or a remediation item is said to be
complete; the ports are closed, the services are not set to respond to a request, segmentation is in place. The
tools needed to test or verify this are often in the hands of those who are responsible for the work. Wouldnt it
be great to be able to spot check those tools and the work being done? But those tools are expensive and rarely
does an audit team have a budget or infrastructure to run them. In this discussion we will cover tools that are
open source, inexpensive and widely available that can help with your audit testing or remediation verification.

Speaker Bio: Eric Ballantyne, CISSP, CISA, CRISC, ISO 27K LA, CEH is the Managing Principal of Information
Security at GDT. Eric has been in the Information Security field for the past 20 years focused on guiding
organizations through the rigors of implementing and demonstrating the controls of PCI-DSS, PA-DSS and ISO
27001:2005 and ISO 27001:2013. He spent his early years working with three level one merchants in hospitality
and DoD environments. He then went on to establish both compliance and incident response programs for
three level one service providers, two banks, a marketing firm offering loyalty programs and a major retail
organization. Eric was a former advisor and SIG contributor for the PCI Council as a representative of a member
organization.

Objectives - Attendees will learn about:

What the latest tools are and where to get them.
How to set yourself up for success when using the tools (aka the ground rules).
Common tools and how to use them.
When running the tools, the skill level and expertise need.
Further reading and references.

-------------------------------------------------------------------------------------------------------------

Post-Luncheon 1:30 PM
Topic: Refining and Measuring Security Risk and Assurance
Presenter: Refining and Measuring Security Risk and Assurance

Description: Improvising traditional security risk management practices by, adopting opportunity focused Risk-
Architect for Complex Enterprise Environments and Applying Performance Measurement Framework to Assess
Assets at Risk.

Speaker Bio: Nitin has over 25 years experience across the fields of Information security; physical security;
privacy; audit and risk management. Nitin is currently a Manager, Cybersecurity and Compliance with CHRISTUS
Health and has worked for the GM Financial, Schlumberger; INS; Caremark and CVS. He currently holds the
CISSP, TOGAF, SABSA, ITIL, PMP, CIPP/IT, CISA; CISM;. Nitin teaches CISA, CISSP and PMP certification class for
Crescent foundation a nonprofit organization that supports unemployed community members to get jobs within
IT and security.

Objectives - Attendees will learn about:

Performance Measurement Framework to Assess Assets at Risk
Understanding and deploying Multi-tiered Control Strategy
Defining & Populating Assurance Matrices

3
 PAGE 4

Did you enjoy CACS last year? This year its in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Havent even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!

News from ISACA International

Registration is open to attend EuroCACS 2017. Stay on top of
the trends and opportunities of the dynamic technology
industry at EuroCACS/ISRM the leading European
conference for IT audit, assurance, security and risk
professionals. Earn up to 32 CPE hours.
Upcoming CSX Asia Pacific Conference information is available
here.

THE PASSWORD

4
T H E PA S S W O R D PAGE 5

Upcoming Conferences & Training Opportunities

ISACA Members Earn Free CPE at the following upcoming webinars:

SUGGESTED TIPS AUDITORS NEED TO KNOW ABOUT CYBER SECURITY

Dr. Vilius Benetis

Cyber security researcher, NRD CS

Martin Cullen
BSc Informations & Systems

Richard Hollis
CEO, Risk Factory Ltd.

Tuesday, 6 December 2016

12PM (EST) / 11AM (CST) / 9AM (PST) / 17:00 (UTC)

DEVOPSACCELERATING YOUR ENTERPRISES DIGITAL AGILITY

Rob Stroud
Principal Analyst, Forrester Research.

Thursday, 15 December 2016

12PM (EST) / 11AM (CST) / 9AM (PST) / 17:00 (UTC)

Dont miss ISACAs new Cybersecurity Nexus (CSX) Webinar Series, which offers cutting-edge thought
leadership, research and advice on the current and emerging threat environment, and how you can be
better prepared to counter it!

Check out Tanya Baccams upcoming trainings : http://securityaudits.org/events.html

Additional CPE courses are available from ISACA on demand. Gain new understanding and earn
additional Continuing Professional Education (CPE) hours on your scheduleanywhere you have hi-
speed Internet access. Topics range across audit, privacy, cybersecurity, and governance choose the
information systems subjects that best fit your role and goal to maximize your career potential:

5
 PAGE 6

ISACA: 2017 Certification Exam Updates

As demands related to the management, design and assessment of information security programs are constantly
evolving, it is vital to maintain a pace-setting CISM certification program. To do so, ISACA has updated the task
and knowledge areas of the CISM job practice, exam specifications and exam format.

Effective in 2017, a new CISM job practice will be in place and the CISM exam will contain 150 questions. These
changes are the result of a recent job practice analysis. Results validated that decreasing the amount of questions
to 150 provides high reliability that the exam is a valid assessment of the knowledge outlined in the exam
specifications. At a recent CISM Certification Working Group meeting, the Working Group approved the testing of
150 items via a formal vote.

To update the job practice, ISACA conducted a nine-month assessment of the tasks performed by current CISMs.
In 2017, the CISM job practice will be restructured to reflect the latest responsibilities of information security
management professionals:
Domain 1Information Security Governance will become 24 percent of the exam.
Domain 2Information Risk Management will become 30 percent of the exam.
Domain 3Information Security Program Development and Management will become 27 percent of the
exam.
Domain 4Information Security Incident Management will become 19 percent of the exam.

The updated CISM job practice reflects the expertise of CISM Practice Analysis Task Force members and
independent subject matter expert reviewers. A validation survey was distributed to 5,000 CISMs worldwide,
with more than 1,400 information security professionals responding and validating the results.

This updated CISM job practice will be tested for the first time at globally located Computer-Based Testing (CBT)
centers starting in 2017. ISACA is excited that not only the CISM exam, but also the CISA, CRISC and CGEIT exams
will be administered via CBT because of the value it provides to test-takers:
The opportunity to take the exams will increase to three eight-week long testing windows in 2017. The
testing windows will follow a similar pattern on the calendar to the current testing cycle.
The transition to CBT should not affect the exam review courses chapters offer as the timing of the
testing windows are similar to the current exam administration dates.
CBT will decrease turnaround time for exam results. Preliminary pass/fail results will be available
immediately after the exam, with official exam results being sent within 10 business days.
The multiple-choice format of the exams will not change in 2017. In the future, however, CBT will allow
for the development of more dynamic methods of testing the content.

The first testing window is scheduled for 1 May through 30 June, 2017. Registrations for the first testing window
will open 15 November 2016. Details regarding the first window of CBT testing will be available on ISACAs web
site when registration opens.

We appreciate the assistance of chapter leaders in communicating these changes to all exam candidates
within your chapter. If you have any questions regarding the updates to the CISM job practice or CBT,
please contact the certification department at certification@isaca.org.

THE PASSWORD 6
 PAGE 7

2016-2017 ISACA North Texas Board of Directors

Position Volunteer E-mail Address
President Brittany George president@isaca-northtexas.org
Secretary Leigh Ann Montgomery secretary@isaca-northtexas.org
Treasurer Chris Jordan treasurer@isaca-northtexas.org
VP Programs Eric Ballantyne programs@isaca-northtexas.org
VP Education Raveen Bhasin education@isaca-northtexas.org
VP Facilities Robert Rubel facilities@isaca-northtexas.org
VP Communications Ian Connors communications@isaca-northtexas.org
VP Membership Doug Gorrie membership@isaca-northtexas.org
VP Certification Dariel Dato-on certification@isaca-northtexas.org
1st Past President Laurie Flandrau pastpresident@isaca-northtexas.org
2nd Past President Greg Streder pastpresident@isaca-northtexas.org
3rd Past President Marvin Reader pastpresident@isaca-northtexas.org

2016-2017 ISACA North Texas Coordinators

Position
Assistant Treasurer
Education Coordinator
Education Coordinator
Education Coordinator
CSX Coordinator
CSX Coordinator
Certification Coordinator
Certification Coordinator
Certification Coordinator
Certification Coordinator
Academic Relations Coordinator
Academic Relations Committee
Reservation Coordinator
Newsletter Coordinator
Newsletter Coordinator
Website Webmaster
Website Administrator
Website Administrator
Programs Coordinator
Marketing Coordinator
Marketing Coordinator
Marketing Coordinator
Chapter Photographer
Jobs Coordinator
CPE Compliance Coordinator
Volunteer Coordinator
Volunteer E-mail Address
Sowmitha Kalyan treasurer@isaca-northtexas.org
Lewa Owolabi education@isaca-northtexas.org
Roshan Pulikkiel education@isaca-northtexas.org
David Friedenberg education@isaca-northtexas.org
Kyle Wess csx@isaca-northtexas.org
Austin Browning csx@isaca-northtexas.org
Bob Nebel certification@isaca-northtexas.org
Linh Mai certification@isaca-northtexas.org
Sean McAloon certification@isaca-northtexas.org
Bo Han certification@isaca-northtexas.org
Jose Lineros academicrelations@isaca-northtexas.org
Vijaya Kaza academicrelations@isaca-northtexas.org
Leslie Norwood reservations@isaca-northtexas.org
Carol Barke newsletter@isaca-northtexas.org
Keri Chisholm newsletter@isaca-northtexas.org
Garrett Wilson webmaster@isaca-northtexas.org
Roshan Sunny webmaster@isaca-northtexas.org
Jeff Kromer webmaster@isaca-northtexas.org
Mary Dunavant programs@isaca-northtexas.org
Lisa Bartsch communications@isaca-northtexas.org
Kyle Morris communications@isaca-northtexas.org
Susan Pradhan communications@isaca-northtexas.org
Zac Taylor membership@isaca-northtexas.org
Joe McKeman jobs@isaca-northtexas.org
Greg Peterson cpe@isaca-northtexas.org
Justice Rutanhira volunteer@isaca-northtexas.org

THE PASSWORD

7
 PAGE 8

ISACA North Texas Events Policy

1/1/2016
The ISACA North Texas Chapter offers three types of fee based programs: Chapter Monthly Meetings, CISA and
CISM Review Courses, and Seminars.

The chapter strongly encourages advance registration and payment for all events, as this reduces chapter
expenses and the capacity for many of our events is limited due to the size of the event locations. Therefore,
seats may not be available on the day of the event for walk-up registrants. The table on the final page of this
newsletter summarizes the chapter's payment and cancellation policies.

Payment Policy

All advance, online event registration payments will be made through CVENT. For advance, online
registrations, payment is accepted via Visa, MasterCard, American Express, Discover and PayPal.
Advance registrations will not be accepted after the time noted above unless otherwise noted in online event
details.
For walk-in registrations, credit card via Cvent, check, cash or Paypal payment is required.

Cancellation and Refund Policy

The North Texas Chapter of ISACA (ISACA NTX) strives to provide appropriate facilities for meetings, seminars and
certification review classes. Since facility providers and/or speakers require advance notice and financial
commitment, ISACA NTX must balance those obligations against our members periodic need to cancel a
reservation based on job requirements, illness or other circumstances.

Upon receipt of e-mail notification to reservations@isaca-northtexas.org, ISACA NTX will refund prepaid fee
according to the following deadlines:

Monthly Program Meetings - cancellations must be received by 6:00 PM three days prior to the meeting.
Certification Reviews - cancellations must be received at by 6:00 PM eight days before the first class.
Seminars - cancellations must be received by at least one week prior to the first day of the seminar. If unusual
cancellation terms are required based on speaker and/or venue, details will be included in the online event
details.

Attendee substitution is permitted at any time until the event by contacting the Registration Coordinator at
reservations@isaca-northtexas.org and is subject to any additional charge for non-member fees.

Cancellations and refund for advance registrations are allowed if cancellations are submitted to
reservations@isaca-northtexas.org by the deadline noted in the table above.

Advance registrants who do not attend the event or do not cancel by the date noted in the table above are not
eligible for a refund.

Attendee substitutions are permitted at any time until the event, subject to any additional charge for non-
member fees. Inquire with Chapter Registration Coordinator at reservations@isaca-northtexas.org.

-->Please see last page for table that summarizes payments & cancellations policy<--

THE PASSWORD 8
 PAGE 9

Current Career Opportunities

ob Title Company Location Category Career Level Post Date Exp. Date

Engagement Based IT Audit Non-

CHAN Healthcare Nationwide Permanent 10/11/2016 1/1/2017
Manager (Remote Position) Management
Risk Assurance - IT Audit Harrisburg, Temp/ Non-
CBIZ MHM, LLC 10/19/2016 6/30/2017
Associate Pennsylvania Contract Management
Risk Assurance - IT Audit Harrisburg, Temp/
CBIZ MHM, LLC Management 10/19/2016 6/30/2017
Manager Pennsylvania Contract
Non-Tenure Track Faculty in University of Texas at Non-
Richardson TX Permanent 10/28/2016 1/31/2017
Cybersecurity/IT Governance Dallas Management

The following table summarizes the chapter's payment and cancellation policies:
Policy Chapter Monthly Meetings CISA or CISM Review Courses Seminars

Payments
Advance registration Credit Card** (Visa/MC/AMEX/ Credit Card** (Visa/MC/AMEX/ Credit Card** (Visa/MC/AMEX/
payments accepted Discover) and PayPal** Discover), PayPal**, Check, or Discover), PayPal**, Check, or Purchase
Purchase Order Order
(Invoice payment must be received by the (Invoice payment must be received one
pre-registration deadline) week prior to the first day of the seminar)

Advance registration 6:00 PM three days before the 6:00 PM eight days before the first 6:00 PM two weeks prior to the first
cutoff date event class. day of the seminar.
(May be earlier if a joint event with
another organization that requires
earlier registration counts)

Walk-in registration Credit Card** (Visa/MC/AMEX) All attendees must pre-register for this All attendees must pre-register for this
payments accepted and PayPal** event. Walk-in registration is not event. Walk-in registration is not
permitted. permitted.

Cancellations
Cut-off date for 6:00 PM three days prior to the 6:00 PM eight days before the first At least one week prior to the first day
cancellations event. class. of the seminar.
Substitutions Attendee substitution is permitted Attendee substitution is permitted at Attendee substitution is permitted at
permitted for at any time until the event, any time until the event. any time until the event, subject to any
cancellations after subject to any additional charge additional charge for non-member
cutoff date? for non-member fees. fees.

Inquire with Chapter Registration Inquire with Chapter Registration Inquire with Chapter Registration
Coordinator at Coordinator at reservations@isaca- Coordinator at
reservations@isaca-northtexas.org northtexas.org reservations@isaca-northtexas.org

**Credit Card and Paypal only if you register electronically via Cvent on the chapter website

The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August
through June. It is objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of ide-
as. Statements of position or expressions opinion appearing herein are those of the authors and not, by the fact of publica-
tion, necessarily those of ISACA or the North Texas Likewise, the publication of any advertisement is not construed
to be an endorsement of the product or service offered unless specifically

Copyright 2016 ISACA North Texas

Chapter all rights

THE PASSWORD 9