Documente Academic
Documente Profesional
Documente Cultură
INSIDE THIS Our December meeting takes place Thursday, December 8th at the
ISSUE: Brittany George
Chapter President Dallas Marriott Las Colinas located at 223 West Las Colinas Blvd,
Irving, TX 75039. We will have a special gift to celebrate the holiday
Letter from the 1 season and thank our members for their support during 2016 so
President dont forget to register and attend the December meeting! The
presentations for the day will include:
Next Meeting 2
Agenda:
Luncheon
10:30 AM (Pre-Luncheon Meeting)
"Trust but Verify A Guide to Testing Results in a Cost Effective Manner" presented by Eric
Next Meeting: 3 Ballantyne Managing Principal of Information Security at General Datatech, L.P. (GDT)
Pre &
Post-Luncheon 12:20 PM (Luncheon Meeting)
"Cybersecurity Threats and the Road Ahead " presented by John Ansbach, Executive
In the News 4
Director and General Counsel of General Datatech, L.P. (GDT)
Conferences & 5
Training 1:30 PM (Post-Luncheon Meeting)
Opportunities "Refining and Measuring Security Risk and Assurance" presented by Nitin Salvi, Manager
Cybersecurity and Compliance.
Certifications 6
Exam Updates
Please take advantage of the opportunities your ISACA North Texas chapter membership offers
2016-2017 7 you. Invest in yourself and your career. Whether attending monthly chapter meetings,
ISACA NTX educational seminars, certification reviews or networking events, I look forward to meeting
Board &
YOU at one of these events this year!
Coordinators
1
PAGE 2 December Meeting Agenda
When: Thursday, December 8, 2016
Where: Marriott Dallas
Did you enjoy CACS last year? This year its in Vegas! Be sure to get
Luncheon
registered! 223 West Las Colinas Boulevard
Irving, TX 75039
Time is running out! Get your colleagues to join ISACA by December
31stat
Luncheon registration opens to 11:15
win a tablet
am or other prizes!
Lunch served no later than 11:45
Many of usam
think we have all the right answers...but how many of us
Speaker at 12:20 pm know the right questions? Submit your certification exam questions to
Topic: ISACA
Cybersecurity and get
Threats andPAID!
the Road Ahead
Presenter: Havent
John Ansbach, evenDatatech
General taken that test yet? The June 2014 exams are now open
(GDT)
for registration.
Scenes from our June meeting...
Description: In this session we will review current corporate cybersecurity threats and attacks and
The 2013 IT Risk/Reward barometer examines plans and perceptions of
the growing impacts of the same. Well then discuss suggested responses to those threats and attacks (non-
many of the hot topics in our field, taken from members around the
techincal, and a few technical) and how companies and their risk management professionals can prepare to
world. landscape. Emphasis will be placed on defending against insider
defend against an increasingly insecure
Have
threats, especially spear/phishing, BEC aand
passion
otherfor helpingengineered
specially out your fellow
cyberIT geeks? Want
campaigns to do
directed more
towards
within the community? Become an ISACA volunteer!
unsuspecting and untrained employees.
Speaker Bio: John Ansbach serves as Executive Director and General Counsel of General Datatech,
L.P. (GDT), a global technology solutions provider that supports commercial enterprises with cybersecurity,
cloud, managed services, Internet of Things, and networking, storage and compute solutions. In this role,
John is responsible for all the legal affairs of GDT, as well as the companys information security, internal IT,
...and elsewhere
global operations and internal audit functions. John is a 1996 graduate of the University of Texas School of
Law, and he is a Certified Information Privacy Professional for the U.S. Private Sector (CIPP/US). He also
publishes his own technology blog (ansbachblog.com) focused on cybersecurity and the Internet of Things.
Description: Weve all been there. A potential audit finding is in question or a remediation item is said to be
complete; the ports are closed, the services are not set to respond to a request, segmentation is in place. The
tools needed to test or verify this are often in the hands of those who are responsible for the work. Wouldnt it
be great to be able to spot check those tools and the work being done? But those tools are expensive and rarely
does an audit team have a budget or infrastructure to run them. In this discussion we will cover tools that are
open source, inexpensive and widely available that can help with your audit testing or remediation verification.
Speaker Bio: Eric Ballantyne, CISSP, CISA, CRISC, ISO 27K LA, CEH is the Managing Principal of Information
Security at GDT. Eric has been in the Information Security field for the past 20 years focused on guiding
organizations through the rigors of implementing and demonstrating the controls of PCI-DSS, PA-DSS and ISO
27001:2005 and ISO 27001:2013. He spent his early years working with three level one merchants in hospitality
and DoD environments. He then went on to establish both compliance and incident response programs for
three level one service providers, two banks, a marketing firm offering loyalty programs and a major retail
organization. Eric was a former advisor and SIG contributor for the PCI Council as a representative of a member
organization.
-------------------------------------------------------------------------------------------------------------
Post-Luncheon 1:30 PM
Topic: Refining and Measuring Security Risk and Assurance
Presenter: Refining and Measuring Security Risk and Assurance
Description: Improvising traditional security risk management practices by, adopting opportunity focused Risk-
Architect for Complex Enterprise Environments and Applying Performance Measurement Framework to Assess
Assets at Risk.
Speaker Bio: Nitin has over 25 years experience across the fields of Information security; physical security;
privacy; audit and risk management. Nitin is currently a Manager, Cybersecurity and Compliance with CHRISTUS
Health and has worked for the GM Financial, Schlumberger; INS; Caremark and CVS. He currently holds the
CISSP, TOGAF, SABSA, ITIL, PMP, CIPP/IT, CISA; CISM;. Nitin teaches CISA, CISSP and PMP certification class for
Crescent foundation a nonprofit organization that supports unemployed community members to get jobs within
IT and security.
3
PAGE 4
Did you enjoy CACS last year? This year its in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Havent even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
THE PASSWORD
4
T H E PA S S W O R D PAGE 5
Martin Cullen
BSc Informations & Systems
Richard Hollis
CEO, Risk Factory Ltd.
Rob Stroud
Principal Analyst, Forrester Research.
Dont miss ISACAs new Cybersecurity Nexus (CSX) Webinar Series, which offers cutting-edge thought
leadership, research and advice on the current and emerging threat environment, and how you can be
better prepared to counter it!
Additional CPE courses are available from ISACA on demand. Gain new understanding and earn
additional Continuing Professional Education (CPE) hours on your scheduleanywhere you have hi-
speed Internet access. Topics range across audit, privacy, cybersecurity, and governance choose the
information systems subjects that best fit your role and goal to maximize your career potential:
5
PAGE 6
Effective in 2017, a new CISM job practice will be in place and the CISM exam will contain 150 questions. These
changes are the result of a recent job practice analysis. Results validated that decreasing the amount of questions
to 150 provides high reliability that the exam is a valid assessment of the knowledge outlined in the exam
specifications. At a recent CISM Certification Working Group meeting, the Working Group approved the testing of
150 items via a formal vote.
To update the job practice, ISACA conducted a nine-month assessment of the tasks performed by current CISMs.
In 2017, the CISM job practice will be restructured to reflect the latest responsibilities of information security
management professionals:
Domain 1Information Security Governance will become 24 percent of the exam.
Domain 2Information Risk Management will become 30 percent of the exam.
Domain 3Information Security Program Development and Management will become 27 percent of the
exam.
Domain 4Information Security Incident Management will become 19 percent of the exam.
The updated CISM job practice reflects the expertise of CISM Practice Analysis Task Force members and
independent subject matter expert reviewers. A validation survey was distributed to 5,000 CISMs worldwide,
with more than 1,400 information security professionals responding and validating the results.
This updated CISM job practice will be tested for the first time at globally located Computer-Based Testing (CBT)
centers starting in 2017. ISACA is excited that not only the CISM exam, but also the CISA, CRISC and CGEIT exams
will be administered via CBT because of the value it provides to test-takers:
The opportunity to take the exams will increase to three eight-week long testing windows in 2017. The
testing windows will follow a similar pattern on the calendar to the current testing cycle.
The transition to CBT should not affect the exam review courses chapters offer as the timing of the
testing windows are similar to the current exam administration dates.
CBT will decrease turnaround time for exam results. Preliminary pass/fail results will be available
immediately after the exam, with official exam results being sent within 10 business days.
The multiple-choice format of the exams will not change in 2017. In the future, however, CBT will allow
for the development of more dynamic methods of testing the content.
The first testing window is scheduled for 1 May through 30 June, 2017. Registrations for the first testing window
will open 15 November 2016. Details regarding the first window of CBT testing will be available on ISACAs web
site when registration opens.
We appreciate the assistance of chapter leaders in communicating these changes to all exam candidates
within your chapter. If you have any questions regarding the updates to the CISM job practice or CBT,
please contact the certification department at certification@isaca.org.
THE PASSWORD 6
PAGE 7
THE PASSWORD
7
PAGE 8
The chapter strongly encourages advance registration and payment for all events, as this reduces chapter
expenses and the capacity for many of our events is limited due to the size of the event locations. Therefore,
seats may not be available on the day of the event for walk-up registrants. The table on the final page of this
newsletter summarizes the chapter's payment and cancellation policies.
Payment Policy
All advance, online event registration payments will be made through CVENT. For advance, online
registrations, payment is accepted via Visa, MasterCard, American Express, Discover and PayPal.
Advance registrations will not be accepted after the time noted above unless otherwise noted in online event
details.
For walk-in registrations, credit card via Cvent, check, cash or Paypal payment is required.
Upon receipt of e-mail notification to reservations@isaca-northtexas.org, ISACA NTX will refund prepaid fee
according to the following deadlines:
Monthly Program Meetings - cancellations must be received by 6:00 PM three days prior to the meeting.
Certification Reviews - cancellations must be received at by 6:00 PM eight days before the first class.
Seminars - cancellations must be received by at least one week prior to the first day of the seminar. If unusual
cancellation terms are required based on speaker and/or venue, details will be included in the online event
details.
Attendee substitution is permitted at any time until the event by contacting the Registration Coordinator at
reservations@isaca-northtexas.org and is subject to any additional charge for non-member fees.
Cancellations and refund for advance registrations are allowed if cancellations are submitted to
reservations@isaca-northtexas.org by the deadline noted in the table above.
Advance registrants who do not attend the event or do not cancel by the date noted in the table above are not
eligible for a refund.
Attendee substitutions are permitted at any time until the event, subject to any additional charge for non-
member fees. Inquire with Chapter Registration Coordinator at reservations@isaca-northtexas.org.
-->Please see last page for table that summarizes payments & cancellations policy<--
THE PASSWORD 8
PAGE 9
The following table summarizes the chapter's payment and cancellation policies:
Policy Chapter Monthly Meetings CISA or CISM Review Courses Seminars
Payments
Advance registration Credit Card** (Visa/MC/AMEX/ Credit Card** (Visa/MC/AMEX/ Credit Card** (Visa/MC/AMEX/
payments accepted Discover) and PayPal** Discover), PayPal**, Check, or Discover), PayPal**, Check, or Purchase
Purchase Order Order
(Invoice payment must be received by the (Invoice payment must be received one
pre-registration deadline) week prior to the first day of the seminar)
Advance registration 6:00 PM three days before the 6:00 PM eight days before the first 6:00 PM two weeks prior to the first
cutoff date event class. day of the seminar.
(May be earlier if a joint event with
another organization that requires
earlier registration counts)
Walk-in registration Credit Card** (Visa/MC/AMEX) All attendees must pre-register for this All attendees must pre-register for this
payments accepted and PayPal** event. Walk-in registration is not event. Walk-in registration is not
permitted. permitted.
Cancellations
Cut-off date for 6:00 PM three days prior to the 6:00 PM eight days before the first At least one week prior to the first day
cancellations event. class. of the seminar.
Substitutions Attendee substitution is permitted Attendee substitution is permitted at Attendee substitution is permitted at
permitted for at any time until the event, any time until the event. any time until the event, subject to any
cancellations after subject to any additional charge additional charge for non-member
cutoff date? for non-member fees. fees.
Inquire with Chapter Registration Inquire with Chapter Registration Inquire with Chapter Registration
Coordinator at Coordinator at reservations@isaca- Coordinator at
reservations@isaca-northtexas.org northtexas.org reservations@isaca-northtexas.org
**Credit Card and Paypal only if you register electronically via Cvent on the chapter website
The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August
through June. It is objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of ide-
as. Statements of position or expressions opinion appearing herein are those of the authors and not, by the fact of publica-
tion, necessarily those of ISACA or the North Texas Likewise, the publication of any advertisement is not construed
to be an endorsement of the product or service offered unless specifically
THE PASSWORD 9