opening keynote brent bushnell - isaca€¦ · opening keynote brent bushnell ... engagement for...
TRANSCRIPT
OPENING KEYNOTE
BRENT BUSHNELL CEO of Two Bit Circus, a Los Angeles-based
experiential entertainment company
GROW YOUR NETWORK. ENHANCE YOUR KNOWLEDGE.
Connect with experts, inspiring minds and dynamic professionals in information systems audit, assurance, control and security, and business from around the globe. Earn up to 39 CPE hours at invaluable workshops and breakout sessions. Secure new knowledge, state-of-the-art techniques and leading-edge solutions that will help you bring fresh value to your enterprise and advance your career.
Join the industry’s movers and shakers at ISACA®’s industry-leading conference for business and information systems audit, compliance, control and security professionals, North America CACS Conference, in Las Vegas, Nevada, USA from 1 – 3 May 2017.
Acquire new tools and techniques, grow your expertise, your network of experts, and meet leaders in technology and business. Be better prepared for the fast-changing world of information systems audit, control and security.
#NACACS
NORTH AMERICA CACS 2017
OPENING KEYNOTEMonday, 1 May | 8:30AM
The Importance of Hard ProblemsIn this high-energy talk, Brent will dive deep into why the only problems worth solving are the hard ones. One part carny irreverence, one part futuristic fun, and one part change the world, you won’t want to miss it!
Most recently Bushnell’s team launched STEAM Carnival, a modern re-imagining of the midway to inspire kids about science, technology, engineering, art and math. Previously, he was the on-camera inventor for the ABC TV show Extreme Makeover: Home Edition. He is a co-founder of Anti-Aging Games creating casual games to reduce the risk of early memory loss, and a founding member of Syyn Labs, a creative collective combining art and engineering to create high engagement for large brands and brands including Google and Disney, and responsible for the viral hit Rube Goldberg music video for OK Go that garnered 40 million views on YouTube. In his spare time, Brent mentors teens in game development and entrepreneurship via programs such as Spark and NFTE.
BRENT BUSHNELL CEO of Two Bit Circus, a Los Angeles-based experiential entertainment company
KEYNOTE SPEAKER
EARN UP TO 39 CPE HOURS!www.isaca.org/CACSbr17
START FOLLOWING BRENT ON TWITTER NOW @BRENTBUSHNELL
GAIN FRESH KNOWLEDGE AND NEW SKILLS FROM EXPERTS BEGINNING SATURDAY, 29 APRIL.
North America CACS 2017 is bigger than ever—with over 90 different sessions to choose from. You have the most options to design the conference experience you want and build your expertise, ability, and value in more ways than ever before! These sessions offer in-depth insight on emerging trends, best practices and business-critical challenges, and provide the tools and techniques you need to survive and thrive in the increasingly complex world of information systems audit, assurance, control, and security. Learn from industry experts and innovators—many from top global organizations—as they lead you through hands-on participation, interactive discussions and engaging case studies that will help you work smarter, faster, and with more confidence upon your return to your enterprise.
CHOOSE FROM OVER 90 SESSIONS ACROSS 9 DIFFERENT TRACKS:
AUDIT & ASSURANCE
AUDIT & ASSURANCE—ADVANCED
SECURITY/CYBERSECURITY—MANAGERIAL
SECURITY/CYBERSECURITY—TECHNICAL
INTEGRATED RISK MANAGEMENT
DATA ANALYTICS & BIG DATA
LEADERSHIP DEVELOPMENT & CAREER MANAGEMENT
GOVERNANCE
INDUSTRY TRENDS & INSIGHTS
ISACA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education (CPE) on the National Registry of CPE sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE sponsors through its website: www.learningmarket.org.
NORTH AMERICA CACS 2017
#NACACS
EARN UP TO 39 CPE HOURS!www.isaca.org/CACSbr17
SESSIONS
Sessions:
111 SCADA and IoT
121 The Rise of Fintech and the Impact on IA
131 The IoT: What does this mean to IA?
141 Auditing Network Devices
211 Agile & Compliance
221 Machine Learning for Auditors
231 Auditing Cybersecurity
241 Auditing for HIPAA Compliance
251 Leverage Data Analytics in Internal Audit
311 NIST Cybersecurity Audit/Assurance Program
Sessions:
112 Navigating Third Party Risk Management
122 Cloud Security Strategy & Considerations
132 Zero Trust Networks for Audit & Compliance
142 Protecting Sensitive Data in the Cloud
212 IT Audit—From Big Brother to Big Partner
222 Impact of AI on Audit and Assurance
232 An Auditor’s Guide to Assessing Crypto
242 AICPA Cyber-Risk Management Reporting Framework
252 How Analytics Can Transform Internal Audit
312 Compliance in the Clouds
Advance your knowledge and skills, and optimize your information systems auditing and assurance expertise. Take a proactive approach to avoiding the negative consequences of non-compliance. Return to your enterprise with a greater ability to identify risks and opportunities related to creating value for enterprises through information and technology. Designed by and for IT audit and assurance professionals, this track enables individuals and organizations to formulate robust plans for audit career growth and retention.
Increase your knowledge of advanced audit tools and techniques to prepare for today’s complex technical environment. This track covers methodologies of information technology you need to know to understand the audit concerns in the IT environment. It will emphasize advance IT audit concepts through case studies and real world examples. Attendees will gain an understanding of basic IT audit concepts that can be used to facilitate integrated audit efforts within their organization. The track will also provide attendees the opportunity to learn auditing techniques of IT applications supporting key business processes.
TRACK 1: AUDIT & ASSURANCE
TRACK 2: AUDIT & ASSURANCE—ADVANCED
Sessions:
113 Threats and Challenges in Healthcare
123 Using Internal Audit for Info Security
133 Top 10 Cyber-Risks
143 Enterprise Cybersecurity Governance
213 Internet of Things
223 Technical Implementation of NIST/FFIEC CSF
233 What Auditors Need to Know: Mobile Security
243 Practical Approach to Cybersecurity
253 Security Monitoring and Attack Detection
313 Cybersecurity: Threat to Banks
Sessions:
114 Conducting a Phishing Awareness Program
124 Encryption: Policy to Practice
134 Threat Intelligence—Exploiting Hackers
144 Canaries in a Coal Mine…
214 Your Responsibility in Cloud Security
224 Cybersecurity Kill Chain
234 Prioritize Vulnerability Remediation
244 Learning from Failure
254 Application Security & Why You Should Care
314 FFIEC Cybersecurity Assessment Tool
Embrace expert insights and delve into how security issues and the growing cyber security threat to enterprises worldwide impact the role and demands on audit and assurance, as well as security professionals. Advance your expertise in identifying threats, assessing enterprise security, lowering risk and improving assurance for enterprises in a variety of industry verticals. Topics in this track focus on providing tools and guidance of greatest value.
Increase your ability to recognize threats and vulnerabilities associated with the enterprise IT infrastructure and advance your understanding of how to respond to the increasing cyber risks by utilizing security tools and techniques to protect against them. Attendees will be exposed to multiple cybersecurity technologies, processes, and procedures, learn how to analyze the threats, vulnerabilities and risks present in these environments, and develop appropriate strategies to mitigate potential cybersecurity problems.
TRACK 3: SECURITY/CYBERSECURITY—MANAGERIAL
TRACK 4: SECURITY/CYBERSECURITY—TECHNICAL
NORTH AMERICA CACS 2017
#NACACS
EARN UP TO 39 CPE HOURS!www.isaca.org/CACSbr17
SESSIONS
Sessions:
115 Cyber Risk is Biz Risk
125 Managing ERP Cloud Risks and Controls
135 Managing Emerging Technology Risk
145 Creating a Risk Resilient Culture
215 Resilient ERM Framework—Startup to Listed
225 Transactional Security Risk Assessment
235 Raising the Bar: Cyber Risk Management Oversight and Reporting
245 Modeling an Asset Risk Management Program
255 Consequences That Matter—IT Risk
315 Audit & Security: Combating Emerging Threats
Sessions:
116 Evolution of Risk Assessments with D&A
126 Fraud Detection Using Data Analysis
136 Analytics Success: Why Now & How To?
146 Transforming IT Audit with Analytics
216 Why Analytics Fails and How to Fix It
226 Cross-Functional Methodology for Analytics
236 Proactive Compliance Data Analytics Program
246 Where Audit Analytics Meets Open Source
256 Creative Visualization for Data Analytics
316 Building a Fraud & Spend Review Program
Understand the core concepts of Risk Management. It is an important part of a sound governance program. This track will provide an overview of integrated risk management and explain IT Risk across the enterprise. It will cover complicated techniques and approaches in both IT, business, and leadership. Learn to develop IT Risk’s message and explain consequences. Learn to understand risk culture of the enterprise, develop a basic roadmap and guidelines that can be implemented at various levels within the enterprise.
Understand the role Data Analytics and Big Data play in today’s environment and their use in audit and assurance, including examples of best practices. Attendees will hear real world examples of the implementation of advanced techniques and concepts. Attendees will also gain insights into key considerations for an analytics program and learn how to apply analytics to help manage an audit engagement. Learn to leverage analytics to augment audit strategy and identify multiple usages of analytics in audit.
TRACK 5: INTEGRATED RISK MANAGEMENT
TRACK 6: DATA ANALYTICS & BIG DATA
NORTH AMERICA CACS 2017
Sessions:
117 Soft Skills: The Key to Employee Success
127 How to Prepare to Pass the CISA® Exam
137 10 Must Have Skills for the 2020 CISO
147 How to Build and Grow Your IT Security Team
217 Tips for Effective Presenting
227 How to Communicate Effectively in an Audit Engagement
237 Geek Speak to Business Speak, 2.0
247 Digital Skills and Talent Management
257 IS Audit Tips in Dealing with the IT Crowd
317 Security Strategies—Rally the Workforce
Sessions:
118 Help Management Understand SOC Reports
128 What’s Missing in IT Security Governance?
138 Using COBIT® 5 in Support of RMF
148 BIA: The Root of Security & Recovery Plans
218 “GEAR” Up with a new GRC Model & Benefits
228 Understanding and Evaluating SOC Reports
238 How to Apply COBIT 5 in Govt: The CBN Story
248 Using COBIT 5 to Solve Real World Problems
258 Vendor Management with COBIT 5
318 A Risk-based Approach to Data Governance
Gain insights and strategies that can help reinforce or build on your credibility and career. Embrace the “soft skills” that leaders in private and public sectors count on. Improve your communications and presentations abilities, and better manage your agenda, projects and people—to take your enterprise and role to the next level and the levels beyond.
Better understand what a Big Data environment looks like from an audit and governance perspective. See how it’s changing the face of opportunity, and creating challenges for audit, governance and security professionals. Identify keys to building a sustainable data analytics program matched with your your enterprise’s needs. Leverage expert perspectives on the processes and technologies that need to be managed and how they will impact short- and long-term success.
TRACK 7: LEADERSHIP DEVELOPMENT & CAREER MANAGEMENT
TRACK 8: GOVERNANCE
Join in the discussion of what is coming next and how it will impact your role, your enterprise and the world we know. Interact in smaller groups and gain insights on a wide range of topics currently impacting assurance, risk, security, privacy, particularly those that will impact your future role and success of enterprises everywhere.
TRACK 9: INDUSTRY TRENDS & INSIGHTS
#NACACS
WORKSHOPS
EARN UP TO 39 CPE HOURS!www.isaca.org/CACSbr17
CONFERENCE WORKSHOPS
Hone your skills in cutting-edge workshops on hot-button issues that impact your field of information systems. New this year, each 2-day pre-conference workshop has a 1-day post-conference counterpart that enables you to take lessons learned in the topic area to the next expert level. Choose from exciting interactive sessions in audit, compliance, risk, governance and cyber security. Sign up today!
EARN 14 CPE HOURS BY ATTENDING ONE OF THE PRE-CONFERENCE WORKSHOPSSaturday, 29 April 9:00AM – 5:00PM and Sunday, 30 April 9:00AM – 5:00PM
WS1: COBIT® 5 FOUNDATION
Mark Thomas, CGEIT, CRISC President | Escoute After completing this workshop, you will be able to understand: • How IT management issues are affecting organizations. • The need for an effective framework to govern and manage enterprise IT. • How COBIT meets the requirement for an IT governance framework. • How COBIT is used with other standards and best practices. • The functions that COBIT provides and the benefits of using COBIT. • The COBIT Framework and all the components of COBIT. • How to apply COBIT in a practical situation.
TAKE THE COBIT EXAM AT NORTH AMERICA CACS 2017Monday, 1 May 2017 After completing Workshop 1: COBIT 5 Foundation, attendees will have the opportunity to take the COBIT 5 Foundation exam at the conference for an additional US $150! The exam will take place on Monday morning, before the opening keynote presentation.
A study session will also be held on Sunday evening.
NORTH AMERICA CACS 2017
WS2: CYBERSECURITY FUNDAMENTALS
WS3: APPLIED DATA ANALYSIS
Todd J. Fitzgerald, CISA, CISM, CGEIT, CRISC Global Director, Info Security | Grant Thornton International, Ltd After completing this workshop, you will be able to: • Understand basic cyber security concepts and definitions. • Define network security architecture concepts. • Recognize malware analysis concepts and methodology. • Identify computer network defense (CND) and vulnerability assessment tools, including open source tools and their capabilities. • Explain network systems management principles, models, methods, and tools. • Distinguish system and application security threats and vulnerabilities. • Classify types of incidents (categories, responses, and timelines for responses). • Outline disaster recovery and business continuity planning. • Comprehend incident response and handling methodologies. • Understand security event correlation tools, and how different file types can be used for atypical behavior. • Be aware of the basic concepts, practices, tools, tactics, techniques, and procedures for processing digital forensic data. • Recognize new and emerging information technology and information security technologies.
TBA After completing this workshop, you will be able to: • Better understand which IS audit phases and which automated data analysis procedures will be beneficial, either in the planning phase, testing phase or follow-up phase. • Learn techniques to apply data analysis to the IT event tracking systems to better understand the enterprise environment to aid annual planning, engagement planning and testing planning. • Gain practice accessing and analyzing Active Directory data. • Obtain techniques to analyze logical access data as it relates to segregation of duties, phantom access, access policy configuration and adherence. • Compare system configuration files to determine drift. • Apply analysis techniques to multiple files associated with change management.
#NACACS
WORKSHOPS
WS4: CISA® PREP COURSE
Kenneth Schmidt, CISA R&M Consulting After completing this workshop, you will be able to: • Learn the specific requirements for passing the CISA Exam and attaining your Certification. • Utilize ISACA materials to prepare for and pass the CISA Exam. • Learn successful methods of “how to” evaluate exam questions and answers, including analysis and explanations. • Review useful, proven information on study and exam time management. • Complete and review a mock exam, with every question and answer explained.
#NACACS
Tuesday, 2 May | 6:30PM – 9:00PM
CRANK YOUR IDEAS UP A GEAR Wind back to the age of H.G. Wells and Jules Verne and experience the future as they saw it. Join fellow attendees for a fantastic journey that will spark wonder and innovation. The Tuesday evening networking event pays homage to the creative and surreal imaginings of modern Steampunk. As a conference attendee, enjoy complimentary food, beverages and entertainment in the Chelsea Theater at the Cosmopolitan Hotel. Guest tickets will also be available for US $150.
EARN UP TO 39 CPE HOURS!www.isaca.org/CACSbr17
NORTH AMERICA CACS 2017
EARN 7 CPE HOURS BY ATTENDING ONE OF THE POST-CONFERENCE WORKSHOPSWednesday, 3 May 1:30PM – 5:30PM and Thursday, 4 May 9:00AM – 12:30PM
WS5: THE INTERSECTION OF IT AND ASSURANCE BY LEVERAGING COBIT® 5
Mark Thomas, CGEIT, CRISC President | Escoute After completing this workshop, you will be able to: • Recognize the applicable products in the COBIT 5 product family needed to develop a holistic approach to assurance. • Understand the elements of creating a value-based approach to developing an assurance strategy for IT. • Appreciate the intersection of balancing performance and conformance with respect to assurance of IT services.
WS6: USING RISK SCENARIOS
Lisa Young, CISA, CISM Vice President, Service Delivery | Axio Global After completing this workshop, you will be able to: • Understand the context for risk management in business terms. • Define Risk scenarios and risk factors. • Understand when to use or develop risk scenarios. • Express and describe the impact of risks in business terms. • Determine if your risk management process/program is mature enough for using risk scenarios.
Join us for exciting networking opportunities throughout the conference.
WELCOME RECEPTION Sunday, April 30 | 5:30PM – 6:30PM
NETWORKING RECEPTIONMonday, 1 May | 5:15PM – 7:15PM
NETWORKING RECEPTIONMonday, 1 May | 7:15PM – 8:45PM
Connecting Women Leaders in Technology
ENGAGE. EMPOWER. ELEVATE.
WORKSHOPS
EARN UP TO 39 CPE HOURS!www.isaca.org/CACSbr17
WS7: CYBERSECURITY FOR AUDITORS
WS8: IT AUDIT: TAKING THE NEXT STEP
Russell Horn, CISA, CRISC John Edward McMurray, CISA President Asst. Director, Security Services CoNetrix CoNetrix
Stephanie Alexis Chaumont, CISA Security and Compliance Consultant CoNetrix
After completing this workshop, you will be able to: • Audit an organization’s cyber security posture. • Evaluate cyber security inherent risk. • Define audit evidence requests needed to evaluate an institution’s cyber security controls. • Be aware of basic policies, practices, technologies, tools and controls used to enhance cyber security. • Examine ways to assess an organization’s cyber security maturity. • Recognize new and emerging cyber-attacks, threats, and vulnerabilities. • Discuss cyber security frameworks and assessment tools currently available. • Understand and use the ISACA NIST Cybersecurity Framework Audit Work Program.
Nathan A. Anderson, CISA, CRISC Divisional Vice President, Internal Audit Sears Holding Corporation
After completing this workshop, you will be able to: • Conduct risk assessments and develop the audit plan. • Milestones and metrics for managing operational audits and compliance activities. • How to effectively communicate with leadership including: – writing impactful audit reports. – managing outstanding audit issues. – reporting to the audit committee. • Understand measures and metrics for successfully governing internal audit. • Consider strategies for: – Optimizing and enhancing Internal Audit workpapers. – Optimizing compliance activities. • Hiring and developing an effective team.
NORTH AMERICA CACS 2017
#NACACS
LOOKINGTO SAVE MORE
ON CACS?
Enjoy Member Discounts Non-members, start enjoying the benefits of ISACA membership today. As a member, you will save US $200 on registration for this conference, and save more on hundreds of other ISACA products. This offer expires 30 days after completion of the conference. Don’t miss this opportunity—apply today!
Your North America CACS 2017 Conference and workshop fees include:
Group DiscountsISACA offers discounts to organizations sending 4 or more employees to a single conference. Please contact ISACA’s Training & Education Department for more details at +1.847.660.5505 or [email protected].
Register and pay BY 25 April 2017* Member ...............................US $1,745 Non-member .......................US $1,945
Register and pay AFTER 25 April 2017** Member ...............................US $1,945 Non-member .......................US $2,145
One-Day WorkshopMember ...............................US $650 Non-member .......................US $850
Two-Day Workshop Member ...............................US $850 Non-member .......................US $1,050
*All registration fees must be paid in full by midnight on 25 April 2017 or regular registration rates will apply. **If registration fees are paid after midnight on 25 April 2017, onsite registration rates will apply. See website for details.All fees are quoted in US dollars. The entire registration fee must be received by ISACA before your registration will be considered paid in full. Cancellation Deadline: 31 March 2017. Cancellation policy and other details can be found at www.isaca.org/CACSbr17
Workshop PricingWorkshops have limited capacities and will only be available on a first-come, first served basis. Be sure to register and pay today to secure a seat in your preferred workshop.
• Continental breakfast
• Lunches
• Morning and afternoon refreshment breaks
• Access to networking events
• Wireless internet access in all meeting spaces
• Access to the Expo Hall
• Access to Vendor Spotlight Education Sessions
Save with Online Registration be 25 April
MAXIMIZE YOUR SAVINGS
THANKS TO OUR SPONSORS!
PLATINUM
GOLD
DeloitteKPMGProtivitiPwC
SAI Global
BRONZE
Capital One GCA Technology Services
QualysR-CAP
SILVER
CyberArk Software Maclear SecZetta
SSH Communications Security
Save On Your Stay For the best possible North America CACS experience, stay at the host hotel—The Cosmopolitan of Las Vegas. In addition to the convenience and instant access to all conference activities, ISACA’s special conference and group rates offer the splendors of the lavish Cosmo at impressive discounts!
THE COSMOPOLITAN OF LAS VEGAS 3708 Las Vegas Boulevard SouthLas Vegas, NV 89109Phone: 702.698.7000
ISACA’s North America CACS Room Rate: US $254 + tax, single/double occupancy
Group Rate Deadline: 3 April 2017*
Group Reservation Link: https://resweb.passkey.com/go/SISAC7
*Book your room today! There are a limited number of rooms available at ISACA’s Group Room Rate and reservations will be handled on a first-come, first served basis. All reservations made after the deadline or after the room block fills are subject to space and rate availability. In order to guarantee hotel reservations, guests will be required to provide a credit card and will be charged a deposit equal to one night’s rate plus tax. Cancellations with full refund will be allowed up until 72 hours prior to the arrival date of the reservation.
ACCOMODATIONS, VENUE AND REGISTRATION
3701 Algonquin Road, Suite 1010Rolling Meadows, IL 60008 USA
NORTH AMERICA CACS 2017 GIVES YOU THE OPPORTUNITY TO:
• Gain tools and resources immediately applicable to your role and goals
• Choose from more cutting-edge sessions and workshops than ever
• Connect with highly respected IS/IT and business professionals
Register at www.isaca.org/CACSbr17
© 2017 ISACA. All Rights Reserved.
PRST STDU.S. POSTAGE
PAIDMUNDELEIN, IL 60060
PERMIT NO. 370
REGISTER ONLINE & SAVE BY 25 APRIL