VOLUME 28 #9 REGION 4 CHAPTER 8
DATABYTEDATABYTE
DIRECTORS
Greg Boehmer, CISA, CIA, CFE, CGEIT, CISSP, CISM, CRISC, CRMA, PMP
Deloitte & Touche 313-394-5524
Derrick Buckingham CISA, CISSP, CISM CRISC 313-729-8816 Juman Doleh-Alomary, MSc.E, CISA, CISM, CRISC, ISO27001 Wayne State University 313-577-6406 Michael A. Forrest, CISA, CGEIT 586-292-4740
Michele Haroon, CPA, CISA Federal-Mogul Corp. 734-637-9270
Ryan Hodges, CISA Deloitte & Touche 248-953-1151
M. Siobhan Jordan Ford Motor Company 734-891-5082 Brenda Karl, CISA, CGEIT, CRISC, QSA Accretive Solutions 248-633-2347
Bhaskar Kakulavarapu TD Auto Finance 248-925-7001
D. Robert Okopny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246
Rajesh Patel Plante & Moran PLLC 248-223-3428 Brandy Pfeiffer, CISA Federal-Mogul Corporation
248-354-2602
Carrie Schrader, CISA, CBM, CFE, CGEIT CRISC GM Financial 586-817-8590 Doug Wahr, CISA, CRMA, CISSP Auto Club Group (AAA) 313-436-7277 Susan A. Yamin, CPA Ally Financial 734-619-8425
Manish Zaveri, CISA, CPA Delphi Corporation 248-888-9090
Monthly MeetingMonthly MeetingMonthly Meeting May 21, 2014May 21, 2014May 21, 2014
Pre-Dinner Topic: Making SIEM Work for Security and Compliance in a Real World Setting Ethan Steiger After-Dinner Topic: What can GRC/SOD/Compliance Monitoring do for Your Company? Eric Ringle, CISA, CPA Kelly Rau, CISA, CISSP
Date: May 21, 2014
Time: 4:30 – 5:00 Registration & Networking
5:00 – 6:00 Pre-Dinner Presentation 6:00 – 6:45 Dinner 6:45 – 7:45 After-Dinner Presentation
Location: University of Michigan – Dearborn Fairlane Center North
Quad E Room, North Building. (It’s the 1st room to the right in the 1st aisle
past the reception desk. See map and directions on page 6) 19000 Hubbard Dearborn MI 48126 313-583-6511
Cost: Advance Registration:
Advance registration ends at midnight Saturday May 17, 2014. Members & Non-Members making reservations after the reservation deadline will be charged an additional $10. Walk-ins, excluding Students and Retirees, are subject to the late charge. Reservations can be made at www.isaca-det.org
PRESIDENT VICE PRESIDENT TREASURER SECRETARY Sajay Rai CPA, CISSP, CISM Brad Barton CISA Linda Kearney CISA, CIA, CIPP-US Jason Sist CISA, CISSP, CIA
Securely Yours LLC Lear Corporation Chrysler Group, LLC Cooper Standard Automotive 248-723-5224 248-707-9372 586-219-9041 248-946-1771
Registration Changes To make better use of your membership dollars, we will NO LONGER accept credit cards at the DOOR for walk-ins and unpaid pre-registrations. We WILL continue to accept credit cards for pre-registrations in Cvent. We encourage you to register and pay via Cvent for all ISACA Chapter activities. ISACA Chapter Meeting CPEs will no longer be distributed at the meetings, but will be emailed to the meeting participants after the meeting.
2
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Dear Detroit Chapter Members,
April was another busy month for us. We had exceptional speakers (Angela
Williams and Keith Cheresko) during
our April monthly meeting. Thanks to both Angela and Keith for great presen-
tations. We also held our first scholar-
ship contest during April. As we had advertised, this year’s scholarship contest focused on giving
the students a real-life IT audit experience. The case study on which they worked included IT General Controls and a
fake website with SQL injection and Cross-site Scripting er-
rors. I want to congratulate the winners and also thank the judges (Brad Barton, Greg Boehmer and Michele Haroon)
for taking time on a Sunday to participate in this contest.
We on the Academic Committee felt that the contest was a
success and we heard resounding support to continue the scholarship contest in this new format. My only disappoint-
ment was that we did not get teams from all the local univer-
sities. The Academic Committee will make sure that we reach out to all of the academic advisors from local universi-
ties next year and give them plenty of notice to have their students form teams to participate in this contest.
The year is not over yet, as we have the following events coming up soon:
May: The Spring Seminar is on May 7th and May 8th. The
topic is Information Security Management. This is another
way the Chapter is making it easy for the members to earn CPE credits.
Our monthly meeting is on May 21st. We have excellent speakers and topics. Ethan Steiger will present “Making
SIEM Work for Security and Compliance in a Real World Setting. Speakers Eric Ringle and Kelly Rau will present
“What can GRC/SOD/Compliance Monitoring do for your
Company”. The Officers of the Board will be providing you the business update for the year as well during this meeting.
The 5th Annual IIA & ISACA River Cruise will take place on May 30th this year. The registration is open now for this so-
cial event and I am sure it will be a blast like in the years past. So if you have not registered, please do so using this
link.: http://www.cvent.com/d/54qwmx/1Q
I look forward to see you during our May monthly meeting.
Sincerely,
Sajay Rai, CPA, CISSP, CISM
ISACA Detroit Chapter President
Before Dinner Topic VP of Information Security at Domino’s Pizza shares his SIEM Best Practices. Implementing a SIEM (Security Information Event Manager) has become fairly standard for security programs. Many organizations struggle to find the balance between a solu-tion which provides comprehensive logging or one that becomes so large and impractical that its only value is that auditor can check the box, “does your organization maintain a SIEM?” In Ethan Steiger’s presentation, he will demonstrate valuable use and abuse cases which his company implemented when rolling out their SIEM program. He will also review some of the chal-lenges he faced and the lessons learned in the five years it took before his previous company’s SIEM finally started earning its’ keep.
April Speaker Angela Williams and Sajay Rai ISACA President
April Speaker Keith A. Cheresko and Sajay Rai ISACA President
3
Welcome New ISACA Detroit Chapter Members
Junyan Ni Yi Shan Li Trish Meyer Anne Kohnke Martin Porea John Chedrick Michael Muha Adekunle Adeniran Michael Wilson Steve Neubecker Samantha Chapman Jose Boyd Krystle-Catherine Beseler
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Before Dinner Speaker Ethan Steiger currently serves as the Vice President of Informa-tion Security of Domino’s Pizza where his department is entirely responsible for his company’s global security program. Ethan’s background includes over 25 years of experience working with complex computing systems and at least 20 years of direct secu-rity industry expertise. Prior to joining Domino’s, Ethan worked as the CSO of R. L. Polk & Co. and as a Security Architect with RSA Security. He has also served as an IT Consultant with CapGemini, Ernst & Young and first cut his teeth as network engineer at Bear Stearns & Co. Ethan Steiger is a graduate of the University of Wisconsin at Madison with a degree in History and Computer Science.
After Dinner Topic What can GRC/SOD/Compliance Monitoring do for your Com-pany? In the after-dinner presentation Eric Ringle, Director, and Kelly Rau, Senior Manager, of Deloitte & Touche LLP will provide an overview of how organizations, large and small, can take steps to improve controls around Governance Risk & Compliance (GRC), with a focus on Segregation of Duties (SOD). Eric and Kelly will touch on a variety of topics around SOD, including as-sessing the maturity of a company’s SOD program, key drivers for SOD controls in today’s business environment, and practical views on how to simplify the complex SOD challenges that all organizations face.
After Dinner Speakers Eric Ringle is an Advisory Director with Deloitte & Touche,
LLP. Eric has over 20 years of experience specializing in the Con-
sumer & Industrial Products industry and Automotive sec-
tor. Eric's areas of specialization include business process con-
trols, Sarbanes-Oxley, segregation of duties, Approva, IT proc-
esses and controls, mainframe security, UNIX, and network archi-
tecture. Eric has lead teams responsible for assessing and evalu-
ating the internal controls and procedures for multinational or-
ganizations. In his role as a leader of Deloitte’s regional Contract
Risk & Compliance services he has leveraged his experience with
third party relationships to assist clients with cost recovery and
revenue inspections of third party contracts. Eric is a Certified
Information Systems Auditor and a Certified Public Accountant.
Kelly Rau is an Advisory Senior Manager with Deloitte & Touche
LLP. Kelly spends a significant portion of his time delivering on
GITC internal control audits on large public company audits. He
is skilled in the areas of IT audit and compliance, internal control
over financial reporting, IT risk management, Sarbanes-Oxley,
and information system design. Kelly is a Certified Information
Systems Auditor and Certified Information Systems Security Pro-
fessional and has over 12 years of experience in delivering audit
related services.
ISACA Detroit Chapter Winners for it’s
First Scholarship Contest
First Place - Team Luna Sapientia Adrian Palamaru and Srinirisha Lankipalli ($1,500)
Second Place - Team Trident Kelly Reynolds ($1,000), Cameal Young ($1,000)
4
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
ISACA and IIA Chapters Partner for FUN!!
Network, dine and dance the night away. Join us for the Fourth Annual Cruise Aboard the
Detroit Diamond Jacks.
You and any number of guests you would like to bring are invited to a
Private Chartered Dinner Cruise on the Detroit River with
Diamond Cruises. Friday May 30, 2014
Non-Refundable Cost for Members and their Non-Member Friends only $31.00 per person!
3 Hour Cruise – Boarding 6:00pm, Launch from Dock
6:30pm, Return to Dock 9:30pm
Your cost includes the following; Prime Rib of Beef with Au Jus (chef to carve)
Vegetable Lasagna Mostaccioli w/ Marinara Sauce
Michigan Salad: Mixed Greens, Sliced Pears, Crumbled Blue Cheese, Dried Cherries, Toasted Walnuts & Cherry Vinaigrette
Parsley Baby Carrots, Red Skin Potatoes Rolls and Butter, Cake Coffee and Soft Drinks
Entertainment & Cash Bar
Register today at http://www.cvent.com/d/54qwmx/1Q
Third Place - Team Eastern Auditors Cintia De Sousa Bergamasco ($500) and Deqin Ma ($500)
Two Teams Tied for Third Place
Third Place -Team The Eagles Peng Zhang ($500) and Terefe Ejigu ($500)
Terefe could not make it to the meeting to collect his certificate but the picture to the left shows him during the contest.
In addition, a tradition (we hope) has been started as to who will have the right to keep the Scholarship Cup. This year, the 1st prize winners were from Eastern Michigan University, and there-fore, they get to keep this beautiful “Scholarship (Stanley) Cup” for one year. We hope to have more teams par-ticipate in the Scholarship contest next year!
March Chapter Meeting Raffle Winners
John Nordbeck Barbara Monroe Michael Steklac
Brian Kaetz Mark Smith Nikhil Kothari
Timothy Shabeck Dwight Evans Victoria Rose
Christopher Johnson
5
2013/14 ISACA Detroit Chapter Committees
ADVERTISE IN YOUR DATABYTE NEWSLETTER
¼ Page $50.00
½ Page $100.00
Full Page $200.00
Contact Geralyn Jarmoluk at [email protected]
or Mike Forrest at [email protected]
CALL FOR PAPERS
To make the Databyte more meaningful, we would like to publish
articles of interest to the membership. We need your help!!! Have
you written a paper, article, whitepaper, etc., for your company
newsletter, website, etc., that you can share? If so please submit it
to Mike Forrest at [email protected] for publication in a
future Databyte.
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Academic Relations
Manish Zaveri (Chair)
Michele Haroon
Robert Okopny
Greg Boehmer
Ryan Hodges
Raj Patel
Certification
Brenda Karl (Chair)
Michael Forrest
Brad Barton
Michele Haroon
Jason Sist
Facilities
Carrie Schrader (Chair)
Siobhan Jordan
Linda Kearney
Ryan Hodges
Internet
Brandy Pfeiffer (Chair)
Bhaskar Kakulavarapu (Webmaster)
Ryan Hodges
Membership Michael Forrest (Chair)
Brenda Karl
Doug Wahr
Nominating & Audit Siobhan Jordan (Chair)
Michele Haroon
Program
Juman Doleh-Alomary (Chair)
Michele Haroon
Raj Patel
Greg Boehmer
Spring Conference
Siobhan Jordan (Chair)
Robert Okopny
Jason Sist
Juman Doleh-Alomary
Seminars
Brad Barton (Chair)
Susan Yamin
Carrie Schrader
Manish Zaveri
Bylaws, Policies and Procedures
Brad Barton (Chair)
Doug Wahr
Michael Forrest
Linda Kearney
Michele Haroon
Social Committee
Jason Sist (Chair)
Siobhan Jordan
Susan Yamin
Ryan Hodges
Ad Hoc Committees
Sandbox Scholarship-Sajay Rai
Social Media-Ryan Hodges
Webcast-Linda Kearney
Member Enhancement-Michael
Forrest and Juman Doleh-Alomary
Executive Participation-Brad Barton
Attend the Michigan Cyber Summit!!
The 2014 Michigan Cybersecurity Industry Summit will be held on
May 20, 2014, at the Ann Arbor Marriott Ypsilanti at Eagle Crest,
from about 3:00-8:00 p.m. The summit will feature prominent
industry leaders, important updates about cybersecurity activities
in Michigan, demonstrations of the Michigan Cyber Range, and a
daylong Capture the Flag contest held on the Range. It's sure to be a
great event that you don't want to miss! http://www.merit.edu/
learning/mcis2014/
Registration is only $50.00 for members! We are offering $25 off!
Code: DISC-GNFN
Begin the registration process by using the "Register" link at:
http://www.merit.edu/learning/mcis2014/
In the first step of registration you'll see one or more registration
options. Select the first option:
"2014 Michigan Cyber Security Industry Summit", with a price
of $75. Proceed through the next steps to enter your contact infor-
mation. On the "Review and Submit Order/Registration" page, un-
der the heading "Do you have a discount code?," enter the follow-
ing 8-character code (DISC-GNFN) and click the "apply this code"
button.
The total price for the transaction will drop to $50, which is $25 off
the regular price. Then select a payment method and click the
"continue" button on the bottom of the page to complete the trans-
action. If you have questions about this process, please contact
6
Dinner Menu May 21, 2014
Salads: Pasta Salad and Tossed Salad
Entrees: Baked Salmon, Roast Round of Beef, Chicken Park Place
Side Dishes: Broccoli, Cauliflower and Carrots;
Mashed Potatoes and Gravy
Optional Vegetarian Selection: Pasta Primavera (available only with pre-registration)
Dessert: Black Forrest Torte
All dinners include rolls, butter, relish tray and coffee. Two alcoholic drinks limit (beer and wine only);
no other liquor available.
The Chapter must provide the number of reservations by 8:00 a.m. on
the Monday before the meeting. To ensure that we can accommo-
date those who wish to attend and the facility can provide the best
service possible, please make your reservations prior to midnight
Saturday, May 17, 2014. If you have made a reservation and cannot
attend, please contact Geralyn Jarmoluk at Administrator@isaca-
det.org, or 248-762-7421 prior to the above noted deadline for re-
funds. Your cooperation is greatly appreciated.
We are very sorry, but reservations not cancelled prior to the above
noted deadline (midnight Saturday prior to the meeting) cannot be
refunded as we are committed to the caterer for the meals ordered.
DATABYTE Geralyn Jarmoluk, Editor
P.O. Box 99385
Troy, MI 48099-9938
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Directions to University of Michigan – Dearborn Fairlane Center North
Located at 19000 Hubbard, Dearborn MI 48126
From the West Take I-94 East to Southfield (M-39) North. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hub-bard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Build-ing will be located on your left hand side. Parking is directly across from the North Building.
From the East Take I-94 West to Southfield (M-39) North. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hub-bard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect
the following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.
From the South Take Southfield (M-39) North to the Michigan Avenue exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the Following: The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.
From the North Take Southfield (M-39) South to the Ford Road exit. Stay on the Ford Road Service Drive to Hubbard Drive and turn right. Follow Hubbard Drive and turn right into the Southern entrance of the U-M Dearborn/Fairlane Center (the marquis will reflect the following: The Univer-sity of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building.