Annual IT Conference (with COBIT)
Friday, March 21, 2014
Full Day - Breakfast and lunch, 8 CPE/CPDs
CLICK HERE FOR HANDOUTS
Friday, March 21, 2014 –
All Day Technology Conference
(8 CPE/CPD Credits)
every day we read about threats to privacy and the security of our
information. This year’s Annual Technology
Conference promises to provide you with the essential skills to help you do
something about it. Whether you are
looking to sharpen your privacy breach and incident response skills or enhance
your ability to assess critical technology controls to prevent or minimize the
impact of these breaches, you’ll head from leading practitioners about how
internal auditors are helping their stakeholders manage these 21st
a former New York State Deputy
Secretary for Public Safety who currently serves as a consultant on terrorism
issues for FOX National, NBC National and Local, ABC News and News 12 Long Island;
a widely recognized author and
authority on cyber risk who is also a Managing Director at PWC;
a recognized authority on security and
privacy issues, including the use of encryption who has developed a reputation
within our chapter for his ability to translate complex technical risk
challenges into business issues that our members can act upon;
a former Internal Audit Director
turned academic who has both practiced and researched on the challenges facing
Audit Directors in providing and training financial and operational auditors to
conduct IT Audit services; and
a well-regarded practitioner and
accounting thought leader.
PRIVACY AND NATIONAL SECURITY IN A POST SNOWDEN WORLD” (Michael Balboni)
revelations regarding the extent of government monitoring of electronic
communications has created a multi-faceted problem; how to balance
Constitutional protections with the realities of the modern, internet enabled
world. The complexity and challenge of intelligence gathering has increased
simply as a function of the volume and speed of communications. Potential
enemies utilize these technologies to plan and organize their efforts.
How can the U.S. balance freedom and the Constitution while protecting the
nation from the ‘digital pearl harbor’ that many have speculated about?
PRIVACY – BREACH RESPONSE” (Don Ulsch)
privacy at the breach point is critical, and this is where companies often make
strategic errors that result in increased cost, increased reputation exposure,
and even civil and criminal litigation. But managing privacy and risk impact in
the event of a breach of privacy requires cooperation from employees,
management, the board of directors, insurers, and third party vendors. In
addition, privacy at the point of breach is likely to involve corporate
customers whose data may have become compromised and whose contract terms may
have been breached. It is vital to prepare for the moment of adversity by
building and managing a successful privacy program so that a breach of
intellectual property, trade secrets or regulated data is a complication and
not a disaster. This session will examine key areas to focus on regarding
privacy when it matters most--when it has been compromised.
IMPLEMENTING AND AUDITING ENCRYPTION
TECHNOLOGIES (John Rostern)
revelations regarding the surveillance of electronic communications and
increasing regulatory constraints have led many organizations to consider
encryption as a means of assuring privacy.
This presentation will provide a basic overview of encryption
technologies, various standards for encryption and provide an IT auditors view
on evaluating encryption solutions and implementations.
INTERNAL AUDIT DIRECTOR’S ROLE IN
INTEGRATING IT AUDITING IN OPERATIONAL AUDITS
some organizations consider IT auditing a separate function within an internal
audit group, there is value in cross training all auditors in IT audit
functions so that every operational audit incorporates a component of IT
general and application control assessment. This session will include a
discussion of the advantages of expanding the scope of IT auditing beyond a
specialized function. The presenter will discuss ways to integrate IT auditing
into the processes of assessing IT internal control risks at an operational
level. The discussion also includes training issues and an understanding
of how to differentiate functions so that an organization maximizes its audit
coverage of IT control issues.
COSO 2013 AND ITS IMPACT ON INFORMATION TECHNOLOGY (Joel Lanz)
presentation will build upon general attendee understanding of COSO 2013
Principles and will focus on information technology considerations that may
need further elaboration or supplementation to what was provided in the COSO
documents. One of the major enhancements
to COSO was the integration of IT-related risks and control issues. Specifically the presentation will review
these developments and provide IT-related challenges that internal auditors
should consider when implementing the framework. We will then walk-thru each of the 17
principles and provide examples of how IT should be considered. We will also discuss how IT Auditors can
leverage the guidance in developing an IT audit work program that is more
effectively aligned with other Internal Audit activities.
About Our Speakers
Michael A.L. Balboni
Balboni currently provides management and strategic direction and business development
for a wide array of clients within the Redland Strategies Company. His homeland
security practice is based in New York City. The former Senator specializes in
providing extensive experience in a broad range of homeland security and
government relation’s issues. He sits at the intersection between government
relations, crisis management, media strategy and homeland security. Previously the Senator was appointed Deputy
Secretary for Public Safety in January 2007. In this role, the Senator was the
Senior Homeland Security and Law Enforcement official for the State of New
York. Senator Balboni represented the
seventh Senate District, located in Nassau County from December 1996 to
December 1997 and was named
of the Committee on Veterans, Homeland Security and Military Affairs.
Ulsch is Managing Director, Cybercrime and Breach Response, at
PricewaterhouseCoopers LLP. A widely recognized authority on cyber risk,
Don is the author of "THREAT! Managing Risk in a Hostile World" (The
IIA Research Foundation, July 2008), and the upcoming book, "CyberThreat!
How to Manage the Growing Risk of Cyber Attacks" (John Wiley & Sons,
Inc., 2014). He advises clients and investigates cyber breaches for many
companies, from banks and defense companies to retail and healthcare organizations.
Don also works closely with federal agencies on the cyber threat. He has
appeared on Fox News and other broadcast media outlets, and has been quoted in
many publications, and academic and national security and defense studies.
Don has spoken at conferences held by the Institute of Internal Auditors
in Rome, Italy, Athens, Greece, and throughout the United States. He recently
participated in a law panel at RSA 2014, titled "Is Liberty Reserve the
New Face of Cyber Crime?"
John Rostern, CRISC, QSA
the Regional Vice President of Audit & Advisory Services for the East
Region of Coalfire Systems. He has more
than 32 years of diverse experience in IT audit, information security and
technology and leads a practice delivering governance and risk based compliance
services in areas such as HIPAA, GLBA, and PCI DSS. His areas of expertise
include IT audit, technology risk assessment & management, IT strategic
planning & governance, architecture, information security, operations,
applications development, telecommunications, networking, data center design
and business continuity planning.
a subject matter expert in the areas of data loss prevention, intrusion
detection, encryption and incident response and has published articles on a
variety of topics related to technology related risk.
Roger Mayer, DBA, CPA, CIA, CRMA
Dr. Mayer is an assistant
professor of accounting at the SUNY College at Old Westbury where he teaches
advanced accounting and auditing at both the graduate and undergraduate level.
He has over 15 year experience in internal auditing including seven years at
the level of director of internal audit (NYC Health and Hospital Corporation
and Lenox Hill Hospital).
Dr. Mayer has presented at over
20 professional and research symposiums including sessions sponsored by ACL,
HFMA, and the American Accounting Association. He has published numerous
articles and has participated as chair or content expert on 10 separate
completed dissertations. He was co-chair of the HFMA Audit and Compliance
Manhattan group in 2010 and 2011.
Joel Lanz, CPA.CGMA.CITP.CFF, CISA, CISM,
currently serves on the Chapter’s Board of Governors. Prior to starting his niche IT Audit,
Governance and Information Security Management practice in 2001, Joel was a
Technology Risk Partner in Arthur Andersen’s Business Risk Consulting and
Assurance Practice, and was a Manager at Price Waterhouse. His industry experience includes Vice
President and Audit Manager at The Chase Manhattan Bank and senior IT auditor
positions at two insurance companies.
Joel is an Adjunct Professor in the School of Business at The State
University of New York – College at Old Westbury. Joel writes a monthly technology column for
the New York State Society’s Trusted Professional newspaper and is an Editorial
Board member of “The CPA Journal.” He
currently chairs the AICPA’s CITP Specialist Credential Committee, and formerly
served on the AICPA’s IT Executive Committee.
Friday, March 21, 2014
Check-in and breakfast begin at 8:30 a.m.
Program begins at 9:00 a.m. Lunch will
be served at approximately 12:30 p.m. Dress is business casual.
Please use the following on-line
registration link: http://www.cvent.com/d/84qzlk/4W
If you are having trouble with the link,
notify Ron Goldman at email@example.com or call Ron at 516-918-7166
making payments offline,
You should register on-line (above)
and in the payment section, select “check” or "other." If not registering online, contact us at LongIslandIIA@yahoo.com or call Bob McNair at (631) 344-5921 at least 24 hours before to
reserve your seat. Then complete and
enclose this registration form along with your check made payable to the IIA
Long Island Chapter and mail to: Institute of Internal Auditors LI P.O. Box
442, Smithtown, New York 11787 or bring it the day of the seminar.
of Prepaid Subscriptions
Company Name: ________________________________________
Phone #: _________________________________________
E-Mail Address: _________________________________________
to the Melville Marriott:
From New York City: Take
the Long Island Expressway (Rte. 495) to Exit 49 South. Take the Ramp (right) onto the South Service
Road. Turn left (North) onto Old Walt
Whitman Road (Walt Whitman Road)
From Eastern L.I.: Take
the Long Island Expressway (Rte. 495) to Exit 49 North. Take the Ramp (right) onto the North Service
Road. Turn right (North) onto Old Walt
Whitman Road (Walt Whitman Road).
The Melville Marriott phone
number in case of weather emergency: