Navigate Up



 Full Day Seminar - IIA and ISACA

4/10/2013 7:30 AM
4/10/2013 5:00 PM
AMN Healthcare, Inc., 12400 High Bluff Drive, San Diego |


Event hosted by AMN Healthcare  AMN_Logo.jpg
This is the annual joint meeting for the San Diego IIA and ISACA chapters.
Note the change in location for this event.
See separate registration page for luncheon only.



8:00 – 8:45         Franklyn Jones, VP, Bromium – Micro-Virtualization and Analysis of Zero Day Polymorphic Malware
8:45 – 10:00       Jon Bronson & Jason Bruckner - Protiviti, Managing Director - Enabling IT Performance & Value with Effective IT Governance
10:00 - 10:15      Break   
10:15 – 11:45     Aaron Garcia - PWC, Director - COSO IT Update
11:45 - 12:00      Transition to Luncheon Meeting
12:00 – 12:20     Lunch, Announcements and Administrative Matters
12:20 - 1:30        Adam Brand, Protiviti, Associate Director, Contextual Vulnerability Rating for Effective Vulnerability Management
1:45 – 2:15          Ken Carter, AIS VP Data Center Operations, Network Security & Data Protection.
2:15 - 3:15           Brenda Piazza, Director of IT Audit Services – CBIZ; SSAE 16, SOC 1, 2 & 3 Reports: What are they, how are they different, and when should I ask for one?
3:30 – 5:00          Noel Haskins-Hafer- Intuit - Key Considerations of Regulatory Compliance in the Public Cloud

Member (IIA/ISACA):    $125
Non-Member:                $140
Student:                          $  65

BIO: Franklyn Jones
Franklyn Jones is Vice President at Bromium, Inc.  He has 20+ years of experience in marketing leadership positions in enterprise network security, data center, VOIP, and network infrastructure market segments.  Franklyn was an early member of Palo Alto Networks and spent nearly 5 years helping the company grow its business in North America, then moved to London to replicate that success across EMEA in preparation for a successful IPO.  Prior to joining Bromium, Franklyn also held senior marketing positions with 3Com, ShoreTel, Packeteer, BlueCoat, and Xsigo Systems.  Franklyn holds a BA from Michigan Technological University.
BIO:  Jason Brucker
Jason is a Director within Protiviti’s IT Consulting practice in the San Francisco Bay Area and is a member of Protiviti’s global leadership team for IT governance and IT operations improvement solutions.  With certifications in project management, IT governance, IT service management, and IT audit, he has over twelve years of experience in information technology and risk consulting spanning a variety of solutions and industries. His experience includes a broad range of projects, from short-term audits and assessments, to full-scale process re-engineering and system implementation programs. 
BIO:  Jon Bronson
Jon is a Managing Director in Protiviti's Los Angeles risk consulting practice.  He is a key management resource in executing business continuity management (BCM), IT governance, IT process improvement and internal audit engagements.  Jon is the leader of Protiviti’s West Region business continuity solution area and has provided risk management advisory assistance to over 100 organizations throughout the region.  He is a Certified Business Continuity Professional (CBCP), Certified Project Management Professional (PMP) as well as a Certified Information Systems Auditor (CISA).  Jon has over 16 years of large-scale project management experience complemented by an Engineering Master's degree from the University of Southern California.
Session Title 
“Enabling IT Performance & Value with Effective IT Governance”
Executive Summary and Learning Objectives

Organizations often underestimate the impact and value of its IT governance function, resulting in IT strategies, processes and technology capabilities that are not appropriately aligned with business requirements.  This presentation will focus on how factors such as customer perception and the effective management and execution of key foundational processes and controls within an IT function can enhance value at an organizational level. 

Session attendees will gain insight into resources that are readily available to them as they work through their own IT governance assessment and improvement initiatives.  These include leading frameworks and models from organizations like the IT Governance Institute as well as cross-industry research and benchmarking tools from organizations like the IT Process Institute (ITPI).  Attendees will also hear about key lessons learned from other organizations that have successfully enhanced their own IT value chains through improved IT governance.  The techniques presented will be readily applicable to the attendees and their organizations regardless of their background, experience, size, industry, or current state of maturity.

Session Benefits/Learning Objectives:

  • Techniques for moving your organization beyond compliance-focused IT governance activities.
  • Identifying and applying the “right” business-IT alignment model for your organization.
  • Structuring the IT organization based on your business-IT alignment.
  • Aligning your key IT decisions with the right IT decision-makers.
  • Defining and implementing the key behaviors and practices to enable IT value delivery.
  • Adopting a higher-value approach for IT governance auditing.

BIO:  W. Noel Haskins-Hafer is the Compliance Program Manager for Intuit’s Financial Services division. Until recently, she was with Intuit’s internal audit department, where she developed Intuit’s roadmaps and audit programs for emerging technologies, including cloud computing and social media governance. Prior to joining Intuit, she assisted her Deloitte clients in developing their anti-fraud programs and controls frameworks, and was part of the firm’s National Fraud Training task force. She holds numerous professional designations, including Certification in Risk Management Assurance (CRMA), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified in Governance of Enterprise IT (CGEIT) and Certified Fraud Examiner (CFE). She serves on the board of the San Diego chapter of ISACA as well as on ISACA International’s review committees for certification study materials and the recently released COBIT 5 framework.

BIO:  Ken Carter.  A professionally certified Data Center Design Electro-Mechanical engineer, Ken has over 15 years experience designing, building and maintaining Tier II-III data centers all over the country for companies such as LexisNexis and Fidelity Information Services.  Meeting client expectations of ensuring continuous reliability, availability and productivity is the forte of uptime and is a key focus for Ken.  During his five years with Fidelity and previous years at LexisNexis, his clients enjoyed an unprecedented level of continuous uptime without revenue generating load losses. There was not a singe revenue-impacting outage.  Ken holds BS in Engineering from Notre Dame and an MBA from the University of Dayton. 

BIO:  Adam Brand

Adam Brand is an Associate Director with Protiviti's Information Security practice. He has been involved in a variety of areas in information security, from strategic planning and remediation activities, to audits and incident response. He holds the PCI QSA, CISSP, CISA, ITIL Foundations, and GIAC GREM (Reverse Engineering Malware) certifications. A current main focus of his is helping organizations redesign information security processes to be more effective and service-oriented.

Session Title
Contextual Vulnerability Rating for Effective Vulnerability Management
Executive Summary and Learning Objectives
The information security threat landscape has never been more hostile, and many organizations are
struggling with how to find time to effectively defend against determined attackers when the odds
seem so stacked against them. Unfortunately, many organizations are set back even further through
over-reliance on the results of security scanning tools and the ratings those tools apply to
discovered vulnerabilities. This presentation discusses the dangers of relying on these scanner
risk ratings, and how a more contextually aware approach can result in improved results and less
energy expended on low-value activities.
Session Attendees Will Learn How To: 
·Identify inconsistencies in the scanner-centric model
·Clarify organizational objectives for risk ratings
·Develop and execute a contextual vulnerability rating program
·Improve credibility with IT Operations through accurate vulnerability ratings
·Communicate more clearly with Executive Management on Vulnerability Management 


     Learning Objectives: Improve knowledge and skills related to information technology auditing.
     8 CPE hour
    Method:  Group-Live
    Field of Study: Auditing (General)
    Program Level:  Intermediate     
    Prerequisites:  None
    Advanced Preparation:  None
Please make your reservations by 4:00pm, Friday April 5, 2013.  
To register and pay in advance, please use the PayPal link below.  If you use the PayPal link, there is no need to use the registration link below.  To register only and pay at the door, please click on the Registration Only link below.  Please note that we do not accept credit cards at the door, only cash or checks.
REGISTRATION ONLY: To register for this event and pay at the door, please click HERE. 

Refund/Cancellation Policy:  Refund requests must be received by Monday April 5, 2013.   No refunds will be granted afterwards.
Complaint Resolution Policy:  Contact the Hospitality Chairperson, John Teevan 
for refund, complaint or cancellation policies.  

The Institute of Internal Auditors, San Diego Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors - Sponsor #109486. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: