SlideShare a Scribd company logo
Our Sponsors - page 3 -4
Welcome - page 5
Schedule of Events - page 6 - 7
Speaker biographies - page 8 - 17
Venue information - page 18
August 25th, 26th, 2011 — San Jose, California
ISACA SiliconValley
2011 Summer Conference
2011 Summer Conference
Auditing and Securing the Cloud
CONTENTS
16 CPE’s!
(This page intentionally left blank)
ISACA Silicon Valley 2011 Summer Conference
Page 3
;
Platinum Sponsors:
This conference would not be possible without the generous support of our
sponsors —THANK YOU!
http://www.infoblox.com
http://www.checkpoint.com
Gold Sponsors:
http://www.soaprojects.com
http://www.pwc.com
http://www.bpmllp.com
http://www.whitehatsec.com
Page 4
Silver Sponsors:
This conference would not be possible without the generous support of our
sponsors —THANK YOU!
DISCLAIMER
As it is the objective of the Silicon Valley Chapter of the Information Systems Audit and Control Association to provide a
forum for the expression of ideas and opinions, statements of opinion appearing herein are not necessarily those of the
Chapter or its directors and officers.
Additionally, We would like to thank the following companies for supplying time
and support to our Conference Speakers:
http://www.terremark.com
http://www.cloudpassage.com
http://www.hp.com
http://www.emc.com
http://www.ekkoconsulting.com/
http://www.contoural.com
http://www.kpmg.com
http://www.ey.com
http://www.hp.com
http://www.hp.com
Welcome!
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
ISACA Silicon Valley has been providing IT Audit,
Security, and Governance Professionals with the
training and networking opportunities they need to
not just compete but to thrive since 1982. We are
continuing this tradition at our 2011 Summer Con-
ference, at which we are offering full day of semi-
nars that move beyond theory to emphasize practi-
cal skills you can utilize at work or to improve your
marketability.
The Conference Committee has worked hard to provide you with a cost effective, value added, high
quality educational and networking opportunity for ISACA members and other professionals in related
fields — we hope we have succeeded. As always, you input is greatly appreciated, and we strongly en-
courage you to fill-out the Evaluation Forms at the end of each day. You are also welcome to seek us
out with any comments or suggestions you might have to help us continually improve.
Kind Regards,
The 2011 Summer Conference Committee
• Sumit Kalra, Conference Director, TheConference-Director@isaca-sv.org
• Jay Swaminathan, Chapter President, ThePresident@isaca-sv.org
• Greg Edwards, Vice President
• Minel Diaz, Treasurer
• Mike Jordan, Certification Director
• Robert Ikeoka, Program Director
• Navarasu Dhanasekar, Marketing & Communications Director
• John Barchie, Conference Committee Chair
• Robin Basham, Conference Committee Volunteer
• Davor Borcic, Conference Committee Volunteer
ISACA SILICONVALLEY
2011 SUMMER CONFERENCE COMMITTEE MEMBERS
Page 5
ISACA Silicon Valley 2011 Summer Conference
2011 Summer Conference Schedule
Thursday, August 25th
Agenda Time Topic Speaker
Registration 8:00 - 8:30 Continental Breakfast and Registration
Breakfast &
Announcements
8:30 - 9:00 Networking
Session 1.1
Keynote
9:00 - 10:00
Risks and Controls to Consider in working
with Infrastructure As a Service (IaaS) Cloud
Providers
Peter Nicoletti, VP of Security Engineering,
terremark, A Verizon Company
Session 1.2
10:10 - 11:20
Controls Automation in the Context Cloud
Architecture, Private Cloud, Community
Cloud, Public Cloud, Hybrid Cloud
Brad Ames, Director Internal Audit, HP
Session 1.3
11:30 - 12:30
Virtually Safe: Managing from Threats to Clear
Skies
Dameon D. Welch-Abernathy, Strategic
Alliance Manager, Check Point Software
Technologies Ltd.
Lunch 12:30 - 1:30 Lunch and Networking
Enjoy time with our Platinum, Gold and
Silver Sponsors
Session 1.4
1:40-2:40
Risk with outsourcing to the Cloud vs. SaaS Harshul Joshi, Director, PwC
Session 1.5
2:50-3:50 Emerging Security Standards for the Cloud
vs. SaaS
Becky Swain, Partner, EKKO
Session 1.8 4:00-5:30
Panel Discussion:
Business Drivers Vs. Legislation and Standards
Driving Cloud Services
Moderator - Robin Basham,
Sr. Director, SOAProjects
Carson Sweet, CEO, CloudPassage
Becky Swain, Partner, EKKO
Marlin Pohlman, Chief Governance Officer,
EMC
Benny Kirsh, CIO, Infoblox
Peter Nicoletti, VP, terremark, A Verizon
Company
Brad Ames, Director Internal Audit, HP
Reception 5:30 - 6:30 Networking Event
Enjoy time with our Platinum, Gold and
Silver Sponsors
Enjoy time with our Platinum, Gold and
Silver Sponsors
Page 6
ISACA Silicon Valley 2011 Summer Conference
2011 Summer Conference Schedule Page 7
Friday, August 26th
Agenda Time Topic Speaker
Registration
8:00 - 8:30
Continental Breakfast and Registration
Enjoy time with our Platinum, Gold and
Silver SponsorsNetworking
Session 2.1
Keynote
8:30 - 10:00 Planning and Scoping the Cloud Audit
Cara M. Beston, Partner, PwC
Eric Tan, Director, PwC
Session 2.2
10:10 - 11:20
Governance and Enterprise Risk Manage-
ment (ERM) The GRC Stack
Marlin Pohlman, Chief Governance Officer,
EMC
Session 2.3 11:30 - 12:30 Privacy in the Cloud Doron Rotman, IT Advisory, KPMG
Lunch 12:30 - 1:30 Lunch and Networking
Enjoy time with our Platinum, Gold and
Silver Sponsors
Session 2.4
1:40-2:40 Leveraging Data Security to Support
eDiscovery and Records Management
Mark Diamond, Contoural, Inc.
Session 2.5
2:50-3:50
Operating in the Cloud
Incident Response, Notification and Reme-
diation, Application Security, Data Security
and Integrity, Identity and Access Manage-
ment
Virtualization,
David Ho, Ernst & Young
Session 2.8 4:00-5:00 PCI and Tokenization Panel Discussion
Jonathan Clark, CEO, ExoIS, Inc.
Walter Conway, (QSA)
Abir Thakurta, Director,
Liaison Technologies
Harshul Joshi, Director, PwC
Wrap Up/ Door
Prizes
5:00 - 5:30 Sponsor Raffles and Conference Closing Remarks , Sumit Kalra and Jay Swaminantham
Session 1.1— Risks and Controls to Consider in Working with Infrastructure As A Service
(IaaS) Cloud Providers: 9:00 A.M. – 10:00 A.M.
Pete Nicoletti, CCSK, CISSP, CISA, CCNE, FCNSP
VP of Security Engineering, terremark, A Verizon Company
In this presentation we will look at an IaaS providers foundation and architecture…and the challenges in auditing and security
a “cloud.” We will review the issues of securing a multi-tenant architecture and what to look for from your provider. We
will also examine relevant guidance and audit information from: the CSA, RACI charts, Shared Assessments, SAS 70II, PCI,
ISO 27000, NIST 800-53aR3, FedRAMP, State Breach Laws and more. This presentation will provide you with a good review
of the risks and controls that you should be aware of if you are looking at IaaS providers.
Pete Nicoletti, CCSK, CISSP, CISA, CCNE, FCNSP, has 27 years of experience in the
Marketing, Sales, Development, Implementation and Management of all types of Information Tech-
nologies. He is internationally regarded as a wireless pioneer having built the world’s first com-
mercially viable Wireless ISP with over 500 antenna locations. Formally he was the CSO/CTO of
one of the most successful SMB Focused Managed Security Service Company’s and managed the
security for hundreds of clients. Steve Balmer presented him the “Microsoft Industry Solutions”
Award at Comdex 2000 for the most innovative and advanced implementation of Microsoft appli-
cations for a large VoIP/CRM travel agent system. Pete has owned several Computer Networking
Consulting Companies and was Citrix Reseller of the Year two times. He is currently the Vice
President of the South Florida Information Systems Security Administrators after three years as President, VP on the Board
of Directors of the FBI Infragard, a member of ISACA, Internet Coast, Honeynet Alliance, Computer Security Institute, IEEE,
Secret Service Miami Electronic Crimes Task Force, EFF, Union of Concerned Scientists, Anti-phishing Working Group and
the Cloud Security Alliance. Pete recently completed a chapter on Content Filtering for the college textbook: “Computer
and Information Security.” Pete is currently the VP of Security Engineering for Terremark Worldwide with responsibility for
all Federal and Commercial Managed Security Consulting and Design. Terremark, now owned by Verizon is a leading Cloud
Provider for the Federal Government, F1000 and Global companies concerned with security in their cloud.
Session 1.2 — Controls Automation in the Context of Cloud Architecture; Private Cloud,
Community Cloud, Public Cloud and Hybrid Cloud: 10:10 A.M. – 11:10 A.M.
Brad Ames, CPA, CISA, Internal Audit Director of Professional Practices
at Hewlett-Packard Company (HP)
Ames is an Internal Audit Director of Professional Practices at Hewlett-Packard Company in Palo Alto, California. Brad’s
team is responsible for innovating and deploying non-traditional audit solutions for measuring risk to the business and short-
ening the time to management action. His role involves close collaboration with HP’s governance groups, customers and
external auditors in order to gain an ongoing view of emerging risk enterprise-wide. His
team has established continuous monitoring for the purpose of simplifying SOX 404 at-
testation and reducing the cost of compliance. Brad is a member of the Institute of Inter-
nal Auditor’s Professional Issues Committee. He is a CPA and Certified Information Sys-
tem Auditor with 10 years of experience in Public Accounting.
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Page 8
2011 Summer Conference Speakers — Thursday, August 25th, 2011
Day One—Security Track
Page 9
Session 1.3 — Virtually Safe : 11:20 A.M.— 12:20 P.M.
Dameon D. Welch-Abernathy, CISSP,
Strategic Alliance Manager, Check Point Software Technologies Ltd.
This session will is designed to engage thought processes around the decision to move toward vir-
tual technologies.
Is your organization moving towards virtualization? The push for greener solutions that do more with
less, has made people take a hard look at a virtualization strategy for managing infrastructure. Multi-
core architectures have brought a new level of power to the end users, but without the software
being specifically designed to take full advantage of it, there is no perceivable benefit coming from
these systems. This presentation seeks to demonstrate unique ways to not just ensure threat manage-
ment for a virtual infrastructure, but to also leverage it as part of the infrastructure change. When you take away the buzz,
and the clouds abate, will you be left with clear skies?
Dameon D. Welch-Abernathy, CISSP, a.k.a. “PhoneBoy,” has provided aid and assistance to countless IT professionals
since 1996. Best known as the author of two books on Check Point VPN-1/FireWall-1 as well as creator of a well-visited
FAQ site on the Check Point products, Welch-Abernathy currently works as a Strategic Alliance Manager for Check Point
Software Technologies. . Prior to that, Welch-Abernathy spent 10 years in Nokia’s Security Appliance Business, which was
acquired by Check Point Software Technologies in April 2009.
Welch-Abernathy writes on the subjects of VoIP, Telecom, Network Security, Gadgets and Technology, as well as the occa-
sional Nokia or Check Point-related item.
Session Description
Virtualization, in and of itself, is an IT infrastructure strategy, not a security strategy, and as such, this presentation seeks to
define security models that not only secure, but take advantage of ‘Cloud’ computing designs. The definition of ‘Cloud’ com-
puting models can be complex and will mean different things to different organizations, but defining the model is a require-
ment to being able to map to strategies that protect those assets. Building a security model for virtualization needs to happen
as part of the planning process to be most effective, but on closer review, the audience should discover much of the planning
work done for them, when they are able to conceptualize the strategy. Much of what we do today to protect data can be
reused, but you will find that virtualization presents both a unique challenge, and a unique opportunity to create a safe envi-
ronment to grow your services oriented computing models. Whether it is in the ‘Cloud’, or in the components of hardware
that make it up, security is adapting to fit the needs. This session will define various ‘Cloud’ models, and the options for creat-
ing a secure infrastructure around them. When defining a strategy to abstract
hardware and the dissemination of resources, let’s make sure security is consid-
ered to protect the design, as well as benefit from it.
2011 Summer Conference Instructors — Thursday, August 25th, 2011
Day One—Security Track
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Page 10
Session 1.4 — Risks in Outsourcing to the Cloud vs. SaaS; Cloud security Architecture:
1:40 P.M. -2:40 P.M. Harshul Joshi, CISSP, CISA, CISM, Director PwC
Harshul Joshi - is a Director in the security practice for PwC, with primary areas of focus in IT security and compliance based
risk assessments, Threat and Vulnerability modeling and security architecture. He has worked with various compliance stan-
dards including PCI (Payment Card Industry), Sarbanes Oxley 404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card In-
dustry) and SAS 70. Harshul has worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives
and is an internationally known speaker. Some of the sample topics he speaks on include PCI, Wireless Security, Auditing
Firewalls and Intrusion Detection, Risks of IT Outsourcing and Off shoring and Performing IT Risk assessment from a Busi-
ness stand-point. He has spoken at various conferences in Singapore, India and in United States. He is a regular speaker at
ISACA North American Conference as well as Network Security Conference.
Harshul is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and
Certified Information Security Manager (CISM).
Harshul has an MBA in International Business and a
MS in Information Systems. Prior to joining PwC,
Harshul was a Director of Technology consulting for
CBIZ MHM LLC, where he headed the security
practice creating and delivering risk assessment ser-
vices. He also spearheaded IT security and compli-
ance at Sony Corporate audit group performing
compliance and audit assessments for Sony Electron-
ics, Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a
Security Architect with Verizon / GTE.
Session 1.5 — Emerging Security Standards for the Cloud vs. SaaS: 2:50 P.M - 3:50 P.M
Rebecca Swain, CIPP/IT, CIPP, CISSP, CISA
Becky Swain is a Partner with EKKO Consulting and has over 12 years of information security
and privacy experience, designing, implementing, improving and measuring the effectiveness of
policies, processes, and internal controls as a senior auditor, consultant and risk management
practitioner involving complex and critical business operations and technical architectures with
Fortune 500 companies based in Silicon Valley. As Co-Founder/Chair & Chief Architect, Cloud
Security Alliance (CSA) Cloud Controls Matrix (CCM), Mrs. Swain is actively engaged in devel-
opment and adoption of cloud security and privacy standards participating with CSA and ISO/
IEC as both contributor and project co-editor for ISO/IEC 27036 – Information technology –
Security techniques: Information Security for Supplier Relationships – Part 1. Mrs. Swain holds
numerous information security related certifications, including CISSP, CISA, CIPP and CIPP/IT, is
an active member in professional affiliations (e.g., CSA, IAPP, and ISACA), serves on the Board
of the CSA Silicon Valley Chapter, has recently been appointed as Security Lead for the Cloud-
NOW (Network of Women) Special Interest Group (SIG), and is an ‘Information Security
Practitioner’ category finalist in the (ISC)2
2011 Americas Information Security Leadership
Awards (Americas ISLA).
2011 Summer Conference Instructors — Thursday, August 25th, 2011
Day One—Security Track
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Page 11
Session 1.8 — Panel Discussion - Business Drivers Vs. Standards and Legislation Impacting
Cloud Services:
Moderator: Robin Basham, Senior Director of Enterprise GRC, SOAProjects, is
recognized across several industries as an ICT and GRC expert, assist-
ing clients to architect and implement GRC Platforms, and with Green Tech initiatives. Past Banking
Operations Officer, and Master Educator, Ms. Basham's Certifications include ITIL, CobiT, Network-
ing, Java Enterprise, Information Audit and Security, CGEIT, ACGTA and most recently the CRISC.
Technical Advisory, Executive leadership and Steering Committees include ISACA, OASIS, OMG,
and AWC. Ms. Basham holds two graduate degrees in IT and Education, and is a founding member
for Control Objectives for Sustainable Business, COSB. She is the creator of Facilitated Compliance
Management software and founded Phoenix Business and Systems Process.
Panelist: Benny Kirsh - CIO of Infoblox, a leading company in network automation
and control, Benny Kirsh, is an accomplished, results-oriented
information technology professional with more than 20 years of
experience in various industries. He has held several CIO posi-
tions. He joined The Cooper Companies to lead an ERP implementation and drive a cultural change
necessary for a global rollout. He also led a highly professional IT team in implementing several sys-
tems such as financials, distribution, supply chain and others. He established a Change Management
process to create transparency and build a strong working relationship within the business. Prior to
The Cooper Companies, Benny was the first CIO at Kyphon, a company experiencing significant
growth. His most important objective was to lay the technology foundation for growth while sustain-
ing the flexibility required for Kyphon to function in a competitive market. He was responsible for implementing critical sys-
tems such as ERP, Quality Assurance, Workflow, Clinical Trial Systems and others. Benny relocated to the US from Israel
with an International Enterprise, Terayon Communication Systems, bringing with him a wealth of global experience.
Panelist: Carson Sweet, Is co-founder and CEO of
CloudPassage. His information security career has spanned nearly
two decades and includes a broad range of entrepreneurial, manage-
ment and hands-on technology experience. As a senior information
security strategy and technology consultant, Carson has created and implemented groundbreaking
security solutions across a range of industries and public sectors. Prior to co-founding CloudPassage he served as RSA's prin-
cipal solutions architect for the financial services sector, where he specifically focused on virtualization & cloud security,
Internet application controls, data protection and anti-fraud. Carson formerly served as founding CSO for GlobalNetX-
change (now Agentrics) and CTO for the Investor Responsibility Research Center (now the RiskMetrics Group). He also
founded security consulting and managed services lines of business for RPM Consulting (acquired by Computer Horizons
Corporation), TimeBridge Technologies (acquired by Dimension Data) and Security Methods. Prior to his technology career
Carson served in the U.S. military as a heavy anti-armor weapons specialist and later as a career firefighter-paramedic. He
studied emergency health sciences at the Jefferson College for Health Sciences, pre-medical neuropsychology at Virginia
Commonwealth University/Medical College of Virginia and information technology at the University of Massachusetts.
2011 Summer Conference Instructors — Thursday, August 25th, 2011
Day One—Security Track
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Page 12
Panelist: Marlin Pohlman is Chief Governance Officer at EMC. In this role he coordinates the activities of standards
based IT governance with EMC, its Security Division RSA and its
holdings in VMWare and Acadia. Within the Cloud Security Alliance
he is Global Strategy Board Chair & Director, coordinating the ac-
tivity of technical work groups within the alliance and acting as liai-
son with external cloud standards bodies. Within the CSA Dr. Pohlman is also the active Co-Chair
of the Controls Matrix and Consensus Assessments work groups as well as Co-chair of the Cloud
Audit/A6 Standards Work Group. He holds a Ph.D. in Computer Science, an MBA in technology
management, and bachelors in Engineering Physics. Dr. Pohlman is a licensed engineer and holds the
CSA CCSK certification the ISC2 CISSP certification as well as the ISACA CISM, CISA, CGEIT,
CRISC certifications. He is also a trained paralegal.
Returning to our stage from presentations throughout the day, please also welcome,
Panelist: Brad Ames, Director Internal Audit, Hewlett Packard Company
(See page 7)
Panelist: Becky Swain, Cloud Security Alliance,
Partner, EKKO Consulting Group
(See page 8)
Panelist: Pete Nicoletti, VP Security Engineering, terremark, A Verizon Company
(See page 7)
2011 Summer Conference Instructors — Thursday, August 25th, 2011
Day One—Security Track
Page 13
Session 2.1— Planning and Scoping the Cloud Audit : 8:30 A.M. – 10:00 A.M.
Cara M. Beston, Partner, PwC
In this presentation, compliance leaders from PwC will look at recommended best practice for plan-
ning and scoping audit in environments that either partially or entirely leverage Cloud technologies.
Leading the discussion is Cara Beston, Partner and head of Risk Assurance Cloud Computing services,
as well as published author of such articles as “Look Before You Leap Into the Cloud, The Promise of
Lower Capital and Operational Costs Isn’t the Only Benefit of Cloud Computing”, (Copyright © 2010
SYS-CON Media, Inc.).
This session will cover redefining audit objectives, boundaries of review, documenting risks, and deliv-
erables in the context of cloud enabled platforms, resources and services.
Cara Beston is a partner based in San Jose, CA and leading the Risk Assurance Cloud Computing services. She specializes
in IT and process risk and control assurance services to IT, Internal Audit and business leaders in the Technology sector. In
her 22 years with PwC, Cara has served over 80 technology clients, including key Cloud enabling enterprises, Cisco Systems,
VMware, 3Par, SaaS providers Taleo, Webex and Proofpoint, and a number of on-line businesses including Shutterfly, CBS
Interactive, Zappos.com and others. Cara graduated summa cum laude from Bridgewater College, MA and is a member of the
AICPA. She lives in Pleasanton, CA with her husband and 3 children.
Eric Tan, CISA, CGEIT, CPA, Director, PwC
Joining Cara, is Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of experience
delivering IT governance and risk management solutions. Eric currently leads PwC's
cloud and internet assurance practice based in Silicon Valley. He serves as an internal
audit and compliance advisor to various leading SaaS providers in the bay area. His ex-
perience includes leading large scale system assessments, performing risk and security
reviews; business continuity & disaster recovery diagnostics, and helping his clients im-
plement various compliance and control solutions. Eric focuses on clients in the technol-
ogy sector. Clients he has served includes Google, eBay, LinkedIn, Novell, Tibco, Shut-
terfly, and Proofpoint. 
2011 Summer Conference Speakers — Friday, August 26th, 2011
Audit Track - Keynote
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Page 14
2011 Summer Conference Speakers — Friday, August 26th, 2011
Audit Track
Session 2.2 — Governance and Enterprise Risk Management (ERM) The GRC Stack: 10:10
A.M. – 11:10 A.M.
Dr. Marlin Pohlman, Chief Governance Officer at EMC
In this role he coordinates the activities of standards based IT governance with EMC,
its Security Division RSA and its holdings in VMWare and Acadia. Within the Cloud Secu-
rity Alliance he is Global Strategy Board Chair & Director, coordinating the activity of tech-
nical work groups within the alliance and acting as liaison with external cloud standards
bodies. Within the CSA Dr. Pohlman is also the active Co-Chair of the Controls Matrix and
Consensus Assessments work groups as well as Co-chair of the Cloud Audit/A6 Stan-
dards Work Group. He holds a Ph.D. in Computer Science, an MBA in technology man-
agement, and bachelors in Engineering Physics. Dr. Pohlman is a licensed engineer and
holds the CSA CCSK certification the ISC2 CISSP certification as well as the ISACA
CISM, CISA, CGEIT, CRISC certifications. He is also a trained paralegal.
In this session, Chief Governance Officer and highly regarded GRC expert, Dr. Marlin Pohlman, will cover Govern-
ance Models, Enterprise Risk Management, Information Risk Management, Third-party Management, Legal and
Electronic Discovery, Compliance and Audit and Portability and Interoperability.
Outsourcing critical business functions into the Cloud can result in challenges of maintaining assurance and control
over legal and regulatory obligations for data management and protection. In this session, we will guide you
through the process for establishing an effective cloud security program leveraging the Cloud Security Alliance
(CSA) Governance Risk & Compliance (GRC) Stack, providing you with real world examples of industry adoption.
The audience will particularly benefit by Marlin’s insights as the Chair CSA Strategy, Board, Co-Chair Cloud Control
Matrix, Founder/Co-Chair CSA Consensus Assessment, Co-Chair Cloud Audit. With over 18 years IT governance
and audit experience Marlin Pohlman is the editor elect of the ISO and ITU-T cloud information security manage-
ment standards. As the Chief Governance Officer at EMC Marlin Pohlman oversees the product strategy and stan-
dards compliance of the EMC Cloud GRC Portfolio.
Session 2.3 — Privacy in the Cloud: 11:30 A.M. - 12:30 P.M.
Doron Rotman, IT Advisory, KPMG
Doron is a member of the IT Advisory practice specializing in information govern-
ance, privacy, and security and is the National Privacy Service Leader. Doron is a
Managing Director in KPMG’s Advisory Services practice
with over 20 years of experience. Mr. Rotman is focused on
providing Privacy and Information Governance Service. He
is the national privacy service leader, a member of KPMG’s national Privacy Leadership
Council and a member of KPMG International Privacy Leadership team. He has extensive
high tech, financial services, manufacturing and government industry knowledge, both in the
information technology and the accounting and finance aspects. Doron delivered multiple
around the world on the topic of Privacy and the Cloud, recently at the NACACS 2011.
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Page 15
2011 Summer Conference Speakers — Friday, August 26th, 2011
Audit Track
Session 2.4 — Leveraging Data Security to Support eDiscovery and Records Manage-
ment:1:40 P.M. - 2:40 P.M.
Mark Diamond, President and CEO, Contoural, Inc.
Mark Diamond is one of the industry thought leaders
in proactive litigation readiness, compliance, and re-
cords information management strategies. His company, Contoural, has helped 20% of the For-
tune 500 plus many mid-sized and smaller organizations as well as public sector entities. Mark is
a frequent industry speaker, presenting at numerous Legal and IT industry conferences as well
as online venues. Additionally, Mark addresses more than one hundred internal corporate audi-
ences each year.
Mark is founder, President & CEO of Contoural, Inc. Under his leadership, Contoural has grown
to be a leading independent provider of litigation readiness and records and information management services. He
is recognized as a thought leader in litigation readiness and records information management. Mark is an online
columnist for InsideCounsel Magazine, as well as an author of numerous white papers for both the legal and IT
communities. He is also co-author of the Litigation Readiness Chapter of the West eDiscovery for Corporate
Counsel, 2010 ed. Previously Mark was chair of the Storage Networking Industry Association Security Customer
Advisory Board
Session 2.5 — Operating in the Cloud, Incident Response, Notification and Remediation,
Application Security, Data Security and Integrity, Identity and Access Management Virtu-
alization: 2:50 P.M. - 3:50 P.M.
David Ho, Ernst & Young
David Ho is a multi-disciplinary professional with over 13 years of experience in
IT, information security, and internal audit. He brings a
unique blend of strong technical skills with business acu-
men and drive for operational excellence. He specializes
in transforming information security organizations to en-
able business innovation, while managing the company's risk. He has led and executed on
technical information security implementation projects, audited complex IT systems for in-
formation security and data privacy controls, and program managed multiple multi-million
dollar security projects. David's specialties include Information security strategy and gov-
ernance, Data security and privacy, Internal audit and compliance, and Portfolio and program management. David
is an Information Security Senior Manager at Ernst & Young.
Page 16
2011 Summer Conference Speakers — Friday, August 26th, 2011
Audit Track
Session 2.8 — PCI and Tokenization Panel Discussion: 4:00 P.M. - 5:00 P.M
Jonathan Clark, CEO and founder of ExoIS, Inc. is a PCI QSA and security and com-
pliance expert. Jonathan is the Chief Architect of the SaaS product
PeepSafe, a portal based offering that allows organizations to relo-
cate processes and systems from their internal networks allowing
them to de-scope portions of , or in some cases their entire PCI
footprint. Prior to Exois, Jonathan started and sold a Web Company,
headed up IT for Morphics and developed an Enterprise Configuration Technology program at Applied
Materials, subsequently leading the rollout and deployment of the program in multiple Applied product
divisions globally. Jonathan has a BSc Honors in Mathematics from Bristol University, England. He also scored a great hatrick
against Watsonville in the Peninsula Premier League.
Walter Conway, Payment Card Industry Qualified Security Assessor (QSA) and ecommerce
consultant applying his 30-years of electronic payments and technology management experience to help-
ing clients plan, implement, and manage their credit card and e-commerce programs including achieving
PCI compliance. Walt spent over 10 years with Visa, and two years as president of an Internet-based
payment processor. His focus is assisting organizations of all sizes plan, implement, and manage their
credit card and ecommerce systems, including achieving PCI DSS compliance. In addition to his QSA
duties, Walt is PCI columnist for Storefront Backtalk.com, focusing on issues facing retailers, and con-
ducts PCI training workshops. He also writes a popular PCI blog focused on Higher Education compliance issues. He is a fre-
quent speaker on PCI DSS, security, and ecommerce topics at professional conferences and webinars. He co-authored Why
Banks View Campuses as High Risk Merchants, an examination of computer security breaches, and 5 Strategies to Achieve
PCI Compliance (both published by the Association of Financial Professionals). Other publications include Five Myths About
the PCI DSS (Government Finance Officers Association), Straight Talk about Data Security (in the NACUBO Business Officer), and
Back to School: What Colleges and Universities Can Teach About PCI Compliance (SPSP Payments News).
Abir Thakurta, CISSP, Director of Pre-Sales and Profes-
sional Services for Liaison Technologies has been instrumental
in shaping the data security industry since its infancy and helping it
to mature as enterprise security concerns have shifted to protecting
sensitive and confidential business and customer information. Thakurta works closely with customers
to help them develop and implement innovative, practical, all-encompassing security strategies to solve
organizational data protection problems. Thakurta often becomes the "go to" guy for customers seek-
ing advice on use of security solutions to reduce organizational risk and comply with data security mandates and privacy laws.
He actively works to educate the market through published articles in respected data security journals and by speaking at
industry conferences around the world. Thakurta holds a B.S. in Engineering for Manipal Institute of Technology in Manipal,
India, and a M.S. in Supply Chain Technology from the New Jersey Institute of Technology in Newark, New Jersey, and he
completed the Georgia Tech Management Program in Atlanta. He is a member of the Payment Card Industry’s Security Stan-
dards Council, ISC2 and the Technology Association of Georgia - Information Security Group.
Returning to the stage, Harshul Joshi, Director, PWC (Please see page 10)
Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
Page 17
2011 Summer Conference Speakers — Friday, August 26th, 2011
Audit Track
Final Comments and Conference Wrap Up:
Sumit Kalra, Director, BPM and Conference Director
Sumit Kalra, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages the Assur-
ance Services practice specializing in information technology, SAS70 Audits, and assess-
ments. His 12 years of industry experience include 6 years at international CPA firms, and 6
years at companies in the technology, consumer products and financial services industries.
His knowledge base spans a variety of ERP solutions and complex infrastructure implementa-
tions. Sumit has a BS in Accounting and Computer Information Systems from San Francisco
State University. In his
spare time, Sumit en-
joys cooking international cuisine.
We hope you enjoyed the presentations, and have gained valuable insights into
and learned new techniques about Cloud Security and Cloud Audit.
Before you leave, please fill-out the Speaker Assessment Form for today’s ses-
sion We will use your input to learn about our performance, and to improve
future conferences. Please leave the forms at the Registration Desk on your
way out.
Page 18
To register, or to gain additional information, including driving directions, please visit:
http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=4&Itemid=4
Venue Information
The 2011 Summer Conference will be held at:
Biltmore Hotel & Suites
2151 Laurelwood Road
Santa Clara, CA 95054
(408) 988-8411
(Free Parking)
2011 Summer Conference

More Related Content

What's hot

Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)
Cisco Canada
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
Scalar Decisions
 
Cio resume
Cio resumeCio resume
Webex Control Hub - IT Control no matter where they work
Webex Control Hub -IT Control no matter where they workWebex Control Hub -IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work
Cisco Webex
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Canada
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
ThousandEyes
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
Cyber Security Alliance
 
AOS - Overview
AOS - OverviewAOS - Overview
AOS - Overview
NGINX at F5
 
About Knight Security Systems
About Knight Security SystemsAbout Knight Security Systems
About Knight Security Systems
Knight Security Systems
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT Consolidation
SolarWinds
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016
SolarWinds
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco Canada
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Canada
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Marc Lijour, OCT, BSc, MBA
 
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds
 
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Yazad Khandhadia
 
Sangfor EasyConnect Brochure 2015 (Full)
Sangfor EasyConnect Brochure 2015 (Full)Sangfor EasyConnect Brochure 2015 (Full)
Sangfor EasyConnect Brochure 2015 (Full)
Sangfor Technologies USA
 
How to Transform Your Workplace with Hybrid Collaboration
How to Transform Your Workplace with Hybrid CollaborationHow to Transform Your Workplace with Hybrid Collaboration
How to Transform Your Workplace with Hybrid Collaboration
Cisco Webex
 
Troubleshooting Webex and Microsoft Teams with ThousandEyes
Troubleshooting Webex and Microsoft Teams with ThousandEyesTroubleshooting Webex and Microsoft Teams with ThousandEyes
Troubleshooting Webex and Microsoft Teams with ThousandEyes
ThousandEyes
 

What's hot (19)

Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
 
Cio resume
Cio resumeCio resume
Cio resume
 
Webex Control Hub - IT Control no matter where they work
Webex Control Hub -IT Control no matter where they workWebex Control Hub -IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
 
AOS - Overview
AOS - OverviewAOS - Overview
AOS - Overview
 
About Knight Security Systems
About Knight Security SystemsAbout Knight Security Systems
About Knight Security Systems
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT Consolidation
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
 
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
SolarWinds Federal User Group 2016 - SolarWinds Network Management Products U...
 
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...
 
Sangfor EasyConnect Brochure 2015 (Full)
Sangfor EasyConnect Brochure 2015 (Full)Sangfor EasyConnect Brochure 2015 (Full)
Sangfor EasyConnect Brochure 2015 (Full)
 
How to Transform Your Workplace with Hybrid Collaboration
How to Transform Your Workplace with Hybrid CollaborationHow to Transform Your Workplace with Hybrid Collaboration
How to Transform Your Workplace with Hybrid Collaboration
 
Troubleshooting Webex and Microsoft Teams with ThousandEyes
Troubleshooting Webex and Microsoft Teams with ThousandEyesTroubleshooting Webex and Microsoft Teams with ThousandEyes
Troubleshooting Webex and Microsoft Teams with ThousandEyes
 

Viewers also liked

Subtle Consciousness
Subtle ConsciousnessSubtle Consciousness
Subtle Consciousness
Hitoshi Tsuchiyama
 
Урок - 12, 19 марта, 2016
Урок - 12, 19 марта, 2016Урок - 12, 19 марта, 2016
Урок - 12, 19 марта, 2016
Burac Constantin
 
Fiestas colombianas
Fiestas colombianasFiestas colombianas
Fiestas colombianas
ArtesanaFoods
 
Decreto n°207 cámara, rancagua.
Decreto n°207 cámara, rancagua.Decreto n°207 cámara, rancagua.
Decreto n°207 cámara, rancagua.
elavsogal
 
Prueba II Cristian Mora
Prueba II Cristian MoraPrueba II Cristian Mora
Prueba II Cristian Mora
crisandres1995
 
Video farm animal song
Video farm animal songVideo farm animal song
Video farm animal song
martamunera
 
Escudo
EscudoEscudo
慈悲 - 作为普遍的道德伦理 - (Simplified Chinese)
慈悲 - 作为普遍的道德伦理 - (Simplified Chinese)慈悲 - 作为普遍的道德伦理 - (Simplified Chinese)
慈悲 - 作为普遍的道德伦理 - (Simplified Chinese)Hitoshi Tsuchiyama
 
Snfkldsfnkldsfkldshfkldshfkdlsfnhkldhfnklhweurygreyhtyhtrhhhtrywerwqkhriwehfehf
SnfkldsfnkldsfkldshfkldshfkdlsfnhkldhfnklhweurygreyhtyhtrhhhtrywerwqkhriwehfehfSnfkldsfnkldsfkldshfkldshfkdlsfnhkldhfnklhweurygreyhtyhtrhhhtrywerwqkhriwehfehf
Snfkldsfnkldsfkldshfkldshfkdlsfnhkldhfnklhweurygreyhtyhtrhhhtrywerwqkhriwehfehfsummer707
 
Armour R&D Final Report_CYJong-Du
Armour R&D Final Report_CYJong-DuArmour R&D Final Report_CYJong-Du
Armour R&D Final Report_CYJong-Du
Chee Yie Jong
 
Modul 6 Perulangan
Modul 6 PerulanganModul 6 Perulangan
Modul 6 Perulangan
Riki Afriansyah
 
Урок - 11, 10 декабря 2016
Урок - 11, 10 декабря 2016Урок - 11, 10 декабря 2016
Урок - 11, 10 декабря 2016
Burac Constantin
 
Tercer militarismo
Tercer militarismo Tercer militarismo
Tercer militarismo
Armando Calla
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
festival ICT 2016
 
Дезинтермедиация рынка логистики
Дезинтермедиация рынка логистикиДезинтермедиация рынка логистики
Дезинтермедиация рынка логистики
Клуб Логистов | Логист.ру
 
gout and anti gout drugs pharmacology
gout and anti gout drugs pharmacologygout and anti gout drugs pharmacology
gout and anti gout drugs pharmacology
Koppala RVS Chaitanya
 

Viewers also liked (18)

Subtle Consciousness
Subtle ConsciousnessSubtle Consciousness
Subtle Consciousness
 
Egorova 108 6
Egorova 108 6Egorova 108 6
Egorova 108 6
 
Урок - 12, 19 марта, 2016
Урок - 12, 19 марта, 2016Урок - 12, 19 марта, 2016
Урок - 12, 19 марта, 2016
 
Fiestas colombianas
Fiestas colombianasFiestas colombianas
Fiestas colombianas
 
Decreto n°207 cámara, rancagua.
Decreto n°207 cámara, rancagua.Decreto n°207 cámara, rancagua.
Decreto n°207 cámara, rancagua.
 
Dan škole
Dan školeDan škole
Dan škole
 
Prueba II Cristian Mora
Prueba II Cristian MoraPrueba II Cristian Mora
Prueba II Cristian Mora
 
Video farm animal song
Video farm animal songVideo farm animal song
Video farm animal song
 
Escudo
EscudoEscudo
Escudo
 
慈悲 - 作为普遍的道德伦理 - (Simplified Chinese)
慈悲 - 作为普遍的道德伦理 - (Simplified Chinese)慈悲 - 作为普遍的道德伦理 - (Simplified Chinese)
慈悲 - 作为普遍的道德伦理 - (Simplified Chinese)
 
Snfkldsfnkldsfkldshfkldshfkdlsfnhkldhfnklhweurygreyhtyhtrhhhtrywerwqkhriwehfehf
SnfkldsfnkldsfkldshfkldshfkdlsfnhkldhfnklhweurygreyhtyhtrhhhtrywerwqkhriwehfehfSnfkldsfnkldsfkldshfkldshfkdlsfnhkldhfnklhweurygreyhtyhtrhhhtrywerwqkhriwehfehf
Snfkldsfnkldsfkldshfkldshfkdlsfnhkldhfnklhweurygreyhtyhtrhhhtrywerwqkhriwehfehf
 
Armour R&D Final Report_CYJong-Du
Armour R&D Final Report_CYJong-DuArmour R&D Final Report_CYJong-Du
Armour R&D Final Report_CYJong-Du
 
Modul 6 Perulangan
Modul 6 PerulanganModul 6 Perulangan
Modul 6 Perulangan
 
Урок - 11, 10 декабря 2016
Урок - 11, 10 декабря 2016Урок - 11, 10 декабря 2016
Урок - 11, 10 декабря 2016
 
Tercer militarismo
Tercer militarismo Tercer militarismo
Tercer militarismo
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
Дезинтермедиация рынка логистики
Дезинтермедиация рынка логистикиДезинтермедиация рынка логистики
Дезинтермедиация рынка логистики
 
gout and anti gout drugs pharmacology
gout and anti gout drugs pharmacologygout and anti gout drugs pharmacology
gout and anti gout drugs pharmacology
 

Similar to 2011 Summer Conference Brochure

Seattle Technology Leadership Forum May 2015
Seattle Technology Leadership Forum May 2015 Seattle Technology Leadership Forum May 2015
Seattle Technology Leadership Forum May 2015
Catherine Crandall
 
Oracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessionsOracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessions
Oracle
 
Polygraph Only Cleared Job Fair Job Seeker Handbook March 12, 2015, BWI, Md
Polygraph Only Cleared Job Fair Job Seeker Handbook March 12, 2015, BWI, MdPolygraph Only Cleared Job Fair Job Seeker Handbook March 12, 2015, BWI, Md
Polygraph Only Cleared Job Fair Job Seeker Handbook March 12, 2015, BWI, Md
ClearedJobs.Net
 
Cleared Job Fair Job Seeker Handbook Oct 6, 2016, Tysons Corner, Virginia
Cleared Job Fair Job Seeker Handbook Oct 6, 2016, Tysons Corner, VirginiaCleared Job Fair Job Seeker Handbook Oct 6, 2016, Tysons Corner, Virginia
Cleared Job Fair Job Seeker Handbook Oct 6, 2016, Tysons Corner, Virginia
ClearedJobs.Net
 
CSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY  Metro Inaugural Event 5 17 2011 FinalCSA NY  Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 Final
Peister
 
Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day
Salesforce - Sweden, Denmark, Norway
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
VISI
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
Redpath Consulting Group
 
CI or FS Poly-Only Cleared Job Fair Job Seeker Handbook Sept 15, 2016, BWI, MD
CI or FS Poly-Only Cleared Job Fair Job Seeker Handbook Sept 15, 2016, BWI, MDCI or FS Poly-Only Cleared Job Fair Job Seeker Handbook Sept 15, 2016, BWI, MD
CI or FS Poly-Only Cleared Job Fair Job Seeker Handbook Sept 15, 2016, BWI, MD
ClearedJobs.Net
 
Post-Event-Report-Delegate
Post-Event-Report-DelegatePost-Event-Report-Delegate
Post-Event-Report-Delegate
Alan Royal
 
SFbayACM ACM Data Science Camp 2015 10 24
SFbayACM ACM Data Science Camp 2015 10 24SFbayACM ACM Data Science Camp 2015 10 24
SFbayACM ACM Data Science Camp 2015 10 24
Greg Makowski
 
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
Marc Lester
 
Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019
Andreas M. Oswald
 
Chief Data Stewards Council In Moscow : Workshop : ROI Of Data Governance
Chief Data Stewards Council In Moscow  : Workshop : ROI Of Data GovernanceChief Data Stewards Council In Moscow  : Workshop : ROI Of Data Governance
Chief Data Stewards Council In Moscow : Workshop : ROI Of Data Governance
Milomir Vojvodic
 
Big Leaf Consulting Community Bank Playbook (Public- 8.19.16)
Big Leaf Consulting Community Bank Playbook (Public- 8.19.16)Big Leaf Consulting Community Bank Playbook (Public- 8.19.16)
Big Leaf Consulting Community Bank Playbook (Public- 8.19.16)
Abiola Kalejaiye, Esq.
 
B. Lee Jones - Resume 2021
B. Lee Jones - Resume 2021B. Lee Jones - Resume 2021
B. Lee Jones - Resume 2021
Silicon Valley Innovation School
 
Enterprise Asset Management 2014 agenda
Enterprise Asset Management 2014 agendaEnterprise Asset Management 2014 agenda
Enterprise Asset Management 2014 agenda
Copperberg
 
RSA Conference 2008 Marketing Plan
RSA Conference 2008 Marketing PlanRSA Conference 2008 Marketing Plan
RSA Conference 2008 Marketing Plan
Elliott Lowe
 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17
Splunk
 
March cybersecurity powerpoint
March cybersecurity powerpointMarch cybersecurity powerpoint
March cybersecurity powerpoint
Courtney King
 

Similar to 2011 Summer Conference Brochure (20)

Seattle Technology Leadership Forum May 2015
Seattle Technology Leadership Forum May 2015 Seattle Technology Leadership Forum May 2015
Seattle Technology Leadership Forum May 2015
 
Oracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessionsOracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessions
 
Polygraph Only Cleared Job Fair Job Seeker Handbook March 12, 2015, BWI, Md
Polygraph Only Cleared Job Fair Job Seeker Handbook March 12, 2015, BWI, MdPolygraph Only Cleared Job Fair Job Seeker Handbook March 12, 2015, BWI, Md
Polygraph Only Cleared Job Fair Job Seeker Handbook March 12, 2015, BWI, Md
 
Cleared Job Fair Job Seeker Handbook Oct 6, 2016, Tysons Corner, Virginia
Cleared Job Fair Job Seeker Handbook Oct 6, 2016, Tysons Corner, VirginiaCleared Job Fair Job Seeker Handbook Oct 6, 2016, Tysons Corner, Virginia
Cleared Job Fair Job Seeker Handbook Oct 6, 2016, Tysons Corner, Virginia
 
CSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY  Metro Inaugural Event 5 17 2011 FinalCSA NY  Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 Final
 
Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
CI or FS Poly-Only Cleared Job Fair Job Seeker Handbook Sept 15, 2016, BWI, MD
CI or FS Poly-Only Cleared Job Fair Job Seeker Handbook Sept 15, 2016, BWI, MDCI or FS Poly-Only Cleared Job Fair Job Seeker Handbook Sept 15, 2016, BWI, MD
CI or FS Poly-Only Cleared Job Fair Job Seeker Handbook Sept 15, 2016, BWI, MD
 
Post-Event-Report-Delegate
Post-Event-Report-DelegatePost-Event-Report-Delegate
Post-Event-Report-Delegate
 
SFbayACM ACM Data Science Camp 2015 10 24
SFbayACM ACM Data Science Camp 2015 10 24SFbayACM ACM Data Science Camp 2015 10 24
SFbayACM ACM Data Science Camp 2015 10 24
 
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
Jacksonville, FL Administrator Trailblazer Community Group Florida Dreamin' G...
 
Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019Cybersecurity Snapshot December_2019
Cybersecurity Snapshot December_2019
 
Chief Data Stewards Council In Moscow : Workshop : ROI Of Data Governance
Chief Data Stewards Council In Moscow  : Workshop : ROI Of Data GovernanceChief Data Stewards Council In Moscow  : Workshop : ROI Of Data Governance
Chief Data Stewards Council In Moscow : Workshop : ROI Of Data Governance
 
Big Leaf Consulting Community Bank Playbook (Public- 8.19.16)
Big Leaf Consulting Community Bank Playbook (Public- 8.19.16)Big Leaf Consulting Community Bank Playbook (Public- 8.19.16)
Big Leaf Consulting Community Bank Playbook (Public- 8.19.16)
 
B. Lee Jones - Resume 2021
B. Lee Jones - Resume 2021B. Lee Jones - Resume 2021
B. Lee Jones - Resume 2021
 
Enterprise Asset Management 2014 agenda
Enterprise Asset Management 2014 agendaEnterprise Asset Management 2014 agenda
Enterprise Asset Management 2014 agenda
 
RSA Conference 2008 Marketing Plan
RSA Conference 2008 Marketing PlanRSA Conference 2008 Marketing Plan
RSA Conference 2008 Marketing Plan
 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17
 
March cybersecurity powerpoint
March cybersecurity powerpointMarch cybersecurity powerpoint
March cybersecurity powerpoint
 

More from EnterpriseGRC Solutions, Inc.

CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
EnterpriseGRC Solutions, Inc.
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
EnterpriseGRC Solutions, Inc.
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
EnterpriseGRC Solutions, Inc.
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
EnterpriseGRC Solutions, Inc.
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
EnterpriseGRC Solutions, Inc.
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
EnterpriseGRC Solutions, Inc.
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
EnterpriseGRC Solutions, Inc.
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
EnterpriseGRC Solutions, Inc.
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
EnterpriseGRC Solutions, Inc.
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
EnterpriseGRC Solutions, Inc.
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
EnterpriseGRC Solutions, Inc.
 
The value of our data
The value of our dataThe value of our data
The value of our data
EnterpriseGRC Solutions, Inc.
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
EnterpriseGRC Solutions, Inc.
 
Green Tech
Green TechGreen Tech

More from EnterpriseGRC Solutions, Inc. (16)

CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
 
Green Tech
Green TechGreen Tech
Green Tech
 

2011 Summer Conference Brochure

  • 1. Our Sponsors - page 3 -4 Welcome - page 5 Schedule of Events - page 6 - 7 Speaker biographies - page 8 - 17 Venue information - page 18 August 25th, 26th, 2011 — San Jose, California ISACA SiliconValley 2011 Summer Conference 2011 Summer Conference Auditing and Securing the Cloud CONTENTS 16 CPE’s!
  • 3. ISACA Silicon Valley 2011 Summer Conference Page 3 ; Platinum Sponsors: This conference would not be possible without the generous support of our sponsors —THANK YOU! http://www.infoblox.com http://www.checkpoint.com Gold Sponsors: http://www.soaprojects.com http://www.pwc.com http://www.bpmllp.com http://www.whitehatsec.com
  • 4. Page 4 Silver Sponsors: This conference would not be possible without the generous support of our sponsors —THANK YOU! DISCLAIMER As it is the objective of the Silicon Valley Chapter of the Information Systems Audit and Control Association to provide a forum for the expression of ideas and opinions, statements of opinion appearing herein are not necessarily those of the Chapter or its directors and officers. Additionally, We would like to thank the following companies for supplying time and support to our Conference Speakers: http://www.terremark.com http://www.cloudpassage.com http://www.hp.com http://www.emc.com http://www.ekkoconsulting.com/ http://www.contoural.com http://www.kpmg.com http://www.ey.com http://www.hp.com http://www.hp.com
  • 5. Welcome! Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18 ISACA Silicon Valley has been providing IT Audit, Security, and Governance Professionals with the training and networking opportunities they need to not just compete but to thrive since 1982. We are continuing this tradition at our 2011 Summer Con- ference, at which we are offering full day of semi- nars that move beyond theory to emphasize practi- cal skills you can utilize at work or to improve your marketability. The Conference Committee has worked hard to provide you with a cost effective, value added, high quality educational and networking opportunity for ISACA members and other professionals in related fields — we hope we have succeeded. As always, you input is greatly appreciated, and we strongly en- courage you to fill-out the Evaluation Forms at the end of each day. You are also welcome to seek us out with any comments or suggestions you might have to help us continually improve. Kind Regards, The 2011 Summer Conference Committee • Sumit Kalra, Conference Director, TheConference-Director@isaca-sv.org • Jay Swaminathan, Chapter President, ThePresident@isaca-sv.org • Greg Edwards, Vice President • Minel Diaz, Treasurer • Mike Jordan, Certification Director • Robert Ikeoka, Program Director • Navarasu Dhanasekar, Marketing & Communications Director • John Barchie, Conference Committee Chair • Robin Basham, Conference Committee Volunteer • Davor Borcic, Conference Committee Volunteer ISACA SILICONVALLEY 2011 SUMMER CONFERENCE COMMITTEE MEMBERS Page 5
  • 6. ISACA Silicon Valley 2011 Summer Conference 2011 Summer Conference Schedule Thursday, August 25th Agenda Time Topic Speaker Registration 8:00 - 8:30 Continental Breakfast and Registration Breakfast & Announcements 8:30 - 9:00 Networking Session 1.1 Keynote 9:00 - 10:00 Risks and Controls to Consider in working with Infrastructure As a Service (IaaS) Cloud Providers Peter Nicoletti, VP of Security Engineering, terremark, A Verizon Company Session 1.2 10:10 - 11:20 Controls Automation in the Context Cloud Architecture, Private Cloud, Community Cloud, Public Cloud, Hybrid Cloud Brad Ames, Director Internal Audit, HP Session 1.3 11:30 - 12:30 Virtually Safe: Managing from Threats to Clear Skies Dameon D. Welch-Abernathy, Strategic Alliance Manager, Check Point Software Technologies Ltd. Lunch 12:30 - 1:30 Lunch and Networking Enjoy time with our Platinum, Gold and Silver Sponsors Session 1.4 1:40-2:40 Risk with outsourcing to the Cloud vs. SaaS Harshul Joshi, Director, PwC Session 1.5 2:50-3:50 Emerging Security Standards for the Cloud vs. SaaS Becky Swain, Partner, EKKO Session 1.8 4:00-5:30 Panel Discussion: Business Drivers Vs. Legislation and Standards Driving Cloud Services Moderator - Robin Basham, Sr. Director, SOAProjects Carson Sweet, CEO, CloudPassage Becky Swain, Partner, EKKO Marlin Pohlman, Chief Governance Officer, EMC Benny Kirsh, CIO, Infoblox Peter Nicoletti, VP, terremark, A Verizon Company Brad Ames, Director Internal Audit, HP Reception 5:30 - 6:30 Networking Event Enjoy time with our Platinum, Gold and Silver Sponsors Enjoy time with our Platinum, Gold and Silver Sponsors Page 6
  • 7. ISACA Silicon Valley 2011 Summer Conference 2011 Summer Conference Schedule Page 7 Friday, August 26th Agenda Time Topic Speaker Registration 8:00 - 8:30 Continental Breakfast and Registration Enjoy time with our Platinum, Gold and Silver SponsorsNetworking Session 2.1 Keynote 8:30 - 10:00 Planning and Scoping the Cloud Audit Cara M. Beston, Partner, PwC Eric Tan, Director, PwC Session 2.2 10:10 - 11:20 Governance and Enterprise Risk Manage- ment (ERM) The GRC Stack Marlin Pohlman, Chief Governance Officer, EMC Session 2.3 11:30 - 12:30 Privacy in the Cloud Doron Rotman, IT Advisory, KPMG Lunch 12:30 - 1:30 Lunch and Networking Enjoy time with our Platinum, Gold and Silver Sponsors Session 2.4 1:40-2:40 Leveraging Data Security to Support eDiscovery and Records Management Mark Diamond, Contoural, Inc. Session 2.5 2:50-3:50 Operating in the Cloud Incident Response, Notification and Reme- diation, Application Security, Data Security and Integrity, Identity and Access Manage- ment Virtualization, David Ho, Ernst & Young Session 2.8 4:00-5:00 PCI and Tokenization Panel Discussion Jonathan Clark, CEO, ExoIS, Inc. Walter Conway, (QSA) Abir Thakurta, Director, Liaison Technologies Harshul Joshi, Director, PwC Wrap Up/ Door Prizes 5:00 - 5:30 Sponsor Raffles and Conference Closing Remarks , Sumit Kalra and Jay Swaminantham
  • 8. Session 1.1— Risks and Controls to Consider in Working with Infrastructure As A Service (IaaS) Cloud Providers: 9:00 A.M. – 10:00 A.M. Pete Nicoletti, CCSK, CISSP, CISA, CCNE, FCNSP VP of Security Engineering, terremark, A Verizon Company In this presentation we will look at an IaaS providers foundation and architecture…and the challenges in auditing and security a “cloud.” We will review the issues of securing a multi-tenant architecture and what to look for from your provider. We will also examine relevant guidance and audit information from: the CSA, RACI charts, Shared Assessments, SAS 70II, PCI, ISO 27000, NIST 800-53aR3, FedRAMP, State Breach Laws and more. This presentation will provide you with a good review of the risks and controls that you should be aware of if you are looking at IaaS providers. Pete Nicoletti, CCSK, CISSP, CISA, CCNE, FCNSP, has 27 years of experience in the Marketing, Sales, Development, Implementation and Management of all types of Information Tech- nologies. He is internationally regarded as a wireless pioneer having built the world’s first com- mercially viable Wireless ISP with over 500 antenna locations. Formally he was the CSO/CTO of one of the most successful SMB Focused Managed Security Service Company’s and managed the security for hundreds of clients. Steve Balmer presented him the “Microsoft Industry Solutions” Award at Comdex 2000 for the most innovative and advanced implementation of Microsoft appli- cations for a large VoIP/CRM travel agent system. Pete has owned several Computer Networking Consulting Companies and was Citrix Reseller of the Year two times. He is currently the Vice President of the South Florida Information Systems Security Administrators after three years as President, VP on the Board of Directors of the FBI Infragard, a member of ISACA, Internet Coast, Honeynet Alliance, Computer Security Institute, IEEE, Secret Service Miami Electronic Crimes Task Force, EFF, Union of Concerned Scientists, Anti-phishing Working Group and the Cloud Security Alliance. Pete recently completed a chapter on Content Filtering for the college textbook: “Computer and Information Security.” Pete is currently the VP of Security Engineering for Terremark Worldwide with responsibility for all Federal and Commercial Managed Security Consulting and Design. Terremark, now owned by Verizon is a leading Cloud Provider for the Federal Government, F1000 and Global companies concerned with security in their cloud. Session 1.2 — Controls Automation in the Context of Cloud Architecture; Private Cloud, Community Cloud, Public Cloud and Hybrid Cloud: 10:10 A.M. – 11:10 A.M. Brad Ames, CPA, CISA, Internal Audit Director of Professional Practices at Hewlett-Packard Company (HP) Ames is an Internal Audit Director of Professional Practices at Hewlett-Packard Company in Palo Alto, California. Brad’s team is responsible for innovating and deploying non-traditional audit solutions for measuring risk to the business and short- ening the time to management action. His role involves close collaboration with HP’s governance groups, customers and external auditors in order to gain an ongoing view of emerging risk enterprise-wide. His team has established continuous monitoring for the purpose of simplifying SOX 404 at- testation and reducing the cost of compliance. Brad is a member of the Institute of Inter- nal Auditor’s Professional Issues Committee. He is a CPA and Certified Information Sys- tem Auditor with 10 years of experience in Public Accounting. Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18 Page 8 2011 Summer Conference Speakers — Thursday, August 25th, 2011 Day One—Security Track
  • 9. Page 9 Session 1.3 — Virtually Safe : 11:20 A.M.— 12:20 P.M. Dameon D. Welch-Abernathy, CISSP, Strategic Alliance Manager, Check Point Software Technologies Ltd. This session will is designed to engage thought processes around the decision to move toward vir- tual technologies. Is your organization moving towards virtualization? The push for greener solutions that do more with less, has made people take a hard look at a virtualization strategy for managing infrastructure. Multi- core architectures have brought a new level of power to the end users, but without the software being specifically designed to take full advantage of it, there is no perceivable benefit coming from these systems. This presentation seeks to demonstrate unique ways to not just ensure threat manage- ment for a virtual infrastructure, but to also leverage it as part of the infrastructure change. When you take away the buzz, and the clouds abate, will you be left with clear skies? Dameon D. Welch-Abernathy, CISSP, a.k.a. “PhoneBoy,” has provided aid and assistance to countless IT professionals since 1996. Best known as the author of two books on Check Point VPN-1/FireWall-1 as well as creator of a well-visited FAQ site on the Check Point products, Welch-Abernathy currently works as a Strategic Alliance Manager for Check Point Software Technologies. . Prior to that, Welch-Abernathy spent 10 years in Nokia’s Security Appliance Business, which was acquired by Check Point Software Technologies in April 2009. Welch-Abernathy writes on the subjects of VoIP, Telecom, Network Security, Gadgets and Technology, as well as the occa- sional Nokia or Check Point-related item. Session Description Virtualization, in and of itself, is an IT infrastructure strategy, not a security strategy, and as such, this presentation seeks to define security models that not only secure, but take advantage of ‘Cloud’ computing designs. The definition of ‘Cloud’ com- puting models can be complex and will mean different things to different organizations, but defining the model is a require- ment to being able to map to strategies that protect those assets. Building a security model for virtualization needs to happen as part of the planning process to be most effective, but on closer review, the audience should discover much of the planning work done for them, when they are able to conceptualize the strategy. Much of what we do today to protect data can be reused, but you will find that virtualization presents both a unique challenge, and a unique opportunity to create a safe envi- ronment to grow your services oriented computing models. Whether it is in the ‘Cloud’, or in the components of hardware that make it up, security is adapting to fit the needs. This session will define various ‘Cloud’ models, and the options for creat- ing a secure infrastructure around them. When defining a strategy to abstract hardware and the dissemination of resources, let’s make sure security is consid- ered to protect the design, as well as benefit from it. 2011 Summer Conference Instructors — Thursday, August 25th, 2011 Day One—Security Track Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
  • 10. Page 10 Session 1.4 — Risks in Outsourcing to the Cloud vs. SaaS; Cloud security Architecture: 1:40 P.M. -2:40 P.M. Harshul Joshi, CISSP, CISA, CISM, Director PwC Harshul Joshi - is a Director in the security practice for PwC, with primary areas of focus in IT security and compliance based risk assessments, Threat and Vulnerability modeling and security architecture. He has worked with various compliance stan- dards including PCI (Payment Card Industry), Sarbanes Oxley 404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card In- dustry) and SAS 70. Harshul has worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives and is an internationally known speaker. Some of the sample topics he speaks on include PCI, Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and Off shoring and Performing IT Risk assessment from a Busi- ness stand-point. He has spoken at various conferences in Singapore, India and in United States. He is a regular speaker at ISACA North American Conference as well as Network Security Conference. Harshul is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). Harshul has an MBA in International Business and a MS in Information Systems. Prior to joining PwC, Harshul was a Director of Technology consulting for CBIZ MHM LLC, where he headed the security practice creating and delivering risk assessment ser- vices. He also spearheaded IT security and compli- ance at Sony Corporate audit group performing compliance and audit assessments for Sony Electron- ics, Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a Security Architect with Verizon / GTE. Session 1.5 — Emerging Security Standards for the Cloud vs. SaaS: 2:50 P.M - 3:50 P.M Rebecca Swain, CIPP/IT, CIPP, CISSP, CISA Becky Swain is a Partner with EKKO Consulting and has over 12 years of information security and privacy experience, designing, implementing, improving and measuring the effectiveness of policies, processes, and internal controls as a senior auditor, consultant and risk management practitioner involving complex and critical business operations and technical architectures with Fortune 500 companies based in Silicon Valley. As Co-Founder/Chair & Chief Architect, Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM), Mrs. Swain is actively engaged in devel- opment and adoption of cloud security and privacy standards participating with CSA and ISO/ IEC as both contributor and project co-editor for ISO/IEC 27036 – Information technology – Security techniques: Information Security for Supplier Relationships – Part 1. Mrs. Swain holds numerous information security related certifications, including CISSP, CISA, CIPP and CIPP/IT, is an active member in professional affiliations (e.g., CSA, IAPP, and ISACA), serves on the Board of the CSA Silicon Valley Chapter, has recently been appointed as Security Lead for the Cloud- NOW (Network of Women) Special Interest Group (SIG), and is an ‘Information Security Practitioner’ category finalist in the (ISC)2 2011 Americas Information Security Leadership Awards (Americas ISLA). 2011 Summer Conference Instructors — Thursday, August 25th, 2011 Day One—Security Track Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
  • 11. Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18 Page 11 Session 1.8 — Panel Discussion - Business Drivers Vs. Standards and Legislation Impacting Cloud Services: Moderator: Robin Basham, Senior Director of Enterprise GRC, SOAProjects, is recognized across several industries as an ICT and GRC expert, assist- ing clients to architect and implement GRC Platforms, and with Green Tech initiatives. Past Banking Operations Officer, and Master Educator, Ms. Basham's Certifications include ITIL, CobiT, Network- ing, Java Enterprise, Information Audit and Security, CGEIT, ACGTA and most recently the CRISC. Technical Advisory, Executive leadership and Steering Committees include ISACA, OASIS, OMG, and AWC. Ms. Basham holds two graduate degrees in IT and Education, and is a founding member for Control Objectives for Sustainable Business, COSB. She is the creator of Facilitated Compliance Management software and founded Phoenix Business and Systems Process. Panelist: Benny Kirsh - CIO of Infoblox, a leading company in network automation and control, Benny Kirsh, is an accomplished, results-oriented information technology professional with more than 20 years of experience in various industries. He has held several CIO posi- tions. He joined The Cooper Companies to lead an ERP implementation and drive a cultural change necessary for a global rollout. He also led a highly professional IT team in implementing several sys- tems such as financials, distribution, supply chain and others. He established a Change Management process to create transparency and build a strong working relationship within the business. Prior to The Cooper Companies, Benny was the first CIO at Kyphon, a company experiencing significant growth. His most important objective was to lay the technology foundation for growth while sustain- ing the flexibility required for Kyphon to function in a competitive market. He was responsible for implementing critical sys- tems such as ERP, Quality Assurance, Workflow, Clinical Trial Systems and others. Benny relocated to the US from Israel with an International Enterprise, Terayon Communication Systems, bringing with him a wealth of global experience. Panelist: Carson Sweet, Is co-founder and CEO of CloudPassage. His information security career has spanned nearly two decades and includes a broad range of entrepreneurial, manage- ment and hands-on technology experience. As a senior information security strategy and technology consultant, Carson has created and implemented groundbreaking security solutions across a range of industries and public sectors. Prior to co-founding CloudPassage he served as RSA's prin- cipal solutions architect for the financial services sector, where he specifically focused on virtualization & cloud security, Internet application controls, data protection and anti-fraud. Carson formerly served as founding CSO for GlobalNetX- change (now Agentrics) and CTO for the Investor Responsibility Research Center (now the RiskMetrics Group). He also founded security consulting and managed services lines of business for RPM Consulting (acquired by Computer Horizons Corporation), TimeBridge Technologies (acquired by Dimension Data) and Security Methods. Prior to his technology career Carson served in the U.S. military as a heavy anti-armor weapons specialist and later as a career firefighter-paramedic. He studied emergency health sciences at the Jefferson College for Health Sciences, pre-medical neuropsychology at Virginia Commonwealth University/Medical College of Virginia and information technology at the University of Massachusetts. 2011 Summer Conference Instructors — Thursday, August 25th, 2011 Day One—Security Track
  • 12. Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18 Page 12 Panelist: Marlin Pohlman is Chief Governance Officer at EMC. In this role he coordinates the activities of standards based IT governance with EMC, its Security Division RSA and its holdings in VMWare and Acadia. Within the Cloud Security Alliance he is Global Strategy Board Chair & Director, coordinating the ac- tivity of technical work groups within the alliance and acting as liai- son with external cloud standards bodies. Within the CSA Dr. Pohlman is also the active Co-Chair of the Controls Matrix and Consensus Assessments work groups as well as Co-chair of the Cloud Audit/A6 Standards Work Group. He holds a Ph.D. in Computer Science, an MBA in technology management, and bachelors in Engineering Physics. Dr. Pohlman is a licensed engineer and holds the CSA CCSK certification the ISC2 CISSP certification as well as the ISACA CISM, CISA, CGEIT, CRISC certifications. He is also a trained paralegal. Returning to our stage from presentations throughout the day, please also welcome, Panelist: Brad Ames, Director Internal Audit, Hewlett Packard Company (See page 7) Panelist: Becky Swain, Cloud Security Alliance, Partner, EKKO Consulting Group (See page 8) Panelist: Pete Nicoletti, VP Security Engineering, terremark, A Verizon Company (See page 7) 2011 Summer Conference Instructors — Thursday, August 25th, 2011 Day One—Security Track
  • 13. Page 13 Session 2.1— Planning and Scoping the Cloud Audit : 8:30 A.M. – 10:00 A.M. Cara M. Beston, Partner, PwC In this presentation, compliance leaders from PwC will look at recommended best practice for plan- ning and scoping audit in environments that either partially or entirely leverage Cloud technologies. Leading the discussion is Cara Beston, Partner and head of Risk Assurance Cloud Computing services, as well as published author of such articles as “Look Before You Leap Into the Cloud, The Promise of Lower Capital and Operational Costs Isn’t the Only Benefit of Cloud Computing”, (Copyright © 2010 SYS-CON Media, Inc.). This session will cover redefining audit objectives, boundaries of review, documenting risks, and deliv- erables in the context of cloud enabled platforms, resources and services. Cara Beston is a partner based in San Jose, CA and leading the Risk Assurance Cloud Computing services. She specializes in IT and process risk and control assurance services to IT, Internal Audit and business leaders in the Technology sector. In her 22 years with PwC, Cara has served over 80 technology clients, including key Cloud enabling enterprises, Cisco Systems, VMware, 3Par, SaaS providers Taleo, Webex and Proofpoint, and a number of on-line businesses including Shutterfly, CBS Interactive, Zappos.com and others. Cara graduated summa cum laude from Bridgewater College, MA and is a member of the AICPA. She lives in Pleasanton, CA with her husband and 3 children. Eric Tan, CISA, CGEIT, CPA, Director, PwC Joining Cara, is Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of experience delivering IT governance and risk management solutions. Eric currently leads PwC's cloud and internet assurance practice based in Silicon Valley. He serves as an internal audit and compliance advisor to various leading SaaS providers in the bay area. His ex- perience includes leading large scale system assessments, performing risk and security reviews; business continuity & disaster recovery diagnostics, and helping his clients im- plement various compliance and control solutions. Eric focuses on clients in the technol- ogy sector. Clients he has served includes Google, eBay, LinkedIn, Novell, Tibco, Shut- terfly, and Proofpoint.  2011 Summer Conference Speakers — Friday, August 26th, 2011 Audit Track - Keynote Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18
  • 14. Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18 Page 14 2011 Summer Conference Speakers — Friday, August 26th, 2011 Audit Track Session 2.2 — Governance and Enterprise Risk Management (ERM) The GRC Stack: 10:10 A.M. – 11:10 A.M. Dr. Marlin Pohlman, Chief Governance Officer at EMC In this role he coordinates the activities of standards based IT governance with EMC, its Security Division RSA and its holdings in VMWare and Acadia. Within the Cloud Secu- rity Alliance he is Global Strategy Board Chair & Director, coordinating the activity of tech- nical work groups within the alliance and acting as liaison with external cloud standards bodies. Within the CSA Dr. Pohlman is also the active Co-Chair of the Controls Matrix and Consensus Assessments work groups as well as Co-chair of the Cloud Audit/A6 Stan- dards Work Group. He holds a Ph.D. in Computer Science, an MBA in technology man- agement, and bachelors in Engineering Physics. Dr. Pohlman is a licensed engineer and holds the CSA CCSK certification the ISC2 CISSP certification as well as the ISACA CISM, CISA, CGEIT, CRISC certifications. He is also a trained paralegal. In this session, Chief Governance Officer and highly regarded GRC expert, Dr. Marlin Pohlman, will cover Govern- ance Models, Enterprise Risk Management, Information Risk Management, Third-party Management, Legal and Electronic Discovery, Compliance and Audit and Portability and Interoperability. Outsourcing critical business functions into the Cloud can result in challenges of maintaining assurance and control over legal and regulatory obligations for data management and protection. In this session, we will guide you through the process for establishing an effective cloud security program leveraging the Cloud Security Alliance (CSA) Governance Risk & Compliance (GRC) Stack, providing you with real world examples of industry adoption. The audience will particularly benefit by Marlin’s insights as the Chair CSA Strategy, Board, Co-Chair Cloud Control Matrix, Founder/Co-Chair CSA Consensus Assessment, Co-Chair Cloud Audit. With over 18 years IT governance and audit experience Marlin Pohlman is the editor elect of the ISO and ITU-T cloud information security manage- ment standards. As the Chief Governance Officer at EMC Marlin Pohlman oversees the product strategy and stan- dards compliance of the EMC Cloud GRC Portfolio. Session 2.3 — Privacy in the Cloud: 11:30 A.M. - 12:30 P.M. Doron Rotman, IT Advisory, KPMG Doron is a member of the IT Advisory practice specializing in information govern- ance, privacy, and security and is the National Privacy Service Leader. Doron is a Managing Director in KPMG’s Advisory Services practice with over 20 years of experience. Mr. Rotman is focused on providing Privacy and Information Governance Service. He is the national privacy service leader, a member of KPMG’s national Privacy Leadership Council and a member of KPMG International Privacy Leadership team. He has extensive high tech, financial services, manufacturing and government industry knowledge, both in the information technology and the accounting and finance aspects. Doron delivered multiple around the world on the topic of Privacy and the Cloud, recently at the NACACS 2011.
  • 15. Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18 Page 15 2011 Summer Conference Speakers — Friday, August 26th, 2011 Audit Track Session 2.4 — Leveraging Data Security to Support eDiscovery and Records Manage- ment:1:40 P.M. - 2:40 P.M. Mark Diamond, President and CEO, Contoural, Inc. Mark Diamond is one of the industry thought leaders in proactive litigation readiness, compliance, and re- cords information management strategies. His company, Contoural, has helped 20% of the For- tune 500 plus many mid-sized and smaller organizations as well as public sector entities. Mark is a frequent industry speaker, presenting at numerous Legal and IT industry conferences as well as online venues. Additionally, Mark addresses more than one hundred internal corporate audi- ences each year. Mark is founder, President & CEO of Contoural, Inc. Under his leadership, Contoural has grown to be a leading independent provider of litigation readiness and records and information management services. He is recognized as a thought leader in litigation readiness and records information management. Mark is an online columnist for InsideCounsel Magazine, as well as an author of numerous white papers for both the legal and IT communities. He is also co-author of the Litigation Readiness Chapter of the West eDiscovery for Corporate Counsel, 2010 ed. Previously Mark was chair of the Storage Networking Industry Association Security Customer Advisory Board Session 2.5 — Operating in the Cloud, Incident Response, Notification and Remediation, Application Security, Data Security and Integrity, Identity and Access Management Virtu- alization: 2:50 P.M. - 3:50 P.M. David Ho, Ernst & Young David Ho is a multi-disciplinary professional with over 13 years of experience in IT, information security, and internal audit. He brings a unique blend of strong technical skills with business acu- men and drive for operational excellence. He specializes in transforming information security organizations to en- able business innovation, while managing the company's risk. He has led and executed on technical information security implementation projects, audited complex IT systems for in- formation security and data privacy controls, and program managed multiple multi-million dollar security projects. David's specialties include Information security strategy and gov- ernance, Data security and privacy, Internal audit and compliance, and Portfolio and program management. David is an Information Security Senior Manager at Ernst & Young.
  • 16. Page 16 2011 Summer Conference Speakers — Friday, August 26th, 2011 Audit Track Session 2.8 — PCI and Tokenization Panel Discussion: 4:00 P.M. - 5:00 P.M Jonathan Clark, CEO and founder of ExoIS, Inc. is a PCI QSA and security and com- pliance expert. Jonathan is the Chief Architect of the SaaS product PeepSafe, a portal based offering that allows organizations to relo- cate processes and systems from their internal networks allowing them to de-scope portions of , or in some cases their entire PCI footprint. Prior to Exois, Jonathan started and sold a Web Company, headed up IT for Morphics and developed an Enterprise Configuration Technology program at Applied Materials, subsequently leading the rollout and deployment of the program in multiple Applied product divisions globally. Jonathan has a BSc Honors in Mathematics from Bristol University, England. He also scored a great hatrick against Watsonville in the Peninsula Premier League. Walter Conway, Payment Card Industry Qualified Security Assessor (QSA) and ecommerce consultant applying his 30-years of electronic payments and technology management experience to help- ing clients plan, implement, and manage their credit card and e-commerce programs including achieving PCI compliance. Walt spent over 10 years with Visa, and two years as president of an Internet-based payment processor. His focus is assisting organizations of all sizes plan, implement, and manage their credit card and ecommerce systems, including achieving PCI DSS compliance. In addition to his QSA duties, Walt is PCI columnist for Storefront Backtalk.com, focusing on issues facing retailers, and con- ducts PCI training workshops. He also writes a popular PCI blog focused on Higher Education compliance issues. He is a fre- quent speaker on PCI DSS, security, and ecommerce topics at professional conferences and webinars. He co-authored Why Banks View Campuses as High Risk Merchants, an examination of computer security breaches, and 5 Strategies to Achieve PCI Compliance (both published by the Association of Financial Professionals). Other publications include Five Myths About the PCI DSS (Government Finance Officers Association), Straight Talk about Data Security (in the NACUBO Business Officer), and Back to School: What Colleges and Universities Can Teach About PCI Compliance (SPSP Payments News). Abir Thakurta, CISSP, Director of Pre-Sales and Profes- sional Services for Liaison Technologies has been instrumental in shaping the data security industry since its infancy and helping it to mature as enterprise security concerns have shifted to protecting sensitive and confidential business and customer information. Thakurta works closely with customers to help them develop and implement innovative, practical, all-encompassing security strategies to solve organizational data protection problems. Thakurta often becomes the "go to" guy for customers seek- ing advice on use of security solutions to reduce organizational risk and comply with data security mandates and privacy laws. He actively works to educate the market through published articles in respected data security journals and by speaking at industry conferences around the world. Thakurta holds a B.S. in Engineering for Manipal Institute of Technology in Manipal, India, and a M.S. in Supply Chain Technology from the New Jersey Institute of Technology in Newark, New Jersey, and he completed the Georgia Tech Management Program in Atlanta. He is a member of the Payment Card Industry’s Security Stan- dards Council, ISC2 and the Technology Association of Georgia - Information Security Group. Returning to the stage, Harshul Joshi, Director, PWC (Please see page 10)
  • 17. Register online at http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=18 Page 17 2011 Summer Conference Speakers — Friday, August 26th, 2011 Audit Track Final Comments and Conference Wrap Up: Sumit Kalra, Director, BPM and Conference Director Sumit Kalra, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages the Assur- ance Services practice specializing in information technology, SAS70 Audits, and assess- ments. His 12 years of industry experience include 6 years at international CPA firms, and 6 years at companies in the technology, consumer products and financial services industries. His knowledge base spans a variety of ERP solutions and complex infrastructure implementa- tions. Sumit has a BS in Accounting and Computer Information Systems from San Francisco State University. In his spare time, Sumit en- joys cooking international cuisine. We hope you enjoyed the presentations, and have gained valuable insights into and learned new techniques about Cloud Security and Cloud Audit. Before you leave, please fill-out the Speaker Assessment Form for today’s ses- sion We will use your input to learn about our performance, and to improve future conferences. Please leave the forms at the Registration Desk on your way out.
  • 18. Page 18 To register, or to gain additional information, including driving directions, please visit: http://isaca-sv.org/index.php?option=com_content&view=category&layout=blog&id=4&Itemid=4 Venue Information The 2011 Summer Conference will be held at: Biltmore Hotel & Suites 2151 Laurelwood Road Santa Clara, CA 95054 (408) 988-8411 (Free Parking) 2011 Summer Conference