ISACA-PSC November 2002 Newsletter

November 2002 Email Newsletter

AUDIT LOG
THE ISACA PUGET SOUND CHAPTER eNEWSLETTER NOVEMBER 2002

Visit the ISACA-PSC website @ http://www.isaca-psc.org

INSIDE
-President's Message
-Upcoming Meetings, Events and Announcements
-Feedback

PRESIDENT'S MESSAGE
Our kick-off meeting of the new season started off with a bang thanks to Bruce Lobree, Security Architect for SAFECO Corp. His interesting and energetic presentation on issues and concerns facing information security today made for a quick hour. He provided a wealth of information and examples as well as addressing how security architecture will look in the future. Bruce offered and we will look to have Bruce return in the future and take some more time to cover some of these issues in greater depth.

Our next monthly lunch meeting will be November 19th. And it will be special for two reasons. First, we will be hosting and recognizing local Chapter individuals who passed the CISA exam this past June. Second, in addition to Peter Rosenzweig's 1 hour presentation on CRM, Peter has agreed to add a 2 hour workshop focused on Siebel security and controls. Peter is a Manager with Deloitte & Touche and teaches D&T's 4-day Siebel training course. Hope you will be able to join us in celebrating our CISA passers and take advantage of the CRM overview and Siebel workshop.

See you on Nov. 19th.
- Doug Taylor, President

UPCOMING MEETINGS / EVENTS / ANNOUNCEMENTS
I. Upcoming Meeting: Tuesday, November 19, 2002.
II. 16 CISA Passers in the Puget Sound Chapter.
III. Call for ISACA Academic Relations Volunteers
IV. Upcoming ISACA PSC 2003 Seminar Announcement.
V. Upcoming Vancouver, B.C. Chapter Seminar.
VI. Upcoming Puget Sound IIA Meeting.
VII. Job Postings

I.Upcoming Meeting Topic:
CRM Overview and Siebel Security and Control Workshop.
The Puget Sound Chapter of ISACA will meet Tuesday, 11/19/02 at the 75th floor of the Columbia Tower Club. The Columbia Tower Club is on top of the Bank of America Tower located between 5th and 6th between Cherry and Columbia. Registration begins at 11:15 A.M., lunch begins 11:30 A.M., and the lunch presentation begins at 12:00 noon. The Workshop will follow the lunch starting about 1:15 pm. Sign up by completing the registration form at http://www.isaca-psc.org/register.htm (preferred method) or call 206-262-9288 by 2:00 PM the Friday preceding the meeting. Your on-line or voicemail reservation must note whether you will be attending the lunch only, both the lunch and workshop, or the workshop only. Prices for the lunch and workshop are noted below. No jeans allowed. Please register in advance! The Columbia Tower Club has had difficulties in accommodating walk-in guests during the past meetings.

Peter Rosenzweig of Deloitte & Touche will present a topic on Siebel CRM. Peter is a Manager in Deloitte & Touche's Enterprise Risk Services Group. Before joining the firm, he worked six years as financial auditor with Ernst & Young and PricewaterhouseCoopers in Switzerland. Peter has over eight years experience in assessment, design, and implementation of complex application security and business process control systems. He has also led the development of Deloitte's security and control methodologies for Siebel and J.D. Edwards OneWorld eBusiness applications. Peter's Siebel clients include Gateway, Hewlett-Packard, Eli Lilly, and Procter & Gamble. Peter has the federal diploma for Swiss Certified Accounts and received an MBA from the Peter F. Drucker Graduate School of Management.

Lunch Session (1 CPE): The CRM - Objectives, Controls & Inherent Risks session will include discussions on successful control assessment of CRM system, which depends on an understanding of CRM objectives and underlying business processes. The session is intended to provide an overview of such objectives and relates them to inherent risks and control strategies. (ISACA Members: $20; Non-Members $30; 2002 CISA Exam Passers: Free)

Workshop (2 CPEs): The Siebel Security & Controls Workshop provides an introduction into Siebel eBusiness applications. It outlines the system architecture, explains basic application security and configurable control functionalities, and addresses best practices concerning user administration and authentication. (ISACA Members and 2002 CISA Exam Passers: Free; Non-Members: $20 if combined with the Lunch Session; Non-Members: $30 Siebel Workshop only)

Please use the on-line registration form noted above to register for lunch only, lunch and workshop or the workshop only. {back to contents}

II. 16 CISA Passers in the Puget Sound Chapter.
Congratulations are in order for the 16 members of the ISACA Puget Sound Chapter who passed the 2002 CISA examination administered last June. There were a total of 10,436 candidates worldwide, and a 51% overall pass rate. Of the 10 students who attended the Puget Sound Chapter's CISA review course, 7 passed. The top 3 scorers from our chapter were:

#1 - C. Shane Taylor (Deloitte)
#2 - Dung Chang(Andersen)
#3 - Eric Miller (Holland America Line - Westours)

Other passers were:
Dr. Mary Anne Atkinson (Central WA U)
Bradley Bemis
Rebecca Dols (Frank Russell Co)
Donald Gratton (Frank Russell Co)
Ricky Lee Jones
Dale Jordan (ESSI)
Guangyee Liaw (Nordstrom)
Tracey McCallister
Scott Newman (Frank Russell Co)
Satnam Purewal (PwC)
Murad Sajan (SAFECO)
Melissa Stroud (Microsoft)
Steven Weil (Seitel Leeds & Associates)

As is our custom, the chapter will be hosting and recognizing these CISA passers at our meeting on November 19.

- Jack Champlain, CISA Coordinator
{back to contents}

III. Call for ISACA Academic Relations Volunteers
We are looking for members who are interested in sharing their enthusiasm about ISACA, IIA, and careers in the auditing profession with local college students. This school year, we plan on arranging campus visits at Seattle U, UW, and Seattle Pacific U. The SU and UW dates have not yet been established. We have already been invited to provide a one hour informational session to SPU students on Monday 11/18/02 starting at 6 PM. There is no other time commitment other than the physical visit to the campus. We have already prepared handouts containing general information about ISACA and IIA from the international and chapter websites.

Please email Jack Champlain at mailto:jchamplain@becu.org or contact him at 206-439-5966 if you are interested in volunteering for any of the 3 campus visits. If you are specifically interested in the SPU visit, please notify Jack ASAP. {back to contents}

IV. ISACA PSC 2003 Seminar Announcement - Network and CISCO Router Security Conference
If you thought our March 2002 seminar on Windows 2000 Security was great just wait until we bring you our March 2003 event. Next year may seem like a long time away but we wanted to let you know about our conference so that you can set the time aside. Dr. Eugene Schultz (last year's event speaker) will return and provide us a one day session on Network Security. A second day session on Cisco Router Security will be presented by Mr. George Jones, a Network Security Architect at UUNET and the primary author of the Router Audit Tool and Benchmark for Cisco IOS published by the Center for Internet Security.

The event will be held on March 27th and 28th 2003 at the Bell Harbor Conference Center. Registration will begin in December and will be limited to 60 participants. So keep us in mind for your 2003 training plans and check out the ISACA PSC website in December for detailed event and registration information.

Here is a brief summary of the two sessions:
Network Security - This course provides a comprehensive view of networking--its mechanisms and protocols--but with a security slant. It begins with a broad overview of networking, then proceeds to cover security-related threats and control mechanisms. The course also delves into specific network-related issues that users and organizations typically face and how to address them.

Cisco Router Security - This course focuses on current best practices for securing Cisco routers, which make up the core of many of today's networks. A brief overview of Cisco routers will be given to provide necessary background. Controls will focus on IOS command line configuration settings with primary goal of insuring availability of the router. Each configuration item will list the risk that is mitigated and describe actions to be taken. Configuration checklists will be provided. There will be in-class exercises designed to give participants practice in auditing typical networks.
{back to contents}

V. Upcoming Vancouver, B.C. Chapter Seminar
The ISACA Chapter in Victoria, B.C. is presenting the seminar "How to Audit Cross-Platform Applications" on January 27 & 28, 2003. This is one in the series offered by the Henderson Group. The seminar shows how to audit the protection of an application's data when the data is kept on a mainframe computer connected to other platforms.For more information and registration, please visit http://www.islandnet.com/~isaca/education.html or contact Gordon Gunn, KPMG Victoria at (250) 480-3539.
{back to contents}

VI. Upcoming Puget Sound IIA Meeting
The next IIA meeting is Wednesday, 11/13/02. Professor David Burgstahler, Associate Dean for Masters Programs in Accounting at the University of Washington, will speak on his paper titled "Earnings Surprise Materiality as Measured by Stock Returns". Specifically, David will address the expected stock market reaction when reported earnings do not match the earnings forecast. This event starts at 11:30 AM and will be held at the Washington Athletic Club (WAC) in downtown Seattle (1325 Sixth Avenue). Please sign up for the luncheon by November 8. Cost is $25 for members and $30 for non-members. Sign up by calling or emailing Phil Liaw at 206-303-3064 or mailto:phil.liaw@nordstrom.com. Regarding cancellations, please communicate any cancellations to Phil Liaw by no later than noon on Friday, the 8th of November.

For other events, check the online calendar at http://www.isaca-psc.org/events.htm.
{back to contents}

VII. JOB POSTINGS
IT Audit Manager
Position: Located in Bellevue, WA. Manage audit staff, plan and perform internal audits to networks, systems, and applications. Our client is looking for someone to manage & audit all IT systems for company. These audits will be planned and conducted according to CISA recommended standards and will involve all IT systems. This position is a unique combination of audit and technology requiring you to become "hands-on" familiar w/ a wide variety of leading edge technology within the IT industry. You will be highly visible to top level management, presenting findings & recommending system changes. Excellent communication skills a must.

Experience:- 5 yrs direct IT audit experience
- Strong understanding of business systems & information systems.
- Outstanding communication & presentations skills. Energetic, flexible
- Experience working with/managing Big 5 Audit team

Education: Accounting, Computer Science or Information Systems required

Pay: $70 - 95K + 15% Bonus

Contact:
Birgit Christine Aarrestad
Sr Search Consultant - Accounting & Finance
Kforce Professional Staffing
425-709-5800 ext 5803
www.kforce.com

If you would like to post a job opening, please contact Mike Santos (see Feedback section below) For other job postings, check the ISACA PSC website at http://www.isaca-psc.org/jobs.htm. {back to contents}

FEEDBACK
ISACA PSC values your input. Send Mike Santos, 2002-03 Publications Chairperson, an email to mailto:jmsantos@becu.org for all questions/comments regarding the ISACA PSC Audit Log eNewsletter