Lively topics for new and seasoned internal auditors, students and others are presented montlhly between September and May.

Cloud migration is on the top of the “To-do List” for CIOs and CISOs for the current year, especially with the COVID-19 pandemic which has created a new norm of remote work for majority of the work force. Transition and reliability on the organizational compute, storage and network needs are shifting from on-premise to cloud.
CISOs and Cybersecurity leaders have an important role to play in advising the business leaders/CIOs for the selection of an appropriate cloud provider and ensuring that they meet the cybersecurity needs for the organization. Cloud provider business agreements are time consuming to finalize, have multi-year obligations and hence they require appropriate due diligence.
In this webinar, Rajiv will discuss the following aspects of auditing cloud provider:
•Preparation for Cloud Provider audit 
•Organizational readiness for transition
•Framework and key artifacts for auditing
•What happens after audit?

Auditing Cloud Provider

Year at a Glance
Charlie Murray, Vice President

Nominations & Awards
Keith Cheresko, Chairperson


Webinar Topic and Speaker

Simplifying Policy: Information Security on One Page
David Soubly, Principal, IT Security and Risk, ICEX (Intellectual Capital Exchange)

Why is information security policy so complex? What can we do about it? How many of you struggle to understand your company’s information security policy? How many are concerned that a policy manual meant to be read and understood by everyone is just too much to handle? How can we work to simplify information security policy, when the security industry itself introduces layers of complexity?

We will explore these issues, discussing the journey toward simplicity and how challenging it is be “just simple enough.” We will learn about the various forms of “debt” that can create drag in an organization. We will uncover the foundations of data, information, and knowledge, and what this has to do with understanding information security.

All of this will lead to a one-page information security policy, part of an ongoing quest to represent all of information security on one page, so that everyone gets it. You may not agree with the result, but the journey itself will be compelling.

ISACA Chapter Meeting  Simplifying Policy: Information Security on One Page

JOINT MEETING WITH THE INSTITUTE OF MANAGEMENT ACCOUNTANTS ALSO, 2020-2021 IIA DETROIT CHAPTER BOARD ELECTIONS WILL BE HELD

Topics:
THE STATE OF MICHIGAN’S ECONOMY
Scott Darragh, Economist, State of Michigan Department of Treasury

FEDERAL ECONOMIC OUTLOOK ~ THE IMPACT OF COVID – 19
Paul Traub, Senior Business Economist, Federal Reserve Bank of Chicago

VIRTUAL MAY CHAPTER MEETING

Dr. Joe Adams joins us to address an important topic on hiring practices in light of the cybersecurity workforce gap.  As the founder of the Michigan Cyber Range, Dr. Adams has significant experience in workforce development and training. 

The webinar discusses the huge gap between the supply and demand of qualified talent in the cyber security industry. This gap is estimated to be almost 3 million unfilled jobs around the world, with almost half a million of these in the US alone. The gap’s impact is most apparent as organizations struggle to keep up with increasing government regulations, system complexity, and expanding attack surface. Dr. Joe Adams will look at some of the causes of the gap and how companies can change their recruiting and retention policies to fill positions with the right people.

This webinar is designed not only for the CAEs but all members of the Board of Directors for both private and public companies.

HOW YOUR HIRING PRACTICES MAKE THE TALENT GAP WORSE

Cloud misconfigurations are a leading cause of data breaches and security risks within AWS. With an ever-expanding number of new services, the complexity of securing and configuring your AWS environment is always increasing.  Security practices are often ignored or overlooked.  In this session we will look at common configuration mistakes, the risks that they pose and ways to identify and mitigate these risks.
 This session will include looking at operational responsibility of services such as EC2, EKS, S3, Lambda and how a Cloud Security Posture Management System (CSPM) can be used to monitor and automate security around these services.  Deploying to an AWS well architecture framework and compliance to governance such as CIS, HIPPA, NIST, PCI, and GDPR.

Avoiding data breaches and risk from misconfigurations before it is too late

A month ago, we were all begging for talent. Any warm body that could come close to doing the job we were ready to talk to. Now, a few weeks later the entire industry might have been flipped upside down. The reality is, for Internal Auditors, the demographics are still not on our side! We will still need a robust recruiting and talent attraction strategy to fill the jobs and skill shortages we have currently, and that are increasing as more and more talent retire.
Tim Sackett, is an expert in talent acquisition technology, recruiting execution, and author of the best-selling book the Talent Fix. In this session he will show us what world class organizations are doing to attract talent to the most hard to fill jobs across the world, and how some simple changes can have a huge impact in how we communicate to potential talent in getting them to want to come to work for you.
Right now is when we prepare for hiring what’s next. Great organizations increase their talent during difficult times, so that they can take advantage of the upswing like no one else. Having the right tech stack and strategy in place will make all the difference.

THE FUTURE OF TALENT ACQUISITION FOR INTERNAL AUDITORS

The National Institute of Standards and Technology or NIST has issued a comprehensive library of special publications related to cyber security, risk, and their own risk management framework. The framework is compulsory for Federal systems but also gaining popularity in commercial enterprises because they are free, ubiquitous, and often necessary for doing business with government entities anyway.  However, the sheer volume of this body of work can be daunting.  While thoroughness and precision can be an asset, it can also make it difficult to see the forest for the trees.
This presentation will define the foundational elements of any meaningful cyber security risk management program using the NIST Special Publications (SP) as a guide, with an emphasis on what it means for the internal auditor.  It will cover the more common documents such as 800-37, and 800-53.  It will cover more obscure documents such as SP 800-18, SP 800-60 vol. I & II, and other related documents not published by NIST.  It will conclude with tips and techniques for any cyber security risk management audit program, regardless of the actual framework in use.

Seeing the Risk Management Forest for the Trees

Join Erik in talking about building a thriving vulnerability management program that focuses on improving business risk through refocusing efforts on the vulnerabilities that matter most.
Vulnerability Management is one of the most important, but least sexy, components of an Information Security program coming in at number 3 on the CIS Top 20.  Despite its criticality, many organizations fail to get a program off the ground leading to low hanging fruit for attackers.  Overwhelming volumes of vulnerabilities, lack of asset visibility and missing foundational components to support a vulnerability program are just a couple of reasons programs fail.
Erik will take this time to offer ideas on how to build a sound foundation for and standup a program along with where to focus your time to avoid boiling the ocean.

Building a Vulnerability Management Program

Every day we are faced with ethical dilemmas. They are not all big, earth-shattering decisions between right and wrong… but every ethical decision we face carries a consequence. From behavioral ethics to technical ethics to codes of professional conduct, this session will explore ethical behavior in the workforce, and the critical role that accountability professional play in upholding the public trust.

IIA Detroit Chapter Ethics Webinar

As a continuation to last month’s webinar where Jeff Sisolak discussed how to leverage the National Institute of Standards and Technology (NIST) library to assist in planning and development of audit strategy, this month’s topic will cover select NIST publications which provide details on how to assess cyber security controls. 
Whether you are an IT Auditor, Audit department leader, business manager or just personally interested in understanding IT and Security best practices, this webinar will touch on specific actions to help assess related policies, practices and procedures. Armed with this information, risk and control assessments can be developed or enhanced to help organizations align with regulatory, professional and/or industry expectations for proper and secure information technology controls.

Leveraging NIST’s Publications to Build Cybersecurity Audit Programs

Cyber security

Detroit

Audit

Auditor

NIST

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Leveraging NIST’s Publications to Build Cybersecurity Audit Programs

Presented by

About this talk

More from this channel