Lively topics for new and seasoned internal auditors, students and others are presented montlhly between September and May.

Year at a Glance
Charlie Murray, Vice President

Nominations & Awards
Keith Cheresko, Chairperson


Webinar Topic and Speaker

Simplifying Policy: Information Security on One Page
David Soubly, Principal, IT Security and Risk, ICEX (Intellectual Capital Exchange)

Why is information security policy so complex? What can we do about it? How many of you struggle to understand your company’s information security policy? How many are concerned that a policy manual meant to be read and understood by everyone is just too much to handle? How can we work to simplify information security policy, when the security industry itself introduces layers of complexity?

We will explore these issues, discussing the journey toward simplicity and how challenging it is be “just simple enough.” We will learn about the various forms of “debt” that can create drag in an organization. We will uncover the foundations of data, information, and knowledge, and what this has to do with understanding information security.

All of this will lead to a one-page information security policy, part of an ongoing quest to represent all of information security on one page, so that everyone gets it. You may not agree with the result, but the journey itself will be compelling.

ISACA Chapter Meeting  Simplifying Policy: Information Security on One Page

JOINT MEETING WITH THE INSTITUTE OF MANAGEMENT ACCOUNTANTS ALSO, 2020-2021 IIA DETROIT CHAPTER BOARD ELECTIONS WILL BE HELD

Topics:
THE STATE OF MICHIGAN’S ECONOMY
Scott Darragh, Economist, State of Michigan Department of Treasury

FEDERAL ECONOMIC OUTLOOK ~ THE IMPACT OF COVID – 19
Paul Traub, Senior Business Economist, Federal Reserve Bank of Chicago

VIRTUAL MAY CHAPTER MEETING

Dr. Joe Adams joins us to address an important topic on hiring practices in light of the cybersecurity workforce gap.  As the founder of the Michigan Cyber Range, Dr. Adams has significant experience in workforce development and training. 

The webinar discusses the huge gap between the supply and demand of qualified talent in the cyber security industry. This gap is estimated to be almost 3 million unfilled jobs around the world, with almost half a million of these in the US alone. The gap’s impact is most apparent as organizations struggle to keep up with increasing government regulations, system complexity, and expanding attack surface. Dr. Joe Adams will look at some of the causes of the gap and how companies can change their recruiting and retention policies to fill positions with the right people.

This webinar is designed not only for the CAEs but all members of the Board of Directors for both private and public companies.

HOW YOUR HIRING PRACTICES MAKE THE TALENT GAP WORSE

Cloud misconfigurations are a leading cause of data breaches and security risks within AWS. With an ever-expanding number of new services, the complexity of securing and configuring your AWS environment is always increasing.  Security practices are often ignored or overlooked.  In this session we will look at common configuration mistakes, the risks that they pose and ways to identify and mitigate these risks.
 This session will include looking at operational responsibility of services such as EC2, EKS, S3, Lambda and how a Cloud Security Posture Management System (CSPM) can be used to monitor and automate security around these services.  Deploying to an AWS well architecture framework and compliance to governance such as CIS, HIPPA, NIST, PCI, and GDPR.

Avoiding data breaches and risk from misconfigurations before it is too late

A month ago, we were all begging for talent. Any warm body that could come close to doing the job we were ready to talk to. Now, a few weeks later the entire industry might have been flipped upside down. The reality is, for Internal Auditors, the demographics are still not on our side! We will still need a robust recruiting and talent attraction strategy to fill the jobs and skill shortages we have currently, and that are increasing as more and more talent retire.
Tim Sackett, is an expert in talent acquisition technology, recruiting execution, and author of the best-selling book the Talent Fix. In this session he will show us what world class organizations are doing to attract talent to the most hard to fill jobs across the world, and how some simple changes can have a huge impact in how we communicate to potential talent in getting them to want to come to work for you.
Right now is when we prepare for hiring what’s next. Great organizations increase their talent during difficult times, so that they can take advantage of the upswing like no one else. Having the right tech stack and strategy in place will make all the difference.

THE FUTURE OF TALENT ACQUISITION FOR INTERNAL AUDITORS

Cloud migration is on the top of the “To-do List” for CIOs and CISOs for the current year, especially with the COVID-19 pandemic which has created a new norm of remote work for majority of the work force. Transition and reliability on the organizational compute, storage and network needs are shifting from on-premise to cloud.
CISOs and Cybersecurity leaders have an important role to play in advising the business leaders/CIOs for the selection of an appropriate cloud provider and ensuring that they meet the cybersecurity needs for the organization. Cloud provider business agreements are time consuming to finalize, have multi-year obligations and hence they require appropriate due diligence.
In this webinar, Rajiv will discuss the following aspects of auditing cloud provider:
•Preparation for Cloud Provider audit 
•Organizational readiness for transition
•Framework and key artifacts for auditing
•What happens after audit?

Auditing Cloud Provider

Detroit

Audit

Cloud

Provider

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Auditing Cloud Provider

Presented by

About this talk

More from this channel