IT Security – Where are We Going and How Do We Control It?
 

> 12:30 pm to 1:00 pm - Registration [Lunch served at 12:30]

> 1:00 to 1:05 pm - Welcome / Chapter Announcements

> 1:05 to 1:55 pm - Presentation

Virtualization and Cloud controls related to PCI – Identified / Tested / Monitored

Presenter: Kennet Westby - President and Co-Founder, CoalFire

Imagine this scenario: You've successfully migrated your organization’s non-critical applications, the internal infrastructure and the development center on to virtual servers. Management is happy because you've lowered costs, increased efficiencies, as well as improved business continuity. But like every business at the moment, your managers need you to reduce costs even further. They're pushing you to consolidate and run the mission-critical applications, including e-commerce services processing credit card data, onto virtualized servers and “cloud” services. But can you remain compliant with the Payment Card Industry Data Security Standard (PCI DSS) while fully leveraging the business benefits of virtualization and the cloud? This presentation will provide an overview of the controls related to PCI where virtualization is concerned.  You’ll learn how to identify, test and monitor these controls and get a full overview of the guidelines you need to follow to achieve PCI compliance in virtualized environments.

Kennet Westby - President and Co-Founder, CoalFire

Mr. Westby is a founding partner of Coalfire and serves as its President, COO and Senior Security Strategist. Mr. Westby brings over 15 years of IT security and IT controls design and implementation experience to the team. His broad industry experience also includes application development, e-business and business process integration. He has served as COO for a global managed application hosting company where he provided both technical and operations leadership. Mr. Westby has also served as the COO and CIO for the world's largest pharmacy e-business network and portal. Mr. Westby was selected as one of the nation's top 100 CIO's by CIO magazine. He is considered an industry leader in e-business and IT risk advisory, and has presented as a keynote speaker at some of the largest industry forums.  

>  1:55 to 2:10 pm - Break

>  2:10 to 3:00 pm - Presentation (Part 1)

Emerging trends in Information Security

Presenters:

• Bob Scalise - Senior Manager, E&Y IT Advisory Services

• Bruno Haring - Senior Manager, E&Y IT Advisory Services

The Ernst & Young Global Information Security Survey (GISS) is one of the longest running, most recognized and respected annual surveys of its kind. The 2011 GISS contains input from nearly 1,700 information security and IT leaders in 52 countries across all industry sectors. Senior members of Ernst & Young's IT Risk Advisory practice will discuss the results and several emerging trends from the 2011 survey.

Bob Scalise - Senior Manager, E&Y IT Advisory Services

Bob Scalise is a Senior Manager in Ernst & Young's IT Advisory Services practice. He currently leads the firm's Information Security practice for the Southeast. He is a technology and risk management executive with 17 years experience in advising, building and leading IT, Risk and Security functions. Bob has served in various IT and Security leadership roles, helping organizations grow and sustain effective Information Security, Identity & Access Management, IT Operations, Customer Service, and Platform Architecture capabilities. He combines a controls-focused background as a CPA with years of real-world IT and Security experience to help clients maximize their existing investments in enterprise security technologies and processes.

Prior to re-joining Ernst & Young in 2011, Bob spent 10 years as Chief Information Security Officer at Scientific-Atlanta, where he built the company's first worldwide information security team and delivered Governance, Risk and Compliance solutions for this global technology manufacturer. Bob has also been a self-employed information risk advisor, helping over 20 companies maximize their investments in enterprise security technologies.

Bob works with clients across many industry sectors including technology, media and entertainment, public sector, telecommunications and manufacturing. He advises on information security governance, technology compliance, IAM, disaster recovery, IT risk mitigation strategy, privacy, internal controls and IT GRC.

Bob holds a B.B.A. in Accountancy and Computer Applications from the University of Notre Dame.  He is a CPA, a CISA (Certified Information Systems Auditor) and a CISSP (Certified Information Systems Security Professional).

Bruno Haring - Senior Manager, E&Y IT Advisory Services

Bruno Haring is a Senior Manager in the Ernst & Young's Advisory Service’s Information Technology Risk and Assurance practice in Atlanta, Georgia and has over fifteen years experience across Information Technology (IT) auditing, security and risk management, and management consulting.

Bruno has at his disposal a wide range of technical and functional skills that include IT risk advisory, security design and implementation, and project management. Bruno has significant experience auditing various aspects of information technologies, including information and information-processing risks associated with business processes, and information system controls regarding the accuracy, completeness, and integrity of data and transaction processing for clients in various industries. In addition, Bruno has significant experience in the supervision of large scale IT initiatives, and advisory oversight of technology integration engagements.

Prior to joining Ernst & Young, Bruno served in the Arthur Andersen’s Business Consulting practice managing large-scale technology implementations and in the technology architecture group in Accenture where he had lead responsibilities in clients nationally.

Bruno is a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP).  He has a B.S. in Business Computer Systems from Bradley University in Peoria, Illinois.   Bruno is an active member of the Information Systems Audit and Control Association (ISACA), Information Systems Security Certification Consortium, Inc., (ISC) ², InfraGard, and former president and founder of the Information Systems Security Association (ISSA) Puerto Rico chapter. Bruno is a frequent speaker for ISACA and ISSA regarding IT risk management, IT security and governance topics.

> 3:00 pm to 3:10 pm - Break

> 3:10 pm to 4:00 pm - Presentation (Part 2)

Emerging Trends in Information Security - Continued

> 4:00 pm - Meeting Close

back to top

back to top

back to top