Date

Thursday, March 11, 2010

Time

11:45 a.m.
Registration begins/doors open

12:00 p.m.–1:00 p.m.
Access and Identity Management – Reloaded

Location

Port of Portland Building
121 NW Everett Street
Portland, OR

Fee

$20

Sponsors

ISACA

Presented By:

Brian Iverson, Senior Manager and Laxman Subramanian, Manager in the Information Protection practice at KPMG LLP.

Sponsors

Is it time to think about returning to the basics of identity management? Although Identity Management is driven by a grandiose vision (the ubiquitous directory and centralized access management), the practical elements such as user provisioning and web access management were driven mostly by a need for a pragmatic approach. The market has matured. Product categories have stabilized and vendors are consolidating. Most organizations have tried their hands at working with some pieces of the identity management puzzle. Do we like where we are? Do we know where we are going?
 

This discussion will cover a variety of topics in identity and access management that fit with the "back to basics" theme.  Topics covered will include:  One-stop shopping for access requests and authorization; graduated automation, privileged account management, and others.

Date

Tuesday, March 23, 2010

Time

1:00 p.m.–5:00 p.m.
3 one-hour presentations, plus networking

Qualifies for 3 CPE

Location

Nike Campus – Beaverton, OR

Fee

$30 – Includes refreshments provided during breaks. Please note that lunch will not be provided.

Sponsors

NIKE, ISACA

Sponsors

Implementing Data Analytics for Audit – Julia Read-LaBelle, manager of the data analytics program at Nike Audit, will discuss the evolution of the program. The focus of the training will be on how to apply and integrate a program (not the tool).

Data Classification – Kyle Miller, CISO Department of Human Services State of Oregon will share key insights on how to get traction within the business when rolling out data classification.

Outsourcing IT – This discussion will focus on the risks and best practices related to outsourcing IT.

Although the event is primarily for auditors, other IT professionals may benefit from the information presented.

Coming Thursday April 8, 2010

Agile Software Development – An IT Auditor's Perspective

Agile software development methods are more popular than ever as companies shift from monolithic, long-term implementation cycles to a less formal approach which allows for incremental “wins” and the flexibility to evolve with changing business requirements and conditions. While benefits of this more adaptive approach may be clear, the lack of structure and formality introduces risk and can also make this a challenging domain for information systems auditors.

This session will provide an updated baseline of Agile software development, risks for auditors to consider in Agile-based environments and projects, and controls to look for as mitigation of common risks.

Dave Friesen is a senior business technologist currently serving as Director of Software Engineering, Application [Production] Services and QA for a leading technology-based legal services firm (and past client) in Portland, Oregon.  His experience includes over fifteen years assisting diverse companies with business technology solutions and IT risk controls across a range of industries, and as both a practitioner and auditor.

Dave is an honors graduate of Portland State University with a Bachelor of Science degree in Business Management.  He is also a Certified Information Systems Security Professional (CISSP), a Certified Management Accountant (CMA) and a Certified Information Systems Auditor (CISA).

An avid runner, Dave enjoys spending time with his family, reading non-fiction and serving on the Portland State University Association and Junior Achievement boards of directors.