Roy J. Dew, Antares Management Solution
This session will provide an overview of the key IT frameworks and standards that include COSO Internal Control-Integrated Framework (COSO ERM Framework), ISO 27001 Information Security Management System Standard, Information Technology Infrastructure Library (ITIL) Version 3.0, Control Objectives for Information and related Technology (COBIT) Version 4.1, and National Institute of Standards and Technology Special Publication 800 Series. The purpose of the session is to explain IT risk management, the similarity of the construction of each of the standards and to provide a working knowledge of how to use these standards to address the IT governance, risk management, compliance and security requirements of an organization. The presentation session will include an explanation, with working examples, of how to implement and maintain the standards using a practical approach and methodology.
Dennis Barberic, Jr., KPMG
This session will discuss creating a framework for imbedding effective controls and mitigating risk in the XBRL reporting process. The speaker will draw on his consulting experience in transforming the financial reporting process to present a relevant and contemporary discussion. The presentation will cover overall XBRL reporting responsibilities and risks for non-compliance, common XBRL misconceptions that increase risk to financial reporting, and leveraging technology to apply controls for internally produced XBRL reporting. Participants will also learn issues surrounding the use of a third party to produce XBRL statements and its potential control and assurance pitfalls, and a suggested model for in-sourced and outsourced XBRL reporting processes, systems, and frameworks.
Kenneth Stasiak, SecureState
This session will discuss the current state of technology development within the information and systems security field. The speaker will begin by identifying some of the technological 'flops' seen by the industry in 2009, and the key learning points from those failures. Participants will learn about the coincidental struggle facing many industries that are finding it increasingly difficult to achieve compliance with the regulations of the Payment Card Industry (PCI) and other organizations, due to the lack of success of recent information systems technology. The speaker will provide a look ahead at the potential technologies set to emerge in 2010, and the impact they will have on information and systems security to rebound from the recent failures.
Edward Goings, KPMG
In this case study, the audience will learn the dynamics and extended use of forensic technology in computer crime investigations. The case involves a situation in which disparaging emails were sent to the client company's customers, resulting in a wave of order cancellations and totaling net damages of over $1.5 million in sales. Ed will present the procedures used by KPMG in responding to its client's security issue. He will then discuss the investigation details, especially the forensic data analysis, and the conclusion formed by KPMG's Forensic Technology Services. His presentation will walk through the computer forensic examination techniques used by KPMG.