Please feel free to notify us of Bay Area compliance events.  If we have sufficient notice, we are happy to support getting the word out to our clients and community.  Just email Bay Area Compliance Events

Navarasu Dhanasekar is Senior Manager IT Services at SOAProjects. He has over 14 years of experience in information systems audit and assurance, enterprise and IT risk assessments, information security, ERP implementations, data analytics, internal audits, operational audits, financial audits and business process studies. His prior experience includes working in the Technology and Security Risk Services (TSRS) practice at E&Y. He holds a Bachelor’s Degree in Science and is a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and BS7799 (Implementer).

Tuesday, April 27, 2010, 6:00 PM to 9:00 PM ASWA 103 April Member Meeting

Hosted by ASWA - Biltmore Hotel and Suites - 2151 Laurelwood Rd, Santa Clara, CA

Speaker: MANPREET GROVER, CPA

Topic: FRAUD CONSIDERATIONS IN FINANCIAL STATEMENTS

Manpreet is a Managing Partner at SOAProjects, Inc., which is one of the fastest growing accounting firms in Northern California. The Business Journal recently ranked SOAProjects 10th out of the Bay Area's top 25 accounting firms. Manpreet has clients in the high tech, software, bio-tech and financial services industries.

Manpreet's presentation will cover the Fraud Triangle, Misappropriation of Assets and Fraud Audit Procedures. We look forward to having the opportunity to have Manpreet share her expertise in the challenging areas of fraud detection and prevention.

Thursday, May 13, 2010, SOAProjects sponsors The Association for Corporate Growth (ACG)

As the CEO of MetricStream, a Silicon Valley-based, governance, risk, compliance and quality Software Company that enables corporations to comply with rules, regulations and mandates such as Enterprise Risk Management and Sarbanes-Oxley, Ms. Archambeau has grown the company into a global market leader. MetricStream has been recognized for growth and innovation over the years and was recently named in the top 10 of the "Deloitte Technology Fast 50".  In 2008 and 2009 MetricStream was named a global leader in Governance, Risk and Compliance by Forrester Research and Gartner. Ms. Archambeau has over 25 years of experience in technology leading organizations focused on business to business as well as business to consumer. She is a recognized expert in marketing and co-authored, Marketing That Works: How Entrepreneurial Marketing Can Add Sustainable Profits to Any Sized Company. She has held Chief Marketing Officer roles for two public companies and as President of Blockbuster.com, launched the entertainment retailer’s online presence. (more)  RSVP or for more information e-mail: acgsiliconvalley@acg.org

Non Member Registration
Other/ACG Chapter Members Registration

ACGSV Member Registration (must login to register)

Fremont Hills Country Club
12889 Viscaino Place
Los Altos, CA
650-948-8261

Tuesday, March 30, 2010, Going Public or Staying Private:  Successful Capital Raising Strategies for Growth Companies
Startups typically become established as private entities using capital from the owners or outside investors, cash generated from the business, and bank loans. When the company's growth requires more capital than these sources can offer, CFOs need to consider the merits of raising money privately vs the public equity markets. This can be especially tricky when faced with a just recovering IPO investment climate.

Topics to include:

• What benchmarks indicate it may be time to go public?  What business segments are most attractive to investors now?   What are they looking for in terms of risk and return?
• What are the obvious and hidden costs of going public?
• How expensive are late stage private venture rounds?  Should M&A be considered a viable exit?   What are the merits of "dual tracking" an M&A/IPO exit strategy?

Moderator:
Tom Kellerman | Managing Partner and Co-Chair of the Emerging Business & Technology Practice,
  Morgan, Lewis & Bockius
Panel:
Ken Goldman | CFO of Fortinet
Peter Kelly | Co-Founder and CFO of OPENLANE
Eric A. McAfee | Chairman & CEO of AE Biofuels
Chris McCabe | Managing Director and Global Head of Clean Technology & Renewables at Piper Jaffray

Sorry we missed you at March 25-26, 2010, ISACA Silicon Valley 2-Day Spring Conference, Beyond Checkbox Compliance -- Audit and Accountability

The past year has taught us that regulatory compliance is not enough. The Heartland data breach occurred even though the company was PCI compliant, and the Madoff Ponzi scheme occurred even though Madoff's company was investigated multiple times by the SEC and other regulatory authorities. How do we move beyond checkbox compliance to truly address the risks?

Our 2-day 2010 Spring Conference, Beyond Checkbox Compliance – Audit and Accountability, will be held March 25-26, 2010 at the Computer History Museum in Mountain View. The conference will cover a mix of audit, security, governance and compliance tracks. Here is a sneak peek at some of the exciting presentations, panels and speakers at our upcoming conference.
Here's a highlight:
Session 4: GRC – Real World Use Case
Abstract:All industry GRC tools are in their adolescence, with obvious maturation ahead. An overall understanding of enterprise risk and the relationship to the organization’s structure, data streams, financial, operational, and IT processes, and compliance requirements is important to ensure configuration that does not require extensive rebuilding or re-work in the future. How do we deliver necessary guidance and structure to prevent teams from travelling down unrecoverable and inefficient paths? What are the steps that best leverage each technology for its core strength, rather than treating GRC as a panacea?

Over the last several months, the industry has seen a dramatic shift from disparate compliance initiatives to shared enterprise initiatives. Key differentiators in recent projects are the collaborative efforts of stakeholders across business, finance and IT. Even more noteworthy are the evolving dashboards and risk models, taking into account metrics across a Unified Control Framework, and integrating risk ratings from the smallest device to the largest shareholder milestone.

This session will offer a real world use case, offering potential reasons for recent success, where lessons learned are now resulting in rapid GRC deployments.

Sample discussion will include specific examples from RSA’s latest product acquisition, ARCHER, and will demonstrate how this GRC is leveraging integrated technologies such as Application Security’s DBProtect.

The case study will look at Policy, Baselines, Threat and Vulnerability Management and Exception Management, using multiple regulatory contexts and considering various domains of management.

• History: Architecting of governance frameworks and related policies, risks, controls, and compliance
• How GRC Applications integrate multiple risk frameworks
• Samples of working with enterprise tool configuration and data population
• Policy drafting and alignment both with and without GRC
• Challenges and Solutions for the performance of risk assessments across the enterprise, including IT
• Ability to leverage CMDB and data feeds to link assets and risks
• Mapping compliance frameworks and requirements, including SOX, PCI, ISO 27001, HIPAA – who’s getting it right?
• Working across the enterprise to align objectives and normalize compliance requirements
• And last, Is GRC an Auditing Tool?: How GRC is now Identifying and testing the effectiveness of operational and financial controls

Thursday, March 18, 2010, New Accounting Landscape for Revenue Recognition

Silicon Valley Bank and SOAProjects invite you to join us for a panel discussion about the impact of new accounting rules for revenue recognition, with emphasis on hardware and software technology companies.

Panelists:
Edwin Hormozian, Audit Partner, Deloitte & Touche LLP
Chris Smith, Accounting Advisory Partner, PricewaterhouseCoopers
Previn Waas, Audit Senior Manager, Deloitte & Touche LLP
Larry Vertin, Senior Director of Revenue, Network Appliance

Moderator:
Faisal Jeddy, Partner, SOAProjects, Inc.

Our expert panelists will answer key questions, such as:

• Who is most impacted by the new accounting rules for revenue recognition?
• What are some of the issues that early adopters are facing for these new rules?
• What resources are needed to implement the changes?
• What is Best Estimate of Selling Price and how will companies determine it?
• What will your audit teams look for?

This event is ideal for CFOs, Controllers, Revenue Managers and those in public accounting who will experience a significant change in how revenue is recognized for their companies and clients. Our panelists will provide hands-on knowledge of the accounting and reporting impact and how to get through the implementation of the new accounting rules.

Thursday, March 18, 2010
7:30 a.m. Registration, Continental Breakfast and Networking
8:00 – 10:00 a.m. Panel and Q&A

KELLOGG AUDITORIUM
Silicon Valley Bank
3005 Tasman Drive
Santa Clara, CA

RSVP by Tuesday, March 16, to Carrie Hicks at 408.654.6225 or chicks@svb.com. There is no charge for this event and is open to our clients, contacts and friends

Thursday, February 18, 2010, ISACA Silicon Valley Monthly Meeting, And Membership Drive Presentation: “Emerging technology, audit, compliance and control: An immovable object meets an unstoppable force”

Chapter Calendar

In today’s rapidly changing technology climate, it is essential that the audit, control and compliance community keep pace with what’s going on in the evolving infrastructures they audit and support and on developing trends that are being aggressively pitched to their C-level executives and business units. Sean will cover three emerging areas that are changing the face of information technology: anywhere access, cloud computing and the consumerization of IT and frame discussions around audit and compliance for the three of them. Engage in a collaborative dialogue around some of these initiatives in your organization and your peer’s organizations to become part of the decision making process in your organization and get on the train instead of getting run over by it.

Speaker Sean Lewis, CISA, CISM, CGEIT is presently serving as Regional Security Advisor for Microsoft North America, focusing on relationship management with CSO/CISOs at some of Microsoft’s largest and most strategic customers and partners. Sean has held a number of technical leadership positions in global organizations, including as Security Architect for Microsoft Consulting Services’ Security Center of Excellence and Lead Consultant for the Southwestern United States in Verisign’s Global Security Consulting practice. Sean has more than 6 years of experience in the Information Security industry geographically oriented in Southern California, previously holding positions such as Information Security Manager for a large healthcare provider (Sharp Healthcare) and Principal Network Architect for a large B2B/B2G clearinghouse. At Sharp, Sean’s workload was divided between administrative components such as policy development, regulatory compliance roadmap construction and strategic oversight of information security program implementation and technical components such as penetration testing, security architecture and information assurance certification and accreditation of numerous third party devices for use in a high security patient care environment. Sean’s current interests include biomedical equipment hardening and security profiling, risk tree mapping and utilization of information assurance and security engineering practices in the private sector. Sean also served as the Technical Advisory Board member for Network Vigilance Incorporated, providing guidance and oversight and specializing in network security research and threat mitigation technology.

February 15, 2010 in San Francisco, LES USA and Canada

LES USA and Canada is pleased to be working with INFORMEX, the leading meeting place for buyers and sellers of high-value chemistry, to present the PDS 100 course, Commercializing Technology through the Power of IP Licensing, February 15, 2010 in San Francisco.  The course will take place immediately preceding the Informex conference, which begins Tuesday, February 16.
The PDS 100 program, presented by two experienced instructors, will provide an overview of the key elements in technology commercialization, including the forms of IP protection, how to determine reasonable royalty rates and deal terms, the most effective valuation methods, finding a partner for your technology, negotiation best practices, and managing risk. Using a case study and hands-on activities, this program is designed for people with little or no prior licensing experience.
Instructors for the February course are:
Brad DeSandro, Patent Attorney, Quarles & Brady LLP
Kaushik Raha, Director, Business Risk Services, SOAProjects Inc.
For more details on the course, visit www.leseducation.org.

January 13th, 2010, IIA San Jose Chapter, New Revenue Recognition Rules

Date - Wednesday, January 13th, 2010
Time - 11:30 AM to 2:00 PM
Venue - Santa Clara Biltmore, 2151 Laurelwood Rd.(Montague Expy at 101), Santa Clara
Sign Up

February 18th, 2010, San Franciso Bay Area InfraGard Chapter -  Winter 2010 Quarterly Meeting

Topic - Introduction & overview to the new DoD Cyber Command and why it is important to national security and your company
Date - Thursday, Feb 18, 2010
Time - 9AM - Noon
Venue -  HP,3000 Hanover St., Palo Alto, CA 94304-1112

Leveraging New Smart Document Technology to Maximize Audit & Compliance Performance in 2010, Join us for a Webinar on December  22nd

REPLAY WEBINAR NOW

Speaker:Dr. David Yavin, Ph.D., President, KCS North America

Dr. David Yavin,
 An accomplished entrepreneur and executive with over 15 years' experience in enterprise software/services and related fields, Dr. Yavin was the co-founder and CEO of DYS Analytics (now Permessa). Prior to joining KCS, he worked with early stage companies providing strategy consulting, business development and fund raising.  Through his efforts, he has helped several Israeli tech companies expand into the US market. Earlier in his career, Dr. Yavin was a professor of Mathematics. He holds a Ph.D. from MIT in the fields of Topology and Combinatorics.

5 Reasons why you will want to attend this webinar:

1.  You’re challenged with managing the wide range of information associated with your audit and compliance-related projects - regulations, risks, controls, audit findings, evidence etc., and would like a simpler solution.

2.  You spend too much time chasing auditees and process owners to get responses to findings or updates to controls.
 
3.  Your company wastes money through unintended and/or unnecessary duplication of testing efforts in complying with multiple regulations and/or initiatives.

4.  You wish there was an easier way to manage, track, report, schedule and execute your Risk Assessment and audit plan.
 
5.  Your current existing audit/compliance tools aren’t fully utilized or simply inefficient or ineffective.

If any of the above describe you or your company, you will absolutely want to join us for this complimentary webinar where you will see how companies are eliminating these and other issues and how you can too.  

The Problem - Dedicated point solutions in the market target specific aspects of Governance Risk and Compliance (GRC) like Internal Audit, SOX, HIPAA, etc. But each one has a unique and often prohibitively complex user interface and users are loath to leave their natural working environment causing most of these solutions to end up unused and the compliance challenges unresolved.

The Solution - KCS Generica Pro brings end-to-end GRC management into your natural working environment. Create, connect and link risks, controls, findings, responses, action plans, etc., all within your native applications, including Microsoft® Office (Word, Excel, PowerPoint), PDFs, Microsoft Outlook® and Lotus Notes®.

Register Early!  SOAProjects recognizes the need to develop and expand existing IT Audit methodologies, such as CobiT, ValIT, ITIL and areas of COSO to include Environtal, Product, Office and Building compliance reviews.

The Association of Certified Green Technology Auditors™ (The ACGTA) is a global professional audit association representing individuals who areaddressing Sustainability, Alternative Energy and Climate Change risks within the corporate business and industry sectors. The organization's network of Global professionals is growing daily on the LinkedIn.com community forum. As the world seeks to become sustainable, combat Climate Change and embrace the emerging Alternative Energy economy, the organization will be formally releasing its website and trademarked professional programs in early in 2010. You can connect with the ACGTA at the following link: http://www.linkedin.com/

<more>

Thursday, December 17, 2009, ISACA Silicon Valley Monthly Meeting (Special Holiday Edition)

December 11, 2009 (Friday), IMA Peninsula Chapter and the San Jose Chapter of ACFE, are hosting their Joint Conference. "2009 Fraud and Compliance Forum" All registrations are processed through http://www.acfesanjose.org/confregistration.html

Location -  Ebay Conference Center; 2211 North First Street, San Jose, CA 95131

Conference Objective
2009 Fraud and Compliance Forum is dedicated to offering the most dynamic and inclusive conference to keep you abreast of the latest advances in your profession. Experience state-of-the-art practices and strategies and discuss the latest developments, emerging technologies in the industry and practices as well as approaches to complex issues. Whether you are an experienced professional searching for answers to complex issues, or are new to the field and need to address more basic challenges, 2009 Fraud and Compliance Forum will provide you with the knowledge and skills to meet your professional future with confidence and assurance.

Conference Highlights
Explore the wide variety of sessions designed to meet your needs your way.  Note the phenominal line up of speaker on the conference agenda http://www.acfesanjose.org/confschedule.html

Silver Sponsor
SOAProjects is a recognized Consulting and CPA firm (2008 Bay Area rank - 11), specialized to provide advisory services in the fields of technical accounting, IT consulting, internal audit and SOX compliance, business process optimization, contract risk management, channel management, license compliance, royalty audits, distribution audits, FCPA compliance and fraud investigations. The Company's head-office is based in Mountain View, California with other offices located in Irvine, New York, Atlanta, Canada, Israel, China, Hong Kong, Japan, Singapore, United Kingdom, India and Vietnam.Our differentiator in the market is to offer our clients the highest quality service through highly experienced and knowledgeable professionals at highly competitive rates. Our clients range from multi-billion dollar public companies to pre-revenue start-ups.

More ideas for GRC Training... have you heard about OCEG and Red Book (V2)?

December 14-15, 2009 8AM-5PM, GRC Strategy & Red Book 2.0 Bootcamp, San Jose, California <Download Bootcamp Brochure> Join Corporate Integrity, LLC, one of the contributors to the OCEG Red Book 2.0, in a two-day basic training exercise in GRC Strategy and Red Book 2. Attendees will receive value in understanding GRC and defining a GRC strategy that aligns to OCEG™ Red Book 2. This bootcamp is authorized and endorsed by OCEG. The objective of this bootcamp is to provide attendees with the knowledge and hands-on practice necessary to efficiently design a GRC program based on Red Book 2. Attendees will learn about defining a GRC Strategy aligned with Red Book 2 through lectures and practical group interaction, discussions, and exercises.

December 16, 2009 8AM-5PM, Developing Your GRC Technology Enablement/Improvement Bootcamp, San Jose, California
< Download Bootcamp Brochure> GRC IT Blueprint & Roadmap, in a one-day basic training exercise in developing GRC IT technology architecture and strategy. Attendees will receive value in understanding technology enablement of GRC and developing a GRC technology strategy that delivers sustainability, consistency, accountability, efficiency (cost-savings), and transparency across the organization抯 risk and compliance initiatives. This bootcamp is authorized and endorsed by OCEG

More on Red Book 2 and Principled Performance?
Although various standards and guidance frameworks exist to address discrete portions of governance, risk management and compliance issues, the OCEG Red Book (v2) and its GRC Capability Model? is the only one that provides comprehensive and detailed practices for an integrated and collaborative approach to GRC. These practices address the many elements that make up a complete GRC business architecture. Applying the elements of the GRC Capability Model? and the practices within them enable an organization to:

• Achieve business objectives
• Enhance organizational culture
• Increase stakeholder confidence
• Prepare and protect the organization
• Prevent, detect and reduce adversity
• Motivate and inspire desired conduct
• Improve responsiveness and efficiency
• Optimize economic and social value

The GRC Capability Model describes key elements of an effective GRC architecture that integrate the principles of good corporate governance, risk management, compliance, ethics and internal control. It provides a comprehensive guide for anyone implementing and managing a GRC system or some aspect of that system. The OCEG GRC Capability Model? is broken into eight components:

• CULTURE & CONTEXT. Understand the current culture and the internal and external business contexts in which the organization operates, so that the GRC system can address current realities and identify opportunities to affect the context to be more congruent with desired organizational outcomes. 
• ORGANIZE & OVERSEE. Organize and oversee the GRC system so that it is integrated with and when appropriate modifies, the existing operating model of the business and assign to management specific responsibility, decision-making authority, and accountability to achieve system goals. 
• ASSESS & ALIGN. Asses risks and optimize the organizational risk profile with a portfolio of initiatives, tactics, and activities. 
• PREVENT & PROMOTE. Promote and motivate desirable conduct, and prevent undesirable events and activities, using a mix of controls and incentives. 
• DETECT & DISCERN. Detect actual and potential undesirable conduct, events, GRC system weaknesses, and stakeholder concerns using a broad network of information gathering and analysis techniques. 
• RESPOND & RESOLVE. Respond to and recover from noncompliance and unethical conduct events, or GRC system failures, so that the organization resolves each immediate issue and prevent or resolve similar issues more effectively and efficiently in the future. 
• MONITOR & MEASURE. Monitor, measure and modify the GRC system on a periodic and ongoing basis to ensure it contributes to business objectives while being effective, efficient and responsive to the changing environment. 
• INFORM & INTEGRATE. Capture, document and manage GRC information so that it efficiently and accurately flows up, down and across the extended enterprise, and to external stakeholders.

April 23, 2009 - 2009 Joint Conference - IIA San Jose & San Francisco Chapters, "A New Economic Reality"

‘The Internal Auditor of the Future’

Organizations are facing unprecedented risks today that provide
the Internal Audit profession the opportunity to step forward and
demonstrate leadership in risk management, control and
governance. Patty will discuss trends and expectations for the
profession and the evolutionary role of the future Internal
Auditor.
Patty Miller, Chairman of the Global Board of IIA

‘The New Economy: Trends and Scenarios’

All eyes are focused on the economy these days. But it’s important to look ahead – the downturn and the overall business environment will continue to evolve. Dwight will share near and mid-term economic and business environment scenarios to provide a perspective and frame of reference for risk management in FY10 and beyond.
Dwight Allen, Director and Global Economist, Deloitte & Touche LLP

Panel Discussion- ‘Balancing internal audit responsibilities and assurance

Budget cuts and personnel reductions are a fact of life for many internal audit organizations and professional service firms. The panel will discuss the various strategies that can be applied to strike the balance between internal audit charter and available resources.

Tom Austin (moderator), VP Head of Global Internal Audit, Applied Materials
John Beeler, SVP Internal Audit, Salesforce.com
John Peters, Director of Internal Audit, Silicon Valley Bank
Philip Roush, VP Internal Control Services, Cisco Systems, Inc.

Panel Discussion- ‘Sharpening your internal audit skills: Career Success in the New Economy’

Compliance, finance and technology executives from four well known Bay Area companies will share their perspectives about career growth and development for the IA professional and the skills required to succeed in the new economy.

Chris Cimino (moderator), Partner, KPMG and President of IIA San Francisco Chapter
Mike Byron, VP & Corporate Controller, NVIDIA Corp.
Joe Cooney, VP Internal Audit, Juniper Networks and President of the San Jose IIA Chapter
Michael Sullivan, VP, Information Security Officer of United Commercial Bank
Julia Wyckoff, VP, Chief Internal Auditor at Gap Inc.

---

March 19th, 2009 IMA and ASWA proudly invite you to a joint meeting and Panel Discussion:

Business And Personal Strategies During Challenging Times: Recommendations from Female Executives in a moderated Forum

March 19th, 2009 - Registration 6:30 PM, with dinner and panel discussion to follow.  Venue is The Domain Hotel 1085 East El Camino Real, Sunnyvale, CA 94087  <Print the session handout here>

This session provides three (3) Continuing Professional Education Hours

Business And Personal Strategies During Challenging Times- An in-depth discussion and recommendations from three female executives in a moderated forum. 

We all see the catastrophic economic meltdown and expect a long winter ahead. Many of us have lost jobs and hopes for career growth. What should we do?

Amidst endless chatter of gloom and doom, it is critical for business owners and financial managers to stay the course.  Companies must continue to look for more than a survival strategy, to include real plans to achieve growth.  It is a time to revise our business plans and redefine processes. This same strategy applies to all working professionals who run their careers as a business. They should re-evaluate, re-plan and redefine current daily tasks to be more competitive.  We must position ourselves not only to win when the market turns around, but to even turn the market ourselves. What we do today defines what we become tomorrow. Transformation carries through each day with the simple decision to do things differently and strategically.

By attending this session you will learn:

From a business strategy perspective

• Understand the need of new laws and technologies that must be staffed, developed, and managed across the next two years.
• Importance and key factors of cloud technology, environmental audit, green accounting, data center and virtualization, thin client technologies that will be required because they actually satisfy requirements to lower GHG emissions, organizational hiring and firing evaluation for assurance of fair practice in compensation and staffing.
• Define and discuss the need for effective financial management in down cycles.
• The art of effective balance sheet management and the important role it plays in obtaining financing in tight credit markets
• Learn the key elements of conservative working capital management and the tools required to measure liquidity and solvency
• The points of view through which stakeholders, investors, and creditors view different types of businesses during economic downturns and what can be done to shore up confidence

From a personal strategy perspective

• Understand who we are today. Log your activities for a whole week and classify your activities into short- term and long-term.
• Log your time again one week per month, map your actual activities to your goal, measure the results and make it part of your routine.
  Define yourself, start the transformation process today, and you will become the new person you are wishing to be in the near future.

Susan Finch is a founding director of The Winters Group, a finance and economic consulting firm which provides outsourced CFO, Controllership and Management Accounting services to established and start up businesses. Additionally she is a founding member of Forensic Financial Associates, LLC, a firm which provides business valuations, litigation consultation, and mergers and acquisitions. With over 25 years of experience in corporate finance and management, and over ten years of experience as a financial and economic consultant, Susan is also a Certified Forensic Financial Analyst as awarded by the National Association of Certified Valuation Analysts, and testifies as an expert witness on matters pertaining to economic loss analysis as it pertains to breach of contract and tort cases. Susan earned a Bachelor's Degree in Economics and a Master of Science Degree in Applied Economics and Finance from the University of California, Santa Cruz. She also earned an MBA in Finance and Accounting from Regis University and is a member of the Board of Councilors for the Social Sciences Division of the University of California, Santa Cruz

Elizabeth Xu is the Senior Vice President of Product Development and World Wide Support for Vitria Technology. She currently is responsible for Vitria's Product Development, Product Management, World Wide Customer Support, Education and IT Operation. Elizabeth started her career as a Software Engineer at IBM. She was promoted to project manager and then manager within two years of service. She launched the IBM Asian American Network with three IBM Asian Executive sponsors. IBM provided her with solid management skills and leadership training. Elizabeth joined Vitria in 2000 as an Engineering Manager. She has been promoted to Sr. Manager, Director, Senior Director, VP of Engineering and Sr. VP of Product Development in the last 8 years, her responsibilities expanded from Engineering to Professional Services, Customer Support, Education, Product Management and IT. Since she became the VP of Engineering, Elizabeth has been devoted to developing and growing leaders at Vitria through a weekly leadership training program. In the last few years, Elizabeth has expanded her efforts in elevating leadership skills in the Asian community by teaching in-depth leadership classes as well as making presentations to different Asian community organizations and alumni groups. Her well-received presentation" Ten Steps to a Successful Career" provides building blocks for individuals who pursue meaningful careers. Elizabeth holds a Ph.D in Atmospheric Science and an M.S..in Computer Sciences from the University of Nevada, Reno. She has earned an M.S. in Atmospheric Science and B.S. in Space Physics from Peking University

  Robin Basham Directs the Enterprise Technology Governance Risk and Compliance, and Green Initiatives practice at SOAProjects, implementing a 4 Point GRC and assuring alignment with Federal, National and International regulatory requirements. With expertise in ERP applications, data center control analysis, regulatory requirements, IT best practice, Sarbanes-Oxley Section 302 and 404 attestation, Security, and Business Continuity, Robin supplies policy, tools and strategy to mitigate risk associated with business interruption. Robin maintains active involvement in the advancement of audit methodology by way of technical committee and advisory role with OMG, OASIS, ITGI, ITSMF and acts as a liaison for ISACA, working to address Control Objectives for Sustainable Business. Prior to joining SOAProjects, Robin founded Phoenix Business & Systems Process, where she established strategy, tools, program, and process architecture, producing audit evidence for more than a dozen fortune five hundred companies. Robin’s teams prior and since joining SOAProjects have earn 100% audit success, with attestation to non-qualified controls by four of the “big four. Robin’s facility in providing open source compliance models allow clients to collaboratively develop long term SOX 404 solutions, while monitoring corrective action plans with remediation across all significant gaps before audit deadlines.

Tania Adams, Deloitte, has over 10 years of experience in business process analysis, financial management and system operations and maintenance. She specializes in Governance, Risk, and Compliance (GRC) solutions as well as the design and implementation of business process controls, data integrity, and security for ERP and Custom Application Systems. She has designed and developed business process controls and security for a variety of ERP and Custom Application Systems. Tania was the co-founder and co-led the Deloitte Segregation of Duties Center of Excellence (SOD COE). The SOD COE developed processes and tools to deliver SOD services for ERP and non-ERP systems to our clients. Tania has assisted clients to meet compliance related requirements for Sarbanes Oxley Section 404. Her system experience includes SAP, Oracle, PeopleSoft, JDE and Custom Applications.

Moderating the Panel - Sudha Chadalavada has over 15 years of experience in auditing and finance and currently employed at Nanometrics as SEC Reporting Manger and the chapter president of IMA Silicon Valley. During her tenure as the chapter president of Silicon Valley Chapter of ISACA, Sudha has conducted three major bay area conferences. The Joint conference with IIA San Jose chapter founded by Sudha Chadalavada is conducted during the fall for four years which gathers close to 200 attendees. Sudha has revived the ISACA Silicon Valley chapter’s Spring Conference and also is the founder of Silicon Valley Chapter’s winter conference that completed its two year’s anniversary this January. Sudha’s one of the long standing vision is to conduct a joint conference with multiple bay area associations to congregate professionals from various backgrounds and careers to inter-exchange ideas, views and knowledge.

Contact: Sudha@pacbell.net or call at (408) 410-6148.

For more information, please register at

http://www.siliconvalleyima.org/joint_meeting_registration.html

2009 WINTER CONFERENCE - FEBRUARY 25, 26 & 27, EBAY TOWN HALL, SAN JOSE

Location - eBay Town Hall - 2161 North First Street - San Jose, CA 95131
Click here for directions

Audit Tracks

Joanne McNabb, the Chief Privacy Officer of the State of California (http://www.oispp.ca.gov/default.asp), will discuss new updates to the breach notification act, and new information protection requirements coming out of Sacramento.

Brijen Joshi, CA and CISA, is a Senior Audit Manager, IT Applications, with Juniper Networks where he is currently responsible for designing controls in their new CRM and ERP implementations. His presentation is titled, 'Designing Controls for a new ERP implementation'.  Mr. Joshi has over 16 years of combined experience in ERP implementations, Financial Audit and IT Risk Advisory. Before joining Juniper, Mr. Joshi worked with PricewaterhouseCoopers and Ernst & Young in various capacities ranging from Financial Auditor, ERP Consulting to IT Risk Advisory.

Abe Smith, President at MSH Consultants, Inc, will present on "High Tech Crimes and Working with Law Enforcement".  Prior to his current position, Mr. Smith was a Consultant at Checkpoint, CISO at Bay Area CSO Council, and CISO at Xilinx.  He has been in the Information Technology industry for 26 years, has been a consultant for 18 years, and has focused fulltime in the Information Security area since 1994.  He has built Information Security organizations from scratch for Pacific Bell Network Integration (now a part of ATT), Synopsys, and Xilinx.  He has consulted and evangelized Information Security internationally, and taught CheckPoint firewall technology to many of his clients.

Eddie Borrero, CISSP, MCSE, CCNP (etc.), is the acting-CISO at Robert Half. Mr. Borrero's topic is "Securing More with Less - Surviving the Downturn" and he will discuss real case studies he's seen at work.  Mr. Borrero has over 10 years of industry experience designing and implementing technology and security solutions in all areas of information technology.

Trey Ford, CISSP, MSSE, SSNA, PCI Qualified Data Security Professional, is the Director of Solutions Architecture at WhiteHat Security, and will be presenting, "Making a Living the Black Hat Way - Logic Attacks".  Mr. Ford provides strategic guidance to WhiteHat customers and prospects on their website security programs. He also spearheads WhiteHat's participation in the PCI Standards Council.  Prior to WhiteHat, he was the Compliance Practice Lead at FishNet Security, an information security services provider based in Kansas City. Mr. Ford also founded and operated Eclectix, a technology consultancy. He has been tapped as an industry resource for publications such as SC Magazine and The Tech Herald.

Jonathan Cran, CISSP, will be teaching "Penetration Testing 101: Becoming the Attacker".  This course will provide the student with an opportunity to learn the ways of a malicious attacker. During the course, the student will be exposed to methods and techniques which are used to exploit a network and obtain access to data. The student will learn how these methods and techniques can be applied in real-life situations, whether during an audit, or as part of a penetration test.  The course will be tailored to the ISACA audience, and will provide the student with advice and insight on how to best utilize the techniques to secure information assets. Without understanding the threat, how can you protect against it? 

The course will cover the following topics:
- Methodologies & Practice - Determining scope and what to attack
- Threat Modeling & Threat Trees - Focusing and explaining an attack
- Reconnaissance - How to gather targets
- Enumeration - How to determine weaknesses in targets
- Exploitation - How to exploit weaknesses in targets
- User-Exploitation - How to exploit weaknesses in human targets
- Post-Exploitation - What can be done after targets have been exploited?

Mr. Cran is a security consultant and senior penetration tester with the Boston-based infosec firm, Rapid7. He has been with Rapid7 for two years and specializes in network penetration testing and web application assessment. In previous lives, he was a .NET developer, network administrator, and farmer (short-lived).  He is an active member of the security community and involved in a number of local security groups. In his spare time, he enjoys producing music and replacing his work with small shell scripts. He runs a blog at http://www.0x0e.org.

Mark S. Kadrich, CISSP, will be teaching our all-day Incident Response Class.  Mr. Kadrich is presently President and CEO of The Security Consortium, whose mission is to provide security testing, research, counsel, and leadership to their customers.  His book Endpoint Security (Addison Wesley) is available now.  Prior to TSC, Mr. Kadrich held senior positions at Symantec, Sygate Technologies and Counterpane Internet Security.

Robin Basham M.Ed, M.IT, CISA, ITSM, will be teaching our COBIT Awareness course.  Ms. Basham is SOAProjects Director, Enterprise Governance Risk & Compliance, is recognized as an ICT Enterprise and GRC expert. She currently assists SOAProjects clients in Green Tech initiatives.  Ms. Basham's Certifications include ITIL, CobiT, Networking, Java Enterprise, Information Audit and Security and most is recently a CGEIT candidate.  Technical Advisory, Executive leadership and Steering Committees include ISACA, OASIS, OMG, and AWC.  She is also a founding member for Control Objectives for Sustainable Business, COSB. Ms. Basham created Facilitated Compliance Management software and is the sole owner of Phoenix Business and Systems Process.

SOAProjects provides an interactive learning experience where participants learn about COBIT® IT control framework and how COBIT® addresses IT Challenges. This half day session provides an overview of the COBIT® Framework, some detail of COBIT® Components and a brief summary of COBIT® Resources.  This course will assist the learner to identify if CobiT Foundation certification is an appropriate path for their needs and how to become a CobiT Practitioner.  It is an introduction level course and assumes no previous knowledge.   SOAProjects also offers onsite 2 day CobiT Foundation and Intermediate and Advanced Governance trainings. 

Bryan Kissinger and Tracy Stiba, both of PricewaterhouseCoopers, will be teaching the SAS 70 course.  Dr. Kissinger is the author of "Alignment of IT and the Business", and spoke to us at our 2007 Joint Fall Conference (see http://www.isaca-sv.org/FallJointConferenceBrochure2007.pdf, p.5). 

We have confirmation from three attorneys to present the Mock Fraud

http://www.isaca-sv.org/Conferences.html.  

JANUARY 22nd and 23rd Knowledge Synergized 2009 Conference

Conference Objective
Knowledge Synergized is dedicated to offering the most dynamic and inclusive conference to keep you abreast of the latest advances in your profession. Experience and discuss; state-of-the-art practices, strategies, and developments in emerging technologies in the industry and practices as well as approaches to complex issues.
Conference educational sponsors include

• Association of Certified Fraud Examiners (ACFE)
• California Society of Certified Public Accountants (CalCPA)
• The Institute of Management Accountants (IMA)
• The Information Systems Security Association (ISSA)
• American Society of Women Accountants (ASWA)
  

Conference Tracks
Audit: This track features sessions on new and emerging techniques, methodologies and best practices in External Audit, Internal Audit and IT Audit.
Information Security: This track include sessions on the latest information security topics, provides insight into security risk management, methodologies and protection measures.
Finance: This track offers comprehensive coverage of topics relevant to finance professional including Income taxes, cost and budgeting as well as FASB and SEC updates.
Fraud: This track provides opportunities for you to gain valuable anti-fraud knowledge and techniques and insights into today’s fraud profession.
Leadership: This track provides solid leadership tools and techniques and helps you in a significant way to influence people to get work done.

Unmatched Networking Opportunities
Knowledge Synergized offers unparalleled networking opportunities. From receptions, networking breaks, through discussion lunches and the evening social, you will have plenty of time to share the best practices and learn from other industry professionals and network with an unmatched group of experienced peers and increase your personal ROI and influence.
Continuing Professional Education
Knowledge Synergized offers sessions that would meet your CPE requirements. This two day multi-track event provides fourteen CPE hours at the most affordable cost.

SOAProjects is represented by Jay Swaninathan, Alan Chipman and Robin Basham

Jay Swaminathan is a manager in the IT practice of SOAProjects. Jay as part SOAProjects’ Oracle practice collaborates with his clients to efficiently leverage Oracle applications. Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young.  
<more>

Robin Basham leads the Enterprise Technology Governance Risk and Compliance practice.  Moving beyond Financial controls and SOX 404, Robin’s teams implement a 4 Point GRC. These solutions streamline and reduce the total number of enterprise key controls while assuring alignment with Federal...
<more>

Alan Chipman, Senior Director of IT Consulting and Risk Management, joined SOAProjects after nineteen years with PricewaterhouseCoopers, is known throughout the Bay Area for having built IT Audit practices in the Portland and San Jose offices of PwC from 1993 - 2008. At SOAProjects, Alan leads technical specialists providing IT and business process risk management and consulting services.  <more>

Thursday, January 15th, ISACA SILICON VALLEY 2009 Winter Gathering & Awards Ceremony

ISACA-Silicon Valley Chapter Members are invited to a FREE* January Monthly Meeting at a very special place: the Computer History Museum in Mountain View. Attendees will enjoy a lecture on the history and future of InfoSec, a docent-led tour of the museum, the 2008 Awards Ceremony, a wine-tasting competition, and opportunities to network.

Our Topic

Where is Information Security Going? The field of information security we know today was ignited by the development of radio just over a century ago. Radio was just too wonderful to forgo but it bypassed every information security technique in use at the time, except cryptography. As a result, cryptography became the centerpiece of information security and emerged from the 20th century as far the best developed and most reliable part of the field. A similar phenomenon occurred with multi-user computing. This time the solution was not so clear and computer security has had a central place in information security since the 1960s. Today such concepts as utility computing and cloud computing threaten to upset the apple cart again by giving rise to a groundswell of computational outsourcing and moving most corporate computing outside the data owner's firewall.

Our Speaker

Dr. Whitfield Diffie is best known for discovering the concept of public key cryptography, which underlies the security of internet commerce and all modern secure communication systems. After leaving Stanford University in the late 1970s, Diffie became Manager of Secure Systems Research for Bell-Northern Research, the joint laboratory of Northern Telecom and Bell Canada. In 1991, he moved to Sun Microsystems, where he is now Vice-President, Sun Fellow, and Chief Security Officer.

Meeting Details http://www.isaca-sv.org/monthlymeeting/200901.pdf

December 18, 2008, ISACA Sillicon Valley
SOAProjects will be attending ISACA Sillicon Valley Meeting on Thursday, December 18, 2008.  They have two presentations from security heavyweights Symantec and McAfee:

1)  The Underground Economy: The Symantec Report on the Underground Economy- examines activity on underground economy servers observed by Symantec between July 1, 2007 and June 30, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.
2) Putting Security into Your Virtual World:  As virtualization technology grows in popularity, the big question about security is buzzing: "How will this technology affect my existing security posture?" Taking a one-size-fits-all approach is definitely not the answer. Find out the best way to start securing your Virtualization environment during this talk. Many may think that technology alone is the answer; but it isn't! There are key considerations on this journey and each should be taken seriously: people, process and technology.

1) Zulfikar Ramzan is currently an Architect and Technical Director with the Symantec Security Technology and Response group. In this role, Zulfikar is at the forefront of identifying sophisticated computer security threats and trends.
...

2) Roman Hustad is a Principal Consultant and Trainer at Foundstone, a division of McAfee. His responsibilities include security code review, software architecture and design reviews, secure software development life cycle design and implementation, and threat modeling for Fortune 500 and government clients....

Here are some additional announcments for those who don't mind travel, or like to get their training on line.