Info-Net Information for the Auditing & Control Network

January 2010

Thursday, February 18 — One-Day Seminar

Auditing Windows Active Directory
This course is designed for a user to understand security policies and the administration of
the basic administration of Windows Active Windows Active Directory.
Directory. It gives the auditor a ‘hands on’ We will cover the following areas at a basic level
approach to understanding the fundamentals of of understanding:
the Windows Server system through a live ⇒ Windows Server and Active Directory
SandBox environment. ⇒ Domain Trusts
In general, the training will highlight: ⇒ Accounts
⇒ Features ⇒ Permissions (Organizational Units)
⇒ Auditing Techniques ⇒ Policy (Group Policy Objects)
⇒ Security Concerns ⇒ The Registry
⇒ Services
Upon completion of the course, the auditor
should be better able to understand the ⇒ Server Logging
complexities of security, the hierarchies of ⇒ Server Auditing
⇒ Security

FEBRUARY SEMINAR DATA SHEET

Auditing Windows Active Directory
DATE AND PLACE Thursday, February 18, 2010; JH Cohn LLP, Roseland, NJ
PRESENTER: Farid Abdelkader
TIME: 8:30AM—9:00AM Registration
9:00AM—5:00PM Session
Noon—1:00PM Luncheon
ATTIRE: Business Casual
CPE CREDITS: 8
COST: $200 Members, $300 Non-members
RESERVATIONS: www.njisaca.org
February Presenter - Farid Abdelkader
Farid Abdelkader is a Senior Consultant in Protiviti’s Technology Risk practice. Prior to Protiviti, Farid was a
Windows Administrator for NetsoftUSA, a Microsoft Gold Partner. His numerous Microsoft Certifications and broad
experience with technology, network administration and financial services have made Farid well rounded in the
technologies which drive businesses. Since Farid’s arrival at Protiviti, he has been involved in numerous Compliance,
IT Audit, Security and IT Asset Management engagements in a broad spectrum of industries. Some of these industries
include Financial Services, Insurance, Pharmaceutical, Materials and the Distribution and Technology arenas.

www.njisaca.org 1
 INFO-NET New Jersey Chapter
January 2010

FROM THE PRESIDENT’S DESK

Changes in Your ISACA Chapter
The word for today is change. The New Jersey chapter has been going through many changes and will
continue to be changing through the current year. First, I would like to welcome our newest Board members
who were elected during our June election, including: Dr. Balwant S. (Bill) Lall, George G. McBride, Dr. Paul
Rohmeyer and Sandra Zarraga. We are very lucky to have an infusion of such talented individuals and
welcome their involvement with the renewed energy that they bring to the table.
At our chapter’s annual meeting in June 2009, the Board outlined our goals and objectives, based on
feedback from our members and discussions with our board members. The following are the areas we
identified where we felt the chapter could improve upon:
Ö Career Connect—Our Career Connect program was a market driven endeavor to help our members
who are in transition. Thanks to Sandra Zarraga, Career Connect Coordinator, who organized this
program and helped coordinate some very successful events, including our August networking event
held at the Park Avenue Club that was attended by over 80 people. Our plans are to hold 3-4 of these
events per year as our member’s needs dictate.
Ö Communications Policy—This is in progress and is made up of various components, including the
newsletter (which you are now reading) and our CVENT event management system, which is being
maintained by Cary Brown, Education Committee Chair and CVENT Coordinator. Our primary goal will
be to reduce the amount of e-mails you receive and keep you better informed. Expect more changes
throughout the year.
Ö Web Site Update—Our current web site hosting provider is not very responsive and our web site is
difficult to change or maintain. We are changing Web providers and a major rewrite is in progress,
spearheaded by Chris Olugbenga, Web Team Chair. We are hoping to see the new Web site in place
by February.
Ö Newsletter—You are now reading the results of our efforts here. Thanks to Carl Philips,
Communications Committee Chair and Jeff Saffer, Publications/Newsletter Editor, our newsletter will
now become a regular occurrence which will be designed to provide up to date information on our
events as well as other information that is important to our members.
Ö IT Leadership Roundtable—This will be the first governance event designed for CIOs, CISOs and
other IT leaders. Bill Lall, CISA Item Writing Coordinator, is in the process of finalizing the agenda and
date, so please keep your eyes opened for more details. We will be looking to our membership to help
spread the word to your IT colleagues to help garner their interest. This has also been nicknamed
“Bring Your CIO to Work Day.”
Ö Audit Directors’ Roundtable—Audit Director’s roundtable events were regular occurrences in prior
years, but we have not held this type of event since I joined the Board in 2002. We held an Audit
Directors’ roundtable event in December 2009 and the feedback from the 16 attendees was very
positive, most of who asked if this could become a regular occurrence. Special thanks to Paul
Rohmeyer and Neal Kirschner, who moderated the event and to Eisner LLP for hosting and sponsoring
the event! The next roundtable is tentatively scheduled for April of this year.
We now have a full slate of training events in store for the remainder of the year, thanks mainly to our
Program Committee Chair, Beth Flores-Manlapig. Details can be seen in this newsletter and in the near
future on our Web Site. Some of our upcoming events include:
• Auditing Active Directory
• IT Leadership Governance Summit
• Web Application Security Testing
• Business Continuity Management
• IT Audit Directors' Roundtable
• How to Audit z/OS with USS and TCP/IP.

WWW.NJISACA.ORG 2
 INFO-NET New Jersey Chapter
January 2010

We are also seeking help so we can better meet your training needs. If anyone has any particular training
needs, or has seen good speakers (preferably local) who would be of interest to our members, or is
interested in speaking themselves, please contact Beth. Based on requests from our members, we are
specifically looking for an SAP speaker, so please advise us if you know someone good.
We want to maintain chapter momentum, and with your help we can. We are always seeking volunteers to
help with our various events and endeavors and are in the process of implementing a volunteer policy,
which is being spearheaded by Veronica Carroll, Membership Director and Volunteer Coordinator. The
chapter relies on your involvement to bring quality programs to the members. There are many ways to get
involved without being on the Board. Volunteering is a wonderful way to serve the community of IT audit
and control professionals. It is also an excellent forum for networking and gives some of our volunteers
experience in areas that they may not already have (e.g., desk top publishing, web design, event marketing,
etc.). At the present time we are not seeking volunteers, but if you wish to become a volunteer in the future
please contact Veronica at membership@njisaca.org and she will add you to our volunteer list.
As always, if you have any questions or thoughts, do not hesitate to contact me or any board member listed
on the back of the newsletter. I hope to see you all at future events.

Andrew Ellsweig, Chapter President

aellsweig@eisnerllp.com, Phone: (212) 949-8700

International News
Based on ExpressLine, December 2009, published each month by ISACA, Inc.
3701 Algonquin Road #1010, Rolling Meadows, IL 60008
Phone: 847-253-1545 | Fax: 847-253-1443
E-mail: membership@isaca.org | Web: http://www.isaca.org

ISACA Web Site Redesign Update
Once launched, the new isaca.org will help
personalize members’ online experiences. Utilizing
formal focus groups and surveys, ISACA members
and web site users helped guide the redesign project
toward advancements to make isaca.org more
usable, functional and valuable as a complete
professional membership and knowledge portal.
Enhancements to the Web site will include:
• RSS feeds—Select topical feeds from various
knowledge and news sections of the site to keep
up with the latest news from ISACA
International Headquarters and thought-leading
members.
• Bookmarks—Bookmark pages, sections,
documents and ongoing conversations for easy
access, sharing and reference.
• Saved searches—Adding to robust search and
content classification enhancements, maintain
frequent searches, along with targeted
suggestions based on a user’s interests and
browsing behavior.
• Certification verification—Online employer
verification of certification holders will allow
employers and potential employers to verify
certification status. This enhancement builds on
the prestige of current certification holders.
Certification Update
November Certifications
In November 2009, 1,155 Certified Information
Systems Auditor™ (CISA®), 182 Certified
Information Security Manager® (CISM®), and 30
Certified in the Governance of Enterprise IT®
(CGEIT®) candidates were awarded certification.
Reminder of CPE Hours
To view the CPE policies and learn more about
how to earn CPEs, please visit:
www.isaca.org/cisacpepolicy,
www.isaca.org/cismcpepolicy or
www.isaca.org/cgeitcpepolicy.
CONTACT INFORMATION AND CPE HOURS
Members should update their contact information
and CPEs for each certification they have through
ISACA online (www.isaca.org). If you need
assistance, you should contact Veronica Carroll,
Membership Director and Volunteer Coordinator,
at membership@njisaca.org.

WWW.NJISACA.ORG 3
 INFO-NET
January 2010
MEMBERSHIP RENEWAL REMINDER
Thank you for being a part of our local chapter
membership in 2009! We value your membership
and continually strive to provide you with
opportunities to attend CPE programs,
information and connections with a local network
of peers.
As a fellow member of ISACA, I highly value the
occasion to meet, converse with and learn from
colleagues that understand my profession and
share my challenges. These connections are
difficult to obtain on my own and are a core
benefit of ISACA membership.
To continue enjoying the benefits of membership,
we encourage you to renew your membership
simply and securely online. Renewing online
allows ISACA to devote more funds to member
benefits rather than postage and processing fees.
Log in at www.isaca.org, then click the "Renew
Now!" graphic in the center of the home page.
We strongly encourage you to renew your
membership and applicable certification fees in
January. By renewing your ISACA membership
you will be assured continued access to your
member benefits, as well as the professional
support that an ISACA membership represents.
We look forward to serving your professional
needs for many years to come, and look forward
to seeing you at upcoming NJ ISACA events (go
to www.njisaca.org for more information).
Best Wishes for Happy & Healthy 2010!
Veronica Carroll, CISA
Membership Committee Chair
Volunteer Coordinator
WWW.NJISACA.ORG
New Jersey Chapter
Frequently Asked Questions:
Q. I need an invoice that reflects my payment
that is due. Can I obtain one online?
A. Yes. Go through the online renewal process,
and then select "check" instead of providing a
credit card on the payment screen. After clicking
the "Submit" button you will be able to print the
order/invoice which reflects your payment due.
Q. I need a receipt. Can I obtain one online?
A. Yes. Login to www.isaca.org and click the
"My Order History" button on the left navigation
panel. You will then be able to view and print a
receipt of recent payments you have made (online
only) to ISACA. In addition, renewing members
will receive a printed receipt and updated
membership card in the mail after payment has
been processed.
Q. What if I do not remember my login
credentials?
A. Please go to www.isaca.org/login for
assistance in obtaining your username and/or
password or send an email to
loginhelp@isaca.org .
Q. How can I determine if my membership has
been renewed?
A. Login with your credentials to the
www.isaca.org; website. In the middle of the
screen is your "Paid Through" date, which will
display as 31 December 2010 if your membership
has been renewed for 2010.
4
 INFO-NET New Jersey Chapter
January 2010

NEW JERSEY CHAPTER BOARD OF DIRECTORS

POSITION NAME EMAIL ADDRESS
President Andy Ellsweig president@njisaca.org
Vice-President Jeni Spiewak vicepresident@njisaca.org
vp@njisaca.org
Treasurer Jim Baumgartner treasurer@njisaca.org
Secretary Bill D'Alia secretary@njisaca.org
Academic Relations Coordinator Beverly Austin information@njisaca.org
Advertising Committee Chair Yolanda Baker sponsorship@njisaca.org
Arrangements Coordinator Sandra Zarraga careers@njisaca.org
Audit Committee Chair Beverly Austin information@njisaca.org
Awards Coordinator Lily Shue certifications@njisaca.org
Budget Committee Coordinator Andy Ellsweig president@njisaca.org
Bylaws Chairperson Joe Rodman information@njisaca.org
Career Connect Coordinator Sandra Zarraga careers@njisaca.org
Certifications Chair, CGEIT Coordinator & Lily Shue certifications@njisaca.org
CGEIT Item Writing Coordinator
CISA Coordinator Karl E. Dahlberg cisa@njisaca.org
CISA Item Writing Coordinator Dr. Bill Lall certifications@njisaca.org
CISM Coordinator & CISM Item Writing George McBride cism@njisaca.org
Coordinator
Communications Committee Coordinator Carl Phillips elections@njisaca.org
Cvent Coordinator & Education Committee Cary Brown event_registration@njisaca.org
Chair
Governmental and Regulatory Coordinator Rustom Bhopti information@njisaca.org
Insurance Coordinator Doug DiPersio information@njisaca.org
ITGI/Research Committee Chairperson Lily Shue certifications@njisaca.org
Long Range Planning Committee Chair Joe Rodman information@njisaca.org
Marketing Chair Joe Rodman information@njisaca.org
Membership Chair & Volunteer Coordinator Veronica Carroll membership@njisaca.org
Nominating Committee Chair Carl Phillips elections@njisaca.org
Program Chair Beth Flores-Manlapig programsupport@njisaca.org
Program Committee Andy Ellsweig president@njisaca.org
(Audit Directors’ Roundtable) Coordinator
Publications/Newsletter Editor Jeffrey Saffer information@njisaca.org
Social Committee Chair Yolanda Baker sponsorship@njisaca.org
Standards Coordinator Karl E. Dahlberg cisa@njisaca.org
Web Team Chair Chris Olugbenga information@njisaca.org
Board Member David I. Smokler information@njisaca.org
Board Member Raymond Cuneo, Jr. information@njisaca.org
Board Member Dr. Paul Rohmeyer information@njisaca.org

WWW.NJISACA.ORG 5
 INFO-NET New Jersey Chapter
January 2010

MARCH SEMINAR DATA SHEET

Hands-on: Remote Testing for Common Web Application Security
DATE AND PLACE Wednesday-Thursday, March 3-4, 2010; JH Cohn LLP, Roseland, NJ
PRESENTER: David Rhodes
TIME: 8:30AM—9:00AM Registration
9:00AM—5:00PM Session
Noon—1:00PM Luncheon
ATTIRE: Business Casual
CPE CREDITS: 16
COST: $400 Members, $600 Non-members
RESERVATIONS: www.njisaca.org

Wednesday-Thursday, March 3-4 — Two-Day Seminar

Hands-on: Remote Testing for Common Web Application Security
The proliferation of Web-based applications has
increased the enterprise's exposure to a variety of
threats. There are overarching steps that can and
should be taken at various steps in the application's
lifecycle to prevent or mitigate these threats, such
as implementing secure design and coding
practices, performing source code audits, and
maintaining proper audit trails to detect
unauthorized use.
This workshop will enable students to test the
security of web-based applications from the
perspective of the end user. Security testing helps
to fulfill industry best practices and validate
implementation. Security testing is especially
useful since it can be done at various phases
within the application's lifecycle (e.g., during
development), or when source code is not
available for review.
The most popular threats and their potential
impact will be covered (see the industry standard
OWASP "Top Ten" at www.owasp.org/
documentation/topten.html). Demonstrations and
labs will be used to teach the tools and techniques
needed to remotely detect and validate the
presence of these threats.

NJISACA WORKSHOPS & MEETING SCHEDULE

DATES TOPIC CPES PRESENTER(S)
2/18/2010 Auditing Windows Active Directory 8 Farid Abdelkader
3/3-4/2010 Remote Testing for Common Web Application Security 16 David Rhodes
3/24-25/2010 Business Continuity Management 16 Steven J. Ross
4/2010 Audit Director’s Roundtable 4 TBD
5/12-13/2010 How to Audit z/OS with USS and TCP/IP Security 16 Stu Henderson
NJ ISACA has been officially approved as a sponsor (ID #20CE00019300) by the New Jersey Board of Accountancy. All participants are
eligible for Continuing Professional Education (CPE) credits. NJ ISACA reserves the right to change topics, speakers and dates based on
the availability of qualified speakers’ schedules, acceptable accommodations, and weather permitting.

INTERNATIONAL CONFERENCES SCHEDULE

2/22-23/2010 Asia-Pacific CACS Mumbai, India
3/1-2/2010 Information Security & Risk Management Conference Bogotá, Colombia
3/21-24/2010 EuroCACSsm Budapest, Hungary
3/22-26/2010 Training Week Dallas, Texas
4/18-22/2010 North America CACSsm Chicago, Illinois

WWW.NJISACA.ORG 6