Assess

1
Setting the Standard! In Security Management
November 6th and 7th, 2007, Winnipeg, Manitoba,
Canada Radisson Hotel (Downtown)
Its not a matter of If Its a matter of When.
Leaders at Deloitte, EthicsPoint, ISC(2), IST,
NIST, Province of British Columbia, Seccuris,
Tripwire, and numerous other organizations
Hear From
Assess
And manage your security risks
Enhance
Your security program and security efforts
Benchmark
Your current security practices and initiatives
Protect
Your organizations informational assets
Learn
How to motivate!
Time waits for no one Are you keeping up ?
Latest details are available on the web site at
http//www.isaca-wpg.org/SMC2007/
2
Setting the Standard! In Security Management
Speakers and Sponsors
CONFERENCE SPONSORS Seccuris Inc. IST
Inc. MEDIA SPONSOR AuditNet CONFERENCE
SUPPORTERS Center for Internet Security
(CIS) Compliance Week EDPACS ITAC MKS Instruments

SPEAKERS Our speakers include Gene Kim, Hal
Tipton, Michael Legary, and a host of other
senior Security Practitioners. Hal Tipton (the
editor of Handbook of Information Security
Management) will be participating on both end of
day panel discussions on Tuesday and
Wednesday. Plan to spend some time learning what
experts recommend should be done to improve your
organizations information security management
program.  
CHECK http//www.isaca-wpg.org/SMC2007/ FOR THE
LATEST DETAILS If you have any questions
(contact) Dan Swanson, Conference Chair (204)
255-4136 (X234) Roger Yost, Conference Vice-Chair
(204) 792-5596 Or email smconfchair_at_isaca-wpg.
org
3
Setting the Standard! In Security Management
Speaker Information
Hal Tipton CISSP, ISSAP, ISSMP/
Principal/ HFT Associates Hal is currently an
independent consultant and Past-President
(co-founder) of the International Information
System Security Certification Consortium and was
the Director of Information Security for Rockwell
International Corporation for about 15 years. Hal
has been a co-founder and member of the
Information Systems Security Association (ISSA)
since 1982, was President of the Los Angeles
Chapter in 1984, and President of the national
organization of ISSA (1987-1989).  Hal has been a
speaker at the major information security
conferences including Computer Security
Institute, the ISSA Annual Working Conference,
the Computer Security Workshop, AIS Security for
Space Operations, DOE Computer Security
Conference, National Computer Security
Conference, ISACA, Health Sec, Web Sec, InfoSec
World, and Industrial Security Awareness
Conference.   Hal is currently serving as Editor
of the Auerbach "Data Security Management" and
"Handbook of Information Security" publications.
Hal received the Computer Security Institute
Lifetime Achievement Award in 1994, the ISSA
"Fitzgerald Award" in 1999, the ISSA Hall of
Fame Award in 2000, and placed on the ISSA
Honor Role in 2000. Hal was the first recipient
in 2001 of the Hal Tipton Award presented by
(ISC)2 for the CISSP who has demonstrated
sustained excellence during a career in
information security. Michael Legary,
CISSP, CISM, CISA, CCSA, GCIH, Founder
Executive Consultant, Seccuris Inc.Michael is
the founder of Seccuris Inc., which provides
managed security services, information security
consulting, and investigation services to a range
of North American clients. Michael specializes in
incident handling, intrusion detection, security
assessments, and investigations. Born and raised
on enterprise networks, Michael has worked for
such companies as EDS, the Province of Manitobas
Department of Finance, and most recently for the
Province of Manitobas Information Protection
Center (IPC). Michael is a member of the Working
Group for the Information Protection Association
of Manitoba (IPAM) and an active member of the
Winnipeg Information Security community.

4
Setting the Standard! In Security Management
Speaker Information
Gene Kim CISA, and CTO of Tripwire, Inc.
Gene is the CTO and founder of Tripwire, Inc. In
1992, Gene co-authored Tripwire while at Purdue
University with Dr. Gene Spafford . Since then,
Tripwire has been adopted by more than 5,500
enterprises worldwide.  Since 1999, Gene has been
studying high performing IT operations and
security organizations, which led Gene to
co-found the IT Process Institute (ITPI) in 2004,
an organization dedicated to research,
benchmarking and developing prescriptive guidance
for IT operations, security management, and
auditors. This same year Gene co-authored the
"Visible Ops Handbook Implementing ITIL in Four
Practical And Auditable Steps" which has since
sold over 75,000 copies. Gene was a principal
investigator on the IT Controls Performance Study
project, completed in 2006. Gene currently serves
on the Advanced Technology Committee for the
Institute of Internal Auditors where he is part
of the GAIT task force, which has created
guidance on how to scope IT general controls for
SOX-404. Most recently, Gene was given the
Outstanding Alumnus Award by the Department of
Computer Sciences at Purdue University for
achievement and leadership in the
profession. Stuart Katzke Ph.D., Senior
Research Scientist, National Institute of
Standards and Technology Dr. Stuart Katzke
(Prefers to be called Stu) began his second
career at NIST as a Senior Research Scientist in
June 2000. In that role, he provides technical
advice to the Computer Security Division (CSD),
establishes government-industry partnerships for
the purpose of improving the security of critical
infrastructure IT systems, and works on NISTs
FISMA implementation project. He currently leads
an effort to improve the security of industrial
control/SCADA systems that are operated by or for
federal agencies. In January 1999, Stu joined
the National Security Agency (NSA) as Chief
Scientist of the Information Assurance Solutions
Group. Prior to joining NSA, Stu was Chief of the
Computer Security Division in the Information
Technology Laboratory at NIST from 1987 - 1999.
During his 30-year career at NIST, Stu initiated
and participated in the Common Criteria Project,
conceived and established the National
Information Assurance Partnership, and authored
numerous publications. His has received a Bronze
and Silver Medal from the Department of Commerce
and the 2003 Award for Outstanding Contributions
in the Field of Mathematics and Computer Science
from the Washington Academy of Sciences. Stu
holds a Ph.D. in Computer Science from Case
Western Reserve University, a M.S. in Mathematics
from Trinity College, and a B.S. in Mathematics
from the City College of NY.
5
Setting the Standard! In Security Management
Speaker Information
Julia Allen, Senior Researcher, Carnegie
Mellon University, Software Engineering
Institute, CERTJulia is engaged in developing
and transitioning executive outreach programs in
enterprise security and governance, and works
extensively with the IT operations and audit
communities. Prior to this technical assignment,
Julia served as acting Director of the SEI for an
interim period of 6 months as well as Deputy
Director/Chief Operating Officer for 3 years. Her
degrees include a B. Sci. in Computer Science
(University of Michigan) and an MS in Electrical
Engineering (University of Southern California).
Julia is the author of The CERT Guide to System
and Network Security Practices (Addison-Wesley,
June 2001) and Governing for Enterprise Security
(CMU/SEI-2005-TN-023, 2005). Alan Calder
CEO, IT Governance LtdAlan is an acknowledged
expert on ISO27001 (BS 7799) and information
security management systems. Alan consults with
companies, including CISCO and others, around the
world. Alan is also the author of at least ten
books on IT Governance, information security and
ISO 27001 compliance, including IT Governance a
Managers Guide to Data Security and
BS7799/ISO17799. IT Governance Ltd was founded
in 2002 and is a specialist governance, risk
management, and compliance business, providing a
single source for a comprehensive range of
information, advice, guidance, books, tools and
consultancy services as well as solutions for IT
governance, risk management, compliance, and
information security. Keith Olsen, Senior
Consultant at Information Security Technology,
Inc. Keith Olsen is a Senior Security
Consultant at Information Security Technology,
Inc. (IST) located in Winnipeg Manitoba , Canada
. Keiths focus is delivering security consulting
and training services to IST clients. Keith has
served as the technical lead in security
consulting engagements in the areas of security
assessments, security architecture and design and
information security technology deployments for
enterprise customers. Keith has over 20 year s of
real world experience in the computer industry
having worked as a Programmer, Network
administrator, Senior Technical instructor, and
Network Security Consultant.
6
Setting the Standard! In Security Management
Speaker Information
David Childers, President CEO
EthicsPoint, Inc. David is an active member of
the Ethics Officers Association, the National
Association of Corporate Directors, and is a
charter member of the Open Compliance and Ethics
Group (OCEG), a coalition of the nation's
business leaders assembled to develop compliance
standards and guidelines. David also serves on
the OCEG steering and technology committees,
where he is responsible for the development of
reporting guidelines and best practices. David is
a frequent lecturer to colleges and universities
on the subject of business ethics. Clint
Kreitner, President/CEO, The Center for Internet
Security After serving in the U.S. Navy as
Director of Computer-Aided Ship Design at the
Bureau of Ships and Design Superintendent at the
Pearl Harbor Naval Shipyard, Clint has for the
past 36 years been President and CEO of two
information technology companies, Response of
Hawaii, Inc. and American Information Systems,
Inc (1971-89), a number of hospitals (1989-2000),
and since 2000, The Center for Internet
Security. From 1989-2000, Clint served as
President and CEO of the Reading Rehabilitation
Hospital and as President/CEO of the Southeastern
Region of the Adventist Health System, with
responsibility for seven acute care hospitals in
four states. Clint served as a Board Member of
the parent company and was Chairman of the Board
of several of the hospitals.  Clint is the
founding President and CEO of The Center for
Internet Security. Clint earned an undergraduate
degree from the U.S. Naval Academy and graduate
degrees from Webb Institute and American
University.
7
Setting the Standard! In Security Management
Speaker Information

• Thomas Smedinghoff, Partner, Wildman, Harrold,
  Allen Dixon LLP
• Thomass practice focuses on the new legal issues
  relating to the developing field of information
  law and electronic business activities. Thomas is
  internationally recognized for his leadership in
  addressing emerging legal issues regarding
  electronic transactions, information security,
  and digital signature authentication issues from
  both a transactional and public policy
  perspective. He has been retained to structure
  and implement e-commerce and information security
  legal infrastructures for the federal government,
  numerous state governments, and national and
  international businesses including banks,
  insurance companies, investment companies, and
  certification authorities. He also frequently
  counsels clients on the law relating to
  first-of-their-kind electronic transactions,
  information security legal matters, and
  e-commerce initiatives. Tom chaired the
  Illinois Commission on Electronic Commerce
  Crime, and in that capacity wrote the Illinois
  Electronic Commerce Security Act (enacted in
  1998). This Act had a significant influence on
  national and global e-commerce legislation,
  including the Uniform Electronic Transactions Act
  in the U.S., the European Union Electronic
  Signature Directive, the United Nations UNCITRAL
  Model Law on Electronic Signatures, the Canadian
  Personal Information Protection and Electronic
  Transactions Act, and the Singapore Electronic
  Transactions Act. He also helped to negotiate the
  2005 United Nations Convention on the Use of
  Electronic Communications in International
  Contracts as part of the U.S. Delegation to the
  United Nations Commission on International Trade
  Law.
• Dorian J. Cougias, founder and CEO of Network
  Frontiers
• Dorians company focuses on systems continuity,
  regulatory compliance, and IT infrastructure
  consulting, training, and publishing. Over the
  last fourteen years, Dorian has overseen the
  establishment, sale, and re-launch of Network
  Frontiers, has served as CIO of two of the
  leading Ad Agencies in the world, and has served
  as CEO of an international software company. He
  has written and spoken extensively on all matters
  of information technology, has become a leading
  expert witness, and has won numerous writing and
  speaking awards. He is also an Adjunct Professor
  of Technology, lecturing and serving on the board
  of advisers for the University of Delaware
  College of Human Services, Education, and Public
  Policy. Dorian has authored hundreds of
  articles and dozens of books, including the
  award-winning Backup Book Disaster Recovery from
  Desktop to Data Center, and most recently the
  Unified Compliance Series. As the primary
  architect of the Unified Compliance Framework,
  Dorian and his research partner, Marcelo Halpern
  of the international law firm Latham and Watkins,
  have created the first independent initiative to
  exclusively support IT compliance management. By
  focusing on commonalities across regulations,
  standards-based development, and simplified
  architectures, the UCF supports a strategic
  approach to IT compliance that reduces cost,
  limits liability, and leverages the value of
  compliance-related technologies and services
  across the enterprise.

8
Setting the Standard! In Security Management
Speaker Information
Jan Wolynski, Vice President,
PricewaterhouseCoopersAs PricewaterhouseCoopers
Canadas most senior security and privacy
practitioner, Jan is the Privacy Leader of
PricewaterhouseCoopers Canada. Currently located
in Winnipeg, Manitoba, Jan has acquired over 25
years experience in computer security, privacy,
forensics and intellectual property. As a former
operational member of the Royal Canadian Mounted
Police, he served in Manitoba, Ontario, Quebec
and New Brunswick. Jan represented the interests
of the RCMP on Government of Canada steering
committees considering privacy of data and
electronic communications throughout the
nineties. More recently, Jan has worked with some
of Canadas premiere IT consulting firms and has
delivered security and privacy related consulting
services to public and private organizations in
Canada and internationally. From an outsourcing
perspective, Jan has worked with customers,
vendors, and legal representatives in examining
contractual obligations and issues around
security and privacy concerns. The objective of
these reviews is to ensure that the customer and
vendor understand requirements and expectations
around such services. Howard Pierpont,
CBM CBCP CRP, Manager Business Continuity, MKS
Instruments MKS is a leading worldwide provider
of process control solutions for advanced
manufacturing processes such as semiconductor
device manufacturing thin-film manufacturing for
flat panel displays, optical storage media,
architectural glass and electro-optical products
and technology for medical imaging equipment. MKS
is headquartered in Mass, with manufacturing and
support organizations through out the
world.  Howards work involves evaluating current
manufacturing, business and information systems
recovery, risk management, safety and property
management policies and practices. He is
responsible for recommending, developing and
implementing new or improved systems, policies,
practices plans and processes. Howard is the
primary coordinator of manufacturing, business
and information systems recovery activities in
the event of a disruption. He is also tasked with
developing record keeping and reporting systems
directing and monitoring the work of local
divisions Business continuity teams including IT,
operations, human resources, facilities and
health safety, providing training and technical
assistance to management and staff. Prior to
joining MKS, Howard was the Manager - Business
Continuity Program Office for Engineering at
Intel. He has traveled in Russia, India, China
and Ireland and trained the business units to
create integrated business continuity, crisis
management/incident response and business
recovery plans. Howard spent 2 years as an
internal auditor at Intel with a specialty in
data center and disaster recovery. He is recent
Past President of ISACA Chapter 50, Portland OR.
He conducted a number of presentations on
Building Business Continuity Plans for
Auditability and Auditing Well Designed Plans to
combined groups of auditors and business
representatives.
9
Setting the Standard! In Security Management
Speaker Information
Anthony B. Nelson, President ESTec Systems
Corp. Anthony is a Management Consultant
specializing in information security and business
automation, with over thirty-seven years
experience in the field. Anthony holds a bachelor
of science degree in Mathematics from the
University of Alberta. Anthony is a recognized
leader in the network security industry as a
developer of policies and procedures for large
integrated networks, intrusion detection, and
internet based security. Anthony has participated
in industry based standards groups. In 2002, and
2003 he participated in the CASPR project
(Commonly Accepted Security Practices
Recommendations) to try to document information
security best practices, policies and
procedures. In 2003 and 2004 he participated in
the ISM3 project to produce a lite security
management methodology suitable for smaller
organizations that do not have the business need
to move to BS 7799 or ISO 17799. Anthony has
developed courses and instructs classes on
information security issues, and regularly
instructs for ISACA and MIS Training
Institute. He has provided courses in five
countries on three continents. As a senior
consultant for ESTec and a senior lecturer for
MIS Training Institute, Anthony lectures widely
to industry professionals in Canada, the United
States and Europe, primarily on information
security issues, internet security, and security
auditing. Anthony has worked on projects for
Boeing, The US Army, Pacific Gas Electric,
PetroCanada, GMAC, Dow Chemical, the US GAO and
many smaller companies and local and federal
government agencies. (Confidentiality prevents
inclusion of details about many clients.) He
publishes on computer security issues and
co-authored The Internet Professional Security
Reference published by New Riders
Publishing. Lori Bulmer, CISSP G7799,
Director, Security Strategies, Office of the
Chief Information Officer for The Province of
British Columbia Lori has responsibilities for
information security policy, standards and
guidelines as well as developing a strategy for
moving government ministries into compliance with
the policy, a security research program, security
architecture, and an application security
program. Prior to being appointed Director, Lori
was instrumental in the development of the
Provinces comprehensive Information Security
Policy which is based on the ISO standard ISO/IEC
177992005. British Columbia was the first
jurisdiction in Canada to develop policy at this
level of detail based on ISO/IEC177992005 and is
among the very few jurisdictions internationally
to have policy of this nature. Lori is a career
public servant of 34 years, all in information
systems. She has been in the security field for
over 8 years prior to that, Lori held a variety
of positions in technical support and application
systems development in different ministries
across government. Lori holds the CISSP security
designation and the G7799 designation from SANS
and is a member of the International Information
Systems Security Certification Consortium and the
Information Systems Audit and Control Association.
10
Setting the Standard! In Security Management
Speaker Information
Andrew K. Behnke, CA, CISA, CIA Andrew is
currently a Senior Manager in Enterprise Risk
with the Deloitte office in Winnipeg .  He is a
graduate of the University of Manitoba with a
Bachelor of Commerce (Honours) degree and holds
the Chartered Accountant (CA), Certified
Information Systems Auditor (CISA) and Certified
Internal Auditor (CIA) designations.  He is
currently a member of the Institute of Chartered
Accountants of Manitoba (ICAM), the Information
Systems Audit and Control Association (ISACA) and
The Institute of Internal Auditors'
(IIA).   Andrew currently leads the Security
Privacy practice of the Deloitte Winnipeg office
and has been involved in providing Information
Technology, accounting and business controls
related work to large and medium-sized corporate
and public companies for the past 10 years.  He
has significant experience in the implementation
and assessment of internal controls in various
assignments such as assisting clients with their
Sarbanes-Oxley compliance and Service Auditor
Reporting (SAS70 and CICA Section 5970 Reports)
activities.  He has been involved in the
implementation of large, complex ERP systems such
as SAP and ORACLE in such capacities as ensuring
that role level security is designed and
implemented appropriately.  He also assists
clients deal with problems in data analysis by
designing testing using Computer Assisted
Auditing Techniques (CAATs) to interrogate large
pools of data for trends, anomalies and possible
fraud indicators. Lily Bi, CIA CISA Lily Bi,
Technical Director, Technology Practices, The
Institute of Internal Auditors. Joined in 2005,
Lily is responsible for The Institutes
activities in developing and issuing information
technology guidance, and has direct
responsibility for the Global Technology Audit
Guide (GTAG). Lily Bi has been working in
information technology field for 17 years. Prior
to joining The IIA, Lily worked as Project
Manager for Sumisho Computer Systems Inc. in
Dallas, Texas. She joined the Sarbanes-Oxley
project, and established a world-wide Information
Security Policy for the companys largest
customer. Lilys career began in Asia. She has
lived and worked in Singapore, Japan and China.
She was the Vice President of The IT Department
at the Singapore Branch of MIZUHO Co. Bank Ltd
(the biggest bank in terms of asset). She was in
charge of the banks software development.
Together with her team, she designed and
implemented many information systems, setup IT
security and control policy and procedure. During
the consolidation of the three banks, she worked
as a leader of the data migration team
successfully migrated data from three legacy bank
systems to new information systems. The Chinese
Government awarded Lily a one-year, full-time
Japanese study in Bei Jing in 1992. Only 20
people were selected for inclusion in this highly
competitive and prestigious program. The Japanese
Association for Overseas Technical Scholarship
sponsored Lily to work in Fujitsu, Japan as a
System Engineer to study advanced information
technology. Lily received MBA degree from the
University of Texas at Dallas in 2005, and Master
degree in Computer Science from Dalian Maritime
University, China in 1989. Lily is fluent in
Chinese, Japanese, and English.