Our May chapter meeting is on Wednesday, May 4th, 2016 at 5:45PM. Please RSVP if you plan on attending!
An IT auditor’s Perspective On Auditing IT Security Departments and Professionals
Abstract: I am being audited, what should I know before the auditors arrive? Who gets interviewed? Are there different types of audits and does this one matter? The auditors are using unfamiliar terms! Should I prepare? What are “findings” and “observations” and am I getting fired? How long do I have to correct the items?
Speaker Biography: John Weller, CISSP, CSSLP, CISA, CGEIT. With 30 years IT experience, I have safe guarded corporate data assets in various roles, including nine years as an IT auditor/manager and currently as Chief Information Security Officer for Metro Health Hospital. My approach is to continually assess our strengths, weaknesses, and compliance requirements and work within the culture of the organization to achieve manageable change. This is the best job ever as every day I get to utilize my auditing and geek skills. My favorite part of my job is reviewing our cyber security strengths and weaknesses and working on shoring up the gaps. Securing a hospital with thousands of medical devices and workforce members and hundreds of vendors can oftentimes be exciting, and we make it manageable through the use of refined strategies and project plans, and a heavy reliance on the skilled systems administrators.
A few thoughts: When confronted with new equipment on the network, the first answer is not “no”, but more about how can we secure it. When reviewing a new vendor access request, the conversation focuses on how our organization can control when the vendor is accessing our systems. When we send data externally, we verify it is encrypted or de-identified, and that the vendor is capable of managing the data within their systems. Deliver one strategy power point per month to communicate and align efforts. Practice incident response frequently even on low risk events to keep the process alive.
Industries covered: Financial services “Gramm-Leach-Bliley Act (GLB Act or GLBA) regulated”, healthcare “HIPAA regulated”, and food distribution (mostly unregulated for IT).
Graduate of Ferris State University with Bachelors in Computer Information Systems (CIS)
ISC2 West Michigan Chapter
ISACA West Michigan Chapter
WMCSC West Michigan Cyber Security Consortium
MiHCC Michigan Healthcare Cyber Security Counsel
5:45-6:15PM Networking/Membership signup / Dinner
NEW LOCATION Location Information
Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519