ISSA Sacramento Valley Chapter Meeting - 10/21/2022 11:30-13:00

Primary tabs

Speaker: Trinh Ngo and Tim Swaney, Blue Shield of California – ATTEND
Topic: GRC techniques and tools for choosing controls, managing risk, and passing audits
Obtain the slide deck from here.

This is a co-event with the Sacramento ISACA chapter.

Synopsis: Controls are implemented to address vulnerabilities and manage risk. If your organization has key IT controls documented, monitored, tested in an enterprise GRC tool, and clear auditor evidence, this presentation is not for you. A discussion on how to determine key controls, when to get those controls into a GRC, what makes great evidence for control effectiveness, and how to present your controls to leadership, auditors, and operations.

There are numerous standards and regulations that must be considered when selecting controls. When an auditor creates an audit plan, a framework such as COBIT may be used, so how do you address audit plans during controls selection?

GRC tools may vary in terms of complexity and implementation, but maturing controls inventory is not a technical issue. The strategy for maturing a controls inventory must be customized based on environmental factors. What are the factors that need to be incorporated in the strategy?

Requirements for evidence of control design or operational effectiveness is different. Understanding the requirements is critical for appropriate audit response. Examples of different evidence and how to use them will be discussed.

Metrics and reporting must be incorporated into controls! Without this, leadership will not know the risks, which areas need support, and confidence of security or operational health may be unsupported.

Learning Objectives

· Be able to select controls based on risk

· Be able to develop strategy for documenting controls in GRC

· Be able to prepare evidence for any audience

Trinh Ngo, Director of IT Regulatory & Controls Assurance, Blue Shield of California

Trinh Ngo is currently the Director of IT Regulatory & Controls Assurance, at Blue Shield of California. She has 25+ years in IT with experience in financial services, bulk electric utilities, and healthcare. Trinh sits on the ISACA Board of Directors of the local chapter and shares her knowledge and expertise on risk and controls. She has built IT and security regulatory compliance programs and led governance, risk and controls cross-functional teams to transform and mature organizations.

Tim Swaney, Senior Manager of Information Security & Risk Quantification, Blue Shield of California

Tim Swaney is currently the Senior Manager of Information Security & Risk Quantification, at Blue Shield of California. He has 12+ years in IT with a focus in information security. Tim is a US Navy veteran and entrepreneur with experience creating enterprise programs and leading high performing teams. He sits on the ISACA Board of Directors of the local chapter overseeing the certification training program.

Meeting Details:
This will be a hybrid meeting (both in-person and on-line). You may attend remotely via Zoom or attend in person at Capsity, 3808 Broadway, Sacramento CA (Google Maps and Directions). Either way, please register for the meeting below. Select No Meal if you are attending remotely, or Normal Meal or Vegetarian if you are attending in person (so we can order enough food for lunch). All registered members and guests will receive the Zoom meeting link via email, by the morning of the meeting.

You don't have to be a member of ISSA to attend our meetings (but we encourage you to join us!). Please share information about this meeting with your friends and colleagues who have an interest in information security.

Friday, October 21, 2022 - 11:30am to 1:00pm
The email to associate with this registration.
State of this registration