In This Issue President’s Message ..................... 1

Information Systems Audit and Control

TORONTO CHAPTER

NEWSLETTER

International ISACA News........... 2 Chapter Activities ......................... 6 2005/6 Training ............................ 6 Membership Application Form .. 11 Board and Committee Members 13

Association Chapter Website: http://www.isaca.toronto.on.caInternational Website: www.isaca.org

Fall 2005 Web Site Silver Award 2005 Volume 12, Issue 1 ISACA’s mission is to support enterprise objectives through the development, provision and promotion of research, standards,

competencies and practices for the effective governance, control and assurance of information, systems and technology.

President’s Message

Our Toronto chapter has begun a new season of continuing professional education training and a new fiscal year. Many exciting events and news are waiting.

First of all, I would like to thank Usuff Currim and Paul Johns, for their dedication and contribution as our chapter board Treasurer and Director of Research & University Relations respectively over the past years. I would also like to welcome our new chapter board members, Larry Leung, Baskaran Rajamani and Behram Faroogh. In addition, thank you to the returning chapter board members and all committee volunteers for your continued support.

Congratulations to our chapter’s CISA and CISM exam writers. Exam writers in our region have

an over sixty three percent passing rate for the CISA exam and over eighty three percent passing rate for the CISM exam. The CISA and CISM exam passers recognition evening and general membership reception was held on Thursday October 27th, 2005 at the Toronto Board of Trade.

Your Continuing Education committee has worked hard to bring you an exciting line-up of training courses. Breakfast sessions were a hit with members and non-members last year and more have been planned for this year. Please make full use of these courses especially to obtain your CPE hours!

Your CISA Training committee has also responded to your needs. A comprehensive 5-day CISA exam preparation course was offered in November 2005 to assist candidates in their exam preparation.

Your chapter board has also been busy planning, setting priorities and identifying associated activities that are in line with International’s and our chapter’s strategic goals in order to move your chapter forward.

On the international front, effective January 1, 2006 Information Systems Audit & Control Association will be re-branded to “ISACA Serving IT Governance Professionals.” One of the reasons for the re-branding

is the current name does not reflect the growing number of information security professionals in the membership, and the increasing importance of providing information security programming and research to members. The re-branding will enable ISACA to show that it is serving a broader range of professionals and not just professionals in audit and control arenas.

ISACA International is also proud to advise you that the American National Standards Institute (ANSI) has accredited ISACA’s Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certification programs under ISO/IEC 17024. Such accreditation promotes the unique ISACA qualifications and expertise, protects the integrity of ISACA certifications and provides legal defensibility, enhances consumer and public confidence in the certifications and the people who hold them, and facilitates the mobility of certified individuals across borders or industries.

I hope to see you at our chapter events during the course of the year!

Have a great holiday season!

Patricia Goh

Fall 2005 Page 1

ISACATORONTO CHAPTERNEWSLETTER

INTERNATIONAL NEWS

ISACA Adopts New Tagline, Logo At the recent meeting of the ISACA/ITGI Board of Directors/Trustees, new taglines were adopted for the organizations:

• ISACA: Serving IT Governance Professionals • ITGI: Leading the IT Governance Community

A tagline was identified as an efficient and effective way to convey the Association’s broadened area of expertise, while still maintaining ISACA’s well-known identity. Because ISACA has achieved a significant level of recognition over the years under its current name, there was no desire to undergo a name change. Coinciding with the use of the tagline will be exclusive use of the acronym ISACA, in place of the association’s full name. A tagline for IT Governance Institute® was also created, to help convey ITGI’s purpose and role.

The switch to the new association image will become effective on 1 January 2006.

COBIT 4.0 and Val IT Coming Soon! COBIT 4.0

To aid organizations in successfully meeting today’s business challenges, ITGI has published version four of Control Objectives for Information and related Technology (COBIT®).

This latest version emphasizes regulatory compliance, helps organizations increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework. It is not a replacement for earlier versions of COBIT; instead, it can be used to enhance work already done based upon those earlier versions. It presents activities in a more streamlined and practical manner, so that continuous improvement in IT organizations is easier than ever to achieve.

To learn more about this new version, please visit www.isaca.org/cobit.

Val IT Val IT is a governance framework based on COBIT that includes generally accepted guiding principles and supporting processes related to the evaluation and selection of IT-enabled business investments, as well as the benefit realization and delivery of value from those investments.

Publications and operational tools will support the Val IT framework. The first publication, scheduled for release in the fourth quarter, will contain an executive summary, a case study, Val IT process and control objectives, and a business case.

For more information, please visit www.isaca.org.

COBIT Foundation Course Launched ISACA/ITGI’s COBIT Foundation CourseTM, a self-paced electronic tutorial developed by ITpreneurs, is now available.

The COBIT Foundation Course can be completed in approximately eight hours and features case studies; real-world examples; an overview of COBIT’s control objectives, control practices, management guidelines and audit guidelines; and 40 sample questions that help prepare users for the COBIT Foundation exam.

Registration for the COBIT Foundation Course is US $499. ISACA members receive a significant discount off this price. The discounted price is available only to members who place their order through the ISACA web site, www.isaca.org/cobitcampus.

Fall 2005 Page 2

ISACATORONTO CHAPTERNEWSLETTER

Bookstore Update CISA and CISM study aids published by ISACA for the 2006 CISA and CISM examinations:

CISA Review Manual 2006 (English edition, now available; Italian and Spanish editions, available December 2005; Japanese edition, available February 2006)

CISA Review Questions, Answers & Explanations Manual 2006 (English edition, now available; Italian and Spanish editions, available December 2005; Japanese edition, available February 2006)

CISA Review Questions, Answers & Explanations Manual 2006 Supplement (English edition, now available; Italian and Spanish editions, available December 2005; Japanese edition, available February 2006)

CISA Review Questions, Answers & Explanations CD-ROM 2006 (English edition, available December 2005; Spanish edition, available January 2006)

CISM Review Manual 2006 (English, available December 2005; Japanese and Spanish editions, available February 2006)

CISM Review Questions, Answers & Explanations Manual 2006 (English edition, available December 2005; Japanese and Spanish editions, available February 2006)

CISM Review Questions, Answers & Explanations Manual 2006 Supplement (English edition, available January 2006; Japanese and Spanish editions, available February 2006)

Visit the Bookstore at www.isaca.org/bookstore and take advantage of secure online ordering, or see the Journal’s Bookstore insert for additional information. Contact the Bookstore at bookstore@isaca.org or +1.847.253.1545, ext. 401, for any questions concerning the ISACA Bookstore.

2005-2006 Conference/Training Week Calendar

Check out these ISACA conferences and educational events. For the latest information and a complete listing, please visit www.isaca.org/conferences.

COBIT User Convention

ISACA Training Week

IT Audit Executive Forum

EuroCACS

Dates 1-2 December 2005 5-9 December 2005 8-9 December 2005 19-22 March 2006

Location Orlando, Florida,

USA Scottsdale, Arizona

USA Scottsdale,

Arizona, USA London, England,

UK CPE Hours 13 38 7 TBD

COBIT® User Convention 1-2 December 2005 Orlando, Florida, USA The COBIT User Convention is a two-day educational event designed specifically for COBIT users. This program features case studies, facilitated discussions, implementation studies, and question-and-answer sessions led by members of the COBIT Steering Committee. This will be useful for IT executives, assurance and control practitioners, and others who are currently using COBIT to:

identify, quantify and mitigate business risks; implement IT service improvements; satisfy control and regulatory needs; and establish performance measurement requirements.

Participants will experience how organizations are implementing and using COBIT. For more information, please visit www.isaca.org/cobituserconvention.

Fall 2005 Page 3

ISACATORONTO CHAPTERNEWSLETTER

IT Audit Executive Forum

5-9 December 2005 Scottsdale, Arizona, USA

Training Week events provide in-depth coverage of the mostimportant industry topics by world-renowned presenters, networkingopportunities and valuablecontinuing professional educationhours. Upcoming Training Week coursesinclude selections from thefollowing tracks: Fundamentals of IT Auditing; IT Audit Practices; Information Security Management; Database Audit, Security andControl; Securing, Controlling and AuditingWeb-enabled Applications; Uncovering Network SecurityVulnerabilities: Audit Controls and Techniques.

For more information on TrainingWeek events, please visitwww.isaca.org/trainingweek.

8-9 December 2005, Scottsdale, Arizona, USA

This new and exclusive event is designed specifically for chief audit executives and IT audit directors. Among the issues to be discussed will be IT governance, enterprise risk management, managing relationships, continuous auditing, the dynamics and dangers of outsourcing, and the impact of IT controls on overall compliance strategies. This unique one-and-a-half-day event is limited to 100 professionals.

EuroCACS

2006 ISACA Conferences International North America CACS 7-11 May 2006 30 July-2Orlando, Florida, USA Adelaide, So

19-22 March 2006, London, UK

This highly recognized industry event focuses on the latest strategies and practices to address business, managerial, operational, auditing and security challengesinformation technology and information systems. Experts world will gather at EuroCACS to discuss the most pertinentIT and IS communities. Sessions focus on new technologapproaches while identifying opportunities and risks. Wconfronted with issues of global importance or you simplylocal challenges, EuroCACS will provide state-of-the-aknowledge to meet these needs with confidence and assuranc

Research Update Aligning COBIT, ITIL and ISO 17799 for Business Benefit: Management Summary

This management briefing is the result of a joint study initiated by ITGI and the UK GovernGovernment Commerce (OGC), in response to the growing significance of best practices to the ITneed for senior business and IT managers to better understand the value of IT best practices and hthem. COBIT can be used at the highest level, providing an overall control framework based on an that generically suits every organization. There is also a need for detailed standardized practitionCOBIT framework can be mapped to specific practices and standards, such as ITIL and ISO 177specific areas and thus provide a hierarchy of guidance materials.

The publication is a complimentary download, available at www.isaca.org/research.

Security Audit and Control Features SAP® R/3®, 2nd Edition

Current best practices and future trends in ERP issues have been updated from the first edition pThis practical how-to technical and risk management reference guide enables auditors and risk prIT and non-IT) to evaluate risks and controls in existing ERP implementations and facilitatebuilding of better practice controls into system upgrades and enhancements. The series of temanagement reference guides deals with the world’s three major ERP systems: SAP R/3 Applications and PeopleSoft®.

SAP is one of the leading developers of enterprise applications worldwide. Its primary ERP produc

The publication will be available in the ISACA Bookstore by the end of the fourth quarter. ■

Fall 2005

Conference

August 2006 uth Australia

associated with from around the issues facing the ies, systems and hether you are

need answers to rt practices and e. ■

ment’s Office of industry and the ow to implement IT process model er processes. The 99, which cover

ublished in 2002. ofessionals (both s the design and chnical and risk Audit, Oracle®

t is SAP R/3.

Page 4

ISACATORONTO CHAPTERNEWSLETTER

Certification Update Overwhelming Response to Second Exam Administration The next CISA and CISM exam administration on 10 December 2005 has received an overwhelming response.

Members taking the CISA exam should note that the December exam will be the last using the current CISA job practice areas. The 2005 CISA study materials should be used (not those now available for the 2006 exam). The Toronto Chapter has already adjusted its preparation training to accommodate this change.

Registration for the December exam ended 30 September 2005. To view additional details and a series of frequently asked questions, please visit www.isaca.org/cisa or www.isaca.org/cism.

Additionally, candidates may view or print a copy of the CISA or CISM Bulletin of Information for the December 2005 exams at www.isaca.org/cisaboi and www.isaca.org/cismboi.

2005 CISM Review Course Audio CD To help prepare candidates for the CISM exam, the review course has been updated to include an audio presentation featuring Krag Brotby, one of the contributors to the CISM Review Manual 2005. This audio CD presents each of the five task domains and combines PowerPoint slides with an audio commentary. Each section can be reviewed separately as part of a chapter-led review course or as an aid for small group or independent study. Copies of the audio CD course will be sent to chapter CISM coordinators.

CISA and CISM Awarded ANSIAccreditation ISACA is proud to announce that the AmericanNational Standards Institute (ANSI) has accredited the CISA and CISM certifications under ISO/IEC17024:2003, General Requirements for BodiesOperating Certification Systems of Persons. ANSI, aprivate, non-profit organization, accreditsorganizations to serve as third-party product, systemand personnel certifiers.

With this accreditation, ISACA anticipates significantopportunities for CISAs and CISMs in the US and aroundthe world. The accreditation is both an international andUS accreditation: it is based on an international standardbut implemented by ANSI to be recognized in the US and by other countries that enter into an arrangement withANSI. This is in keeping with the purpose of 17024: tobegin standardization of accreditation of personnelcertification agencies around the world.

ANSI’s accreditation: Promotes the unique qualifications and expertise

ISACA’s certifications provide Protects the integrity of the certifications and provides

legal defensibility Enhances consumer and public confidence in the

certifications and the people who hold them Facilitates mobility across borders or industries

Accreditation by ANSI signifies that ISACA’s proceduresmeet ANSI’s essential requirements for openness, balance,consensus and due process in accordance with the ISO17024 standard.

ANSI is the official US representative to the ISO and theInternational Electrotechnical Commission (IEC).

CISM Job Practice Analysis Nears Completion

The CISM job practice analysis, which will form the basis for the 2007 CISM examination, is coming to a conclusion. In September, a survey was sent to a representative sample of CISMs who have been asked to evaluate job task statements as to their importance and criticality. Knowledge statements that represent what competencies information security managers require were also submitted to CISMs as part of the survey. This information was combined with the work of the task force members and subject matter experts. The resulting definition of the information security manager position will not only form the basis of the certification but also help clarify the security manager’s position. Professional Examination Service, the project consultant, issued the complete report to the CISM Certification Board for consideration and approval at its October meeting. To include a wider representation of security management, the Information Systems Security Association, the Information Security Forum and ASIS International were represented on the project task force.

2006 CISM Exam Available in Spanish

The 19 ISACA chapters in Spain and Latin America have proposed that the CISM exam be translated into Spanish. The chapters documented the growing

Fall 2005 Page 5

ISACATORONTO CHAPTERNEWSLETTER

importance of information security management in Latin America and the strong support for CISM in Spain. Recognizing language as an impediment to the growth of CISM in some areas, the CISM Certification Board has approved the Spanish translation of the exam. The first exam offered in Spanish will be in June 2006.

Toronto Chapter Activities 2005/2006 CONTINUING PROFESSIONAL EDUCATION SERIES

2005 CISA Hrs

Time

Session

Speaker

Dec 8

3.5 8:30am – 12:00pm Integrated Approach to Information Technology Compliance to Maximize Value

C. O’Connor T. Harrington

2006 Jan 12 3.5 8:30am – 12:00pm Proactive Privacy Management T. McQuay 3.5 1:00pm – 5:00pm Auditing the IT Security Function D. Gamey Feb 9 7.0 8:30am – 5:00pm Oracle Database Security and Audit J. Tannahill Feb 16 1.5 8:00am – 9:30am Breakfast Session ** March 9 7.0 8:30am – 5:00pm Network Monitoring and Intrusion Detection M. Fernandes March 27 - 29 Canadian Conference on IT Audit,

Governance and Security *

April 20 3.5 8:30am - 12:00pm Effective IS Audit Communications Using Graphics

B. Rajamani

3.5 1:00pm – 5:00pm Risk Management (from the IT Security and Privacy Point of View)

K. Jonah

May 11 7.0 8:30am – 5:00pm Audit Command Language E. Kriel and K. Stone

May 18 1.5 8:00am – 9:30am Breakfast Session ** June 8 7.0 8:30am – 5:00pm Performing Comprehensive Firewall

Assessments K. Olsen

June 22 7.0 8:30am – 5:00pm Network Security Assessments D. Rhoades - 5:00pm – 6:00pm Annual General Meeting - 6:00pm – 8:30pm Networking Session

Course Location: Board of Trade, First Canadian Place, corner of King & Bay, Toronto. Legend * For more information on this conference and to register please go to the Canadian Institute of Chartered Accountants

website at WWW.CICA.CA. ** Breakfast Session topics will be announced closer to the date. Please watch the chapter website (www.isaca.toronto.on.ca)

for a description of the session.

Fall 2005 Page 6

ISACATORONTO CHAPTERNEWSLETTER

INTEGRATED APPROACH TO INFORMATION TECHNOLOGY COMPLIANCE TO

MAXIMIZE VALUE

Thursday, December 8th, 2005 8:30am - 12:00pm 3.5 CISA Hours

CEO/CFO certification requirements have expanded the IT executives’ role in corporate governance and control across the business. Internal control legislation, privacy regulations, business need and operational efficiency have given rise to the need to integrate IT governance initiatives as opposed to fragmented responses dealing with isolated issues. The cost of compliance (initial and sustained) and the increased formality of IT control, drive substantial costs from which executives and organizations need to derive benefit. We will review what actions are required by the CEO, CFO and CIO to ensure long-term optimization of your compliance initiative.

After attending this session, participants will: Gain insight into the changing role of IT management in management’s evaluation of internal controls; Understand the advantages and challenges of increased integration with internal customers; Understand the role of IT governance in building a sustainable IT internal control environment and

compliance initiative; Appreciate the advantages of long term considerations and sustainment concepts in the IT internal

control environment; and Be able to consider various responses to managing their compliance initiative within their organization

and the business needs.

The session will include a real life case from an organization, with a potential co-speaker from the organization.

SPEAKER PROFILE Christopher O'Connor is a Senior Manager within Deloitte's Enterprise Risk services. He lead's Deloitte's IT Governance & Control practice which helps clients improve their IT Governance processes to more effectively manage their technology related business risks. Christopher provides solutions for IT Governance, CEO/CFO IT Certification (compliance & sustainment), IT risk and control management and IT internal audit services.

Christopher is a frequent speaker on IT governance, risk management and internal control. He is also a part time and guest instructor for various universities, colleges and professional education programs related to IT governance, risk management, internal control and internal auditing. He is a member of the Information Systems Audit and Control Association, the Institute of Internal Auditors and the Business Continuity Institute. He is a Certified Information Systems Auditor (CISA), a Certified Internal Auditor (CIA) and holds a Certification in Control Self Assessment (CCSA) among other designations. Christopher has and continues to serve on various professional and organizational boards.

Theresa Harrington is a Director of Risk Management, Technology Infrastructure at CIBC. The Technology Infrastructure business unit provides technology services to all CIBC Lines of Business globally and Theresa is responsible for supporting this business in all areas of risk and controls management. This includes managing internal risk and compliance assessment processes, SOX404 processes and reporting, internal audit services and implementation of BASEL ll operational risk management. Theresa has over 25 years experience in the financial services industry and fifteen years in areas of technology solutions, management and governance. She has recently specialized in the area of risk and controls management. Theresa has an MBA from York University.

PROACTIVE PRIVACY MANAGEMENT Thursday, January 12th, 2006 8:30am - 12:00pm 3.5 CISA Hours

Managing privacy in a corporate setting requires a privacy management framework that includes annual assessment of privacy policies, continuous privacy education for employees, and annual audits of the organization's personal information management practices. This session will review Nymity's Privacy Management Framework to instruct organization's on how to create an ongoing, cost-effective, proactive, and pragmatic privacy management program.

Fall 2005 Page 7

ISACATORONTO CHAPTERNEWSLETTER

This workshop leverages Nymity's experiences with the National Privacy Policy Index, a privacy policy assessment tool, plus Nymity's PrivaWorks, an online privacy resources toolkit, that supports hundreds of corporate Canada's Privacy Officer's efforts in creating successful privacy management programs.

Effective privacy management reduces both privacy complaints and privacy breaches while demonstrating accountability and compliance with privacy laws. It is advised that participants review the latest privacy management white papers located at www.nymity.com prior to the workshop.

SPEAKER PROFILE Terry McQuay is a Privacy Educator and the founder of Nymity Inc. For the last three years he has delivered privacy training to over 100 organizations making him the leading privacy educator in Canada. In 2002, Mr. McQuay created PrivaWorksT, a Privacy Resources Portal, which has become corporate Canada's premier source of privacy knowledge and resources. Mr. McQuay is the editor of PrivaViews, Canada's foremost free monthly privacy newsletter, which contains interviews with privacy experts. He is also executive editor of the Privacy Advisory, a privacy training newsletter delivered as part of PrivaWorksT. Mr. McQuay specializes in helping corporate Canada understand and comply with Canadian privacy legislation, leveraging privacy to create a competitive advantage, and implementing effective privacy practices that prevents privacy breaches.

AUDITING THE IT SECURITY FUNCTION

Thursday, January 12th, 2006 1:00pm - 5:00pm 3.5 CISA Hours

Auditing the information security function will allow seminar attendees to gain an understanding of information security frameworks consisting of best practices and information security management systems based on the ISO 17799 standard. This session will cover the best practices for information security and provide an audit program for assessing and rating the maturity level of the information systems program. The session begins with an overview of information security organization, policies as well as risk management methods, and then covers information security awareness, application security, networks, physical security, compliance programs and business continuity. Information security trends and management techniques will also be presented.

SPEAKER PROFILE David Gamey is an expert security consultant with over 23 years of IT experience who has helped ensure the security of critical business initiatives and infrastructure in a wide variety of industries. He has assisted clients in government, health care, education, finance, insurance, utilities, transportation, petrochemicals and the media.

Specializing in the areas of network and application security, he conducted his first penetration test in 1983 and has tested large infrastructures, components and applications for many organizations including most of Canada's major banks. He led and performed risk assessments, orchestrated single and multi-phase engagements to provide assurance for e-business projects, conducted tests and reviews of system design, infrastructure design, architecture, platform configuration, firewall policy and application code. He has investigated and responded to customer emergencies including responses to failures of web based applications, suspected "hacking", computer misuse incidents, infestations of viruses, worms and spy-ware, as well as spam and other email problems. He has exploited knowledge gained through security testing to assess security and privacy requirements and has built defenses into procedures, architectures and solutions.

David is an author, presenter and panelist with papers and talks covering Internet Security, Security in Web Applications, Ethical Hacking and Security Architecture and Design. He has been interviewed in print and broadcast media including the Discovery Channel. He is a former member of IBM's world-wide centre of competency for "ethical hacking" and a contributor to several IBM security methodologies. Davis has worked with IPSOS-REID to design a Canadian CIO Security Survey.

Fall 2005 Page 8

ISACATORONTO CHAPTERNEWSLETTER

2005/2006 CONTINUING PROFESSIONAL EDUCATION SERIES

Session Members Non-Members

All Day (8:30am – 5:00 pm) $160 $200

Morning (8:30 am – 12:00 pm)

Afternoon (1:00 pm – 5:00 pm) $80 $100

Breakfast Sessions (8:00am – 9:30am) $25 $25 GST included. GST registration number: R123951709

REGISTRATION FORM

SESSION NAME

DATE

Name & Email address

Company

Telephone

Member

(Y/N)

AM/PM/

DAY

CISA CISM (Y/N)

WAYS TO REGISTER Email George Davis at geodav@primus.ca or On-line form www.isaca.toronto.on.ca Call: (416) 410 - 2246 or Fax: (705) 487 - 1548 Make cheques payable to ISACA - Toronto Chapter. Charge cards will NOT be accepted. To avoid disappointment and to assist us with logistics, please register at least 2 days before the session. NEED UP-TO-DATE INFORMATION? Check www.isaca.toronto.on.ca or Call (416) 410 - 2246 Remember to check the session location before attending since venues can change due to availability.

Fall 2005 Page 9

ISACATORONTO CHAPTERNEWSLETTER

Continuing Professional Education

COUPON ORDER FORM

Company Name:

Address:

Contact Person:

Telephone:

Fax: Quantity Total CostBook Type MA @ $750 (Member, 10 Half-day session coupons) Book Type NA @ $950 (Non-Member, 10 Half-day session coupons)

TOTAL

GST included. GST Registration No. R123951709.

Please make checks payable to The ISACA - Toronto Chapter. Coupons are not accepted for Joint or Multi-day Sessions. Coupon Expiry Date: June 30th, 2006. Mail completed form and cheque to:

Information Systems Audit and Control Association Toronto Chapter - Program Committee c/o Cheryl Kicksee Metro Toronto Police 4620 Finch Avenue East Toronto, Ontario M1S 4G2

Fall 2005 Page 10

ISACATORONTO CHAPTERNEWSLETTER

Fall 2005 Page 11

ISACATORONTO CHAPTERNEWSLETTER

Fall 2005 Page 12

ISACATORONTO CHAPTERNEWSLETTER

2005-2006 ISACA TORONTO CHAPTER OFFICERS AND COMMITTEES PRESIDENT

Patricia Goh - President Bank of Nova Scotia 416-866-6507 patricia.goh@scotiabank.comMarian Soon Shiong Bank of Nova Scotia 416-866-6719 marian.soonshiong@scotiabank.comCarmen Li Bank of Nova Scotia 416-866-4442 carmen.li@scotiabank.com

VICE PRESIDENT

Arturo Lopez, Director PricewaterhouseCoopers Inc. 416-941-8219 Arturo.j.lopez@ca.pwc.comAntonella Hampden PricewaterhouseCoopers Inc. 416-941-8383

x14214 antonella.hampden@ca.pwc.com

WEBSITE MANAGEMENT Sanjev Chib Moneris Solutions 416-734-1726 sanjeev.chib@moneris.comBehram Faroogh Tactical Business Solutions 416-930-3530 behram@rogers.comPatricia Goh Bank of Nova Scotia 416-866-6507 patricia.goh@scotiabank.com

CERTIFIED INFORMATION SYSTEMS AUDITOR / CERTIFIED INFORMATION SECURITY MANAGER

Lisa Allen, Director Deloitte and Touche 416-601-6441 liallen@deloitte.caAlec Cram Deloitte and Touche 416-601-6501

x7946 acram@deloitte.ca

Jennifer Boyce Deloitte and Touche 416-643-8276 jeboyce@deloitte.ca

COMMUNICATIONS Ian Steingaszner, Director Magna International Inc. 905-726-7408 Ian_steingaszner@magna.on.caRaj Devadas KPMG 416-777-8458 rdevadas@kpmg.ca

CONTINUING EDUCATION COMMITTEE Bob Darlington, Director Canadian Pacific Railway 416-595-3242 bob_darlington@cpr.caJeff Bhagar Bank of Nova Scotia 416-933-2554 jeff.bhagar@scotiabank.comGeorge Davis - Registrar Retired 705-487-3130 geodav@primus.caRussell Dyer RBC Financial Group 416-955-6732 russell.dyer@ rbc.comLaureen Ellis 416-654-7954 laureen.ellis@sympatico.caCheryl Kicksee Toronto Police Services 416-808-4858 ckicksee@yahoo.com Ian King Net Intergration 416-995-7162 kinicinc@rogers.comRaul Mangalindan Rogers Telecom 416-718-6479 raul.mangalindan@sprint-canada.com Matt Marshall Sun Life Financial 416-408-6557 mmars@sunlife.comMohammad Sharifullah KPMG 416-777-8444 msharifullah@kpmg.ca

MARKETING Nina Vivera, Director KPMG 416-777-3033 Nvivera@kpmg.caRaj Devadas KPMG 416-777-8458 rdevadas@kpmg.caParimal Barot KPMG 416-777-8615 pbarot@kpmgKaren Nemani 2Keys Corporation 416-577-3222 knemani@2keys.caTheo Odartei Mobile Computing Corp. Inc. 905-676-8900

x870 todartei@mobilecom.com

Denzil Luna Management Board Secretariat 416-325-1138 Denzil.luna@mbs.gov.on.ca

Ben Omiyi KPMG 416-777-8914 bomiyi@kpmg.ca

Fall 2005 Page 13

ISACATORONTO CHAPTERNEWSLETTER

MEMBERSHIP Margaret Lee-You, Director Sun Life Financial 416-204-3756 margaret.lee-you@sunlife.comSudarshan Pai PricewaterhouseCoopers Inc. 416-941-8383

x63818 sudarshan.a.pai@ca.pwc.com

RESEARCH AND UNIVERSITY RELATIONS Baskaran Rajamani, Director Deloitte & Touche 416-643-8457 brajamani@deloitte.caPaul Johns Deloitte & Touche 416-601-5850 pauljohns@deloitte.caDarmesh Joshi Deloitte & Touche LLP 416-775-7298 djoshi@deloitte.caCameron Jue Deloitte & Touche 416-601-5275 cjue@deloitte.caCharan Kumar KPMG 416-777-8997 ckumar@kpmg.ca

TREASURY Larry Leung, Treasurer PricewaterhouseCoopers Inc. 416-218-1481 larry.leung@ca.pwc.comUsuff Currim PricewaterhouseCoopers Inc. 416-228-1940 usuff.currim@ca.pwc.com

PAST PRESIDENT

Raj Krishnamoorthy Deloitte & Touche 416-601-6245 rkrishnamoorthy@deloitte.ca

Information About ISACA

ISACA is committed to providing its members and the IT assurance, information security management and IT governance community with high-quality educational and training opportunities and events. With more than 35,000 members in over 100 countries representing more than 170 local chapters, ISACA is a recognized global leader in IT governance, control and assurance. ISACA sponsors international conferences, publishes Control Objectives for Information and related Technology (COBIT®), and administers the globally respected Certified Information Systems Auditor™ (CISA®) designation and the new Certified Information Security Manager™ (CISM™) designation. The International Conference is ISACA's flagship conference. It is also the site of the Annual General Meeting of the Membership as well as ISACA Board of Directors' meetings and scheduled Global Leadership Conference for representatives of the local chapters. Held in mid-summer annually, the International Conference attracts over 250 professionals from around the globe. Its educational streams focus on managerial and business issues of IT audit, control, security and assurance.

The views and opinions contained in this publication are solely those of its author, and do not necessarily represent or reflect the views or opinions of the Toronto Chapter of the Information Systems Audit and Control Association. In the event of questions concerning articles in this publication, please contact the author of the articles directly.

Fall 2005 Page 14