Click here to view this email in HTML

Newsletter Banner

President's Letter


Your participation in our officer elections is vital for the continued growth of our chapter.   The notice has been sent out and we request your timely reply. 

ISACA Research

Here is a way to get involved with ISACA that requires time but not a long-term commitment.  Getting involved with a project could be a great way to get your feet wet and expand your horizons.

Current Subject Matter Expert (SME) needs for Research Projects:

  • Privacy Framework – ISACA Privacy Principles (Looking for SMEs – 3rd quarter 2015)
  • DevOps (Looking for SMEs – 3rd quarter 2015)
  • Quick Start Guide to Audit/Assurance Programs (Looking for SMEs – 3rd quarter 2015)
  • Audit/Assurance Programs (Continuous need)

If you know of someone in your chapter suitable for any of the above projects, or if you yourself are interested, please contact Nancy Cohen at

Tom Hart
2014 – 2015 PresidentP                                                

In This Issue

  • Upcoming Chapter Training
  • ISACA Calendar of Events & Deadlines
  • Job Opportunities                                        
  • Techno Security Conference News
  • Helpful Articles
  • CSRA IIA Chapter Training
  • Social Media
The Chapter is 239 members STRONG!

Techno Security & Mobile Forensics Investigations Conference 2015




Techno Security & Mobile Forensics Investigations Conference 2015


Upcoming Chapter Training

You should be receiving individual emails now regarding registration for our upcoming classes.   Here is what is planned for the next few months:

July 22 – We will have Stu Henderson return for a 1 day course on How to Audit Mainframe Security TCP/IP. 8 cpes,  Register here:

August 19 – our own member, Brian Kelley will present a class on ETL: Security & Auditing Across the Entire Data Flow.  6 cpes, To learn more and register, go to

September 21 & 22 – Risk Management with Leighton Johnson

November 4 - 6 - South Carolina State Audit Conference will be held in Columbia, SC.


Job Opportunities

AMSEC is hiring - Computer System Security Analysts in Charleston, SC.  – Multiple positions available!

 Computer System Security Analyst 4 - requisition ID # 10172BR

 Required experience:

  • Candidates must have a minimum of eight (8) years of IT experience with Information Assurance (IA) and or Cyber Security. Demonstrated experience working with Junos, VMWare and Juniper Networks NetScreen Series Security Systems is required.
  • Must be able to travel domestically and internationally as well as meet Department of Defense requirements for travel to Bahrain and Italy within 45 days of hire – valid passport a must.
  • Must possess a TOP SECRET security clearance or be able to obtain an interim TOP SECRET security clearance within 45 days of hire.

 For more information please visit our website at: or follow the link below to search for position number 10172BR.


 AMSEC is a subsidiary of Huntington Ingalls Industries (HII). Huntington Ingalls Industries (HII) designs, builds and maintains nuclear and non-nuclear ships for the U.S. Navy and Coast Guard and provides after-market services for military ships around the globe. For more than a century, HII has built more ships in more ship classes than any other U.S. naval shipbuilder at its Newport News Shipbuilding and Ingalls Shipbuilding divisions. Employing more than 38,000 in Virginia, Mississippi, Louisiana and California, HII also provides a wide variety of products and services to the commercial energy industry and other government customers, including the Department of Energy.

 Equal Opportunity Employer - Veterans/Disabled Welcome. U.S. citizenship required for most positions.

Techno Security & Mobile Forensics Investigations Conference 2015

SC Midlands ISACA Booth at
Techno Security Conference 2015


Techno Security & Mobile Forensics Investigations Conference 2015

ISACA Calendar of Events & Deadlines


11 June

ISACA Training Week, Chicago, Illinois, USA, early registration deadline

11 June

Full Circle Threat Management With SIEM, webinar

17 June

September CISA and CISM exams early registration deadline

23-24 June

Certification chapter leader quarterly update call


2 July

Training Week: Social Media in Your Enterprise: Mitigating the Risk and Reaping the Benefits, Seattle, Washington, USA, early registration deadline

20-23 July

Training Week: Healthcare Information Technology, Dallas, Texas, USA

24 July

September CISA and CISM exams final registration deadline

30 July

Training Week: Information Security Essentials for IT Auditors, Miami, Florida, USA, early registration deadline

31 July

Half-year registration opportunity for new members ends


1 August

Advanced-year membership registration begins

4-7 August

ISACA Training Week, Chicago, Illinois, USA

13 August

Training Week: An Introduction to Privacy and Data Protection, Atlanta, Georgia, USA, early registration deadline

17-19 August

Governance, Risk and Control Conference, Phoenix, Arizona, USA

19 August

December CISA, CISM, CGEIT and CRISC certification exams early registration deadline

24-27 August

Training Week: Social Media in Your Enterprise: Mitigating the Risk and Reaping the Benefits, Seattle, Washington, USA

26 August

CSX 2015 North America, Washington DC, USA, early registration deadline

27 August

Training Week: Taking the Next Step: Advancing Your IT Auditing Skills, Boston, Massachusetts, USA, early registration deadline

Techno Security & Mobile Forensics Investigations Conference 2015

Techno Security Conference News

Audit and Security was well represented this year at the Techno Security Conference!  The individual classes were great, and these folks did a great job with an Audit Panel led by Sue Rusher.  The audience was lively and the topics flowed.  Many thanks to our volunteers who made this happen: 

Audit Basics and the Vision-Driven Enterprise

Erich C. PearsonErich Pearson

Manager, Quality Assurance & Change Control
Hubbell, Inc.

Introduction to the NIST Framework for Improving Critical Infrastructure Cybersecurity

Mark GravesMark Graves

Security Architect
Agfa HealthCare Corporation

Forensics for Auditors


Leighton JohnsonLeighton Johnson III



Going on an Electronic Treasure Hunt: Auditing BYOD and Beyond

Ken Cutler, CISA, CISSP, CISM, Q/EHCutler

Security and Principal Consultant
Ken Cutler & Associates, LLC

 Hope to see you all there next year!                                        

Techno Security & Mobile Forensics Investigations Conference 2015

SC Midlands ISACA Booth at
Techno Security Conference 2015



CSRA IIA Chapter Training

Don’t miss your lunch and learn opportunity!

 The World of BIG DATA presented by Leighton Johnson, Data Security and Digital Expert

With no less than 10 certifications in IT Audit, Security, Software Development, Anti-Terrorism, Digital Forensics and Cloud Security, Leighton is a must see to learn about the Topic that is the #1 highest growth area of innovation, talent demand and Fortune 500 area to watch! 

Agenda: June 30, 2015

Registration ............................................................11:30 AM

Welcome  ................................................................  11:45 AM

We will recognize members and their achievements this year at the beginning of this meeting.

Lunch       ............................................................... 12:00 PM
Enjoy from the "Soul Good" recipes from the Generations of the Ursy's down home cooking! In recognition of our third anniversary as a chapter, buffet lunch is on us!

Country Fried Chicken, Fat Man's Famous Macaroni & Cheese, 

Green Beans, Tossed Salad, Rolls, Tea or Water

Presentation  ......................................................... 12:10 PM

BIG DATA- Implications for Governance, Risk Management and Compliance  12:00 Noon - 1:00 PM
One hour CPE event, followed by questions and answer session. 

Members $25                          Non-members $30

Early Bird Discount $5 off enter coupon “BIRD” if you register by June 12th

 Register Now

Techno Security & Mobile Forensics Investigations Conference 2015

Social Media



Twitter:  @scmidlandsisaca

“Follow” ISACA's Cybersecurity Nexus page to stay up to date on all things cybersecurity: 

Helpful Articles

Practical Suggestions for Passing Certification Exams

By Kathleen Stetz, CISA, CISM, CRISC, PMP

As a teacher and mentor for exam preparation classes, I am often asked “What kind of questions will be asked and what do I need to know in order to pass the exam?” The individuals posing this question are excited to get started on the right path, and many of them purchase all available exam preparation books. Basically, they want to know how questions will be extracted from each domain within the body of knowledge. 

Based on my experience helping people to prepare for these exams and my own success passing these professional certification exams on the first try, I suggest the following study approaches:  

  • First and foremost, get into the mind-set of the professional organization that administers the test. Exam takers must put aside their preconceived ideas and methods, either based on their prior experience or those that may be suggested by their employers, for them to understand the standards and best practices offered by the profession. Taking exam preparation classes can certainly help to get you in the right frame of mind.
  • Get a holistic understanding of the body of knowledge. Having a high-level view of the material can help you identify the key deliverables for the major aspects that will be tested. Seeing the big picture can help test takers understand the main areas of focus. Additionally, the candidate can see how all of the functions and related processes fit together.
  • Take an operational risk view of the material. That is, understand the roles of people, processes, technologies and infrastructure of the body of knowledge as well as the adverse effects that can result if controls are not working effectively and determine the best course of action to take.
    • People—Gain knowledge of the roles and responsibilities of the key stakeholders involved with the processes throughout the body of knowledge within the discipline. This should also be extended to committees, officers, managers and quality assurance.
    • Process—Understand the key methods used within the body of knowledge. Having an end-to-end perspective of the input, transforming steps and the output for each domain helps with any sequencing questions.
    • Technology—Obtain an understanding of the types of technology used within each domain. Each technology that houses information must be protected according to the data classification to ensure data integrity, availability and confidentially—the security attributes. The candidate must gain knowledge of the purpose of the technology before understanding the threats that can be imposed upon it and the potential consequences.
    • Infrastructure—Understand the organizational policies, principles, methods, approaches, governance and forms followed in the organizational context.
  • Practice by taking mock tests and sample questions. I tell my students to get their hands on as many sample questions as possible. Those materials offered by the certifying body are the best source, since questions are formatted similarly to the actual exam. I also warn students to be careful using some outside sources, since many questions are not constructed in the same manner as the certification test, which can lead test takers a bit astray and set some false expectations. Additionally, some certifications require an understanding of the calculations to derive the correct answer, while other examinations are only looking for a candidate to have a general understanding from more of a working application perspective. If possible, partner with others who are in the same situation and/or have already taken the exam. Everyone has their area of expertise and studying with subject matter experts (SMEs) can really help someone who may be less familiar with a particular topic. Since teaching others is one of the best methods for reinforcing your learning, this method helps both parties.
  • Most important, do everything possible to establish clarity of thought. That is, remain emotionally calm before the test is distributed. Remember that having a frustrating experience right before the exam can hinder your thought process. It is equally important to develop a positive mental attitude for getting the needed confidence to put yourself in the right mind-set. Upon entering the testing room, envisioning that you already passed the test will help you to cultivate positive energy and thoughts. Being kind to yourself and others can help to relieve stress, so talk to people while waiting (if they are open to it) and be friendly.

Someone once told me that a definition of good luck is simply having opportunities that meet with your preparation, so study hard, believe in yourself, and go forth and conquer. And, do not forget to celebrate your success once you find out that you have passed.

Techno Security & Mobile Forensics Investigations Conference 2015


Techno Security & Mobile Forensics Investigations Conference 2015


Techno Security & Mobile Forensics Investigations Conference 2015


Techno Security & Mobile Forensics Investigations Conference 2015


Techno Security & Mobile Forensics Investigations Conference 2015

We look forward to seeing you at our next event!

Techno Security & Mobile Forensics Investigations Conference 2015


Visit SC Midlands Chapter of ISACA at to find out more about our upcoming educational events!  Click on Events at the top of the page, and then hit the Monthly Training tab to review our events.


Cvent - Web-based Software Solutions