Location: Chef’s Restaurant, 291 Seneca Street, Buffalo, NY 14204

Date/Time: January 10^th, 12:00pm-2:00pm

CPE: 2

Cost: $25 (Members), $30 (Non-members)

Join the Western New York Chapter of the Institute of Internal Auditors and ISACA Western New York Chapter for a seminar addressing cloud computing risk management and compliance concerns.  Lunch will be provided and presentations will include:

Cloud Computing and Business Risk

Presented by: Alex Douds, Manager, Risk, Technology and Financial Advisory Consulting Services Practice, RSM McGladrey, Inc, Buffalo, New York

Every day more businesses move their computing functions from the desktop to the cloud and rely on tolls such as hosted applications to store and access key company data, including financial data. But this new frontier involves serious risks that aren't obvious to most.  We will discuss a high-level overview of this emerging technology and the key considerations that auditors should understand to be aware of the risks facing companies using or planning to use the Cloud.

Compliance and the Cloud: What You Can and What You Can’t Outsource

Presented by: Peter Spier, Manager Professional Services, Fortrex Technologies

Managing information technology infrastructure and service costs drives many an organization to consider every opportunity to effectively reduce overhead while increasing return on investment.  The allure of cloud computing and its rapid deployment times, inexpensive processing cycles is both enticing while also increasingly prevalent in our daily lives.  So, why not outsource the whole thing?  Well, despite many of the claims of cloud service providers it’s really not that easy.  In fact, the regulations, standards, and frameworks that impact your organization may have something to say about exactly what you can and what you can’t outsource.  Join Fortrex Technologies’ Peter Spier for a discussion of PCI DSS, HIPAA/HITECH, privacy requirements, and cloud computing compliance.

Presenter Biographies

Alex Douds

Manager

Risk, Technology and Financial Advisory Consulting Services Practice

RSM McGladrey, Inc

Buffalo, New York

Alex is a manager in the Risk, Technology and Financial Advisory Consulting Services Practice in the Buffalo, New York, office of RSM McGladrey, Inc.  Alex has a broad background, specializing in both financial and technical control reviews, Sarbanes-Oxley engagements and other internal audit projects.

Prior to his career with RSM McGladrey, Alex worked for Science Applications International Corporation in Washington D.C. as a contractor for the Federal Government specializing in information systems security and controls internal audits.

Alex is currently responsible for the planning, execution and completion various engagements related to risk management and assessment of IT systems for clients operating in a variety of industries, including government, manufacturing, health care and financial services.  He has led over 30 SAS 70 engagements, Sarbanes-Oxley reviews and internal control audits for these clients. 

Alex earned a Bachelor of Science in Political Science from James Madison University and is a Master of Engineering concentrating in Information Security from George Washington University.  Alex is Certified Information Systems Auditor (CISA) and an active member of ISACA, serving as Secretary for the Western New York ISACA Chapter.  He is also a Certified Information Systems Security Professional (CISSP) through the International Information Systems Security Certification Consortium (ISC2).

Peter Spier

Manager Professional Services

Fortrex Technologies

Frederick, Maryland

Peter Spier (www.peterspier.com) is Manager Professional Services at Fortrex Technologies (www.fortrex.com) based in Frederick, Maryland and President of ISACA Western New York Chapter.  Peter attained his graduate degree from Syracuse University's School of Information Studies, is a frequent contributor to industry publications, and over the course of more than 12 years experience, has earned Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Project Management Professional (PMP), Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA), Information Technology Infrastructure Library (ITIL) Foundation version 3, and HITRUST Common Security Framework (CSF) Assessor certifications; among other credentials.