The audit and compliance conference

Where can you find a conference that’s still running seven tracks? The ISACA CACS conference in Orlando, May 3-7, will cover IT best practices. That stands for the North America Computer Audit, Control and Security (CACS) Conference. Speakers come from security and consulting companies and cover such topics as “The Secret Life of Application Controls” and “Advanced SAP Transaction Security Auditing”.

I spoke with Michael Juergens, principal at Deloitte & Touche, a speaker in the latter session, who said that practitioners want to help and know that they can do so. “If you practice in this field,” he said, “you’re either worried about helping your organization manage risk or you’re worried about adding value to the organization — these are often not mutually exclusive.”

It’s run by the Information Systems Audit and Control Association (ISACA) which educates people about best practices and maintains the Control Objectives for Information and related Technology (COBIT) best practices standard.

Several names and job titles among the speakers attracted my attention: Steve Orrin, director of security solutions at Intel; Carlos Solari, vice president of security solutions at Alcatel-Lucent; and Brian Barnier, global portfolio manager for IBM’s business resilience consulting business, were just a few.

Then there’s Mark Sunner, chief security analyst for MessageLabs, who is always entertaining and provocative.