Committee ChairS

Keith Bowie

The ISACA New York Metropolitan Chapter is dedicated to furthering the educational landscape of our IT Professional community. The goal of the Education Committee is to plan, schedule and deliver the latest information technology, security, audit, governance, risk and audit educational training programs and webinars to our members.

​Call to Action

The Education Committee is looking for volunteers to participate in committee activities. Please send e-mails to to learn how to get involved.

Upcoming Courses
Cybersecurity Standards versus Hackers and Governments

 Location: Online Only

 Instructor: Michael Petrov, CEO Digital Edge

For more than 20 years Michael operates a high-tech company that grew from 3 employees to an international organization with offices on the US, Latin America and Europe.  Michael is a true information technology engineering visionary. Digital Edge aims to utilize developments in technology to provide critical services to the IT industry.  Michael believes that building defensive systems must be driven on risk assessments based on the understanding of the hackers mindset, goals and techniques to improve cybersecurity programs’ cost-effectiveness and reliability.  Michael’s role as CEO affords him the opportunity to mentor and train new generations of talent.

Date and Time:

Wednesday 28th October 6:00PM to 9:00PM

Thursday 29th October 6:00PM to 9:00PM

Friday October 30th 6:00PM to 9:00PM 

Fee: Free 

Brief Description:

This is a 3-day virtual seminar, combining lecture with a case-study based workshop that introduces I.T. and Cybersecurity Professionals to the principles, structure and practical implementation guide for Cybersecurity standards and frameworks.  It includes standards, methodology, review and audit techniques implementation and operations of cybersecurity standards.  The class also touches similarities and differences in Cybersecurity standards for IT security and Privacy based on General Data Privacy Regulation (GDPR).

Learning Objectives:  Participants will gain a deep understanding of cybersecurity standards, their implementation and operation, implanting controls and KPIs in day to day operations of IT organizations as well as self-auditing and measurements of effectiveness of Risk driven Information Security Management Systems:  

  • What’s cyber security frameworks and standards are
  • Similarity and differences • Selecting the right framework for you
  • Risk assessment and management methodologies
  • Benefits of implementation
  • Implementation guidelines
  • Creating an ISMS for a sample organization
  • Establishing ISMS baselines
  • Risk analysis
  • Controls and implementation
  • Maturity of the controls and implementations
  • Artifacts
  • SecOps
  • Incidents
  • Self-audits

This Seminar is for: Everyone who are interested to attend

CPE Credits: 10 CPEs

Link to Registration Site:

Prevention, Detection and Recovery from Cyberattacks

Location: Online Only

Instructor: Steven J Ross, Executive Principal, Risk Masters International LLC

Mr. Ross is Executive Principal of Risk Masters International and holds certification as a Certified Information Systems Security Professional (CISSP) as well as a Master Business Continuity Professional (MBCP) and a Certified Information Systems Auditor (CISA).  Mr. Ross is a specialist in the field of information systems security and control, specializing in Information Security, Business Continuity Management, and IT Disaster Recovery Planning services.  He has implemented Information Security programs for numerous banks, government agencies and industrial corpo­rations. Prior to founding Risk Masters, Mr. Ross was a Director and global practice leader with Deloitte & Touche. 

In consulting engagements, he specializes in planning, policy development, implementation, and standardization of Information Security processes.  In recent years, his focus has been on reliability, prevention, detection and recovery from the technical and business impact of cyberattacks.  He is editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series, including e-Commerce Security: Public Key Infrastructure. He has recently published Creating a Culture of Security. Since 1998, Mr. Ross has regularly published the column, “IS Security Matters”, in the ISACA Journal.

Date and Time:

Tuesday 10th November 9:00AM to 5:00PM with regular breaks

Wednesday 11th November 9:00AM to 5:00PM with regular breaks

Fee: Members $400; Non-Members: $435

Brief Description:

This is a two-day seminar, combining lecture with a hands-on, case-study based workshop that introduces individuals responsible for dealing with cyberattacks to the principles and practice of prevention, detection and recovery from hostile actions against computer systems. It includes both the technical and organizational measures that are required and focuses on the steps that must be taken and the skills that must be obtained in advance of an attack to be prepared should one occur. The workshop is the core of the course, built around a continuing case study and finishing with a simulated test of cyber-recovery.

Learning Objectives:  Participants in this seminar will learn:

  • How the reality of cyberattacks fits into their business models
  • How to organize, build and maintain an effective capability to prevent, detect and recover from cyberattacks
  • What tools, skills and techniques are needed to support cyberattack response • How to test and validate recovery capabilities
  • What architectural and design alternatives can be applied for cyberattack prevention, detection and recovery
  • How cybersecurity can be governed and managed • How to test cyber-recovery

This Seminar is for: Information Security managers and staff, I.T. management, technical support and operations personnel, Disaster Recovery Planners, Business Continuity Managers, I.S. Auditing managers and staff, Corporate Management, Risk Managers and staff

CPE Credits: 14 CPEs


Link to Registration Site: