December Chapter Meeting

Please let us know how we can better serve your needs by sending an email message to our Board of Directors.


Joint Meeting with ISSA at the Comedy Works - South (Landmark), in the Main Showroom

Afternoon Presentation (2:10pm - 4:00pm)
Happy Hour/Networking Social from 4:00pm - 5:30pm afterwards!!!

December 14, 2017 - click to add to calendar

CPE Credits: up to 2.0 hours of CPE is available

Topic: Re-Engineering IT and Controls using ISACA control frameworks, ITIL and ISO27001

After a disastrous CRM deployment on Oct 31, 2003, AT&T Wireless lost between 100-350M in one calendar quarter, enough to put the industry leader in GSM mobile service on the auction block. In the first year of accelerated filing for SOX 404, AT&T Wireless had to reengineer IT and pass its first SOX audit with zero deficiencies - in 10 months. There was zero time to allow for trial and error in our control design, implementation, testing, and documentation: it had to be done right on the very first try or the merger with Cingular, expected to be the largest cash acquisition in the history of the US, was off.

This presentation covers a case study of leadership under pressure, using ISACA control frameworks, with ITIL and ISO 27001 in order to design and implement a control framework that all four audit firms called “a thing of beauty” and that prompted a six sigma study of our incident identification, management, and response processes. We will examine lessons learned about effective IT security and have time for Q&A.

The speaker, Karen Worstell, was the CISO and VP of IT Risk Management for AT&T Wireless and led the successful SOX effort for the acquisition of AT&T Wireless by Cingular including all IT infrastructure controls and a total re-engineering of Disaster Recovery for AT&T Wirelesses data centers in a ten month period.

Learning Points:

  • Leadership under pressure
  • Use of ISACA control frameworks, with ITIL and ISO 27001 to design and implement a control framework
  • Examine lessons learned about effective IT security
  • Q&A

About the Speaker: Karen Worstell began her cyber career 30 years ago when her programming professor in grad school encrypted the final and unique code breaking tools were required to be used in order to decrypt and read each question. She provided cyber security support for programs like the Advanced Tactical Fighter prototype and B2 Bomber, developed the first computer security manual for the Boeing Company, and led research in secure distributed computing for Boeing's Research and Technology Division in the 1980s and 90s. From there she had senior and C-level roles in security and IT Risk Management for companies like Union Carbide, SRI Consulting, Bank of America, AT&T Wireless, Microsoft and Russell Investments. She was the CEO for AtomicTangerine, the SRI International spinoff focused on security that served international Fortune 100 companies in security strategy and major technology implementations. She co-chaired major security events for SRI International,, and Georgetown University Law Center. She held positions at NIST for OSI security architecture, the security subcommittee of the Aerospace Industries Association, US Department of Commerce Security and Privacy Advisory Board, and the security subcommittee of NSTAC and has been a featured speaker at events for SecureWorld, IIA, ISSA, ISACA, AusCERT, Security Conference Israel, and RSA. She is the author of "Governance and Internal Controls for Cutting Edge IT" published by ITG, the chapter "The Role of the CISO" in the Computer Security Handbook 5th and 6th editions (Wiley) and co-author of "Evaluating the E-Discovery Capabilities of Outside Law Firms" by Pike & Fisher. Her technical expertise spans Identity and Access Management, Intrusion Detection and Response, and integration of security into IT and business processes for “seamless security.” She is a huge fan of "not putting steel doors on grass shacks." Today she focuses on changing perceptions about security to reduce the growing gap between emerging technology and security and pursues her passion for matching cyber talent in leadership roles for enterprises who are serious about cyber security. Karen tweets at and blogs at

Who should attend
IT Leaders (CIOs/CTOs/CSOs/CISOs), IT practitioners (Directors and Managers), IT Audit and Security professionals, Internal and External Auditors.

Field of Study
Security, Governance, Risk & Compliance

Instructional delivery method
Group Live

  2:00 p.m. - 2:10 p.m. ISACA and ISSA Chapter Announcements
2:10 p.m. - 4:00 p.m. Presentation in the Main Showroom
4:00 p.m. - 5:30 p.m. Social Event/ Happy Hour is in the Lila B. Lounge!
ISACA Denver Chapter Members:   $25
Non-Members:   $35

There is a $5.00 discount for credit card payments.

Walk-in non-members must pay by cash/check and will be charged an additional $10.00 fee above the normal fee.

Walk-ins may be turned away if space is not available.

Location Comedy Works - South (Landmark)
Curtis Ballroom
5345 Landmark Place
Greenwood Village, CO 80111
» See Map


Registration has reached the limit for this event and is now closed. Our apologies for any inconvenience.

© 2004-2013 ISACA Denver Chapter. All rights reserved.