Designing an Effective User-Based Security Program
|
|
- Matthew Gallagher
- 6 years ago
- Views:
Transcription
1 Cyber Security Symposium 2013 Designing an Effective User-Based Security Program Kevin Mazzone, UC Davis Health System Sean Cordero, Cloudwatchmen October 10, 2013
2 Overview Presenters Kevin Mazzone & Sean Cordero Legacy Awareness & Training Model Challenges New Approach to Awareness & Training New Approach to Policy Summary - Questions and Answers 2
3 About the presenters Sean Cordero, CISSP, CISM, CISA, CRISC Founder Cloud Watchmen Provides InfoSec and compliance services 14+ years experience Consults with C-level management at public and private enterprises Regular speaker at security conferences Former CSO of EdFund and Charlotte Russe Kevin Mazzone, PMP, CEH M.S. Information Management & InfoSec from Syracuse University Security and compliance experience Intel, EdFund, UCDHS, MAXIMUS 15+ years of experience Former ISO CISSP pending 3
4 Legacy Awareness & Training Model Challenges
5 Legacy Awareness & Training Model Challenges 1. Security awareness Unmeasured- 100% complete!= effective 2. Security training Low touch- CBT and policy overload Lack of follow-up and accountability 3. Policy Policies overly complex (wordy) Inconsistent documentation 4. Punitive program
6 New Approach to Awareness & Training
7 Effective Awareness Programs Consists of Demonstrating the value of changed behaviors Targeted marketing & communications Why security is important and why I should care Consistent security visibility Security newsletter Real-life occurrences Examples of local & national events 7
8 Marketing & Communications Get out there and sell Staff visits (IT and non-it) Meetings, walk the halls, brown bags, etc. Posters, awareness campaigns, giveaways, positive reinforcement Standard look & feel, and place to go for official communications How you and your business units can support the security program 8
9 Security Newsletter Internally developed or outsourced Relate it to the (work second) Be positive and not do this or get fired 9
10 New Approaches to Security Training
11 Training Multiple levels of awareness, security, and compliance training 101: General content for all 201: Targeted for IT with the expanded roles and responsibilities of IT 301: OWASP Top 10 for Application Developers 11
12 Rules for Training Content Rule #1 Focus on the audience. Rule #2 Keep it interesting. Rule #3 Don t reinvent. 12
13 Training Delivery Web training Pro: Inexpensive, good for upkeep Con: No relationship building, faceless arm of IT, poor retention rate Classroom training Pro: Great retention rate, builds relationships Con: More expensive than WebCT 13
14 Recommended Training Delivery Hybrid approach Classroom training upon initial hire Web training refresh Pros: Establishes relationships, gives us a face, produces higher retention Cons: Higher costs than pure WebCT Demonstrated success 14
15 New Approach to Policy 15
16 Policy Objective Provide a simple path Awareness & Training Security plan Security policies, standards, and guidelines White papers and procedures Details of how IT will support the security program 16
17 Security Plan Introduction, scope, and objectives Roles & responsibilities in support of security Execution and delivery Sub-sections for: line of business, support groups, etc. Administration of the security program Sub-sections for awareness, training, and governance 17
18 Policy Overlap HR Policies General Policies Security Policies Legal Policies IT Policies 18
19 Policy Set Hierarchy White Papers Corporate Policy HR Security Legal Biz Unit Security Documentation Standards Procedures Guidelines IT Documentation Procedures Work Instructions Security Policy high-level requirement Standard detailed requirement IT White paper how IT supports the security requirement Example: AntiVirus 19
20 Guidelines for Policy Documents Use the K.I.S.S. principle Use general terms and avoid IT jargons Keep documents to a page and 1½ pages Separate out commonalities glossary, applicability, disciplinary action, etc. Organize like the training 101, 201, and
21 Summary 21
22 Summary Awareness - Sales & marketing Training Multiple levels focused on the users; hybrid approach Policy - K.I.S.S. and don t overload with nonessential information Tie to plan Relate the awareness, training, and policy documents to the users 22
23 Questions and Answers Thank you for attending! 23
Developing a culture of security awareness: Based on your culture
SANS STH Security Awareness Summit 2016 Developing a culture of security awareness: Based on your culture Akshay Shetty Information Security Program Manager 2016 Autodesk Autodesk and Me Leader in 3D design,
More informationHearing Voices: The Cybersecurity Pro s View of the Profession
SESSION ID: AST2-W02 Hearing Voices: The Cybersecurity Pro s View of the Profession Jon Oltsik Senior Principal Analyst and ESG Fellow Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International
More informationTHE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS
SESSION ID: AST3-R02 THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS Jon Oltsik Senior Principal Analyst Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International Board Director ISSA
More informationแนวทางการพ ฒนา Information Security Professional ในประเทศไทย
แนวทางการพ ฒนา Information Security Professional ในประเทศไทย โดย Thailand Information Security Association (TISA) Agenda 1) Global Information Security Professional Situation 2) Current Thailand Information
More informationitsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Workforce Development Training Curriculum & Management Program
itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Workforce Development Training Curriculum & Management Program Agenda and Objectives The Digital Transformation (Dx) Problem NISTCSF.COM Cybersecurity Curriculum
More informationChallenges to Implementation of [real] Information Security
Challenges to Implementation of [real] Information Security August 21, 2002 Chris Apgar, CISSP Kate Borten, CISSP Ken Patterson, CISSP Chris Apgar, CISSP Former state regulator turned private sector HIPAA
More informationLa certificazione ISO27001
13 August 2010 La certificazione ISO27001 Driver di crescita e caso di successo di una PMI italiana LUIGI BRUSAMOLINO CISM, CRISC Managing Director Southern EMEA - BSI NICOLA MASSERONI Responsabile GRC
More informationitsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program
itsm003 v.3.0 NICE Training Curriculum & Workforce Planning Program Agenda and Objectives NICE Cybersecurity Curriculum Consortium IT & Cybersecurity Frameworks & Methodologies NICE Curriculum Catalog
More informationIncident Response. Is Your CSIRT Program Ready for the 21 st Century?
Incident Response Is Your CSIRT Program Ready for the 21 st Century? Speaker Bio Traditional Response Concepts Technical Incidents Requiring Technical Responses Virus/ Malware Network Intrusion Disaster
More informationTips for Passing an Audit or Assessment
Tips for Passing an Audit or Assessment Rob Wayt CISSP-ISSEP, HCISPP, CISM, CISA, CRISC, CEH, QSA, ISO 27001 Lead Auditor Senior Security Engineer Structured Communication Systems Who likes audits? Compliance
More informationHow to Use PCI DSS for a Stronger IT Security Posture and Streamline your Compliance Efforts. April 24, 2018
How to Use PCI DSS for a Stronger IT Security Posture and Streamline your Compliance Efforts April 24, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2018 Wolf & Company, P.C.
More informationbuilding a security culture to counter emerging cybersecurity threats
Academic Medical Center Security and Privacy Conference June 2017 building a security culture to counter emerging cybersecurity threats Chuck Kesler, MBA, CISSP, CISM Chief Information Security Officer
More informationMonthly Meeting November 16, 2016
Monthly Meeting November 16, 2016 Agenda / Announcements Welcome to Parsons, 7110 Samuel Morse Drive, Suite 200 Columbia, Maryland 21046 Non-U.S. Citizen Requirements Any guests or new members in attendance?
More informationto protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
More informationCYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015
CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015 WELCOME Have a question for the speaker? Text it in using the Ask A Question button! Audio is streamed
More informationFOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY
FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide
More informationE-guide CISSP Prep: 4 Steps to Achieve Your Certification
CISSP Prep: 4 Steps to Achieve Your Certification Practice for the exam and keep your skills sharp : Thank you for downloading our CISSP certification guide. Aside from this handy PDF, you can also access
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationHow to Prepare a Response to Cyber Attack for a Multinational Company.
You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,
More informationitsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum
itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum Agenda and Objectives The Digital Transformation (Dx) Problem NISTCSF.COM Cybersecurity Curriculum
More information*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Chapter 3. Framework Implementation Relationship
More informationISACA Webcram CISA & CISM. Sean Hanna
ISACA Webcram CISA & CISM Sean Hanna Sean Hanna GRC & Cyber Warfare Consultant EC-Council Global Security Trainer of the Year 2007, 2008, 2010 and again in 2011 EC Council Circle of Excellence Member 2012
More informationOperationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results
Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec
More informationCourse Catalog: Webex Teams + Webex Meetings + Jabber
Course Catalog: Webex Teams + Webex Meetings + Jabber Webex Meetings, Webex Teams, and Jabber End User and Administrator Training Meet Me In The Cloud, Inc. https://meetmeinthecloud.com San Francisco Bay
More informationEmployee Privacy in the Electronic Workplace
Employee Privacy in the Electronic Workplace Jane Shea and Michael Severini Today s Speakers Jane Hils Shea, Esq. Member & Chair of Data Privacy and Information Security Practice Group Frost Brown Todd
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationINFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook
INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES forebrook INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION
More informationConducting a data flow mapping exercise under the GDPR. Presented by: Alan Calder, founder and executive chairman, IT Governance 4 October 2017
Conducting a data flow mapping exercise under the GDPR Presented by: Alan Calder, founder and executive chairman, IT Governance 4 October 2017 TM Introduction Alan Calder Founder of IT Governance The single
More informationBRING EXPERT TRAINING TO YOUR WORKPLACE.
BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique
More informationSECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH
SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH 1 SECURITY+ VS GIAC GSEC Where does GSEC fit? 3 CompTIA Security+ and GIAC Security Essentials (GSEC) Feature CompTIA Security+
More informationThe State of SD-WAN Adoption in 2017
TM TM The State of SD-WAN Adoption in 2017 [ ebook ] The State of SD-WAN Adoption in 2017 1 2017 SevOne TM The State of SD-WAN Adoption in 2017 SD-WAN is an undeniably hot topic among IT professionals.
More informationAligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert
Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements
More informationNE Designing and Deploying Microsoft Exchange Server 2016
NE-20345-2 Designing and Deploying Microsoft Exchange Server 2016 Summary Duration 5 Days Audience Microsoft Exchange Level 300 Technology Exchange Server 2016 Delivery Method Instructor-led (Classroom)
More informationImplementing IT Governance
Implementing IT Governance Using COBI C OBIT, ITIL & Six Sigma Peter T. Davis, CISA, CISSP, CDP, CMA, CSP, I.S.P., CNA, CMC, CCNA, CWNA, CISM, COBIT Foundation Certificate, ITIL Foundation Certificate,
More informationIS Audit and Assurance Guideline 2002 Organisational Independence
IS Audit and Assurance Guideline 2002 Organisational Independence The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards
More informationSAFE JOURNEY TO THE CLOUD. Eric Meadows Cloud Security Team
SAFE JOURNEY TO THE CLOUD Eric Meadows Cloud Security Team 2017 Check Point Software Technologies Ltd. 1 Who is this guy? Eric Meadows Cloud Security Team 770-704-0512 emeadows@checkpoint.com Current Cloud
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018
GLOBAL ICT CAPACITY BUILDING SYMPOSIUM ITU CBS SANTO DOMINGO 2018 Digital Capacity Building: Role of the University 18 20 June 2018 Santo Domingo, Dominican Republic Dr. Nizar Ben Neji Faculty of Sciences
More informationTRAIN LIKE. Patrick Hogenbirk Director Training and Communication, Health Care Compliance & Privacy Johnson & Johnson. Objectives
TRAIN LIKE NOT Patrick Hogenbirk Director Training and Communication, Health Care Compliance & Privacy Johnson & Johnson Objectives Provide examples of Training and Communication that missed the mark and
More informationenya Agile vs. Cyber Communications Ltd. Samuel Wanderi MSIM CAIS CISSP CCNA GSLC CEH COR
enya Communications Ltd. Agile vs. Cyber Samuel Wanderi MSIM CAIS CISSP CCNA GSLC CEH COR AGILE Development Cyber Security Agenda Overview of Industry Direction AGILE in DoD Cyber in DoD People Solutions
More informationCYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD
CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)
More informationTHE AUTOMATED ENTERPRISE
THE AUTOMATED ENTERPRISE How CloudForms and Ansible can make your life better in every way Krain Arnold Specialist Solution Architect 1 Magnus Glantz Solution Architect Peter Gustafsson Solution Architect
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationTrade Shows and Seminars on IT Security, Data and Cloud Solutions. 1st - 2nd May 2019 Øksnehallen, Copenhagen
Trade Shows and Seminars on IT Security, Data and Cloud Solutions 1st - 2nd May 2019 Øksnehallen, Copenhagen EXHIBITION RATES 2019 Infosecurity Denmark welcomes you for the fourth time to an event entirely
More informationCourse Catalog: Spark + WebEx + Jabber
Course Catalog: Spark + WebEx + Jabber WebEx, Jabber and Cisco Spark End User and Administrator Training Meet Me In The Cloud, Inc. https://meetmeinthecloud.com San Francisco Bay Area Contact: sales@meetmeinthecloud.comm
More informationCOBIT 5 Foundation Workshop
COBIT 5 Foundation Workshop Dear Members, ISACA Pune chapter is pleased to organize Two / Three Days COBIT-5 Foundation course Dates of Training & Workshop: Date: Friday, 19 th Dec 2014 and Saturday, 20
More informationMobile Security / Mobile Payments
Mobile Security / Mobile Payments Leslie K. Lambert CISSP, CISM, CISA, CRISC, CIPP/US, CIPP/G VP, Chief Information Security Officer Juniper Networks Professional Techniques - Session T23 MOBILE SECURITY
More informationDEVELOPING THE SECURITY PROGRAM
SECURITY MANAGEMENT CHAPTER 5 DEVELOPING THE SECURITY PROGRAM We trained hard but every time we formed up teams we would be reorganiz I was to learn that we meet any new situation by reorganizing. And
More informationPCI compliance the what and the why Executing through excellence
PCI compliance the what and the why Executing through excellence Tejinder Basi, Partner Tarlok Birdi, Senior Manager May 27, 2009 Agenda 1. Introduction 2. Background 3. What problem are we trying to solve?
More informationNational Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.
National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec April 12, 2018 1 Introduction to NICE - The National Initiative for Cybersecurity
More informationEffective COBIT Learning Solutions Information package Corporate customers
Effective COBIT Learning Solutions Information package Corporate customers Thank you f o r y o u r interest Thank you for showing interest in COBIT learning solutions from ITpreneurs. This document provides
More informationSubject lines & content
1 CAN-SPAM COMPLIANCE Subject lines & content. In 2004 Congress passed a law that specifically states it is legal to send unsolicited bulk email for marketing purposes. In this law, they give guidelines
More informationMohammad Shahadat Hossain
Mohammad Shahadat Hossain Principal Security Architect at Grameenphone Limited Summary Has extensive knowledge and experience on following:- NIST Cyber Security Framework SANS Top 20 Security Control Network
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationNavigate IT Security with a Framework as Your Guide
Navigate IT Security with a Framework as Your Guide October 7 th, 2016 Background George Lazarou 16 years security experience in various roles both technical and non-technical AT&T Labs Research, Army,
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationMANAGED CLOUD SERVICES
JARGON BUSTERS MANAGED CLOUD SERVICES CLOUD SERVICES Any IT service that is accessed on demand via the internet rather than from your own computers and servers. PRIVATE CLOUD Services offered over the
More informationTHE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.
THE KERNEL Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients. Since our founding in 1986, and establishing The Kernel s UAE office in 2008, our company
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More informationA New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO
A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information
More informationHong Kong s Personal Data (Privacy) Ordinance
Asia Privacy Bridge Forum 11 May 2016 Hong Kong s Personal Data (Privacy) Ordinance Fanny Wong Deputy Privacy Commissioner for Personal Data Hong Kong, China The Personal Data Landscape in Asia 2011 2003
More informationISACA Certifications Overview
ISACA Certifications Overview CISA, CISM, CRISC, CGEIT Instructor Jay Ranade CISA,, CISSP, CISM, CBCP, ISSAP Risk Management Professionals Intl. jayranade@aol.com jayranade@nyu.edu ranadej@stjohns.edu
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationIntermedia s Private Cloud Exchange
Intermedia s Private Cloud Exchange This is a practical guide to implementing Intermedia s Private Cloud Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationICT support for Primary Schools. Helping primary schools to apply a successful ICT strategy for teaching and digital learning.
ICT support for Primary Schools. Helping primary schools to apply a successful ICT strategy for teaching and digital learning. Professional ICT support for primary schools. Our ICT is the technology partner
More informationUpdate on ISO Revision
Update on ISO 27001 Revision by Sudarshan Mandyam, CISA CISM Director, ISACA Sydney chapter Global Program Manager ISMS, ISC on Tuesday 20 th October 2009 AGENDA 1.Process of publishing and auditing standards
More informationHybrid Cyber Warfare, dual risks?
Hybrid Cyber Warfare, dual risks? Cologne - 26/04/2017 ing. Giuseppe G. Zorzino ERMCP, CISA, CISM, CGEIT, CRISC, LA ISO27001 Bio Giuseppe Giovanni Zorzino Teacher and consultant of information security,
More informationCybersecurity for Service Providers
Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018 There are two types of companies:
More informationNext Generation Policy & Compliance
Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...
More informationDriving Cloud Governance and Avoiding Cloud Chaos
Driving Cloud Governance and Avoiding Cloud Chaos Key Take Aways What is Cloud Chaos? Why Do You Need Cloud Governance? Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field
More informationWhy the Security Workforce Needs More Women and Men
Why the Security Workforce Needs More Women and Men ISSA International Conference Tammy Moskites, CIO/CISO, Venafi October 10, 2015 A Little Bit About Me 25+ Years in IT & Security Current CIO/CISO of
More information<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Allowed Personally Owned Device Policy Every 2 years or as needed Purpose: A personally owned information system or device
More informationH Y B R I D C L O U D A N D I N F R A S T R U C T U R E P L AT F O R M PA R T N E R O F T H E Y E A R
H Y B R I D C L O U D A N D I N F R A S T R U C T U R E P L AT F O R M PA R T N E R O F T H E Y E A R 2 0 1 7 INNOVATION Ideas into business value enabling businesses to adapt DELIVERY Highly qualified
More informationUser Centered Design - Maximising the Use of Portal
User Centered Design - Maximising the Use of Portal Sean Kelly, Certus Solutions Limited General Manager, Enterprise Web Solutions Agenda What is UCD Why User Centered Design? Certus Approach - interact
More informationIS Audit and Assurance Guideline 2001 Audit Charter
IS Audit and Assurance Guideline 2001 Audit Charter The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply
More informationUnlocking Potential Through Learning
Unlocking Potential Through Learning CORPORATE HEAD OFFICE: 6, Babatola Drive, Off Obafemi Awolowo way, Behind Awolowo Glass house, Ikeja, Lagos. 08 Training Calender @ Newhorizonsnige @ new horizon solution
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationTRAINING SEMINAR COURSE OUTLINE October
TRAINING SEMINAR COURSE OUTLINE October 10-12 2016 FACILITATOR S BIOGRAPHY SHAWNA M FLANDERS CRISC, CISM, CISA, CSSGB, SSBB Shawna is the Founder and CEO of Business Technology Guidance Associates, LLC.,
More informationCASL Notice. About Allegis Group. Effective Date: January 1, 2017
CASL Notice Effective Date: January 1, 2017 Allegis Group, Inc. and its subsidiaries worldwide (collectively, "Allegis Group", or "we", "us" and "our") are committed to compliance with Canada s Anti- Spam
More information[MS10974B]: Deploying and Migrating Windows Servers
[MS10974B]: Deploying and Migrating Windows Servers Length : 3 days Audience(s) : IT Professionals Level : 300 Technology : Windows Server 2012 Delivery Method : Instructor-led (Classroom) Course Overview
More informationReasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS
Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS Overview Certification review Organizational needs Individual needs Get paid more! See the world! CISSP requirements Common Body of Knowledge
More informationCyber, Information Security, and Data Protection
Cyber, Information Security, and Data Protection The past, the present, and th e future 15th, 16th & 17th October 2018 Muscat - Oman Intellectual Events And Conferences Private Limited For more information
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationEnterprise Private Cloud. Fully managed private cloud as a service in your data centre or ours.
Enterprise Private Cloud Fully managed private cloud as a service in your data centre or ours. Introduction With the proliferation of applications over a multitude of platforms, demand for high-availability
More informationThe Three Data Challenges
The Three Data Challenges Mark Bentkower, CISSP, Director Solutions Marketing, APAC 12 October 2017 2016 COMMVAULT SYSTEMS, INC. ALL RIGHTS RESERVED. You can have data without information, but you cannot
More informationMAILBOX DESIGN CONCEPTS. October 8, 2015
MAILBOX DESIGN CONCEPTS October 8, 2015 INTRODUCTION To initiate conversation between the public, staff and the Board of Directors on mailbox design options Information and discussion only; no action to
More informationGeneral Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant
General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall
More informationAgenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.
Agenda Agenda Security essentials Year in review College/university challenges Recommendations 2 About me Matt Franko Director, Risk Advisory Services matthew.franko@rsmus.com (216) 927-8224 11+ years
More informationCritical Infrastructure Protection for the Smart Grid
Lessons from the Real World Webinar Series Critical Infrastructure Protection for the Smart Grid January 27, 2011 Broadcast on December 14, 2010 Today s Presenters Jesse Berst Host & Moderator - Founding
More informationManaging Born- Digital Documents.
Managing Born- Digital Documents www.archives.nysed.gov Objectives Review the challenges of managing born-digital records Provide Practical strategies to ensure born-digital records are well managed Understand
More informationOptimizing your network for the cloud-first world
Optimizing your network for the cloud-first world Why performing cloud and network modernization together assures seamless, reliable user app delivery. Citrix.com ebook Align Cloud Strategy to Business
More informationAzure SQL Database Basics
Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Account Technology Strategist, Washington, DC CISA, CISM, CISSP, ITIL V3, MCSA, MCSE, MCITP, MCTS, MCT, PMP www.itprocamp.com www.meetup.com/mfcf-dc
More informationCloud Transformation Program Cloud Change Champions June 20, 2018
Cloud Transformation Program Cloud Change Champions June 20, 2018 W June C Today s Agenda C C M! 1 Welcome and Agenda Overview Program Updates 2 Security Issues in the Cloud Presenter: Michael Timineri
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationThe Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA
The Experience of Generali Group in Implementing COBIT 5 Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA Generali Group at a glance Let me introduce myself Marco Salvato CISA, CISM, CGEIT,
More informationIT Information Security Manager Job Description
IT Information Security Manager Job Description IT Information Security Manager Responsible to: Accountable to: IT Service Manager Head of IT Services Overall Purpose To provide effective response, protection
More informationSecurity Communications and Awareness
Security Communications and Awareness elearning OVERVIEW Recent high-profile incidents underscore the need for security awareness training. In a world where your employees are frequently exposed to sophisticated
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More information