Projects undertaken in current role. Governance Lead/CISO for international Geospatial Solution
|
|
- Kimberly Daniel
- 8 years ago
- Views:
Transcription
1 Dr Carol Buttle 27 Middleleaze Drive Swindon, Wilts SN5 5GL Summary Highly technical defence and security specialist providing Information Security Strategies (ISS) to national and international government departments, defence, military, security services, law enforcement agencies, airlines and commercial organisations. CESG Certified Professional Lead Accreditor and Assessor. Excellent track record delivering highly complex and large scale projects. Advisor to local, national and international government agencies. Expert witness and advisor on security implications, testing and penetration testing strategies and forensic capture. Advises various standards committees on security and cyber security issues. Developsestimation, metric and governance frameworks for regulatory bodies. Current Role CTO/CISO Responsibility for design, development and delivery of mission critical defence, military and safety critical commercial projects. Security strategy design, risk management and governance. In-depth project estimation and metrication. Projects undertaken in current role CTO/CISO for air-sea anti-warfare destroyers developed for the Commonwealth Chief responsibility for Information Assurance and ISS including all vulnerability assessment, risk assessment, threat assessment to HMG SPF standards. BCP and BCM authority. Chief responsibility for designing and implementing diverse penetration testing schemes in light of emerging threats. Advised and managed the GCHQ CREST TIGER and CHECK teams. Provided the policy guidance for STAR and intrusion analyst teams. Led the TEMPEST activities. Achieved regulatory and military accreditation with 30% time and budget savings. Design Director/Authority and CISO for multi-national cross border antiterrorist system Overall responsibility for cryptographic design, governance, IA and IS to global security services. Developed in-depth Identity Management Systems, threat analytics and forensic capture methods. Authored the RMADs and BCPs. The ISS, threat analytics and penetration strategy identified previously unexpected risks and have subsequently become standardized as a result. Governance Lead/CISO for international Geospatial Solution Chief responsibility for developing cross party risk management policies, designing IA methodology and ISS, governance, penetration testing, threat management and vulnerability metrics. Advised the CBEST/STAR and CREST and CHECK teams. The strategies employed led to successful re-negotiation of contract with multimillion $ savings. The IA methodology and testing strategies identified critical security flaws on the existing system that were successfully mitigated and ensured the regulatory needs of the evolving system. Design Authority/CISO for Banking Fraud Detection system Design, governance and accreditation responsibility for overall cyber strategy for
2 fraud detection using multiple cards, systems and biometrics. Developed all policies to ensure multi-layered encrypted personal and banking data complied with HMG SPF, Data Protection Act, Freedom of Information Act, PCI-DSS, PA- DSS, Banks Internal Audit and Compliance departments, Sarbanes-Oxley Act and multiple international standards such as FIPS. vulnerability and threat analysis. Developed and assessed Data Analytics and Pattern Analytics to identify new attacks. Advised the Banks boards on risk mitigation strategies. Developed BCM strategy. Led the penetration test effort managing teams of CREST testers national and Security Designer/CISO for Cloud Management in Border Control Design, cryptographic design, governance and accreditation for management of critical and sensitive data system using cloud technology for rapid access in border control. Overall responsibility for developing log management policies, security information and management. Overall responsibility and advising on configuration, risk and vulnerability management. Lead authority for BCP and BCM. Overall responsibility to define, develop and implement robust network activity and visibility schemes and metrics. Assess and develop schemes for network anomalies and forensic capture. Develop real-time profiling and threat prioritization schemes. vulnerability and threat analysis. Developed passive and active (timed and dynamic) scan assessments. Led the penetration test effort managing teams of TIGER and CREST testers. Developed and led the TEMEST activities and mentored teams accordingly. CTO/CISO for Autonomic Adaptive Ubiquitous System Overall design responsibly and security responsibility to develop as system for adaptive secure communications for military and commercial use. Design of security architectures and patterns. Design of frameworks for RF, Wireless and cryptographic security. IA, ISS and governance to ensure robustness and defence in depth. Developed penetration testing and verification systems against existing and emerging threats. Managed the CREST teams and provided analysis to GCHQ and other security bodies on existing, emerging and previously unidentified threats. Developed the TEMPEST effort. Achieved accreditation with multiple international military regulatory authorities. CTO/CISO for Remote Telemedical System Design, governance and accreditation responsibility for mission critical and highly sensitive medical system. Developed all policies to ensure multi-layered encrypted personal and medical data complied with HMG SPF, Data Protection Act, Freedom of Information Act and multiple international standards. vulnerability and threat analysis. Led the penetration test effort managing teams of CREST and CHECK testers. Managed the Incident Management teams and the CBEST/STAR teams. Designed Network Intrusion Detection Systems (NIDS) and Host Intrusion Detection Systems (HIDS) to mitigate a new variant of attacks that this emerging technology could be prone to.
3 CTO/CISO for UK/French Government Secure Communications System Design, governance and accreditation responsibility BIL 5-6 system. Led all aspects of risk management, vulnerability and threat assessment and strategies. Developed IA methodologies and penetration testing strategies for multiple scenarios. Developed the methodology for EmSEC. Developed the BCM. Identified key threat metrics that have become standardized. CTO/CISO for Biometric Systems Design, governance and accreditation responsibility for multiple biometric systems used in defence, healthcare, banking and other commercial arenas. vulnerability and threat analysis. Developed NIDS and HIDS. Led web analytics, penetration testing, registration, profiling, threat prioritization, network anomaly and visibility strategies. CTO/CISO Strike Force Design, governance and accreditation responsibility for battle and mission critical aircraft and on-board anti-warfare systems. Development of all Risk policies and procedures. Development of all Physical Tamper Resistance strategies, Class 1-3 attack frameworks, BIL frameworks, threat metrics, vulnerability assessments, real-time threat prioritization schemes, air-ground and ground-air incident management. Developed penetration testing strategy. Led MoD, GCHQ, DoD, CREST penetration test teams. Led and advised multi-vendor Intrusion Analytics teams. the Pentagon. Provides governance and accreditation for: Compliance: HMG IS and HMG IA Standards and ISO27005 ISO 31000, ISO 31010, CCTA CRAM and the Orange Book. PCI-DSS, FSA, ISF SOGP, APRA, ISO, COBIT, OSA, TOGAF (ADM), MODAF Security Policy Architectures and Security Standards: ISO27001/ISO , ,FIPS body of standards , NIST SP PL1. Architectural frameworks and standards: Zachman, TOGAF, ISO 27001/27002, NIST SP , SOX or PCI, SSE-CMM, NIST Information assurance methodologies: ISO27001, HMG IA. US FIPS, IAS2, IAS1, ISO Testing and Penetration Testing: TEMPEST, EMC and Comsec testing. Forensic Readiness Planning, CCTM and CHECK for security services. Regularly advises various agencies and organisations on security implications of common encrypted protocols such as SSH, SSL, IPSEC and PGP; demonstration of the functions along with possible vulnerabilities and threats to WEP, WPA, WPA2, TKIP, EAP, LEAP, PEAP. Provides threat, vulnerability assessments and mitigation for areas dependent on algorithms such asdes, 3DES, RSA and AES. Develops schemes and tools to recognise ARP spoofing and black hacking.
4 Regularly develops penetration testing strategies and provides advice on penetration testing to government agencies, law enforcement, military, security agencies, banking and healthcare. Regulates cyber security teams and penetration testing teams against CHECK and OWASP. Advises on correct use of the CVE, BID, and CVSS methodologies to ensure gap closure in record reporting. Advises on known and emerging threats and vulnerabilities with IPv4 and IPv6 and their associated security attributes. Undertakes risk, threat and vulnerability assessment and research for IP/Ethernet protocols and their associated security attributes, including: TCP, UDP, ICMP, ARP, DHCP, DNS, CDP, HSRP, VRRP, VTP, STP and TACACS+. Regularly contributes to the security forces threat metrics from research analytics. Audits: undertakes audits against HMG IA Maturity Model, HMG SPF, ISO27001, Internal Audit Standards Information and ISA. Business Continuity Plans and Business Continuity Management: HMG IA Maturity Model, BCI Good Practice Guidelines, ISO 22301, ISO 27001, BS 25999, BS and COBIT 4.1. or their predecessors. Work History Feb 2008 Present, CTO/CISO, BBS IT Ltd, UK Oct 2006-Feb 2008, Principal Consultant, Software Practice Lead, Security and Governance, Praxis High Integrity Systems, Bath, UK Dec 2005 Oct 2006, Engineering Manager, Motorola, Ireland, Cork, Ireland Mar 2005 Oct 2006, R&D Security, Defence, Various International Jan 2001 Mar 2005, Engineering Manager, Motorola, Swindon, UK Sept 1998 Jan 2001, Head of Computing, New College, Swindon/Oxford, UK Mar 1983 Sept 1998, Security Consultant and R&D, Defence, Various international Covered by Official Secrets Act Mar 1983, Cryptographer and Security, Strike Force Defence Codification, Various international. Covered by Official Secrets Act. Education PhD OxfordBrrokes Post Graduate Research Methodologies Analytics Oxford Brookes Advanced Software Engineering OxfordUniverity: Distinction BA (Hons) Combined Studies First Class DipHE - Distinction Affiliations: Industrial Professor SEC. Responsible for research into security and vulnerability assessments. Biometrics and border control. CCP CESG Lead Accreditor and Assessor (GCHQ) Distinguished Fellow and Senior Advisor on cryptography and security to SEC Distinguished Fellow and Senior Advisor on threat metrics to ASEP Assessor for GCHQ for CESG Professional Scheme Vice-Chair UKSMA SIG Threat metrics and benchmarks; software measurement and estimation. COSMIC SIG Threat Metrics and benchmarks
5 Fellow of Institution of Analysts and Programmers Member of NIITE (Government proposals for software) Advisor to governments for security Member of the Security and Defence Councils
CESG Certification of Cyber Security Training Courses
CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security
More informationProtecting Malaysia in the Connected world
Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE
More informationPractitioner Certificate in Information Assurance Architecture (PCiIAA)
Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,
More informationFebruary 2015 Issue No: 5.2. CESG Certification for IA Professionals
February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationApril 2015 Issue No: 1.0. Application Guidance - CCP Penetration Tester Role, Senior Level
April 2015 Issue No: 1.0 Application Guidance - CCP Penetration Tester Role, Application Guidance - CCP Penetration Tester Role, Issue No: 1.0 April 2015 This document is for the purposes of issuing advice
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationUK Government IA Recent Changes and Update
UK Government IA Recent Changes and Update INTRODUCTION Agenda Part 1 Government IA and Cyber Security Background Quick Threat Update UK Government Cyber Security Initiative Government Asset Control in
More informationApplication Guidance CCP Penetration Tester Role, Practitioner Level
August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document
More informationSpecialist Cloud Services. Acumin Cloud Security Resourcing
Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationGPG13 Protective Monitoring. Service Definition
GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights
More informationWe are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
More informationCyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationIT Security Testing Services
Context Information Security T +44 (0)207 537 7515 W www.contextis.com E gcloud@contextis.co.uk IT Security Testing Services Context Information Security Contents 1 Introduction to Context Information
More informationGrowth Through Excellence
Growth Through Excellence Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company...
More informationA Guide to the Cyber Essentials Scheme
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationApril 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level
April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level
More informationUK Permanent Salary Index - 2015
1 SYSTEM INTEGRATORS & CONSULTANCIES Job Title Guidelines 8 9 2010 2011 2012 2013 2014 Information & Risk IT Officer Project & Risk Consultant Analyst Part of a team in a large organisation responsible
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationThales Service Definition for PSN Secure Email Gateway Service for Cloud Services
Thales Definition for PSN Secure Email Gateway Thales Definition for PSN Secure Email Gateway for Cloud s April 2014 Page 1 of 12 Thales Definition for PSN Secure Email Gateway CONTENT Page No. Introduction...
More informationCyber Essentials Scheme
Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationICT and Information Security Resources
Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44
More informationSecuring business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security
Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015 Contents 1 Non-Disclosure Statement...
More informationCyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
More information(d-5273) CCIE Security v3.0 Written Exam Topics
(d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please
More informationA. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template
G-Cloud Service Pan Government Security Accreditation Scope This form is intended for Suppliers of services on the G-Cloud to complete. Upon receipt, the G-Cloud Programme will check Section A, Reference
More informationPSN Protective Monitoring. Service Definition
PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationProcuring Penetration Testing Services
Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat
More informationCBEST FAQ February 2015
CBEST Frequently Asked Questions: February 2015 At this time, the UK Financial Authorities have only made CBEST available to firms and FMIs which they consider to be core to the UK financial system. Those
More informationCESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS
CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS QUESTION General What is the Cyber Security Incident Response (CSIR) Scheme? What is the Cyber Incident Response (CIR) scheme? Why have
More informationSCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT
SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT Issue 1.0 Date 24/03/2011 Logica is a business and technology service company, employing 39,000 people. It provides business consulting, systems integration
More informationCREST EXAMINATIONS. CREST (GB) Ltd 2016 All Rights Reserved
CREST EXAMINATIONS This document and any information therein are the property of CREST and without infringement neither the whole nor any extract may be disclosed, loaned, copied or used for manufacturing,
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationNSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
More informationCCIE Security Written Exam (350-018) version 4.0
CCIE Security Written Exam (350-018) version 4.0 Exam Description: The Cisco CCIE Security Written Exam (350-018) version 4.0 is a 2-hour test with 90 110 questions. This exam tests the skills and competencies
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationIS YOUR INFORMATION SECURE? Secure and reliable ICT. Our experience. Your benefit. SWISS CYBER SECURITY
IS YOUR INFORMATION SECURE? Secure and reliable ICT. Our experience. Your benefit. SWISS CYBER SECURITY Security Services Identify and reduce risks The reliable protection of your assets information, workforce,
More informationCASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES
CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES PROTECTIVE MONITORING SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something
More informationLot 1 Service Specification MANAGED SECURITY SERVICES
Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services
More informationInformation System Audit Guide
Australian Government Department of Defence Information System Audit Guide VERSION 11.1 January 2012 Commonwealth of Australia 2011 Page 1 TABLE OF CONTENTS 1. INTRODUCTION TO ACCREDITATION...4 2. THE
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationHow to gain accreditation for a G-Cloud Service
www.ascentor.co.uk How to gain accreditation for a G-Cloud Service Demystify the process As a registered supplier of G-Cloud services you will be keenly aware that getting onto the G-Cloud framework does
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationFall June S o f t w a r e I m p r o v e m e n t G r o u p ( S I G )
June 2014 4 A lightweight, flexible evaluation framework to measure the ISO 27002 information security controls Karin Huijben Master Computing Science Radboud University, Nijmegen, The Netherlands Software
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationHow To Secure Cloud Compute At Eduserv
Implementing the CESG Cloud Security Principles February 2015 Eduserv Public www.eduserv.org.uk Contents Introduction... 4 The principles... 4 About our claims... 5 1 Data in transit protection... 6 2
More informationHuman Factors in Information Security
University of Oslo INF3510 Information Security Spring 2014 Workshop Questions Lecture 2: Security Management, Human Factors in Information Security QUESTION 1 Look at the list of standards in the ISO27000
More informationCareers in Cryptology, codes, code-breaking and encryption (Developed from AGCAS link enquires, January 2011)
Careers in Cryptology, codes, code-breaking and encryption (Developed from AGCAS link enquires, January 2011) A summary of information received from numerous Careers Services regarding codes, code-breaking
More informationOctober 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services
October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services
More informationJanuary 2016 Issue No: 2.0. Application Guidance CCP Penetration Tester Role, Practitioner Level
January 2016 Issue No: 2.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Tester Role, Practitioner Level Issue No: 2.0 January 2016 The copyright of this document is reserved and
More informationSmart Security. Smart Compliance.
Smart Security. Smart Compliance. SRM are dedicated to helping our clients stay safe in the information environment. With a wide range of knowledge and practical experience, our consultants are ready to
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationAn enterprise grade information security & forensic technical team
An enterprise grade information security & forensic technical team 1-647-892-3363 About Us Pyramid Cyber Security & Forensic (P) Limited is an ISO 9001-2008 and ISO 27001-2005 certified boutique Digital
More informationOverview TECHIS60341. Carry out security architecture and operations activities
Overview The protection of information, services and systems relies on a range of technical and procedural activities, often grouped in a framework. The framework will contain technical and logical, physical
More informationCompliance Risk Management IT Governance Assurance
Compliance Risk Management IT Governance Assurance Solutions That Matter Introduction to Federal Information Security Management Act (FISMA) Without proper safeguards, federal agencies computer systems
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationPaul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com
Managing IT Fraud Using Ethical Hacking Paul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com Agenda Introductions Context for Ethical Hacking Effective use of ethical hacking in fraud
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationAssuria from ZeroDayLab
Passionate about Total Security Management Assuria from ZeroDayLab Forensic Log Management SIM/SIEM2 As one of Europe s leading IT Security Consulting companies, ZeroDayLab has been carrying out Security
More informationSCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services
SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services Contents 1 Introduction...2 2 IA, CLAS Consulting and CHECK Testing...3 3 Information Assurance...4 4 Accreditation...5
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationINFORMATION SECURITY TESTING
INFORMATION SECURITY TESTING SERVICE DESCRIPTION Penetration testing identifies potential weaknesses in a technical infrastructure and provides a level of assurance in the security of that infrastructure.
More informationNew-Age Undergraduate Programme
New-Age Undergraduate Programme B. Tech Cloud Technology & Information Security (4 Year Full Time Programme) Academic Year 2015 Page 1 Course Objective This unique B. Tech course provides dual career options
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More informationHow To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack
DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page
More informationNIST Cyber Security Activities
NIST Cyber Security Activities Dr. Alicia Clay Deputy Chief, Computer Security Division NIST Information Technology Laboratory U.S. Department of Commerce September 29, 2004 1 Computer Security Division
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationEd Adams CEO Security Innovation. John Kirkwood CISO Security Innovation. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
Mapping Application Security to Compliance Ed Adams CEO Security Innovation John Kirkwood CISO Security Innovation Agenda About Security Innovation Security Drivers and Industry Data Aligning software
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationProtective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open
Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this
More informationJanuary 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals
January 2015 Issue No: 2.1 Guidance to Issue No: 2.1 January 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or copied without specific permission
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationSecure Web Applications. The front line defense
Secure Web Applications The front line defense Agenda Web Application Security Threat Overview Exploiting Web Applications Common Attacks & Preventative techniques Developing Secure Web Applications -Security
More informationHigher National Unit specification: general information
Higher National Unit specification: general information Unit code: H17V 34 Superclass: CB Publication date: March 2012 Source: Scottish Qualifications Authority Version: 01 Unit purpose This Unit is designed
More informationInformation Security. Training
Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin
More informationProcurement Policy Note Use of Cyber Essentials Scheme certification
Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationEnterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013
Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationG-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS
G-Cloud Service Definition Atos infrastructure Vulnerability Scanning (Outpost24) SaaS Atos Infrastructure Vulnerability Scanning (Outpost24) SaaS Atos Infrastructure Vulnerability Scanning SaaS is powered
More informationProfessional Services Overview
Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More information