How to Share Best Security Practices
|
|
- Beverly Taylor
- 8 years ago
- Views:
Transcription
1 How to Share Best Security Practices Urpo Kaila, EUDAT Security Officer WISE Workshop for Information Security for E-infrastructures , Barcelona This work is licensed under the Creative Commons CC-BY 4.0 licence. Attribution: EUDAT EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-infrastructures. Contract No
2 Standard Building Blocks of Information Security Several frameworks available Security Reviews and Tes9ng Confiden9ality Integrity Availability So<ware and Service Development Security Security and Risk Management Computer Security Network Security Opera9onal Security Assets - > Risks - > Controls - > Metrics Governance & ITSM Access Controls Asset Management
3 Different kind and levels of security skills Auditors Directors IT Security Managers Administrators, Operators Programmers IT - Support Service Managers Users Experts on technical security Security Managers, Operating Engineers
4 Well known legacy professional security skills definitions and certifications Security Management (ISC)² CBK ISACA COBIT PECB Generic CISSP CISM GCED GCIH GSNA Technical Security SANS CEH BoK Vendor specific (includes security) MTA RHCSE
5 How do you measure security skills? By bragging? By experience? CV? By trainings obtained? By certifications achieved? Skills certifications are standard requirements in the private sector Obtaining and maintaining such certification is somewhat expensive A certification shows that a person knows at least the basics of the trade it does not prove that the person is a senior professional, which requires more experience.
6 A common problem with generic security skills and security guidelines It is difficult to apply them efficiently in your organisation Proceed from outlining to to implementation
7 How can skills become practice? The principles and theoretical skills must be adapted in your context in an reasonable and in an efficient way Best practices should be implemented Definition (wikipedia): A best practice is a method that has consistently shown superior. Best practices are used to maintain quality and can be based on benchmarking. Best practices are a feature in many of accredited management standards.
8 How could implementation be easier? Necessary prerequisites Skills Management support A plan with check-ups Leadership (it will not just happen) Share experiences on how to implement with your peers Also cover confidential/sensitive information Informal information often more crucial than formal documents Apply the House of Chatham rule One size does not fit all
9 A successful track record I ve had rewarding experiences in sharing best practices with Several government agencies Private companies NREN s Universities Research infrastructures It would probably have been extremely difficult for us to achieve ISO without sharing best practices earlier The standards and frameworks tell you what to do Best practices tells you, by examples, how to do it
10 Methods of sharing best practices Articles, books Presentations Trainings Reviews and audits Guidelines Site visits Workshops Informal communication N.B. Everything does not need to be formalised, informal f2f meetings are also very valuable
11 Suggestions for joint ISMS activities Joint skills transfer program on operational security A training kit for Site Security Officers A non-profit lightweight skills certification for Site- Security Officers A voluntary practice sharing program for Site visits for ISMS sharing Peer reviews/audits of ISMS Articles on current ISMS practices Develop a multilateral NDA covering all of above An effort to apply resources and funding for all above I personally volunteer to contribute if feasible
12 Thank you! All comments are welcome to: EUDAT related security incidents -> Other EUDAT security related ->
How to gain and maintain ISO 27001 certification
Public How to gain and maintain ISO 27001 certification Urpo Kaila, Head of Security CSC IT Center for Science ltd. urpo.kaila@csc.fi, security@csc.fi GÉANT SIG ISM 1 st Workshop, 2015-05-12, imperial.ac.uk
More informationBenchmark of controls over IT activities. 2011 Report. ABC Ltd
www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)
More informationIT Governance Implementation Workshop
IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationISO 27001:2005 & ISO 9001:2008
ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the
More informationMANAGEMENT DEVELOPMENT COURSES
(FULL VIEW) MANAGEMENT DEVELOPMENT COURSES MANAGEMENT DEVELOPMENT COURSES LEADERSHIP DEVELOPMENT Developing Leadership Competencies 4 4 days 230,000 1-4 13-16 26-29 6-9 Critical Thinking: Tools for Problem
More informationRe: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )
10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure
More informationHence to overcome these challenges, it has become imperative to learn these topics and create awareness amongst the employees.
IT Service Management Trainings for Bank Konark Solutions and Services (KS&S) is an organization with Industry expert trainers and consultants. KS&S provides a wide range of Industry specific trainings
More informationCybercrime & Cybersecurity: the Ongoing Battle International Hellenic University
Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path
More informationRecommendation for IT Governance Using the COBIT 4.1 Framework
Recommendation for IT Governance Using the COBIT 4.1 Framework William F. Slater, III, MBA, M.S., PMP, CISSP, CISA Week 7 Assignment CYBR 615 Cybersecurity Governance and Compliance January 27, 2013 January
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop on Change Management. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop on Change Management All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationISO 9001 Quality Management System Lead Auditor Training (IRCA)
ISO 9001 Quality Management System Lead Auditor Training (IRCA) Course Description BSI s Quality Management Systems (QMS) Auditor/Lead Auditor Training Course (ISO 9001) course teaches the principles and
More informationCriticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationFrequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005
Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005 The following are a set of frequently asked questions that relate to new developments regarding ISO/IEC
More informationAssurance of Open Source Projects
Assurance of Open Source Projects Dr Graham Oakes Founder and Principal, Graham Oakes Ltd Contents The value of Open Source Software (OSS) Two types of OSS project The challenges of implementing OSS systems
More informationChoosing Ascentor as your cyber security partner. Secure your information Strengthen your business
Secure your information Strengthen your business Choosing Ascentor as your cyber security partner www.ascentor.co.uk Ascentor Ltd 5 Wheatstone Court, Davy Way Waterwells Business Park Quedgeley, Gloucester
More informationInformation Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer
Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related
More informationSan Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP
Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO
More informationService management: what standards can do for business the example of FitSM. 2015 Cloud Security Alliance - All Rights Reserved.
Service management: what standards can do for business the example of FitSM Owen Appleton Managing Director, Emergence Tech Limited Dr. Thomas Schaaf FedSM Project Director, Ludwig-Maximilians-Universität
More informationCompliance Security Continuity
Compliance Security Continuity About Us Information Security Put the necessary processes, policies and procedures in place, identify your company s most valuable assets and implement and test controls
More informationList of courses offered by Marc Taillefer
ISO/IEC 20000 Foundation (IS20F.EN) List of courses offered by Marc Taillefer Designed to provide knowledge of what an IT service management system is and the minimum requirements that service providers
More informationHow To Build An Open Source Data Infrastructure
EUDAT Collaborative Data Infrastructure Towards the convergence of Compute, Data, Knowledge and Scientific Instruments Giuseppe Fiameni CINECA www.eudat.eu EUDAT receives funding from the European Union's
More informationSecurity Organization & Awareness. Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke
Security Organization & Awareness Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke Goals Creating a awareness plan Describing the security organization What is necessary regarding
More informationITIL Foundation Certification Course
ITIL Foundation Certification Course About the Programme While most IT divisions are organized by functions such as desktop management, application management, Network management, System & database administration,
More informationState of South Carolina InfoSec and Privacy Career Path Model
State of South Carolina InfoSec and Privacy Career Path Model Start Introduction This Career Path Model for the State of South Carolina (State) is designed to help define the various career options available
More informationDoD Directive (DoDD) 8570 & GIAC Certification
DoD Directive (DoDD) 8570 & GIAC Certification Date Updated: January 2014 National Account Manager 678-714-5712 Director 703-968-0103 What is DoDD 8570? Department of Defense Directive 8570 provides guidance
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE
create better trained employees. choose the best value in training. ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE PRODUCTIVE train your workforce on-site. save on employee downtime
More informationIntegrating the Project Portfolio Management and Service Portfolio Management: The Governance of Enterprise IT Perspective
Integrating the Project Portfolio and Portfolio : The Governance of Enterprise IT Perspective George Papoulias CGEIT. ITIL Expert, PRINCE2 Prac;;oner, CRISC, CISA Senior Project Manager CONTENTS TYPES
More informationVal-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning
Val-EdTM Valiant Technologies Education & Training Services 2-day Workshop on Business Continuity & Disaster Recovery Planning All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies.
More informationTraining Catalogue 2015-16
Training Catalogue 2015-16 Table of Content Page Company Profile Training Overview.. Training Catalogue... GRC Fundamentals, Strategy & Implementation Workshop Anti Bribery Management System Implementation
More informationCompliance & information security A (bit of a) rant. Jodie Siganto
Compliance & information security A (bit of a) rant Jodie Siganto Compliance Definition of compliance : the act of conforming, acquiescing, or yielding. conformity; accordance: in compliance with orders.
More informationOpen Access to scientific data. SwissCore Annual Event 2014. Brussels, 14 May 2014
Open Access to scientific data SwissCore Annual Event 2014 Brussels, 14 May 2014 Jarkko Siren European Commission DG CONNECT einfrastructure Two Commissioners on open access Vice-President Neelie Kroes
More informationUnderstanding Management Systems Concepts
Understanding Management Systems Concepts Boğaç ÖZGEN Lead Auditor 1 管 理 计 划 初 始 化 做 实 施 检 查 控 制 过 程 行 动 改 善 活 动 系 统 监 视 2 Management (PLAN) Planning and Organizing (DO) Implementing and realization of
More informationCareer Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88
Career Survey 1. In which country are you based? 88 answered question 88 skipped question 0 2. What is your job title? 88 answered question 88 skipped question 0 3. Travel budget not at all 21.0% 17 somewhat
More informationHow To Implement An Information Security Management System
ISO/IEC 27001 Informa2on Security Management System Presented by Daminda Perera 26/07/2008 ISO/IEC 27001:2005 Informa@on technology Security techniques Informa@on security management systems Requirements
More informationow to use CobiT to assess the security & reliability of Digital Preservation
ow to use CobiT to assess the security & reliability of Digital Preservation Erpa WORKSHOP Antwerp 14-16 April 2004 Greet Volders Managing Consultant - VOQUALS N.V. Vice President & in charge of Education
More informationIntroduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA
Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International
More informationIMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES
IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES OBJECTIVES This course is specifically designed to improve your skills as an information security manager. Using O-ISM3 as a framework,
More informationCLASSIFICATION SPECIFICATION FORM
www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information
More informationCSI study. A white paper from the itsmf Finland Continual Service Improvement Special Interest Group
CSI study Continual Service Improvement (CSI) study to the members of itsmf Finland A white paper from the itsmf Finland Continual Service Improvement Special Interest Group Date: April 2014 Authors: Anne
More informationInformation Security and Governance in ERP Implementation (JD Edwards)
Information Security and Governance in ERP Implementation (JD Edwards) Table of Contents Information Security... 2 Information Security in ERP Environment... 3 J D Edwards Security and Governance Features...
More informationITIL Service Lifecycle Operation
ITIL Service Lifecycle Operation Course Details Course Code: Duration: Notes: ITILSL-Oper 5 days This course syllabus should be used to determine whether the course is appropriate for the students, based
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More informationIT Security Management 100 Success Secrets
IT Security Management 100 Success Secrets 100 Most Asked Questions: The Missing IT Security Management Control, Plan, Implementation, Evaluation and Maintenance Guide Lance Batten IT Security Management
More informationInformation Security Certifications
HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Information Security Certifications Persons / Organizations ENISA
More informationBCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015
BCS Specialist Certificate in Business Relationship Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Contents Change History... 2 Rationale...
More informationISACA Tools Help Develop Cybersecurity Expertise
Volume 21, 8 October 2014 ISACA Tools Help Develop Cybersecurity Expertise Nominate Qualified Candidates for the ISACA Board of Directors Tips for Solving Data Classification Challenges Earn CPE at Professional
More informationIT Service Management ITIL, COBIT
IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service
More informationGIAC Program Overview 2015 Q4 Version
GIAC Program Overview 2015 Q4 Version Program Overview - GIAC Certification 2015 1 What is GIAC? GIAC is the Global Information Assurance Certification program GIAC assesses candidate knowledge in specific
More informationITSM Governance In the world of cloud computing
ITSM Governance In the world of cloud computing Housekeeping Welcome to the Webinar Use the control panel to ask questions Can you see & hear us? enter your name & city to confirm Type Your Questions Here
More informationInformation Security Specialist Training on the Basis of ISO/IEC 27002
Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu
More informationG11 EFFECT OF PERVASIVE IS CONTROLS
IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically
More informationREPORT PSO Workshop. Beneficiaries Accountability in Humanitarian Assistance The Hague, 10 December 2009. Henk Tukker
REPORT PSO Workshop Beneficiaries Accountability in Humanitarian Assistance The Hague, 10 December 2009 Henk Tukker 1 1. INTRODUCTION This report reflects the proceedings of the PSO workshop on Beneficiaries
More informationPRCA Communications Management Standard (CMS) for In-House Teams
PRCA Communications Management Standard (CMS) for In-House Teams PRCA Communications Management Standard (CMS) for In-House Teams Contents Introduction 4 The Communications Management Standard for In-House
More informationBCS Specialist Certificate in Service Desk & Incident Management Syllabus
BCS Specialist Certificate in Service Desk & Incident Management Syllabus Version 1.8 March 2015 BCS Specialist Certificate in Service Desk & Incident Management Syllabus Contents Change History... 2 Rationale...
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationG13 USE OF RISK ASSESSMENT IN AUDIT PLANNING
IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply
More informationAuditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance
COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this
More informationDon t let your SIeM become your Nightmare!
Don t let your SIeM become your Nightmare! Herwig Köck, Thomas Bleier What is SIEM? Combining Security Components Intrusion Detection Endpoint Security Service Logs Asset Management Packets Protocols IP-Adresses
More informationCFIR - Finance IT 2015 Cyber security September 2015
www.pwc.dk Cyber security Audit. Tax. Consulting. Our global team and credentials Our team helps organisations understand dynamic cyber challenges, adapt and respond to risks inherent to their business
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationService Desk Institute 10 Steps To Successful ITSM Tool Selection
Service Desk Institute 10 Steps To Successful ITSM Tool Selection Introduction The one decision that really makes a difference for both consumers of IT and our service desk analysts is the one to replace
More informationTutorial: Towards better managed Grids. IT Service Management best practices based on ITIL
Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The
More informationDocument Hierarchy of Information Security. Corporate Security Policy. Information Security Standard. General Directive(s) Specific Directive(s)
Document Hierarchy of Information Security General commitment to Information Security Installation of CorpSec Enabling CSO Installing Information Security Standard Corporate Security Policy Defining Assets,
More informationUsing COSO Small Business Guidance for Assessing Internal Financial Controls
Using COSO Small Business Guidance for Assessing Internal Financial Controls By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction New generation of general models referring to either IT or Internal
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationSafer food supply chains why assessments are great news for your business
Safer food supply chains why assessments are great news for your business Article By Vel Pillay, a food safety expert for LRQA America; and Cor Groenveld, Global Food Product Manager of LRQA and chairman
More informationWELCOME LETTER Business Opportunity overview and next steps
WELCOME LETTER Business Opportunity overview and next steps Table of Contents Business Doctors... 2 Who we are... 2 Why Franchise... 2 Top 10 Reasons to Franchise... 2 Consulting Market... 3 Benefits of
More informationROLE PROFILE INFORMATION SECURITY ANALYST
ROLE PROFILE INFORMATION SECURITY ANALYST COMPANY OVERVIEW Informa is one of the world s leading knowledge providers. We create and deliver highly specialised information through publishing, events, training,
More informationNetIQ FISMA Compliance & Risk Management Solutions
N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationCOBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30
COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationIBM Hosted Application Scanning
IBM Hosted Application Scanning Service Definition IBM Hosted Application Scanning 1 1. Summary 1.1 Service Description IBM Hosted Application Security Services Production Application Scanning Service
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationSpecialist consultancy for the transport and logistics sector
Specialist consultancy for the transport and logistics sector Logistics Health and Safety Environmental auditing Strategy and business modelling Technical and engineering specifications Dangerous goods
More informationWhat We Do. security. outsourcing. policy and program. application. security. training & awareness. security solutions
What We Do Whether you need a quick check-up, in-depth testing and analysis or constant care; at Rewterz we have cure for the common techache. At Rewterz, our consultants work with your IT management team
More informationBrochure Service Design SPO
Brochure Service Design SPO About Pink Elephant Company History Pink Elephant started life some 30 years ago in Delft University in the Netherlands. A beer and peanuts company managed and staffed by students
More informationIT Senior Audit Leader
IT Senior Audit Leader Locations: Minneapolis, MN; Phoenix, AZ; Denver, CO; Des Moines, IA; Philadelphia, PA; Charlotte, NC; San Francisco, CA and San Antonio, TX Job Description Wells Fargo Audit Services
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationImplementing the Business Owner concept for IT systems. Tony Lester September 2012
Implementing the Business Owner concept for IT systems Tony Lester September 2012 1 Purpose of Presentation In this presentation we will discuss: Check on progress from last years Workshop. Establish what
More informationSystem Audit Framework
System Audit Framework Audit Process Following steps would be repeated annually to ensure that the process is comprehensive & effective: 1. The Audit shall be conducted according to the Norms, Terms of
More informationHP Cyber Security Control Cyber Insight & Defence
HP Cyber Security Control Cyber Insight & Defence Security awareness at board level Security leadership is under immense pressure Cyber threat Extended supply chain Financial loss Reputation damage Cost
More informationMethodology for a Practical Implementation of Management Standards in Concrete Service Provisioning Scenarios
Methodology for a Practical Implementation of Management Standards in Concrete Service Provisioning Scenarios A Master's Thesis Submitted to the Faculty of the Escola Tècnica d'enginyeria de Telecomunicació
More informationGIAC Certification. Enterprise Solution
E- Business & Web Solutions IT Solutions (Hardware, Software, Services) Business Process & Technology Outsourcing Enterprise Solution Professionals on Information and Network Global Information Assurance
More informationAsset Transfer Stage 2 Main Application Form
Asset Transfer Stage 2 Main Application Form If you want to apply for an Asset Transfer, you will need to fill in this application form. Please read the accompanying guidance notes while you are filling
More informationHow to gain accreditation for a G-Cloud Service
www.ascentor.co.uk How to gain accreditation for a G-Cloud Service Demystify the process As a registered supplier of G-Cloud services you will be keenly aware that getting onto the G-Cloud framework does
More informationWSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons
WSECU Cyber Security Journey David Luchtel VP IT Infrastructure & Opera:ons Objec:ve of Presenta:on Share WSECU s journey Overview of WSECU s Security Program approach Overview of WSECU s self- assessment
More informationSector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218
Copyright in the material is owned by the State of New South Wales. Apart from any use as permitted under the Copyright Act 1968 and/or as explicitly permitted below, all other rights are reserved. You
More informationRoles & Grades Rate Cards and Applicable SFIA Skills
Roles & s Rate Cards and Applicable Consultant Day Rate Card Consultant Day Rate Lead 900.00 Senior 800.00 Junior 0.00 CLAS Consultant and Competencies Lead CLAS Consultant Lead CLAS Consultant IT Governance
More informationBig Data: Impact, Benefits, Risk and Governance
Big Data: Impact, Benefits, Risk and Governance Urs Fischer, CPA (Swiss), CRISC, CISA, CIA Fischer IT GRC Consulting & Training Urs Fischer Agenda 1. Introduction 2. Impact on the Enterprise 3. Business
More informationITIL v3 Service Manager Bridge
ITIL v3 Service Manager Bridge Course Length: 5 Days Course Overview This 5 day hands on, certification training program enables ITIL Version 2 certified Service Managers to upgrade their Service Manager
More informationEnabling Information PREVIEW VERSION
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
More informationBrochure Service Design ILO
Brochure Service Design ILO About Pink Elephant Company History Pink Elephant started life some 30 years ago in Delft University in the Netherlands. A beer and peanuts company managed and staffed by students
More information