How to Share Best Security Practices

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "How to Share Best Security Practices"

Transcription

1 How to Share Best Security Practices Urpo Kaila, EUDAT Security Officer WISE Workshop for Information Security for E-infrastructures , Barcelona This work is licensed under the Creative Commons CC-BY 4.0 licence. Attribution: EUDAT EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-infrastructures. Contract No

2 Standard Building Blocks of Information Security Several frameworks available Security Reviews and Tes9ng Confiden9ality Integrity Availability So<ware and Service Development Security Security and Risk Management Computer Security Network Security Opera9onal Security Assets - > Risks - > Controls - > Metrics Governance & ITSM Access Controls Asset Management

3 Different kind and levels of security skills Auditors Directors IT Security Managers Administrators, Operators Programmers IT - Support Service Managers Users Experts on technical security Security Managers, Operating Engineers

4 Well known legacy professional security skills definitions and certifications Security Management (ISC)² CBK ISACA COBIT PECB Generic CISSP CISM GCED GCIH GSNA Technical Security SANS CEH BoK Vendor specific (includes security) MTA RHCSE

5 How do you measure security skills? By bragging? By experience? CV? By trainings obtained? By certifications achieved? Skills certifications are standard requirements in the private sector Obtaining and maintaining such certification is somewhat expensive A certification shows that a person knows at least the basics of the trade it does not prove that the person is a senior professional, which requires more experience.

6 A common problem with generic security skills and security guidelines It is difficult to apply them efficiently in your organisation Proceed from outlining to to implementation

7 How can skills become practice? The principles and theoretical skills must be adapted in your context in an reasonable and in an efficient way Best practices should be implemented Definition (wikipedia): A best practice is a method that has consistently shown superior. Best practices are used to maintain quality and can be based on benchmarking. Best practices are a feature in many of accredited management standards.

8 How could implementation be easier? Necessary prerequisites Skills Management support A plan with check-ups Leadership (it will not just happen) Share experiences on how to implement with your peers Also cover confidential/sensitive information Informal information often more crucial than formal documents Apply the House of Chatham rule One size does not fit all

9 A successful track record I ve had rewarding experiences in sharing best practices with Several government agencies Private companies NREN s Universities Research infrastructures It would probably have been extremely difficult for us to achieve ISO without sharing best practices earlier The standards and frameworks tell you what to do Best practices tells you, by examples, how to do it

10 Methods of sharing best practices Articles, books Presentations Trainings Reviews and audits Guidelines Site visits Workshops Informal communication N.B. Everything does not need to be formalised, informal f2f meetings are also very valuable

11 Suggestions for joint ISMS activities Joint skills transfer program on operational security A training kit for Site Security Officers A non-profit lightweight skills certification for Site- Security Officers A voluntary practice sharing program for Site visits for ISMS sharing Peer reviews/audits of ISMS Articles on current ISMS practices Develop a multilateral NDA covering all of above An effort to apply resources and funding for all above I personally volunteer to contribute if feasible

12 Thank you! All comments are welcome to: EUDAT related security incidents -> Other EUDAT security related ->

How to gain and maintain ISO 27001 certification

How to gain and maintain ISO 27001 certification Public How to gain and maintain ISO 27001 certification Urpo Kaila, Head of Security CSC IT Center for Science ltd. urpo.kaila@csc.fi, security@csc.fi GÉANT SIG ISM 1 st Workshop, 2015-05-12, imperial.ac.uk

More information

Benchmark of controls over IT activities. 2011 Report. ABC Ltd

Benchmark of controls over IT activities. 2011 Report. ABC Ltd www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)

More information

MANAGEMENT DEVELOPMENT COURSES

MANAGEMENT DEVELOPMENT COURSES (FULL VIEW) MANAGEMENT DEVELOPMENT COURSES MANAGEMENT DEVELOPMENT COURSES LEADERSHIP DEVELOPMENT Developing Leadership Competencies 4 4 days 230,000 1-4 13-16 26-29 6-9 Critical Thinking: Tools for Problem

More information

IT Governance Implementation Workshop

IT Governance Implementation Workshop IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related

More information

ISO 27001:2005 & ISO 9001:2008

ISO 27001:2005 & ISO 9001:2008 ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the

More information

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework ) 10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure

More information

ITIL Foundation Certification Course

ITIL Foundation Certification Course ITIL Foundation Certification Course About the Programme While most IT divisions are organized by functions such as desktop management, application management, Network management, System & database administration,

More information

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path

More information

Recommendation for IT Governance Using the COBIT 4.1 Framework

Recommendation for IT Governance Using the COBIT 4.1 Framework Recommendation for IT Governance Using the COBIT 4.1 Framework William F. Slater, III, MBA, M.S., PMP, CISSP, CISA Week 7 Assignment CYBR 615 Cybersecurity Governance and Compliance January 27, 2013 January

More information

Hence to overcome these challenges, it has become imperative to learn these topics and create awareness amongst the employees.

Hence to overcome these challenges, it has become imperative to learn these topics and create awareness amongst the employees. IT Service Management Trainings for Bank Konark Solutions and Services (KS&S) is an organization with Industry expert trainers and consultants. KS&S provides a wide range of Industry specific trainings

More information

Val-EdTM. Valiant Technologies Education & Training Services. Workshop on Change Management. All Trademarks and Copyrights recognized.

Val-EdTM. Valiant Technologies Education & Training Services. Workshop on Change Management. All Trademarks and Copyrights recognized. Val-EdTM Valiant Technologies Education & Training Services Workshop on Change Management All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting

More information

State of South Carolina InfoSec and Privacy Career Path Model

State of South Carolina InfoSec and Privacy Career Path Model State of South Carolina InfoSec and Privacy Career Path Model Start Introduction This Career Path Model for the State of South Carolina (State) is designed to help define the various career options available

More information

Terms of Reference for an IT Audit of

Terms of Reference for an IT Audit of National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor

More information

DoD Directive (DoDD) 8570 & GIAC Certification

DoD Directive (DoDD) 8570 & GIAC Certification DoD Directive (DoDD) 8570 & GIAC Certification Date Updated: January 2014 National Account Manager 678-714-5712 Director 703-968-0103 What is DoDD 8570? Department of Defense Directive 8570 provides guidance

More information

ISO 9001 Quality Management System Lead Auditor Training (IRCA)

ISO 9001 Quality Management System Lead Auditor Training (IRCA) ISO 9001 Quality Management System Lead Auditor Training (IRCA) Course Description BSI s Quality Management Systems (QMS) Auditor/Lead Auditor Training Course (ISO 9001) course teaches the principles and

More information

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation

More information

Assurance of Open Source Projects

Assurance of Open Source Projects Assurance of Open Source Projects Dr Graham Oakes Founder and Principal, Graham Oakes Ltd Contents The value of Open Source Software (OSS) Two types of OSS project The challenges of implementing OSS systems

More information

Open Access to scientific data. SwissCore Annual Event 2014. Brussels, 14 May 2014

Open Access to scientific data. SwissCore Annual Event 2014. Brussels, 14 May 2014 Open Access to scientific data SwissCore Annual Event 2014 Brussels, 14 May 2014 Jarkko Siren European Commission DG CONNECT einfrastructure Two Commissioners on open access Vice-President Neelie Kroes

More information

Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005

Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005 Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005 The following are a set of frequently asked questions that relate to new developments regarding ISO/IEC

More information

Understanding Management Systems Concepts

Understanding Management Systems Concepts Understanding Management Systems Concepts Boğaç ÖZGEN Lead Auditor 1 管 理 计 划 初 始 化 做 实 施 检 查 控 制 过 程 行 动 改 善 活 动 系 统 监 视 2 Management (PLAN) Planning and Organizing (DO) Implementing and realization of

More information

Service management: what standards can do for business the example of FitSM. 2015 Cloud Security Alliance - All Rights Reserved.

Service management: what standards can do for business the example of FitSM. 2015 Cloud Security Alliance - All Rights Reserved. Service management: what standards can do for business the example of FitSM Owen Appleton Managing Director, Emergence Tech Limited Dr. Thomas Schaaf FedSM Project Director, Ludwig-Maximilians-Universität

More information

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO

More information

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International

More information

CLASSIFICATION SPECIFICATION FORM

CLASSIFICATION SPECIFICATION FORM www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information

More information

ow to use CobiT to assess the security & reliability of Digital Preservation

ow to use CobiT to assess the security & reliability of Digital Preservation ow to use CobiT to assess the security & reliability of Digital Preservation Erpa WORKSHOP Antwerp 14-16 April 2004 Greet Volders Managing Consultant - VOQUALS N.V. Vice President & in charge of Education

More information

Roles & Grades Rate Cards and Applicable SFIA Skills

Roles & Grades Rate Cards and Applicable SFIA Skills Roles & s Rate Cards and Applicable Consultant Day Rate Card Consultant Day Rate Lead 900.00 Senior 800.00 Junior 0.00 CLAS Consultant and Competencies Lead CLAS Consultant Lead CLAS Consultant IT Governance

More information

Compliance Security Continuity

Compliance Security Continuity Compliance Security Continuity About Us Information Security Put the necessary processes, policies and procedures in place, identify your company s most valuable assets and implement and test controls

More information

List of courses offered by Marc Taillefer

List of courses offered by Marc Taillefer ISO/IEC 20000 Foundation (IS20F.EN) List of courses offered by Marc Taillefer Designed to provide knowledge of what an IT service management system is and the minimum requirements that service providers

More information

EUDAT. Collaborative Data Infrastructure. Towards the convergence of Compute, Data, Knowledge and Scientific Instruments. Giuseppe Fiameni CINECA

EUDAT. Collaborative Data Infrastructure. Towards the convergence of Compute, Data, Knowledge and Scientific Instruments. Giuseppe Fiameni CINECA EUDAT Collaborative Data Infrastructure Towards the convergence of Compute, Data, Knowledge and Scientific Instruments Giuseppe Fiameni CINECA www.eudat.eu EUDAT receives funding from the European Union's

More information

CSI study. A white paper from the itsmf Finland Continual Service Improvement Special Interest Group

CSI study. A white paper from the itsmf Finland Continual Service Improvement Special Interest Group CSI study Continual Service Improvement (CSI) study to the members of itsmf Finland A white paper from the itsmf Finland Continual Service Improvement Special Interest Group Date: April 2014 Authors: Anne

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

GIAC Program Overview 2015 Q4 Version

GIAC Program Overview 2015 Q4 Version GIAC Program Overview 2015 Q4 Version Program Overview - GIAC Certification 2015 1 What is GIAC? GIAC is the Global Information Assurance Certification program GIAC assesses candidate knowledge in specific

More information

PRCA Communications Management Standard (CMS) for In-House Teams

PRCA Communications Management Standard (CMS) for In-House Teams PRCA Communications Management Standard (CMS) for In-House Teams PRCA Communications Management Standard (CMS) for In-House Teams Contents Introduction 4 The Communications Management Standard for In-House

More information

ISACA Tools Help Develop Cybersecurity Expertise

ISACA Tools Help Develop Cybersecurity Expertise Volume 21, 8 October 2014 ISACA Tools Help Develop Cybersecurity Expertise Nominate Qualified Candidates for the ISACA Board of Directors Tips for Solving Data Classification Challenges Earn CPE at Professional

More information

Security Organization & Awareness. Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke

Security Organization & Awareness. Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke Security Organization & Awareness Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke Goals Creating a awareness plan Describing the security organization What is necessary regarding

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

Integrating the Project Portfolio Management and Service Portfolio Management: The Governance of Enterprise IT Perspective

Integrating the Project Portfolio Management and Service Portfolio Management: The Governance of Enterprise IT Perspective Integrating the Project Portfolio and Portfolio : The Governance of Enterprise IT Perspective George Papoulias CGEIT. ITIL Expert, PRINCE2 Prac;;oner, CRISC, CISA Senior Project Manager CONTENTS TYPES

More information

Service Desk Institute 10 Steps To Successful ITSM Tool Selection

Service Desk Institute 10 Steps To Successful ITSM Tool Selection Service Desk Institute 10 Steps To Successful ITSM Tool Selection Introduction The one decision that really makes a difference for both consumers of IT and our service desk analysts is the one to replace

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE

ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE create better trained employees. choose the best value in training. ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE PRODUCTIVE train your workforce on-site. save on employee downtime

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

Correspondence between ISO 9001:2008 and 14001:2004, OHSAS 18001:2007, ISM and the SeaBird Management System

Correspondence between ISO 9001:2008 and 14001:2004, OHSAS 18001:2007, ISM and the SeaBird Management System Correspondence between ISO 9001:2008 and 14001:2004, OHSAS 18001:2007, ISM and the SeaBird Management System Introduction (title Introduction Introduction Preamble Introduction General 0.1 --- --- ---

More information

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning Val-EdTM Valiant Technologies Education & Training Services 2-day Workshop on Business Continuity & Disaster Recovery Planning All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies.

More information

Training Catalogue 2015-16

Training Catalogue 2015-16 Training Catalogue 2015-16 Table of Content Page Company Profile Training Overview.. Training Catalogue... GRC Fundamentals, Strategy & Implementation Workshop Anti Bribery Management System Implementation

More information

IT Senior Audit Leader

IT Senior Audit Leader IT Senior Audit Leader Locations: Minneapolis, MN; Phoenix, AZ; Denver, CO; Des Moines, IA; Philadelphia, PA; Charlotte, NC; San Francisco, CA and San Antonio, TX Job Description Wells Fargo Audit Services

More information

HP Cyber Security Control Cyber Insight & Defence

HP Cyber Security Control Cyber Insight & Defence HP Cyber Security Control Cyber Insight & Defence Security awareness at board level Security leadership is under immense pressure Cyber threat Extended supply chain Financial loss Reputation damage Cost

More information

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business Secure your information Strengthen your business Choosing Ascentor as your cyber security partner www.ascentor.co.uk Ascentor Ltd 5 Wheatstone Court, Davy Way Waterwells Business Park Quedgeley, Gloucester

More information

Compliance & information security A (bit of a) rant. Jodie Siganto

Compliance & information security A (bit of a) rant. Jodie Siganto Compliance & information security A (bit of a) rant Jodie Siganto Compliance Definition of compliance : the act of conforming, acquiescing, or yielding. conformity; accordance: in compliance with orders.

More information

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88 Career Survey 1. In which country are you based? 88 answered question 88 skipped question 0 2. What is your job title? 88 answered question 88 skipped question 0 3. Travel budget not at all 21.0% 17 somewhat

More information

ISO/IEC 27001 Informa2on Security Management System

ISO/IEC 27001 Informa2on Security Management System ISO/IEC 27001 Informa2on Security Management System Presented by Daminda Perera 26/07/2008 ISO/IEC 27001:2005 Informa@on technology Security techniques Informa@on security management systems Requirements

More information

IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES

IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES OBJECTIVES This course is specifically designed to improve your skills as an information security manager. Using O-ISM3 as a framework,

More information

ITIL Service Lifecycle Operation

ITIL Service Lifecycle Operation ITIL Service Lifecycle Operation Course Details Course Code: Duration: Notes: ITILSL-Oper 5 days This course syllabus should be used to determine whether the course is appropriate for the students, based

More information

Information Security and Governance in ERP Implementation (JD Edwards)

Information Security and Governance in ERP Implementation (JD Edwards) Information Security and Governance in ERP Implementation (JD Edwards) Table of Contents Information Security... 2 Information Security in ERP Environment... 3 J D Edwards Security and Governance Features...

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

COBIT 5 Implementation Certification Course

COBIT 5 Implementation Certification Course COBIT 5 Implementation Certification Course About COBIT 5.0 Information is created, used, retained, disclosed and destroyed. Technology plays a key role in these actions and technology is becoming pervasive

More information

Information Security Certifications

Information Security Certifications HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Information Security Certifications Persons / Organizations ENISA

More information

G11 EFFECT OF PERVASIVE IS CONTROLS

G11 EFFECT OF PERVASIVE IS CONTROLS IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically

More information

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Contents Change History... 2 Rationale...

More information

GIAC Certification. Enterprise Solution

GIAC Certification. Enterprise Solution E- Business & Web Solutions IT Solutions (Hardware, Software, Services) Business Process & Technology Outsourcing Enterprise Solution Professionals on Information and Network Global Information Assurance

More information

ITSM Governance In the world of cloud computing

ITSM Governance In the world of cloud computing ITSM Governance In the world of cloud computing Housekeeping Welcome to the Webinar Use the control panel to ask questions Can you see & hear us? enter your name & city to confirm Type Your Questions Here

More information

Information Security Specialist Training on the Basis of ISO/IEC 27002

Information Security Specialist Training on the Basis of ISO/IEC 27002 Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu

More information

IT Service Management ITIL, COBIT

IT Service Management ITIL, COBIT IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service

More information

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply

More information

Imperial Plus. FAQs 2013/14. imperialcollegeunion.org. Imperial Plus FAQs 1

Imperial Plus. FAQs 2013/14. imperialcollegeunion.org. Imperial Plus FAQs 1 Imperial Plus FAQs 2013/14 imperialcollegeunion.org Imperial Plus FAQs 1 Contents -05 What is Imperial Plus? Why has the Union developed Imperial Plus for student volunteers? What are the skills Imperial

More information

Open Access to publications and research data in Horizon 2020

Open Access to publications and research data in Horizon 2020 Open Access to publications and research data in Horizon 2020 Celina Ramjoué Head of Sector Open Access to Scientific Publications and Data Digital Science Unit CONNECT.C3 4 December 2013 Meeting of National

More information

REPORT PSO Workshop. Beneficiaries Accountability in Humanitarian Assistance The Hague, 10 December 2009. Henk Tukker

REPORT PSO Workshop. Beneficiaries Accountability in Humanitarian Assistance The Hague, 10 December 2009. Henk Tukker REPORT PSO Workshop Beneficiaries Accountability in Humanitarian Assistance The Hague, 10 December 2009 Henk Tukker 1 1. INTRODUCTION This report reflects the proceedings of the PSO workshop on Beneficiaries

More information

BCS Specialist Certificate in Service Desk & Incident Management Syllabus

BCS Specialist Certificate in Service Desk & Incident Management Syllabus BCS Specialist Certificate in Service Desk & Incident Management Syllabus Version 1.8 March 2015 BCS Specialist Certificate in Service Desk & Incident Management Syllabus Contents Change History... 2 Rationale...

More information

-Blue Print- The Quality Approach towards IT Service Management

-Blue Print- The Quality Approach towards IT Service Management -Blue Print- The Quality Approach towards IT Service Management The Qualification and Certification Program in IT Service Management according to ISO/IEC 20000 TÜV SÜD Akademie GmbH Certification Body

More information

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

c) explain the role of an auditor to plan, conduct report and follow up an FSMS audit in accordance with ISO 19011;

c) explain the role of an auditor to plan, conduct report and follow up an FSMS audit in accordance with ISO 19011; FSMS 22000 Lead Auditor Training Course Certificated by IRCA, Course No. A17304 Ref: FSMS LAC Duration: 5 days Objectives/Benefits The purpose of this training course is to provide food chain professionals

More information

Don t let your SIeM become your Nightmare!

Don t let your SIeM become your Nightmare! Don t let your SIeM become your Nightmare! Herwig Köck, Thomas Bleier What is SIEM? Combining Security Components Intrusion Detection Endpoint Security Service Logs Asset Management Packets Protocols IP-Adresses

More information

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The

More information

CFIR - Finance IT 2015 Cyber security September 2015

CFIR - Finance IT 2015 Cyber security September 2015 www.pwc.dk Cyber security Audit. Tax. Consulting. Our global team and credentials Our team helps organisations understand dynamic cyber challenges, adapt and respond to risks inherent to their business

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

Certificate in Applied Management

Certificate in Applied Management Certificate in Applied Management MANAGE TO MAKE THE DIFFERENCE Follow us on: twitter.com/myotc Like us on: facebook.com/theopentrainingcollege ACCREDITED PROFESSIONAL TRAINING FOR FRONT LINE MANAGERS

More information

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5

More information

Document Hierarchy of Information Security. Corporate Security Policy. Information Security Standard. General Directive(s) Specific Directive(s)

Document Hierarchy of Information Security. Corporate Security Policy. Information Security Standard. General Directive(s) Specific Directive(s) Document Hierarchy of Information Security General commitment to Information Security Installation of CorpSec Enabling CSO Installing Information Security Standard Corporate Security Policy Defining Assets,

More information

Using COSO Small Business Guidance for Assessing Internal Financial Controls

Using COSO Small Business Guidance for Assessing Internal Financial Controls Using COSO Small Business Guidance for Assessing Internal Financial Controls By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction New generation of general models referring to either IT or Internal

More information

NetIQ FISMA Compliance & Risk Management Solutions

NetIQ FISMA Compliance & Risk Management Solutions N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a

More information

ROLE PROFILE INFORMATION SECURITY ANALYST

ROLE PROFILE INFORMATION SECURITY ANALYST ROLE PROFILE INFORMATION SECURITY ANALYST COMPANY OVERVIEW Informa is one of the world s leading knowledge providers. We create and deliver highly specialised information through publishing, events, training,

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank.

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank. Information Security Management at HDFC Bank: Contribution of Seven Enablers By Vishal Salvi, CISM, and Avinash W. Kadam, CISA, CISM, CGEIT, CRISC, CBCP, CISSP, CSSLP HDFC Bank was incorporated in August

More information

Nettitude Ltd. (FHEQ) level 7] MSc Postgraduate Diploma Postgraduate Certificate. British Computer Society (BCS) Master s Degree in Computing

Nettitude Ltd. (FHEQ) level 7] MSc Postgraduate Diploma Postgraduate Certificate. British Computer Society (BCS) Master s Degree in Computing Faculty of Engineering and Informatics Programme Specification Programme title: MSc Cyber Security Academic Year: 2015/16 Degree Awarding Body: Partner(s), delivery organisation or support provider (if

More information

Brochure Service Design SPO

Brochure Service Design SPO Brochure Service Design SPO About Pink Elephant Company History Pink Elephant started life some 30 years ago in Delft University in the Netherlands. A beer and peanuts company managed and staffed by students

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Cloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority

Cloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority Cloud Security Standards Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority Introduction Sign Off December 2012 Information Technology Authority

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the

More information

Kevin Ball. Kevin.ball@hartpury.ac.uk

Kevin Ball. Kevin.ball@hartpury.ac.uk Foundation Degree Sports Business Kevin Ball Kevin.ball@hartpury.ac.uk The programme team would like to welcome you to Foundation Degree in Sports Business. During your time at Hartpury you will learn

More information

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net

More information

Time Care Professional Services

Time Care Professional Services Time Care Professional Services Time Care Professional Services Time Care Professional Services Welcome to Time Care Professional Services, giving customers access to the training and support that enables

More information

What We Do. security. outsourcing. policy and program. application. security. training & awareness. security solutions

What We Do. security. outsourcing. policy and program. application. security. training & awareness. security solutions What We Do Whether you need a quick check-up, in-depth testing and analysis or constant care; at Rewterz we have cure for the common techache. At Rewterz, our consultants work with your IT management team

More information

IBM Hosted Application Scanning

IBM Hosted Application Scanning IBM Hosted Application Scanning Service Definition IBM Hosted Application Scanning 1 1. Summary 1.1 Service Description IBM Hosted Application Security Services Production Application Scanning Service

More information

Specialist consultancy for the transport and logistics sector

Specialist consultancy for the transport and logistics sector Specialist consultancy for the transport and logistics sector Logistics Health and Safety Environmental auditing Strategy and business modelling Technical and engineering specifications Dangerous goods

More information

Process Ownership and Service Ownership

Process Ownership and Service Ownership Process Ownership and Service Ownership Maximizing the Value of Key Roles A Third Sky White Paper By Lou Hunnebeck, ITIL Expert and Service Design 2011 Author, VP ITSM Vision & Strategy for Third Sky,

More information