HISP Certification Course (5 days) - 35 CPEs ***HISP stands for Holistic Information Security Practitioner.

Transcription

1 HISP Certification Course (5 days) - 35 CPEs ***HISP stands for Holistic Information Security Practitioner. This is the only integration course available today, which teaches the integration of ISO 27002/27001 with COBIT, COSO, ITIL and Multiple Regulations, pertaining to Information Security & Privacy. The Holistic Information Security Practitioner (HISP) Certification course is an internationally recognized differentiator in the Information Security space and one of the fastest growing information security certifications for Information Security Practitioners, Managers and Officers. In the current global economic recession, a recent CareerBuilder.com report indicates that the Information Security Manager position falls within one of the top 5 industries that are considered to be recession proof. The objective of this course is to provide participants with the necessary skills to implement a corporate Information Security Management System (ISMS) framework that is compliant with the requirements of ISO 27002, UK Data Protection Act, EU Directive on Privacy, HIPAA Security, GLB Act, Sarbanes-Oxley Act (Security), FACT Act, PCI Data Security, NIST , PIPEDA, PIPA and California SB-1386 and meets the certification requirements of ISO This is the only integration class that provides practical education on the integration of best practices for Information Security Management, Information Systems Auditing and multiple Regulatory Compliance requirements and how to map multiple regulatory requirements to the internationally accepted best practices framework of ISO 27001/ Who should attend? Staff tasked with the implementation and management of an formal internationally accepted Information security management system (ISMS). Staff tasked with ensuring compliance with standards and requirements such as (but not limited to) UK Data Protection Act, EU Directive on Privacy, HIPAA Security, SOX Security, FFIEC, GLBA, California SB1386, FACT Act, PCI Data Security, NIST , OSFI, PIPEDA, PIPA, Canadian Bill C-168 and other regulations. Information Security Consultants or Third Party Auditors. Auditors (External and Internal). Information Security Officers. IT Managers/Directors. Privacy/Compliance Officers.

2 Course Curriculum: Day 1 3 Content: ISO 27001/27002 Compliance Description: 5 days / 35 CPEs / (On Demand web based class also available) Benefits to Your Business Learn how to adopt international best practices pertaining to Information Security. Take the knowledge and skills imparted during this exercise and use them to improve confidentiality, integrity and availability of information systems. Gain competitive advantage. Improve customer and investor confidence. Show due diligence and due care. Content This module is designed for people who have a reasonable awareness of Information security management. History of the ISO series. Evolution of the ISO Series ISO certification requirements. Determination of scope. Identification of information assets. Determination of the value of information assets. Determination of risk. Determination of policy(ies) and the degree of assurance required from controls. Identification of control objective and controls. Definition of polices, standards and procedures to implement the controls. Production and implementation of policies, standards and procedures. Completion of ISMS documentation requirements. Establishment of Management Framework and Security Forum. Audit and review of ISMS. Case Studies. Course Curriculum: Day 3-4 Module: COBIT auditing framework. Description: The objective of this module is to provide delegates with the necessary skills to audit information technology systems using COBIT as a benchmarking standard.

3 Benefits to Your Business Learn how to adopt COBIT as an IT governance framework. Take the knowledge and skills imparted during this exercise and use them to improve confidentiality, integrity and availability of information systems. Gain competitive advantage. Improve customer and investor confidence. Show due diligence and due care. Content History of COBIT. Understanding COBIT Controls. Understanding COBIT mapping to ISO Understanding COBIT mapping to COSO. Understanding COBIT mapping to ISO and ITIL. COBIT case studies. Course Curriculum: Day 5 Module: Mapping Methodology Description: The objective of this module is to provide delegates with the knowledge of how ISO (Annex A of ISO 27001) requirements map to HIPAA, FFIEC, GLB Act, Sarbanes-Oxley Act, OSFI, PIPEDA, PIPA, Canadian Bill C-168 and other various regulations. Benefits to Your Business Learn how to effectively map multiple standards through a Compliance Matrix. Take the knowledge and skills imparted during this exercise and use them to improve confidentiality, integrity and availability of information systems. Gain competitive advantage. Improve customer and investor confidence. Show due diligence and due care Learn how to use your management system to track a measurable return on investment Content Regulatory Compliance Mapping: Regulatory Haystack

4 Case Study/Group Exercise Certification Exam Attendees can chose to take the HISP Certification Exam the afternoon of Day 5, consisting of: 100 multiple-choice questions. Questions covering the entire HISP course curriculum.

5 Instructor Biographies Taiye Lambo CISSP, CISM, CISA, HISP, ISO Auditor Taiye Lambo is a Security subject matter expert in the area of Information Security Governance; with years of experience in design & implementation of Intrusion detection and prevention systems, Honeypots, Computer Forensics, Ethical Attack & Penetration Testing, Biometric Identification, Network Security Architecture, Information security governance. He founded the UK Honeynet project and the Holistic Information Security Practitioner (HISP) Institute He has successfully executed information security projects for a number of United Kingdom government agencies and also provided information security consulting to State of Georgia agencies. In the commercial sector he has completed Consulting engagements for clients, in the Manufacturing, Financial Services and Healthcare sector. He was the Director of Information Security for John H. Harland (now Harland Clarke), the leading provider of solutions to the Financial Services industry, including check and check related products and accessories, direct marketing solutions, and contact center solutions. He has dual expertise as a hybrid technical and business information security consultant with a pragmatic holistic approach to the management of information security and regulatory compliance, as well as a subject matter expert on Information Security governance and compliance relating to regulatory standards such as HIPAA, Sarbanes-Oxley Act, Gramm-Leach Bliley Act (GLBA), FDIC and others. His presentations at security events include conferences organized by organized by ISSA, InfraGard, ISACA, CPM, SOFE, EDUCAUSE, Kuwait Information Security Conference and HITRUST. Taiye is President and Founder of efortresses, an Atlanta based Cyber security, risk and compliance management solutions company founded in In the United Kingdom, he founded a successful information security firm CyberCops Europe, gained assignments in the USA for commercial and government agencies where he continued Information security and compliance consulting and became a subject matter expert in several of the current regulations. His involvement in the USA grew with speaking engagements at leading seminars & conferences. He left CyberCops Europe, came to the USA and founded efortresses in October He has established numerous valuable contacts nationwide and has name recognition in the information security/regulatory compliance space. efortresses developed the industry s first integrated security and compliance assessment product, Compliantz - an automated process to assess an organization's processes, policies, procedures and standards against internationally accepted information security best practices and multiple regulatory requirements, including HIPAA Security, Sarbanes-Oxley Act (Security), GLB Act, California SB-1386, NIST , FACT Act and PCI Data Security. efortresses also developed and holds classes nationwide in the industry's very first information security, audit and compliance certification course - Holistic Information Security Practitioner (HISP). With a Bachelors degree in Electrical Engineering, he also earned a Masters degree in Business Information Systems from the University of East London (United Kingdom).

6 Charles Edward Wilson CISM, ISSM, HISP, MTS Ed Wilson is CISM, DoD Certified Information Systems Security Manager (ISSM), and a retired US Navy Cryptologic Technical Technician with over 27 years experience in INFOSEC - securing, auditing, and accrediting IT systems to include protection of sensitive corporate information in compliance with DoD regulations, ISO 9000, BS7799/ISO 17799, ISO 15408, FISMA, COSO, COBIT, GLBA, SOX, and HIPAA legislation. Ed Wilson is a Certified Master Training Specialist, Testing Officer/Testing Supervisor, Curriculum Developer, and Technical Writer that strengthens his demonstrated excellence in leadership, technical competence, application of instructional methodology, and desire to improve educational awareness through quality instruction. As an INFOSEC Subject Matter Expert, Ed Wilson developed 3 Information Systems Security Manager (ISSM) courses, consisting of 31 INFOSEC topics at the master level. Ed was an adjunct lecturer on INFOSEC manners for the National Security Agency (NSA) having taught twenty-six (26) National Cryptologic School courses for NSA. John A. DiMaria Certified Six Sigma Black Belt; HISP; Master HISP, CBCI John DiMaria (Co-Author of How to Deploy BS ) is a management system professional and certified Holistic Information Security Practitioner (HISP) with 25 years of successful experience in Management System Development, including Information Systems, Quality Assurance, International Quality Standards, Statistical Process Control, Regulatory Affairs, Customer Service, Subcontractor Analysis and Marketing/Sales in a highly competitive National and international environment. As the former Product Manager for BSI Management Systems America, John was the technical, audit, scheme and marketing specialist responsible for overseeing development, education and expertise for BSI Americas regarding all information security and business continuity activities including ISO 27001, World Lottery Association (WLA), ISO and BS John was also the recipient of the BSI Global Innovation Award. He serves on committees that influence legislation and drive international harmonization such as the ANAB PS- Prep (Title IX) committee of experts and the BITS Shared Assessment Program. He is the President of the HISPI (Holistic Information Security Practitioner Institute) and has been featured in many publications concerning various topics regarding information security and business continuity. such as Computer World, Quality Magazine, QSU, SC Magazine, Campus Technology, Continuity Insights, ABA Banking Journal, CPM Magazine, GSN Magazine (dubbed Business Continuity s new standard bearer ) and the featured interview on the cover and of PENTEST Magazine. Prior to joining BSI, DiMaria was the Managing Consultant responsible for Information Security Services for LECG a global expert services firm. He has experience working with both national and international environments.

7 John holds formal BSI qualifications in several areas of ISMS, ITSM and BCMS: I001 BSI Learning Instructor, I003 Instructor Trainer, I0LA BSI Lead Auditor Instructor (ISO 27001, BS Business Continuity Instructor), IHIS Holistic IS Practitioner, BSI ITSM ISO Technical Audit and standards Specialist (TS), BSI ISMS ISO Technical audit and Standards Specialist, BS Assessor. HIGHLIGHTED EXPERIENCE Served as the BSI Americas Technical & Marketing specialist in the areas of ISO 27001, ISO 20000, BS and all other areas of Information Security and Business Continuity. Designed and delivered training to Field Development Staff on ISO/BS 7799/27001 processes and mapping an ISMS to best practice regulatory and IT Standards. Designed and delivered projects for building, training and servicing in all areas of TQM, Regulatory Affairs, Information systems, Risk Analysis, the International Management System Standards, Statistical Process Control, Customer Service and Marketing and Sales, showing a cost savings through process improvement These projects included but were not limited to: Complete ISMS and other Management System Implementation Management System Analysis and Improvement Process Mapping Process Flow Analysis Process Control Planning Fault Tree Analysis Technical Writing Preventive Action Planning and Implementation Use Case Modeling EXPERIENCE CONT. Six Sigma Statistical Analysis Failure Mode Effect Analysis Regulatory Analysis and Compliance (Including EMS & OSHA processes) Employee Engineering Training Development & Delivery Auditing (Internal and External) Subcontractor Evaluation Risk Assessment & Management Business Process Re-engineering Served 4 years as member of the Top Management Operations Board of Directors for a multi-site $100M corporation. Prior 16 years managed implementation of SPC, Regulatory Affairs, process controls, information systems and international management systems standards. Performed over 100 internal quality system and external supplier quality audits.

8 Served on an Automotive Advisory Committee to represent the Chemical Industry during the original conception of the QS 9000 international automotive standard. Implemented Six Sigma strategies and led a cross-functional team for a major multi-million dollar corporation in St. Louis, MO. EDUCATION HISP (Holistic Information Security Practitioner); Certification B.B.(Black Belt) Six Sigma Certification, GE Six Sigma Academy Certificate, Six Sigma Leadership Certificate, Quality Operating Systems(QOS) FMEA; Eastern Michigan University Certificate. Electronic Data Interchange; EDI, INC Certification; Internal Auditor, Quality Management Institute DMACS Computerized Process Controls A.S. Computer Information Systems, Columbia College PUBLICATIONS How to Deploy BS Version 2, April 2008 How to Deploy BS 25999; September 1, 2007 BS 7799 Audit Preparation; BSI Management Systems, March 2005 Benefits of BS 7799 and ISO 17799; BSI Management Systems, April 2005 BS 7799 Drivers and Advantages; BSI Management Systems, March 2005 PROFESSIONAL AFFILIATIONS HISP (Holistic Information Security Practitioner Institution); President Business Continuity Institute (BCI) Member Business Continuity Institute (BCI) Training Affiliate BITS Financial Institution Shared Assessment Program Working Group Member DHS PS-Prep Program Committee of Experts EC Union iaffiliate Rainmakers Marketing Group Founding Member American Society for Quality (Secretary; Board of Directors; ) CHARITABLE AFFILIATIONS St. Patrick Center for the homeless and addicted St. Louis, MO New Life Evangelistic Center (NLEC) for the homeless St. Louis, MO Catholic Charities Association (Board of Directors) St. Louis, MO Over 44 Speaking Engagements both national and international 6 Keynotes.

9 Gary Sheehan; CISSP, HISP Professional Summary Gary Sheehan possesses over 20 years of information security experience. Gary has held a variety of information technology positions since Gary has strong leadership, communication and people management skills. As Director of GRC Services, Gary is responsible for managing the design, delivery and implementation of governance, risk, security and compliance solutions that meet customer needs and keep pace with the constantly evolving regulatory and security requirements. Gary has assisted a number of companies with large-scale security management initiatives to facilitate the voluntary and mandatory compliance requirements of their organizational directives. Achievements & Accomplishments Speaker at industry events such as Information Security Summit, CSI Conference and MIS Institute InfoSec World. Developed and implemented security policy, security awareness programs, vulnerability management solutions, risk management solutions, security process improvements, security organization studies, and wireless security solutions for multiple organizations. Provided Security Advisory services to a number of Northeast Ohio organizations Certificate of Appreciation from the Cleveland FBI office for exceptional service in the public interest. Letter of commendation from the Cleveland FBI office for exemplary service to the local chapter Winner of the Linda Franklin Award. Founded the Information Security Summit Education & Certifications Graduated cum laude from Baldwin-Wallace College in 1989 with a Bachelor of Arts Degree in Business Administration. Continued education including classes, seminars and self-study in multiple security areas. Obtained CISSP certification in 2002 Completed the FBI Citizen s Academy in Cleveland, Ohio in Obtained HISP certification in 2007 Professional Affiliations Northern Ohio Members Alliance of InfraGard President. Information Security Summit - Executive Director. Northeast Ohio Think Tank Advisory Board HISP Institute Board of Directors Skill Summary OS system Security Mainframe Security (Top Secret, ACF2, RACF) Windows NT Security ISS Security Product Suite QualysGuard Enterprise Security Organization Implementation Security Strategy & Design

10 ISO ISO Security Policy Security Process Improvement Project Management Vulnerability Management Risk Management Security Awareness & Training M&A Security Program Implementation ISO Frameworks Ralph Johnson; CISSP, CISM, HISP, CIPP/G Ralph Johnson is the Chief Information Security and Privacy Officer for King County, Washington and Secretary to the Governance Board of the Holistic Information Security Practitioners Institute (HISPI). Mr. Johnson s has filled numerous positions within King County over the past 22 years. King County is Located on Puget Sound in Washington State, and covering 2,134 square miles, King County is nearly twice as large as the average county in the United States. With more than 1.9 million citizens, it ranks as the 14th most populous county in the nation, with approximately 15,000 employees, 14 departments and multiple lines of business. For the past 7 years Mr. Johnson has held the position of Chief Information Security and Privacy Officer in which he oversees information security and privacy issues for the entire county infrastructure. In this capacity he established the information assurance program from policy development to controls selection, implementation, monitoring and evaluation. Mr. Johnson has served as Security Architect for King County, Network Services Manager, PC Support Supervisor, and Network Engineer for the county s department of Public Health. He has held the position of Secretary of the HISPI Governance Board for the past three years. Mr. Johnson has a Bachelor s degree in Business Administration from Eastern Oregon University and an Associate s degree in Mortuary Science form San Francisco College of Mortuary Science. He holds multiple certifications in information security, information privacy, network administration and project management.