Information Security Certifications
|
|
- Domenic Shelton
- 8 years ago
- Views:
Transcription
1 HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Information Security Certifications Persons / Organizations ENISA workshop What can we achieve with information security certification? Athens, november 28, 2006 Hervé Schauer <Herve.Schauer@hsc.fr> Slides will be available at
2 Hervé Schauer Consultants 2 / 7 Information security consulting since consultants Leading company for security training in french Certifications achieved by consultants : CISSP (ISC2), GIAC GCFA (SANS), ProCSSI (INSECA), BS7799 Lead Auditor (BSI, BVQI), ISO Lead Auditor (LSTI) HSC provides ISO Lead Auditor training Certification is done independently by a certification body : LSTI, to comply with ISO HSC works as ISO certification auditor for several certification bodies In several european countries
3 Security certifications for persons 1/3 HSC provide technical security training since 1989 In 2003 and 2004 HSC tried to adopt existing personnel certifications in security, not binded to a product or vendor CISM & CISA from ISACA Not technical, not for resell CEH/CHFI from EC-Council Very low technical level to our experience OPSA, OPST, OPSE from ISECOM Seemed the best after first analysis, but difficult negotiation, very low technical level for first grade to our experience GIAC from SANS Huge investment before starting by attending all existing courses, 60% of the money for them & 40% for HSC, technical level Ok 3 / 7
4 Security certifications for persons 2/3 CISSP from ISC2 4 / 7 80% of the money for them and 20% for HSC SCNP/SCNA from SecurityCertified (Ascendant Learning) Business model Ok Not easy to sell in France No update of course material ProCSSI from INSECA No training TICSA from TrueSecure Not a reliable company for certification ISO Lead Auditor Not owned by anyone Based upon ISO 27001, ISO and ISO standards, and guides ISO (ISO 17799), ISO 27004, ISO 27005,...
5 Security certifications for persons Most "non-profit organizations" providing security certifications for persons are pure profit companies Not claiming the truth does not bring confidence in them Also true for colateral activities such as auditors registrars All existing models have training and certification provided by the same company 3/3 5 / 7
6 Security certifications for organizations ISO is attainable to small businesses and any kind of organizations ISO27001 brings to every certified organization a minimum security level True with ISO and ISO certification process ISO implies continuous improvement ISO is the only way to stop proliferation and costs of information security audits (SoX, Basel II, banking regularory authority, public sector regulatory authority, ITIL/ISO 20000, privacy, etc) ISO popular in some countries, not popular in others In France, 4 published ISO certificates 57 in Germany, 42 in Italy, 38 in Spain,... 6 / 7
7 Conclusion Information security certifications for persons are necessary ENISA shall have a role to promote something complete, not binded to a particular company, with separate training and certification ISO27001 is the easiest way to improve information security in organizations EC should promote ISO certification of organizations as a requirement in calls for offers EC must request ISO certification as mandatory for organizations using EU funding, and organizations using personal data, eventually with privacy extensions Questions? Herve.Schauer@hsc.fr 7 / 7
Pentests: Exposing real world attacks
HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Security Day 2011 Pentests: Exposing real world attacks Renaud Dubourguais
More informationCybercrime & Cybersecurity: the Ongoing Battle International Hellenic University
Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path
More informationISO 27001:2005 & ISO 9001:2008
ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the
More informationKevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor
IT Audit/Security Certifications Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor Certs Anyone? There are many certifications out there
More informationCertification and Training
Certification and Training CSE 4471: Information Security Instructor: Adam C. Champion Autumn Semester 2013 Based on slides by a former student (CSE 551) Outline Organizational information security personnel
More informationHacking (and securing) JBoss AS
HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Hacking (and securing) JBoss AS Renaud Dubourguais Renaud Dubourguais
More informationCareer Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88
Career Survey 1. In which country are you based? 88 answered question 88 skipped question 0 2. What is your job title? 88 answered question 88 skipped question 0 3. Travel budget not at all 21.0% 17 somewhat
More informationInformation for Schools and Colleges. So you want to. Know more about the BS EN ISO 9000:2000 family of quality management system standards
Information for Schools and Colleges So you want to Know more about the BS EN ISO 9000:2000 family of quality management system standards A brief history of BS EN ISO 9000:2000 From the 1920 s to the 1940
More informationAll about CPEs. David Gittens CISA CISM CISSP CRISC HISP
All about CPEs David Gittens CISA CISM CISSP CRISC HISP The Designer David Gittens ISSA Barbados Past President Certified in ethical hacking and computer forensics Certified in security management and
More informationAchieving Governance, Risk and Compliance Requirements with HISP Certification Course
Achieving Governance, Risk and Compliance Requirements with HISP Certification Course in corporation with A unique information security and regulatory compliance certification course that provides IT security
More informationInformation Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza
Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank
More informationCloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
More informationSecurity Transcends Technology
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com
More informationHarmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology
Harmonizing Your Compliance and Security Objectives Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology Make sure efforts serve multiple purposes Use standards to guide effort Repeatable
More informationSCAN. Associates Berhad.
Associates Berhad. Talking points 1. Genesis 2. Products & services 3. Support 4. Strengthsth 5. Lessons 2 Genesis 1. Originated from University s R&D group on Infosec 95 2. Government funded d 3. Very
More informationExecutive Management of Information Security
WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without
More informationProfil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP www.ostendogroup.
Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP www.ostendogroup.com DA! (by Global knowledge & TechRepublic) Top certifications by salary:
More informationUsing Information Shield publications for ISO/IEC 27001 certification
Using Information Shield publications for ISO/IEC 27001 certification In this paper we discuss the role of information security policies within an information security management program, and how Information
More informationInformation Security Principles and Practices
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 3: Certification Programs and the Common Body of Knowledge Certification & Information Security Industry standards,
More information12 th National HIPAA Summit Managing a Data Security Audit Program. 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC
12 th National HIPAA Summit Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC Overview HIPAA Data Security Requirements Determining Audit Needs Developing
More informationIntroduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors
Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationCompliance & information security A (bit of a) rant. Jodie Siganto
Compliance & information security A (bit of a) rant Jodie Siganto Compliance Definition of compliance : the act of conforming, acquiescing, or yielding. conformity; accordance: in compliance with orders.
More informationContinuing Professional Education Policy
S E R V I N G I T G O V E R N A N C E P R O F E S S I O N A L S Continuing Professional Education Policy Revised: 2008 January Table of Contents Overview..................................2 Certification
More informationState of South Carolina InfoSec and Privacy Career Path Model
State of South Carolina InfoSec and Privacy Career Path Model Start Introduction This Career Path Model for the State of South Carolina (State) is designed to help define the various career options available
More informationSo Why on Earth Would You WANT To be a CISO?
So Why on Earth Would You WANT To be a CISO? SESSION ID: PROF-M05A Todd Fitzgerald CISSP, CISA, CISM, CRISC, CGEIT, PMP, ISO27000, CIPP, CIPP/US, ITILV3f Global Director of Information Security Grant Thornton
More informationDirector, IT Security District Office Kern Community College District JOB DESCRIPTION
Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,
More informationPCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1
PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman
More informationSystem Audit Framework
System Audit Framework Audit Process Following steps would be repeated annually to ensure that the process is comprehensive & effective: 1. The Audit shall be conducted according to the Norms, Terms of
More informationInformation Security Specialist Training on the Basis of ISO/IEC 27002
Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu
More informationCFPB Readiness Series: Compliant Vendor Management Overview
CFPB Readiness Series: Compliant Vendor Management Overview Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must be tailored to the
More informationTHE SANS 2005-2007 INFORMATION SECURITY SALARY & CAREER ADVANCEMENT SURVEY
THE SANS 2005-2007 INFORMATION SECURITY SALARY & CAREER ADVANCEMENT SURVEY What factors impact compensation? Which security certifications matter? What makes security people mad? What matters for career
More informationITIL Vs. LAYER - Search Engine Marketing System
Nuove tendenze : Standard e relative Certificazioni ICT AIEA - Sessione di Studio Milano 07.06.2013 Today s AGENDA Green Mill Solutions Company Facts Overview Scope Main Areas for IT & Business Alignment
More informationCASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link
CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link Peter Milla CASRO Technical Consultant/CIRQ Technical Advisor peter@petermilla.com Background CASRO and Standards CASRO takes
More informationApplication for CISM Certification
Application for CISM Certification 4/2015 Requirements to Become a Certified Information Security Manager become a Certified Information Security Manager (CISM), an applicant must: 1. Score a passing grade
More informationCurriculum Vitae. Personal information. VASILEIADIS Nikolaos. Work experience. Surname / First name
Curriculum Vitae Personal information Surname / First name Addresses VASILEIADIS Nikolaos Home: Koumoundourou 32, 15341,, Greece Work: Yakinthou 3C, 15343,, Greece Telephones Home: +30 210 6084531 Work:
More informationExperienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision.
Application for CRMP Certification (part 1) GRCSI is now offering the Certified Risk Management Professional (CRMP) certification to support and recognize professionals who have skills and experience in
More informationIPv6 Security Challenges
HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Deploying IPv6 Networks 2003 Upperside November 4, 2003 IPv6 Security
More informationPrivileged user management
Privileged user management vv It s time to take control Bob Tarzey, Analyst and Director, Quocirca Ltd Introduction The data presented is based on 270 telephone interviews with organisations across Europe
More informationImplementation of eidas through Member States Supervisory Bodies
Implementation of eidas through Member States Supervisory Bodies Riccardo Genghini - ETSI TC ESI & CEN-ETSI e-sign Coord. Group Chairman CA Day Berlin June 09 th, 2015 ETSI 2013. All rights reserved 2
More informationField of Study Area of Expertise Certification Vendor Course
Field of Study Area of Expertise Certification Vendor Course Advanced Security Certified Information Systems Security Professional (CISSP) ISC2 CISSP Advanced Security CompTIA Advanced Security Practitioner
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationInformation Security Standards by Dr. David Brewer Gamma Secure Systems Limited Diamond House, 149 Frimley Road Camberley, Surrey, GU15 2PS +44 1276
Information Security Standards by Dr. David Brewer Gamma Secure Systems Limited Diamond House, 149 Frimley Road Camberley, Surrey, GU15 2PS +44 1276 702500 dbrewer@gammassl.co.uk Agenda Background and
More informationCertificate of Cloud Security Knowledge (CCSK) v3 FAQ
Certificate of Cloud Security Knowledge (CCSK) 3 FAQ May 2014 CLOUD SECURITY ALLIANCE CCSK 3 FAQ What is the Certificate of Cloud Security Knowledge (CCSK)? The CCSK is a web-based examination of indiidual
More information14 October 2015 ISACA Curaçao Conference By: Paul Helmich
Governance, Risk & Compliance A practical approach 14 October 2015 ISACA Curaçao Conference By: Paul Helmich Topics today What is GRC? How much of all the GRC literature, tools, etc. do I need to study
More informationCloud Computing: Security, Risk and Governance Issues & International Developments in the Banking Sector. Panagiotis Droukas CISA, CRISC, CGEIT
Cloud Computing: Security, Risk and Governance Issues & International Developments in the Banking Sector Panagiotis Droukas CISA, CRISC, CGEIT Business Case for Cloud Computing www.c-ebs.org average traffic
More informationQuestion: 1 Which of the following should be the FIRST step in developing an information security plan?
1 ISACA - CISM Certified Information Security Manager Exam Set: 1, INFORMATION SECURITY GOVERNANCE Question: 1 Which of the following should be the FIRST step in developing an information security plan?
More informationAthens, 2 December 2011 Hellenic American Union Conference Center
Athens, 2 December 2011 Hellenic American Union Conference Center ISACA Athens Chapter and the Hellenic American Union are organizing the 1 st ISACA Athens Chapter Conference on December 2 nd, 2011. The
More informationEnd of the SAS 70 Era
End of the SAS 70 Era For years businesses that outsource have relied on SAS 70 reports on the internal controls of third party providers. The standard for those reports is changing. New Standards Replacing
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationHow To Become A Security Professional
Journal Online Jason Andress, Ph.D., CISM, CISSP, GPEN, ISSAP, is a seasoned security professional with experience in the academic and business worlds. In his present and previous roles, he has provided
More informationCyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationSan Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP
Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO
More informationForensic Certifications
Forensic Certifications Mayuri Shakamuri CS 489-02 Digital Forensics October 31, 2006 New Mexico Tech Executive Summary Digital Forensics is rapidly growing and evolving to become a scientific practice
More informationADMINISTRATIVE POLICY # 32 8 2 (2014) Information Security Roles and Responsibilities
Policy Title: Information Security Roles Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 2 (2014) Information Security Roles Approval Date: 05/28/2014 Revised Responsible Office:
More informationHP Cyber Security Control Cyber Insight & Defence
HP Cyber Security Control Cyber Insight & Defence Security awareness at board level Security leadership is under immense pressure Cyber threat Extended supply chain Financial loss Reputation damage Cost
More informationRe: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )
10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure
More informationDoD Directive (DoDD) 8570 & GIAC Certification
DoD Directive (DoDD) 8570 & GIAC Certification Date Updated: January 2014 National Account Manager 678-714-5712 Director 703-968-0103 What is DoDD 8570? Department of Defense Directive 8570 provides guidance
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationWeighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers
Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye
More informationElectronic signature and compliance assurance: what s new?
Electronic signature and compliance assurance: what s new? Ignacio ( Nacho ) Alamillo Domingo, CISA, CISM, ITIL-F ISACA Valencia Chapter Research Director Astrea Managing Partner March 2013 2 Table of
More informationSecurity Consulting. Services Overview
Services Overview Dimension Data is a global technology services company, assisting its customers in planning, building and supporting their IT infrastructures. Dimension Data combines its expertise in
More informationUsing COSO Small Business Guidance for Assessing Internal Financial Controls
Using COSO Small Business Guidance for Assessing Internal Financial Controls By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction New generation of general models referring to either IT or Internal
More informationDatabase Security and Auditing
Database Security and Auditing COURSE DESCRIPTION: This seminar aims to provide the Database Administrators, System Administrators, Auditors and IT Security Officers an overview on how to secure and audit
More informationWeighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers
Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye
More informationIMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES
IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES OBJECTIVES This course is specifically designed to improve your skills as an information security manager. Using O-ISM3 as a framework,
More informationI, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES?
I, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES? Todd Fitzgerald Director Global Information Security Information Security Management Author ManpowerGroup, Inc. (NYSE:MAN, Fortune 500 #129)
More informationChapter 1. The ISO 9001:2000 Standard and Certification Process
CH01_pp.001-008 15/08/01 12.15 pm Page 1 Chapter 1 The ISO 9001:2000 Standard and Certification Process Overview Introduction This chapter describes the ISO 9000 Standards, ISO 9001:2000 concepts, and
More informationThe Next Generation of Security Leaders
The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationSessione di Studio AIEA 19 Giugno 2015
Sessione di Studio AIEA 19 Giugno 2015 Copyright 2011-2015 CSA Italy Copyright 2011-2015 CSA Italy https://it.linkedin.com/in/albertomanfredi Copyright 2011-2015 CSA Italy Copyright 2011-2015 CSA Italy
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop on Change Management. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop on Change Management All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationCLOUD SECURITY CERTIFICATIONS: HOW IMPORTANT ARE THEY?
E-Guide CLOUD SECURITY CERTIFICATIONS: HOW IMPORTANT ARE THEY? SearchCloud Security M ore and more certifications are being created around cloud security. An expert looks at some of the more prominent
More informationAPEC Guide to Information Security Skills Certification. Booklet
Certification Booklet www.siftsecurity.net AEC ublication Number: AEC#207-TC-03.1 AEC TEL Security and rosperity Steering Group May 2007 Contents Contents... 2 Introduction... 3 Using this guide... 3 What
More informationCompliance Risk Management IT Governance Assurance
Compliance Risk Management IT Governance Assurance Sigma Technology Partners offers its clients number of assurance services including SAS 70 Type I and SAS 70 Type II audits. Our team of CPA s, CISA s
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More informationNigel Taylor Head of e-invoicing Solutions, EMEA
The Basics of Electronic Invoicing Nigel Taylor Head of e-invoicing Solutions, EMEA Agenda The basics of electronic invoicing for buyers and sellers Compliance today and tomorrow Community enablement How
More informationSecurity and privacy standardization for the SME community
Security and privacy standardization for the SME community NLO meeting, Athens, March 4th 2015 European Union Agency for Network and Information Security www.enisa.europa.eu PROJECT CONTEXT European Union
More informationISACA Privacy Principles and Program Management Guide Preview Yves LE ROUX Principal consultant Yves.leroux@ca.com
ISACA Privacy Principles and Program Management Guide Preview Yves LE ROUX Principal consultant Yves.leroux@ca.com 1 2014 CA. ALL RIGHTS RESERVED. ISACA 2 2014 CA. ALL RIGHTS RESERVED. Privacy Guidance
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationA Privacy Primer for Security Officers
SESSION ID: DSP-T08 A Privacy Primer for Security Officers Todd Fitzgerald, CISSP, CISA, CISM, CIPP, CIPP/US, CIPP/E, PMP, ISO27001, CGEIT, CRISC Global Director Information Security Grant Thornton International,
More informationPROJECT: EURO-AUDITS THE EUROPEAN ROAD SAFETY AUDITOR TRAINING SYLLABUS APPENDIX E SURVEY RESULTS. October 2007
PROJECT: EURO-AUDITS THE EUROPEAN ROAD SAFETY AUDITOR TRAINING SYLLABUS APPENDIX E SURVEY RESULTS October 2007 A European Commission co-funded project Appendix E Survey Results Contents: Survey Results
More informationG11 EFFECT OF PERVASIVE IS CONTROLS
IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically
More informationThe Business Benefits of Logging
WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationAbout the Presenter About the Cloud Security Alliance Guidance 1.0 Getting Involved Call to Action
Governance, Risk Management, Compliance, & Audit An Overview of Cloud Security Alliance s Security Guidance for Critical Areas of Focus in Cloud Computing July 23, 2009 Agenda About the Presenter About
More informationISQ Handbook. Security. Information. Qualifications. An in-depth coverage of vendor and vendor-neutral qualifications
2003 ISQ Handbook An in-depth coverage of vendor and vendor-neutral qualifications Information Security Qualifications Contents Preface 5 Introduction 7 Part I Vendor Neutral Qualifications 13 International
More informationSpillemyndigheden s Certification Programme Change Management Programme
SCP.06.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the change management programme... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 4 2.1 Certification frequency...
More informationGIAC Program Overview 2015 Q4 Version
GIAC Program Overview 2015 Q4 Version Program Overview - GIAC Certification 2015 1 What is GIAC? GIAC is the Global Information Assurance Certification program GIAC assesses candidate knowledge in specific
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationSocial Networking and its Implications on your Data Security
Social Networking and its Implications on your Data Security Canadian Chamber of Commerce of the Philippines June 8, 2011 Warren R Bituin Partner -SGV & Co. About the Speaker Warren R. Bituin SGV & Co./Ernst
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationThe Information Security Management System According ISO 27.001 The Value for Services
I T S e r v i c e M a n a g e m e n t W h i t e P a p e r The Information Security Management System According ISO 27.001 The Value for Services Author: Julio José Ballesteros Garcia Introduction Evolution
More informationRéponse à une question de Roger Bastide Document 40
www.mauricemauviel.eu contact@mauricemauviel.eu Page 1 sur 44 www.mauricemauviel.eu contact@mauricemauviel.eu Page 2 sur 44 www.mauricemauviel.eu contact@mauricemauviel.eu Page 3 sur 44 www.mauricemauviel.eu
More informationThe enemies ashore Vulnerabilities & hackers: A relationship that works
The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively
More information