Phil Holmes/ Robert Tate. Security Training

Transcription

1 1 Update Phil Holmes/ Robert Tate

2 Update - Agenda 2 Position in June 1997 Alliance Security Briefings at Member Meetings Relation to BS 7799 Training Matrices Coverage, orientation and approach Actions

3 London Meeting, June 1997 (1) 3 Need for The Open Group to be involved in Security Training Gave some of the options Offer own courses Leverage existing training activity in the market Resource and market issues What The Open Group has to offer

4 London Meeting, June 1997 (2) 4 Recognition of third parties Proposed three tier approach: accreditation of training organizations, approved courses and professional certification The importance of BS 7799 Action Test marketing and training Develop training matrix Feedback Relation to procurement activity

5 The Alliance (STA) 5 Collaboration between The Open Group and Aid to Industry Working to run a series of briefing seminars in March/April 98 timed to benefit from the publicity arising out of the BISS 98 Survey Working on Set of Courses to be given from May 98 onwards related to Security Breaches, Security Management and solutions based on IT Security Standards Treated as a pilot project and open to other participants

6 AID TO INDUSTRY 6 Represented by Vernon Poole and Stan Dormer Formed in 1982 Specialist training organisation especially oriented to audit professionals Now owned by Deliotte & Touche

7 STA - Proposed Courses (1) 7 Half day courses related to BISS 98 and Security Management Security Incident Reporting Impact of Security Breaches Cost of Security Breaches Contingency Plans/Standards Information Security Policies Information Security Standards and Procedures Communications Controls

8 STA - Proposed Courses (2) 8 One or two day courses Establishing an Effective Information Security Guide Establishing a Distributed Security Framework Establishing Baseline Security Services Defining and Buying Secure Open Systems New and Emerging Open System Security Technologies

9 STA - Course Delivery 9 Courses would be grouped in series to provide for three to four days training at one time. Offered publically in London, N. England and Edinburgh from May 98 Offered for in-house training Roll out - Europe and beyond Offer under license to other training organizations through proposed three tier accreditation scheme

10 Security Briefings at Member Meetings 10 Amsterdam - Security Briefing Sessions on Security Management (Stan Dormer) and Single Sign On (Pierre Noel) Objectives Feedback San Diego - Security Briefing Sessions on Security Management and CDSA Dependent upon experience from Amsterdam Roll out alongside the Alliance

11 Relation to BS Alliance (STA) seminars and courses, and Security Briefings at Member Meetings both reference BS 7799 Need to position alongside BS 7799 to ensure that TOG and the STA add unique value and promote the benefits adopting and implementing IT standards such as CDSA Question the value of TOG attempting to compete directly with consultancy firms and others offering services relating to BS 7799 Accreditation.

12 STA Training Matrix 12 Parameters: Level of the audience Type of practitioner Subject area Map against proposed activities Develop course curricula that could also be used as the basis of approved courses under the three tier accreditation scheme

13 Checklist of topics to cover (1) 13 discuss the security issues facing commercial organisations discuss the importance and development of security policies describe how a generally-accepted code of practice for information security can benefit the business outline a generally accepted technical architecture for information security can be applied to support the security policy and codes of practice such as BS7799

14 Checklist of topics to cover (2) 14 identify commercially-developed common standards for security services that support the architecture and the practical implementation of codes of practice such as BS7799 illustrate how these standards can be used in an effective commercial procurement and deployment strategy in order to achieve improved corporate security to combat identified risks and vulnerabilities

15 Checklist of topics to cover (3) 15 cost effective deployment with demonstrable cost benefits improved flexibility and scalability of the corporate infrastructure to respond to changing business needs improved portability and interoperability between products in order to reduce the risk of "product lock-in" avoidance of the security through obscurity" syndrome

16 Next Action 16 Feedback from Amsterdam Look at CDSA training opportunities including webbased training possibilities Refine and enlarge the training matrix Deliver the pilot seminars and courses through STA Re-examine the Business Case Extend TOG activities beyond the UK Offer licenses and/or engage other organizations in STA Establish the three tier accreditation scheme