November 2020 Chapter Meeting Building And Evaluating a Culture Of Security

Building And Evaluating a Culture Of Security

Seminar Description
Information Security is more than technology and tools. It is also an organization’s behaviors, beliefs, assumptions, attitudes and ways of doing things. In other words, it is a Culture of security that pervades an enterprise. It may be strong, impactful, structured and respected or weak, ineffective, disorganized, contradictory, unrecognized and haphazard. Either way, a security Culture exists. For Information Security professionals, as well as IT Auditors and Risk Managers, the objective is to foster an intentional Culture, supportive of an organization’s overall goals for security.

This seminar presents methods for achieving and strengthening a security Culture. It also provides a methodology for measuring and evaluating that Culture in the context of overall objectives. The presentation is based on ISACA’s publication, Creating a Culture of Security, written by Mr. Ross.

About the Presenter:

Steven J. Ross Executive Principal New York, New York

Mr. Ross is Executive Principal of Risk Masters International and holds certification as a Certified Information Systems Security Professional (CISSP) as well as a Master Business Continuity Professional (MBCP) and a Certified Information Systems Auditor (CISA). Mr. Ross is a specialist in the field of information systems security and control, specializing in Information Security, Business Continuity Management, and IT Disaster Recovery Planning services. He has implemented Information Security programs for numerous banks, government agencies and industrial corporations. Prior to founding Risk Masters, Mr. Ross was a Director and global practice leader with Deloitte & Touche. In consulting engagements, he specializes in planning, policy development, implementation, and standardization of Information Security processes. In recent years, his focus has been on reliability, prevention, detection and recovery from the technical and business impact of cyberattacks. He is editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series, including e-Commerce Security: Public Key Infrastructure. He has recently published Creating a Culture of Security. Since 1998, Mr. Ross has regularly published the column, “IS Security Matters”, in the ISACA Journal.

past_event