Risk-Based Approach to IT Infrastructure Security & Control Assessments

When:  Nov 15, 2018 from 08:30 to 16:00 (ET)
Associated with  Toronto Chapter

CPE Credits: 8

Session Highlights 

Key information security governance controls, including a risk-based approach to design, operation and assessment of security and controls are critical to ensuring that an organization’s information assets are adequately protected to prevent compromise.  

This session will discuss a risk-based approach to assessment of security and control in the following areas:

  •  Configuration Management Controls
  •  Security Configuration Standards
  •  Build Processes 
  •  Patch and Change Management Processes
  •  Security Event Monitoring 
  •  Vulnerability Assessment & Management
  •  Security Compliance Processes

 

1. IT Infrastructure Risk & Control

  • Information Security Governance

  • Security Policy and Standards Framework

  • Mapping IT Infrastructure to Application Systems and Business Processes

  • Security Architecture & Design

  • Risk Assessment Processes

  • Threat and Vulnerability Management

  • Security Compliance Processes

  • Key Security Metrics  

2. Security Standards and Baselines

  • Key Baselines and Security Configuration Standards

3. Security Compliance Process and Control Assessment

  1. Assessment Methodologies and Approaches

  2. Key Assessment Tools

  3. Results Reporting and Management  

     

    The approach to building risk profiles, key controls and assessment methodologies will be discussed   and applied to the following technology environments:

    1. Virtualization Security

         - E.g. VMware

   2. Operating System Security

        - E.g. Windows Server, Linux

   3. Database Security

       - E.g. Oracle, SQL Server

    4. Network Security

        - Network Perimeter, Firewalls

 

Speaker Profile:

John Tannahill, CA, CISM, CGEIT, CRISC, CSXP

John is a management consultant specializing in information security and audit services.

His current focus is on security and control in large information systems environments and networks. Specific areas of technical expertise include Windows and Linux operating system security, network security, database security and cybersecurity.

John is a frequent speaker in Canada, USA, Europe, Africa and Asia on the subject of Information Security.  He is a member of the Institute of Chartered Accountants of Scotland.

Location

Holiday Inn (Kitchener)
30 Fairway Road S
Kitchener, ON