CPE Credits: 8
Session Highlights
Key information security governance controls, including a risk-based approach to design, operation and assessment of security and controls are critical to ensuring that an organization’s information assets are adequately protected to prevent compromise.
This session will discuss a risk-based approach to assessment of security and control in the following areas:
- Configuration Management Controls
- Security Configuration Standards
- Build Processes
- Patch and Change Management Processes
- Security Event Monitoring
- Vulnerability Assessment & Management
- Security Compliance Processes
1. IT Infrastructure Risk & Control
-
Information Security Governance
-
Security Policy and Standards Framework
-
Mapping IT Infrastructure to Application Systems and Business Processes
-
Security Architecture & Design
-
Risk Assessment Processes
-
Threat and Vulnerability Management
-
Security Compliance Processes
-
Key Security Metrics
2. Security Standards and Baselines
3. Security Compliance Process and Control Assessment
-
Assessment Methodologies and Approaches
-
Key Assessment Tools
-
Results Reporting and Management
The approach to building risk profiles, key controls and assessment methodologies will be discussed and applied to the following technology environments:
1. Virtualization Security
- E.g. VMware
2. Operating System Security
- E.g. Windows Server, Linux
3. Database Security
- E.g. Oracle, SQL Server
4. Network Security
- Network Perimeter, Firewalls
Speaker Profile:
John Tannahill, CA, CISM, CGEIT, CRISC, CSXP
John is a management consultant specializing in information security and audit services.
His current focus is on security and control in large information systems environments and networks. Specific areas of technical expertise include Windows and Linux operating system security, network security, database security and cybersecurity.
John is a frequent speaker in Canada, USA, Europe, Africa and Asia on the subject of Information Security. He is a member of the Institute of Chartered Accountants of Scotland.