Recorded Live:September 28, 2010Download the presentation slides
CLICK HERE to register for this ISSA Web Conference
Web Conference Overview:
Risk Management is still very much an area fraught with challenges for the Infosec professional. Addressing risk is a central part of any Information Security Management System (ISMS), and the better we can manage risk the more effective, efficient and aligned to the business our ISMS is likely to be. Just as ISMS review is an iterative process, risk management review should be too. Our speakers discuss how we can best formalize the Risk Management Lifecycle to help us improve security and the quality of our Infosec decision making.
Today, businesses of all sizes are challenged to keep up with the growth of digital information, data, and content. The growth in digital records, forecast to top 2.5 zetabytes worldwide by 2012, and the increasing percentage of digital records being designated of critical business value, places the onus on end-users to rethink risk and information management strategies to create and deploy the most effective policies, processes, and technology solutions for digital content. The establishment of a pragmatic strategic information management (SIM) discipline that is accepted and funded by executive management is now essential for all organizations. This presentation with discuss the essential elements of a SIM program for achieving board approval and understand and quantify the scope of the challenge, potential risks and business exposure, and the targeted paybacks (e.g., risk mitigation, process efficiency, infrastructure savings).
Cryptography as an Essential Element of a Risk Management Lifecycle Program
Ralph Spencer Poore, CFE, CISA, CISSP, CHS-III, CTGA, QSA - Chief Cryptologist, Cryptographic Assurance Services LLC
Ralph has over thirty years of information technology experience with emphasis on privacy, security, audit, and control in electronic commerce, enterprise systems, and enabling technologies. An author, speaker, inventor, and instructor, he is well known in the information security profession.
Ralph is a Certified Fraud Examiner (CFE), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Homeland Security—Level III (CHS-III), Certified TG-3 Assessor (CTGA), PCI Qualified Security Assessor (QSA), and Toastmaster (CTM/CL).
Are You Managing the Right Risk?
Don Gray - Chief Security Strategist, Solutionary, Inc.
A veteran of technology applications development since 1991, Don brings "in-the-trenches" information security experience to his role as Solutionary’s Chief Security Strategist. In his role, Don leads the Solutionary Engineering and Research Team (SERT) and is directly involved with researching new threats and overall information security trends. Don is regularly quoted in the media as an information security expert and is a frequent speaker at industry events including Gartner Security Summit, Forrester Security Forum, CSO Breakfast Club series and key channel partner events.
Risk, Security, and Strategic Information Management
Michael Versace, CISSP - Partner, The Wikibon Project
Michael Versace, CISSP is a 25 year veteran of the information security, consulting, and financial services industries. Currently a Consulting Partner and Principle Research Contributor toThe Wikibon Project,Mike is delivering research and advisory services to end-user organizations and technology firms with a focus on virtualization and cloud computing, and the impacts on information management , cybersecurity and compliance, total customer quality and service, and application benchmarking.
Michael’s experience as a practitioner comes from the investment services and banking sectors in positions with Fidelity Investments, the Federal Reserve Banks, including US Treasury Department Financial Management Services, and BayBanks, and with technology and services firms including NEC Global, ZEFER, and PwC.
Through his career Michael has held several top level industry positions, including Managing Executive with the Financial Services Technology Consortium ("FSTC”), Chairman of ISO Technical Committee on Information Security for Financial Services, Board member of the Accredited Standards Committee X9, and Advisory to the NACHA Internet Council. Mike is currently on the Board of the (New England Chapter) Information Systems Security Association ("ISSA”) in Boston, serves on the ISSA Connect Council, and advisor to security several technology startups.