Building a Security Improvement Program

Starts: Tuesday 13 April 2010, 5:15PM

Finishes: Tuesday 13 April 2010, 7:00PM

Venue: Ernst and Young, 11 Mounts Bay Road, Perth WA 6000

Topic: Panel Session: "Building a Security Improvement Program" - Building a Security Improvement Program ("SIP") can be a daunting task. Many security professionals have either been asked to create one, or will be tasked with doing so in the near future. Knowing how to go about creating a SIP is often half the battle.

There are a range of approaches that people may use when creating a SIP, broadly grouped into the following categories:

• "Vulnerability" - Performance of a Vulnerability Assessment (VA), with a SIP built to specifically address the issues raised. Vulnerability Assessments are usually technical assessments, and may not look at issues across the organisation.
• "Risk" - Performance of a Risk Assessment (RA), with a SIP built to specifically address the issues raised. Risk Assessments may however be tightly bounded and may lead to blind spots in the understanding of IT risk and the responses to it.
• "General Practice" - Ask your colleagues about the things they are doing. Take the "best" of these and general practice, and try and implement them.
• "Product" - Read the magazines, go to conferences, listen to the vendors. Build a program to implement the most "important" of these items.

In this panel we will be looking at these methods, their strengths, weaknesses and ideas for implementing your own SIP.

MC: Crispin Harris

Crispin Harris, IT Security Specialist for Fortescue Metals Group, is a long term AISA member.

Panellists: Gavin Ryan, Natalie Gastelaars and Herman Veltkamp

Many thanks to our sponsors:

AISA thanks Ernst & Young for providing the venue for our Perth Branch meetings.