Updates from (ISC)2 & Measuring Security Posture

Starts: Tuesday 19 July 2011, 5:30PM

Finishes: Tuesday 19 July 2011, 7:00PM

Venue: Westpac, 60 Martin Place, Plaza Level (Ground Floor) Meeting Centre

Speakers: W. Hord Tipton, Executive Director (ISC)2 & Richard Nealon, Information Security Assurance Manager, AIB Bank, Ireland

W. Hord Tipton

Mr. Tipton is the Executive Director for (ISC)², the largest not-for-profit membership body of certified information security professionals worldwide, with over 78,000 members in more than 135 countries. In his current role, he is responsible for overseeing the management team and guiding the organisation's strategic direction in accordance with the (ISC)² Board of Directors. Before joining (ISC)², he served for five years as the Chief Information Officer (CIO) for the U.S. Department of the Interior, and received the Distinguished Rank Award from the President of the United States, the highest lifetime award attainable by a federal civil servant.

Synopsis for W. Hord Tipton's Presentation:

Updates on (ISC)² and the Australian Implications of the (ISC)² Global Information Security Workforce Study. This short Welcome Address will largely focus on the recently completed (ISC)² Global Information Security Workforce Study with an emphasis on Australia. Hord will also give some updates on (ISC)².


Richard Nealon

Mr Nealon has worked in information security and related disciplines within the financial sector for the past 20 years. His current role includes the formulation, management, and reporting of security assurance metrics for an Irish bank. He was one of the first CISSPs in Ireland and has been actively involved as an (ISC)² volunteer for over 10 years. He has a long time involvement with the Irish Information Security Forum (IISF) and is a committee member of the Irish Computer Society Security Professional's Network (ICS SPN). He was the first Irish recipient of the COSAC award (2003).

Synopsis for Richard Nealon's Presentation:

Measuring Security Posture - "Risk comes from not knowing what you're doing." (Warren Buffett)

While "Measuring Security" seems to have been around forever, it still feels like it's a very new concept when you go looking for defined/standard processes.Richard will not tell you how you should measure / report on levels of security assurance, or indeed, what you should be measuring. Rather, he hopes to inspire you to think differently about the issue. In his talk, he will:

  • show you why you should be measuring security, and how it benefits the organisation,
  • help you build the justification for putting a security metrics / assurance program in place,
  • outline the important requirements for a good security metric, and help you recognise bad metrics.


Gathering bad security metrics wastes time, effort and money, and can influence bad strategic business and/or IT decisions.

Guess what gathering good metrics does?


Many thanks to our sponsors:

AISA thanks Checkpoint for sponsoring this meeting.

Check Point _100

 

 

 

AISA thanks Westpac for providing the venue for our Sydney Branch meetings in 2011.

Westpac_100