AISA ISMS Users Group Meeting November 2011 (1)

Starts: Friday 25 November 2011, 12:00AM

Finishes: Friday 25 November 2011, 12:00AM

Date: Friday 25 November 2011

Time:
Brisbane: 1:00pm for 1:30pm to 4:00pm
Melbourne: 2:00pm for 2:30pm to 5:00pm
Perth: 11:00am for 11:30am to 2:00pm
Sydney: 2:00pm for 2:30pm to 5:00pm

Venues:
Venue information is published on this page which can be viewed by AISA ISMS Users Group members who have logged in: November 2011 Meeting information for AISA ISMS Users Group Members.

RSVP: RSVP before Wednesday 23rd November 5pm is ESSENTIAL for access to the venues in Brisbane, Melbourne, Perth and Sydney.

AISA ISMS Users Group members who have logged in can RSVP online via: November 2011 Meeting information for AISA ISMS Users Group Members.

AISA ISMS Users Group:

AISA Focus Groups are for members with specialist interest in specific areas - in this case ISO/IEC 27001, ISO/IEC 27002 and related standards.

There is no extra charge for any AISA member in good standing to join the AISA ISMS Users Group or any other of our Focus Groups. Please note the activities of AISA Focus Groups will assume its members already have some understanding of the relevant area and are prepared to contribute to the discussions on it.

Read more via the Focus Groups page of this website.

Agenda:

  • Presentation by Neil Cameron on "How to embed an effective ISMS into an organisation's PCI-DSS compliance obligations"
  • Presentation by Swapnil Patil on "Benefits of strategy based governance for effective ISMS"
  • All - Round Table Discussion

Sign-in will start at 2:00pm (Sydney/Melbourne time). Members are requested to please arrive by 2:15pm at the very latest as the presentations must start promptly at 2:30pm. Members in Brisbane and Perth please adjust time difference for your location, and arrive at least 15 minutes before the start of the presentations.

Details:

"How to embed an effective ISMS into an organisation's PCI-DSS compliance obligations"

The topic covers :

  • Initial process flow that ISO certification would expect to see when designing an ISMS;
  • PCI-DSS incorporation that involves what would be the right scope option for an organisation. Option examples include:
Option 1 - Have the CDE the scope of the 27001 based ISMS;
Option 2 - Have the entire organisation in scope and apply PCI-DSS controls to the entire organisation;
Option 3 - Have the entire organisation in scope of the ISMS, with PCI-DSS specific controls applied to the CDE and all controls applied on a risk based approach.

  • ISMS implementation stages such as management agreement and sign off, mapping of PCI-DSS requirements (or any others) and controls captured within ISMS;

  • Once the implementation phase had been reached and the supporting docs had been amended to capture PCI-DSS and other regulatory obligations, then following the "Plan-Do-Check-Act" cycle, we believe an organisation could then verify compliance by just having their ISO Annual and Surveillance audits being carried out verifying not only 27001 compliance but adherence to regulatory requirements such as PCI-DSS in this case.


Neil Cameron

Neil Cameron is the Managing Consultant for Bridge Point's Governance, Risk & Compliance (GRC) practice in Sydney.

Neil is a seasoned Information Security professional with more than 15 years of experience, having worked in various countries around the world. He specialises in auditing, compliance, risk, penetration testing, vulnerability management and infrastructure security architecture to name a few.

In addition to holding various senior Information Security consulting roles, Neil has also held global senior management positions within the oil and gas industry.

Neil is a highly qualified Information Security expert with numerous certifications; a selection being 27001 Lead Auditor, PCI QSA, CRISC, MCSE, MCSA. During his career Neil has also attended various SANS training security specialty courses.

"Benefits of strategy based governance for effective ISMS"

The presenter will use case studies to throw some light on the importance of establishing a governance model aligned to business processes under the scope of implementation:

  • The importance of establishing an ISO27001 standard compliant model;
  • Challenges faced in identifying the extent of upper management involvement;
  • The right approach - business process driven or services based?
  • The need for finding the right sized and sustainable model.

Case Studies to be covered :

  • Enterprise wide certification for one of the leading banks in the Middle East;
  • Risk Management for a leading bank in Australia;
  • Enterprise wide certification for a leading telecom service provider in India;
  • Certification for selected branches of a Government agency in Australia.


 Swapnil Patil

Swapnil Patil is a Senior Consultant, working with the Governance Risk and Compliance practice at Wipro Consulting Services.

He brings in rich diversified experience of conducting internal audits, compliance and risk assessment framework implementations in complex environments; third party/ vendor assessments and end-to-end implementation of AS/NZS ISO 27001:2005 standard with the scope ranging from few business functions to an entire organisation.

Swapnil has a track record of assisting clients for ISO27001 certification without any major non-conformity throughout all the projects he has executed. He has been advising clients from a range of verticals including Retail, Telecom, BFSI, Utilities, Government and ITES in Australia, India and the Middle East.

Before joining Wipro, Swapnil managed the Audits and Compliance charter at IBM Global Services for one of their largest outsourcing accounts in India.


RSVP: RSVP before Wednesday 23rd November 5pm is ESSENTIAL for access to the venues in Brisbane, Melbourne, Perth and Sydney.

AISA ISMS Users Group members who have logged in can RSVP online via: November 2011 Meeting information for AISA ISMS Users Group Members.