Building a Security Improvement Program
Starts: Tuesday 13 April 2010, 5:15PM
Finishes: Tuesday 13 April 2010, 7:00PM
Venue: Ernst and Young, 11 Mounts Bay
Road, Perth WA 6000
Topic: Panel Session: "Building a Security
Improvement Program" - Building a Security Improvement Program
("SIP") can be a daunting task. Many security professionals have
either been asked to create one, or will be tasked with doing so in
the near future. Knowing how to go about creating a SIP is often
half the battle.
There are a range of approaches that people may use when
creating a SIP, broadly grouped into the following categories:
- "Vulnerability" - Performance of a Vulnerability
Assessment (VA), with a SIP built to specifically address the
issues raised. Vulnerability Assessments are usually technical
assessments, and may not look at issues across the
- "Risk" - Performance of a Risk Assessment (RA), with a SIP
built to specifically address the issues raised. Risk Assessments
may however be tightly bounded and may lead to blind spots in the
understanding of IT risk and the responses to it.
- "General Practice" - Ask your colleagues about the things
they are doing. Take the "best" of these and general practice, and
try and implement them.
- "Product" - Read the magazines, go to conferences, listen
to the vendors. Build a program to implement the most "important"
of these items.
In this panel we will be looking at these methods, their
strengths, weaknesses and ideas for implementing your own SIP.
MC: Crispin Harris
Crispin Harris, IT Security Specialist for Fortescue Metals
Group, is a long term AISA member.
Panellists: Gavin Ryan, Natalie Gastelaars and
Many thanks to our sponsors:
AISA thanks Ernst & Young for providing the venue for our
Perth Branch meetings.