“When you talk with Pabrai about security, his energy and passion fill the room. With two decades of hands-on experience with Who’s Who clients across many verticals, he is the security master.”
Pradeep Kar, Founder
Microland Group, Chairman and Managing Director
|
The Art of Information Security
This security strategy brief discusses the security challenges of today and provides a seven-step framework, a road-map, to secure the business information infrastructure and vital digital assets on an ongoing basis. Step through how to establish a “robust and roving” defense that includes passive and active components to continuously protect your infrastructure from the “edge” to the “core.”
New technologies introduce new risks. For example, today, wireless systems are the weak links in business infrastructure. It is no less a threat than those from the Internet. Lack of user authentication, weak encryption, patch management, and poor network address management are some examples of wireless security challenges of enterprise networks. The proliferation of mobile devices and wireless communication are introducing new security gaps in both the wired and wireless infrastructure that must be addressed.
Learn about development of security strategy and policies that not only satisfy regulatory compliance requirements such as those related to HIPAA and Sarbanes-Oxley but also provides the blueprint for a more secure business. Quickly review important frameworks and references including ISO 17799/BS7799, CobiT Security Baseline and the NIST.
Packed with scenarios and case studies, this session examines best practices to secure enterprise digital assets and the information infrastructure. Leave the event with a complete set of InfoSec policy templates that you can easily customize for your business.
Target Audience
Security officers, CIOs, CTOs, senior security practitioners, and senior IT professionals will all directly benefit from this brief.
“The Art of Information Security is an extremely well-researched and exhaustive work covering the vast expanse of considerations that affect organizations in the security arena. The overall effort in compiling this piece is commendable.”
Ganesh Natarajan, Chief executive, Zensar Technologies
Charter member, TiE and Member of NASSCOM |
The Art of Information Security
Session Outline
Module 1: Business Security Strategy
- Business Nervous System
- Under Siege: Rising Threat
- Core Security Objectives
- Role of the Information Security Officer
- Job Description
- Role in Organization
- Regulatory Compliance Challenges
Case Study: Applying Sarbanes-Oxley controls and HIPAA Security safeguards as Best Practices in Your Business
Module 2: Digital Identity Management
- The Challenge: Passwords & Unique Identifiers
- Authentication and Authorization
- Strong Authentication
- Solution Options:
- Authentication Tokens
- Smart Cards
- Biometr
Case Study: Fine-tune an identity management policy to take back for your organization.
Module 3: Risk Analysis
- Comprehensive & Thorough
- Critical Process Elements
- Vulnerability Assessment (Penetration Testing)
- Tools
- Report Organization
- Developing a Remediation “Action” Plan
Module 4: Contingency Plans and Disaster Recovery
- “Availability” Principle
- Business Impact Analysis (BIA)
- Data Backup Plan
- Disaster Recovery Plan
- Emergency Mode Operation
- Testing and Revision Procedures
- Application and Data Criticality Analysis
Case Study: Walk-thru the essential elements of a completed Business Continuity Plan.
Module 5: Wireless Security Challenges
- Wireless Applications in Business
- IEEE 802.11 Standards
- Wireless Network Components
- Wireless Security Protocols
- Case Study: Developing a Policy for Wireless Security
Case Study: Design a secure wireless infrastructure. Establish the foundation for a terrific wireless security policy – all in class.
Module 6: Digital Signatures & Certificates
- Requirements
- Digital Signatures
- Digital Certificates
- Public Key Infrastructure (PKI)
Module 7: Last Line of Defense, Encryption
- Business Drivers
- Mobile Devices
- Wireless Infrastructure
- Web-based Services
- Encryption Standards
- Message Digests (Hashing)
Case Study: Develop a Business Encryption Policy that addresses threats related to the Internet and mobile devices.
Module 8: Security Best Practices
- Important Standards, Frameworks and References
- ISO17799/BS7799
- CobiT Security Baseline
- NIST
- Critical Steps for Enterprise Security
- Enterprise Risk Analysis
- Vulnerability Assessment (Penetration Testing)
- Conducting a BIA
- Security Vision: “Edge” to Core” Defense
- Remediation: Defense-in-Depth
- Perimeter Security
- Malicious Software Defense
- Wireless Defense
- Audit Controls and Risk Management
Case Study: Walk-thru an Enterprise Security Strategy Blueprint document. Create a template for your business in class.
“In his practice and in his writing, Mr. Pabrai demonstrates not only a deft understanding of information security but also the ability to clearly communicate it. The Art of Information Security succinctly ties together principles, strategy, and tactics - the necessary components for a clear understanding of information security.”
Joel M. Fulton, CISSP, CISA, CISM, CHSS, CHP |
