When: December 7, 2016 - 1300-1630
Where: RTP HQ
ISACA-RTC Members - Free (Log in to register)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $25
All Others: $40
CPEs: Upto 3
Handouts: When Available
Session I. Defense in Depth: Securing your enterprise for beginners
You just started as the Information Security Leader for a company and found out nothing is in place! Where do you begin “eating the elephant”? Where do you invest you time, money, and efforts to protect your organization? Without the experience of starting a security program from scratch this can seem like a daunting task to most people. This presentation is a walkthrough of developing a security program based on an age-old military defense, the multiple wall defense! You will learn effective defenses starting with the easiest and often time most susceptible – the people, and how not to put “all your eggs in one basket”.
The audience is broad for this topic and is meant for senior level, non-security and seasoned security audience members to understand what is involved in building a full program.
Session II. Defining Security: Vulnerability Testing, Penetration Testing, and Network Assessments – Defining your requirements
Many of us are faced with compliance for multiple frameworks or sometimes a customer may ask for a “test” before conducting business with you. Do you know what the difference is and would you be able to tell which one is the one you need? In this day there are many vendors offering a variety of services for security but many of us do not know enough to shop smartly. This presentation explains to users what the difference in the three options and how they are meant to be effective in protecting your environment. The discussion will explain requirements for regulatory frameworks like PCI and HIPAA and how to select what you need from the various vendor offerings. Why is a penetration test done annually or when big changes occur? What exactly does “large changes in your environment” mean?
The audience for this topic is for people responsible for regulatory compliance and those interested in understanding the differences and how they impact your organization.
Speaker: Mike D’Arezzo, Director of Security Services, SLAIT Consulting
Michael (Mike) D’Arezzo has enjoyed a 17-year career in Information Technology and security. Prior to joining SLAIT Consulting as Director of Security Services, Mike has performed a myriad of IT functions at major law firms, MICROS Systems (now Oracle), AMF Bowling (now Bowlmor AMF), and the General Electric Company. While at GE, Mike was an instrumental leader in building GE's Third Party Risk Compliance and Software Governance programs. Michael has extensive experience in building security programs, like Asset Management and Software Governance, and developing and preparing organizations for Regulatory Compliance (including FFIEC, HIPAA, and PCI) and regional and global regulatory frameworks. His experience at General Electric included building and maintaining the Third Party Risk Compliance Infrastructure for all GE’s businesses including GE Capital.
Michael holds a bachelor’s degree in IT Management specializing in Security & Compliance from the University of Richmond and holds both CISSP and CISA certifications.