8 a.m.-5 p.m.
- Slade Griffin, Director of Security Assessments, Contextual Security Solutions, LLC
- Kevin Thomas, Cofounder and CTO, Contextual Security Solutions, LLC
This workshop will focus on developing the foundational elements of an information security program. Each foundational element will be accompanied by three specific starting points so that attendees can, at a minimum, develop a security program framework during the session. Additionally, each element will answer three specific questions to assist attendees in knowing whether they need the element and how to gain buy in from senior executives and board members. One example would be:
Sample Element: Policies and Procedures
- Create an Inventory of Systems and Applications (including any Security Overlays) and prioritize based on criticality to the organization. (~Business Impact Analysis)
- Using the information garnered from Step 1, create configuration guides to ensure new systems are hardened when introduced to the production network (Resource for this step will be provided).
- Develop policies and procedures (using templates) that will ensure that systems maintain a secure configuration throughout their lifecycle (e.g. Patch Management, Change Management, Log Monitoring, etc.)
Three Questions Each Organization Should Ask Themselves:
- Have you documented your IT Security related policies and procedures?
- Are your policies and procedures accurate and reflect the organizations current environment?
- Have the policies and procedures been communicated throughout the organization?
Risks Associated with Not Addressing this Information Security Program Foundation:
- For each Information Security Program Foundation will include a real-world example of how a penetration tester, or hacker, would take advantage of weaknesses in these areas.