Security Frameworks

 

3/1/2020

8 a.m.-5 p.m.

Fee: $650

Instructors:

  • Slade Griffin, Director of Security Assessments, Contextual Security Solutions, LLC
  • Kevin Thomas, Cofounder and CTO, Contextual Security Solutions, LLC

 This workshop will focus on developing the foundational elements of an information security program. Each foundational element will be accompanied by three specific starting points so that attendees can, at a minimum, develop a security program framework during the session. Additionally, each element will answer three specific questions to assist attendees in knowing whether they need the element and how to gain buy in from senior executives and board members. One example would be:
Sample Element: Policies and Procedures
Starting Points:

  • Create an Inventory of Systems and Applications (including any Security Overlays) and prioritize based on criticality to the organization. (~Business Impact Analysis)
  • Using the information garnered from Step 1, create configuration guides to ensure new systems are hardened when introduced to the production network (Resource for this step will be provided).
  • Develop policies and procedures (using templates) that will ensure that systems maintain a secure configuration throughout their lifecycle (e.g. Patch Management, Change Management, Log Monitoring, etc.)

Three Questions Each Organization Should Ask Themselves:

  • Have you documented your IT Security related policies and procedures?
  • Are your policies and procedures accurate and reflect the organizations current environment?
  • Have the policies and procedures been communicated throughout the organization?

Risks Associated with Not Addressing this Information Security Program Foundation:

  • For each Information Security Program Foundation will include a real-world example of how a penetration tester, or hacker, would take advantage of weaknesses in these areas.

 

Advanced UAS Operations
Advanced UAS Operations
Be Purple: What Blue Team Cyber Defenders Need to Know About Red Team Attack Methods
Be Purple: What Blue Team Cyber Defenders Need to Know About Red Team Attack Methods
Communications Infrastructure for Today’s Utility
Communications Infrastructure for Today’s Utility
Contract Management and Oversight
Contract Management and Oversight
Distribution Automation and the Future of DER at Electric Cooperatives
Distribution Automation and the Future of DER at Electric Cooperatives
Grid Ninja 3.0
Grid Ninja 3.0
How to Setup a UAS Operation at your Utility
How to Setup a UAS Operation at your Utility
Managed Services and Outsourcing Considerations
Managed Services and Outsourcing Considerations
MultiSpeak Basics:  Integration Made Easy
MultiSpeak Basics:  Integration Made Easy
MultiSpeak® Integrator Training
MultiSpeak® Integrator Training
Proactive Performance Coaching
Proactive Performance Coaching
Procurement and Supply Chain Fundamentals
Procurement and Supply Chain Fundamentals
Security Frameworks
Security Frameworks
Wi-Fi 6 New Sand Security Options
Wi-Fi 6 New Sand Security Options