 |
||||
 |
 |
|
Home | |
 |
||||
|
||||
|
|
|
ISACA/ITGI | |
|
||||
|
||||
|
|
|
Membership | |
|
||||
|
||||
|
|
|
Awards | |
|
||||
|
||||
|
|
|
Events | |
|
||||
|
||||
|
|
|
Conferences | |
|
||||
|
||||
|
|
|
Certifications | |
|
||||
|
||||
|
|
|
Office Holders | |
|
||||
|
||||
|
|
|
Bylaws | |
|
||||
|
||||
|
|
|
Links | |
|
||||
|
||||
|
|
|
Discussion Board | |
|
||||
|
||||
|
|
|
Bookstore | |
|
||||
|
||||
|
|
Join ISACA | ||
|
||||
|
||||
|
|
Contact Us | ||
|
||||
|
||||
|
|
|
Member Login | |
|
||||
ISACA was founded in 1969.
|
||||
Latest
Security News |
ISACA Security Training Course for Executives, Information Security, Audit
and Risk Managers
A NEW APPROACH TO INFORMATION SECURITY MANAGEMENT METRICS
Spectacular security failures persist despite huge increases in security budgets and ever-more draconian regulation.
Organizations must understand they can’t manage a successful security program with just the 20/20 hindsight of audits and torrents of technical data.
Reliance on best practices and international standards simply can not replace essential knowledge provided by relevant and meaningful metrics - you can’t manage what you can’t measure.
Course details:
Venue: RSM Bird Cameron, Level 4, North Tower, 191 Pulteney
Street
When: 21 November 2008.
Payment: Cost is $500, inc. GST, lunch and refreshments.
This course is organised by ISACA Adelaide Chapter (ABN 84 695 527 331).
After the submission of this form we will send you the invoice and the information pack.
Attendence cancellations will incur $150 administration fee (inc. GST). Substitutions can be made free of charge.
Event Cancellation: ISACA Adelaide Chapter reserves the right to change the program and speakers or cancel the course when conditions beyond our control prevail. Each delegate shall be advised if the course is cancelled and, in such circumstances, our liability is limited to refunding the course fee only.
You can download the course flyer.
Registration
Course Outline
Technical security metrics are abundant but just as an automobile speedometer won’t tell you if you’re going the right direction, so is the avalanche of technical data incapable of answering questions such as:
-
How secure is my organization really?
-
How much security is enough? How much is too much?
-
Is the security program headed in the right direction?
-
Are security resources adequate and used to the best effect?
-
Are critical controls working? How well? How do we know?
Seeing clearly where you have been just isn’t enough to steer a secure path into the future. The inescapable fact is that the history provided by audits is insufficient to manage increasingly critical and complex information security programs that typically contain thousands of moving parts. The way forward can’t be charted with just 20-20 hindsight. The path to the future can’t be paved with experiences of the past in these turbulent times of ever-changing threat landscapes. And best practices aren’t the answer, they are just a poor substitute for real knowledge.
Course Features
-
Provides a compelling business case for information security management metrics.
-
Details a comprehensive overview of current and evolving security metrics.
-
Demonstrates the near total inadequacy of contemporary approaches to security management metrics
-
Presents a step-by-step approach for developing metrics essential to managing security – strategic, tactical, and operational
-
Provides a framework and process to measure and monitor meaningful aspects of information security
-
Includes case studies, support material and security taxonomies
-
Having determined information security objectives and developed a governance framework, effective security program management is not possible in the absence of meaningful, actionable metrics.
While the ability to measure many specific technical aspects of IT ‘security’ have improved substantially, they are incapable of telling us much about the state of overall information security of the enterprise. Certainly, technical metrics are relevant at the technical level, but the broader issues of non-technical process and procedural security must also be monitored and effectively measured if security management is to advance and be able to answer such questions as:
-
How secure is the organization?
-
Is governance effective?
-
Are we achieving our objectives?
-
How much security is enough?
-
How do we know when we have achieved it?
-
What are the most cost-effective solutions?
-
How do we determine the degree of risk?
-
How well can risk be predicted?
-
Are we moving in the right direction?
You will learn
-
The current state of security metrics
-
Why current metrics are useless for information security management
-
Why the best security metrics have nothing to do with measuring security
-
How to define the desired outcomes for information security clarify the relationship of governance and metricsmethods and processes to gain management consensus on security program development
-
How to develop security program objectives to achieve those outcomes translating outcomes into defined objectives developing a strategy to achieve the objectives
-
A hands-on approach to developing meaningful metrics to navigate the security program to achieve the objectives including:
-
Strategic metrics
-
Program development metrics
-
Management metrics
-
Operational metrics
-
© 2008 ISACA® Adelaide Chapter. All rights reserved. ISACA Adelaide Chapter Website Privacy Policy.
All queries relating to this site should be addressed to the webmaster. ISACA Adelaide Website counter: