This presentation will review the ISMS and architectural considerations that need to be addressed.
This presentation will draw on best practices from ISO/IEC 27001, 27002, COBIT and the author's experiences in internal audit and information security.
Areas Covered in the seminar:
- Background of the need for an ISMS.
- The Plan-Do-Check-Act model.
- The need for Risk Management.
- Must use a top-down approach vs. bottom up.
- How to leverage the IIA's GAIT-R to move faster.
- How to select and blend layered controls.
- The need for Situational Awareness.
Who will benefit:
- IT operations and support staffs as well as compliance
- Audit and information security personnel who are looking for best practices relating to Access Management
Instructor Profile:
George Spafford, is a Principal Consultant with Pepperweed and an experienced practitioner in business and IT operations. He is a prolific author and speaker, and has consulted and conducted training on regulatory compliance, IT Governance, and process improvement in the U.S., Australia, New Zealand and China. Publications include co-authorship of “The Visible Ops Handbook" and “Visible Ops Security”. George holds an MBA from Notre Dame, a BA in Materials and Logistics Management from Michigan State University and an honorary degree from Konan Daigaku in Japan. He is a ITIL Service Manager, TOCICO Jonah and a Certified Information Systems Auditor (CISA). George is a current member of the ISACA, the IIA, and the IT Process Institute.
