Recent information security breaches have shown that even the most reputed organizations make fundamental mistakes when implementing their information security programs. While almost everyone patches network vulnerabilities, they often ignore application security, database encryption etc., which sometimes lead to catastrophic results.
A well-managed information security program (and/or unit) has robust plans, procedures, goals, objectives, trained staff, performance reporting, and ongoing improvement efforts. The security program must also specifically mitigate risks in satisfying key business objectives, and this traceability must be clear. Your information security audit should confirm that key risks to the organization are being identified, monitored, and controlled; that key controls are operating effectively and consistently; and that management and staff have the ability to recognize and respond to new threats and risks as they arise. In today's era of advanced persistent threats, it is critical to have an effective information security audit program.
Join this session with Dan Swanson, President and CEO of Dan Swanson and Associates and Yo Delmar, Vice President of GRC Solutions at MetricStream where they will discuss:
- Planning for Information Security Audits in a Constantly Evolving Threat Landscape
- Audit Approach for Evaluating Organizations Information Security Program & Defense-in-Depth Strategy
- Linking Information Security Audit to the Risk & Control Framework
- Reporting Information Security Audit Findings to the Board
- Issues to Watch Out For
Dan Swanson CMA, CIA, CISA, CISSP, CAP - President and CEO, Dan Swanson & Associates
Mr. Swanson led the writing of the OCEG internal audit guide for use in auditing GRC programs and also participated in the SEC sponsored COSO small business task force efforts to provide guidance for small to medium public companies regarding internal control over financial reporting. The author of more than 200 articles on internal auditing and other management topics, Mr. Swanson is currently an independent management consultant and freelance author.
Mr. Swanson published his first book in 2010, entitled: "SWANSON on Internal Auditing - Raising the Bar!" Check out: http://www.itgovernance.co.uk/media/article.aspx?news_id=1369
Yo Delmar - Vice President - GRC Solutions, MetricStream
Prior to EMC, through her own company, Delmar Consulting, Ms. Delmar held interim executive positions at GRC and Security Risk Management companies and provided advisory services to F1000 on the implementation of GRC programs. Prior to Delmar Consulting, Ms. Delmar was President of SPL WorldGroup Americas, a mid-sized systems integration firm and the Senior Vice-President of Technology at SHL Systemhouse, managing 300 people through global operations of over 40 offices.
Ms. Delmar holds a B.Sc. (Honors) in Mathematics and Computer Science and an M.B.A. from Dalhousie University in Canada. She is also a Certified Management Consultant (CMC), Certified in Governance of Enterprise IT (CGEIT), and a Certified Information Security Manager (CISM).