Home > Webinars

Auditing your Information Security Program

Date: Tuesday November 20, 2012
Time: 8 am Pacific | 11 am Eastern
Duration: 1 hour

Recent information security breaches have shown that even the most reputed organizations make fundamental mistakes when implementing their information security programs. While almost everyone patches network vulnerabilities, they often ignore application security, database encryption etc., which sometimes lead to catastrophic results.

A well-managed information security program (and/or unit) has robust plans, procedures, goals, objectives, trained staff, performance reporting, and ongoing improvement efforts. The security program must also specifically mitigate risks in satisfying key business objectives, and this traceability must be clear. Your information security audit should confirm that key risks to the organization are being identified, monitored, and controlled; that key controls are operating effectively and consistently; and that management and staff have the ability to recognize and respond to new threats and risks as they arise. In today's era of advanced persistent threats, it is critical to have an effective information security audit program.

Join this session with Dan Swanson, President and CEO of Dan Swanson and Associates and Yo Delmar, Vice President of GRC Solutions at MetricStream where they will discuss:

  • Planning for Information Security Audits in a Constantly Evolving Threat Landscape
  • Audit Approach for Evaluating Organizations Information Security Program & Defense-in-Depth Strategy
  • Linking Information Security Audit to the Risk & Control Framework
  • Reporting Information Security Audit Findings to the Board
  • Issues to Watch Out For

Dan Swanson CMA, CIA, CISA, CISSP, CAP - President and CEO, Dan Swanson & Associates
Mr. Swanson is a 25-year internal audit veteran, who was the Director of Professional Practices at the Global Office of the Institute of Internal Auditors (IIA). Prior and subsequent to the IIA, Mr. Swanson was an independent management consultant for more than 15 years. He has completed audit projects for more than 30 different organizations, spending almost 10 years in government auditing, at the federal, provincial, and municipal levels, and the rest in the private sector, mainly in the financial services, transportation, and health sectors.

Mr. Swanson led the writing of the OCEG internal audit guide for use in auditing GRC programs and also participated in the SEC sponsored COSO small business task force efforts to provide guidance for small to medium public companies regarding internal control over financial reporting. The author of more than 200 articles on internal auditing and other management topics, Mr. Swanson is currently an independent management consultant and freelance author.

Mr. Swanson published his first book in 2010, entitled: "SWANSON on Internal Auditing - Raising the Bar!" Check out: http://www.itgovernance.co.uk/media/article.aspx?news_id=1369

Yo Delmar - Vice President - GRC Solutions, MetricStream
Ms. Delmar comes to MetricStream with over 30 years of experience in Information Technology and Management, with a focus on Governance, Risk and Compliance over the past 10 years. Most recently, as Director, GRC, EMC Consulting, Ms. Delmar was responsible for launching GRC Advisory Services for the Security and Risk Management Practice of EMC's consulting division.

Prior to EMC, through her own company, Delmar Consulting, Ms. Delmar held interim executive positions at GRC and Security Risk Management companies and provided advisory services to F1000 on the implementation of GRC programs. Prior to Delmar Consulting, Ms. Delmar was President of SPL WorldGroup Americas, a mid-sized systems integration firm and the Senior Vice-President of Technology at SHL Systemhouse, managing 300 people through global operations of over 40 offices.

Ms. Delmar holds a B.Sc. (Honors) in Mathematics and Computer Science and an M.B.A. from Dalhousie University in Canada. She is also a Certified Management Consultant (CMC), Certified in Governance of Enterprise IT (CGEIT), and a Certified Information Security Manager (CISM).

Register to View this Recorded Webinar
Register Now