Achieving compliance: a real-world roadmap

A security manager's responsibilities extend beyond the technical aspects of the job. These days, effective governance and compliance are just as essential.

A security manager's responsibilities extend beyond the technical aspects of the job. These days, effective governance and compliance are just as essential.

This track explains how to build an effective compliance program, define metrics to measure security's success and ensure business continuity should the unexpected occur.

Sessions available for download (click title to download slides) include:

Metrics for Security Investment
Speaker: Dr. Shawn Butler, cyLab's risk management interest group.
Despite the proliferation of automated risk, security information management tools and incident response teams, organizations have terabytes of data that provide limited insight into how they should invest. In order to answer the question "Did we make the right security investment decisions," it is important to explicitly identify the objectives and determine which metrics are needed to support the spending process. This presentation examines ways to improve your security metrics program by closing the gap between the metrics you need and the metrics you are collecting.
For more information: Read Metrics needed to guide application security decisions

Making Information Security a Business Issue
Speaker: Eric Holmquist, VP and director of risk management, Advanta Bank Corp.
Too often information security is perceived, and even managed, as IT's responsibility, when in fact it is the business that ultimately owns the risk. However, positioning information security correctly can have profound implications on budgets, senior support, staff participation and the overall quality of the program. This session explores strategies for positioning and managing information security as a business issue rather than just a technology one.
For more information: Read Introduction to security governance

Lessons in Disaster Recovery: A 9/11 Survivor's Story
Speaker: Donna Childs, founder and CEO, Childs Capital LLC
Manmade and natural disasters are a constant threat to enterprises big and small. Staying in business when your network's destroyed and your employees are disbursed is something 9/11 survivor Donna Childs knows all too well. The president and CEO of Childs Capital was at the World Trade Center when terrorists struck. In this session, Childs shares her strategies for staying up when everything else is down and offers advice as how to effectively plan for the unexpected and then cope once the unforeseen hits.
For more information: Read Disaster recovery success begins and ends with the basics

Strategic Compliance: Continuous Process Improvement
Speaker: Diana Kelley, VP and service director, security and risk management strategies service, Burton Group.
This session enables security practitioners to extend the lessons they learned in meeting regulations like Sarbanes-Oxley and Gramm Leach Bliley, to a new crop of mandates. With a special focus on the Payment Card Industry Standard and the Federal Financial Institutions Examination Council authentication standards, it investigates ways to build a strong compliance program that doesn't require businesses to reinvent the wheel each time a new regulation impacts them.
For more information: Visit SearchSecurity.com's Compliance All-in-One Guide.


Go to the full listing of sessions
Go to Track 1: Proven Tactics to Repel Emerging Threats
Go to Track 2: Enhanced Identity and Access Management
Go to Track 4: Snyder On Security: An Insider's Guide to the Essentials

Read more on IT risk management