>> Controls Track 

 

Meaningful Security Metrics

Selecting and implementing practices and security controls are foundational to achieving the desired security posture. It is also critical to measure in order to make better-informed management decisions, take appropriate actions and change behaviors. Security metrics will give you the tools to change behaviors and to build a case for the kind of changes you want to make to your organization's security posture. Metrics illustrate how a given behavior or control is working or not and justify how or why it should be changed.  This session will share how to put security metrics to work for you to identify the areas where you’re weak and build a strong business case that drives change.

    Cynthia Harris, CISM, PMP, MPA, Lean Six Sigma Black Belt - Manager, Organizational Effectiveness, Xerox

    Cynthia Harris is the Organizational Effectiveness Manager for Xerox Global Information Security.  Cynthia has over 15 years of IT security and project management experience. In the past she has worked for Xerox and several other companies as a operations excellence manager, program and project manager and process champion.

Internal Audit's Prudent Brave, Not-So-New World

The always-increasing focus on the use data for business decisions demands Internal Audit’s attention. Expectations are increasing for CAE’s to match the pace of business, if not contribute to it’s acceleration. Audit teams also need to find ways to increase the value provided through assurance and advisory practices, without becoming a drag on the company. This presentation will focus on various frameworks for launching and enhancing Audit’s data analytics practices. The session explores, through discussion and examples, practical approaches for implementing data analytics in planned audits, continuous audits and continuous risk monitoring.

    Charlie Seitz, CISA, CIA, ACDA, Senior Manager, Frontier Communications

    Charlie Steiz, CISA, CIA, ACDA is a Senior Manager within Frontier Communications Internal Audit department, currently tasked with expanding the department’s audit analytics portfolio. Prior to working on Frontier, Charlie spent 10 years in IT Audit roles with a common thread of building new organizations and platforms. He launched Audit Tools organizations for the Internal Audit teams at GE Capital and Pitney Bowes.  He moved into Internal Audit after the IPO of another financial services business, assisting in the initial setup of the Internal Audit group.  Prior to Charlie’s Audit career, he worked in IT consulting, operations and development roles for various organizations across multiple industries including service in the US Navy.

"Classified or Just Classy? - Kicking Ass(ets) with Data Classification"

Don't build a $100 fence around a $10 horse.This advice continues to escape organizations for one reason - they don't know which assets to protect. Data classification is the process of inventorying, labeling and defining handling requirements for assets according to their importance and sensitivity, yet it is as much art as it is science. Implementing data classification can have profound benefits but it requires practicality, visibility and a steady hand.Join GreyCastle Security as we explore the barriers to classification, demystify the process and demonstrate how classification can save your organization time, money and energy.

Attendees will learn:

- The 5 assets you must consider protecting

- Tips for developing your classification policy

- Common classification pitfalls and how to avoid them

    Dan Didier, MSIA, CCSP, TSS, Founder, NetSecureIA; Vice President of Services, GreyCastle Security

    Dan Didier (MSIA, CCSP, TSS) is an entrepreneur, speaker, founder of NetSecureIA and Vice President of Services for GreyCastle Security.
    With nearly 16 years of security experience in a wide range of industries including critical infrastructure, finance, healthcare, manufacturing and other prominent industries, Dan brings extensive expertise as a technical security engineer and business-focused risk manager.
    Dan's unique background allows him to bridge the gap between people, process and technology and adapt to the unique cybersecurity challenges that organizations face today.

Castles, Moats, and Alligators, Oh My!

We will be talking about modernizing network design and management to improve manageability and security.  I will talk about castles, banks, and border walls.  I will also talk about moving from a prevention based strategy to one that includes a strong detection capability.

    Hank Carr

    Hank Carr  spent 22 years in the Government of Canada in Defence, Foreign Affairs, and Corrections in roles ranging from LAN and WAN Management, Plant Construction, Security Operations and Security Policy.  After leaving the Government in 2011, he joined a small VAR in Ottawa.  Last year he joined Damballa which was then purchased by Core Security.  I am now the Sales Engineer specializing in over the horizon malware detection, active threat detection, and breach detection.