filmov
tv
Creating an Information Security/Information Assurance Program - Lessons Learned
Показать описание
Creating an Information Security/Information Assurance Program - Lessons Learned
Speaker: Kenneth Grossman (HHS/National Institutes of Health, US)
About Speaker:
Ken Grossman has worked in the information security field for over 20 years and has been instrumental in various major security initiatives. He was a founding member of the Department of Homeland Security's National Cyber Security Division/United States Computer Emergency Readiness Team after establishing an Information Security Program at the US General Services Administration/ Federal Supply Service. Ken joined the National Institutes of Health/National Institute of Allergy and Infectious Diseases (NIH/NIAID) in 2006 where he manages the NIAID Cyber Security Program. Ken oversees the handling and mitigation of NIAID information security events. He also ensures that NIAID adheres to Federal security policies/guidelines and ensures that security audits are performed on covered information systems. He develops NIAID information security policies and training programs and is the liaison with the NIH and other Institutes security programs. Mr. Grossman has an M.S. in Computer Systems Management from the UMUC and a B.S. in Aerospace Engineering from Virginia Tech. His certifications include Certified|Chief Information Security Officer, Certified Information Systems Security Professional, Heathcare Information Security and Privac Practitioner, Certified Information Security Manager, GIAC Certified Incident Handler, GIAC Continuous Monitoring Certification and GIAC Cyber Threat Intelligence.
----
The presentation will discuss the lessons learned from creating an Information Security/Information Assurance program from scratch. Some of the issues that needed to be considered were organization's mission and nature, scope and structure of IS/IA organization (formal vs. virtual, core vs. adhoc), the customer base, organizational politics, regulatory requirements, and organizational dependencies (internal and external). I will also discuss the capabilities, proactive and reactive, that an IS/IA program requires.
Speaker: Kenneth Grossman (HHS/National Institutes of Health, US)
About Speaker:
Ken Grossman has worked in the information security field for over 20 years and has been instrumental in various major security initiatives. He was a founding member of the Department of Homeland Security's National Cyber Security Division/United States Computer Emergency Readiness Team after establishing an Information Security Program at the US General Services Administration/ Federal Supply Service. Ken joined the National Institutes of Health/National Institute of Allergy and Infectious Diseases (NIH/NIAID) in 2006 where he manages the NIAID Cyber Security Program. Ken oversees the handling and mitigation of NIAID information security events. He also ensures that NIAID adheres to Federal security policies/guidelines and ensures that security audits are performed on covered information systems. He develops NIAID information security policies and training programs and is the liaison with the NIH and other Institutes security programs. Mr. Grossman has an M.S. in Computer Systems Management from the UMUC and a B.S. in Aerospace Engineering from Virginia Tech. His certifications include Certified|Chief Information Security Officer, Certified Information Systems Security Professional, Heathcare Information Security and Privac Practitioner, Certified Information Security Manager, GIAC Certified Incident Handler, GIAC Continuous Monitoring Certification and GIAC Cyber Threat Intelligence.
----
The presentation will discuss the lessons learned from creating an Information Security/Information Assurance program from scratch. Some of the issues that needed to be considered were organization's mission and nature, scope and structure of IS/IA organization (formal vs. virtual, core vs. adhoc), the customer base, organizational politics, regulatory requirements, and organizational dependencies (internal and external). I will also discuss the capabilities, proactive and reactive, that an IS/IA program requires.
0:28:47
0:16:08
0:05:42
0:04:02
0:30:33
0:28:25
0:09:53
0:02:15
0:16:58
0:37:41
0:35:41
0:08:57
0:02:49
0:10:59
0:19:48
0:07:16
0:07:15
0:07:07
0:09:33
0:01:14
0:00:59
0:00:15
0:00:53
0:14:51