CISSP Boot Camp & become Certified Information Systems Security Professional, ISC2 Certified Trainers, 9/10 Passing, Cost inclusive of 5000 CISSP Test Questions.
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB
The webinar covers:
• Determine the critical business and technology functions in your organization
• Understand the basics of a business continuity and disaster recovery plan
• Overcome obstacles when implementing a business continuity program for the first time
• Develop the necessary expertise to support your organization in implementing the ISO 22301 standard for organizational resilience.
Presenter:
This webinar was presented by Bryan Strawser, Principal Consultant & CEO at Bryghtpath LLC, who has more than 21 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/GG8XKN5GlKU
CISSP Boot Camp & become Certified Information Systems Security Professional, ISC2 Certified Trainers, 9/10 Passing, Cost inclusive of 5000 CISSP Test Questions.
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB
The webinar covers:
• Determine the critical business and technology functions in your organization
• Understand the basics of a business continuity and disaster recovery plan
• Overcome obstacles when implementing a business continuity program for the first time
• Develop the necessary expertise to support your organization in implementing the ISO 22301 standard for organizational resilience.
Presenter:
This webinar was presented by Bryan Strawser, Principal Consultant & CEO at Bryghtpath LLC, who has more than 21 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/GG8XKN5GlKU
Achieving integrated mandatory compliance with ISO 31000PECB
The webinar covers:
• Overview of ISO 31000
• Overview of PCI and HIPAA compliance
• Achieving integrated compliance through ISO 31000
Presenter:
This webinar was presented by Bogdan Dragomir, a security professional with over 24 years of experience in the IT field over 5 years as a Regional Security Manager with Savvis Communications being responsible for leading multiple security initiatives, being trusted adviser for many companies in South and Central US and coordinating penetration testing across US and UK. He is an expert in the area of Risk Management, Integrated Compliance, Secure Architecture Design and Analysis, Incident Management, Security Assessment and Auditing.
Link of the recorded webinar published on YouTube: https://youtu.be/gzwOFKCOYVo
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB
The webinar covers:
• The start of any ERM Program
• Link between Strategy, ERM and ISO 31000
• Periodic Risk Review – Game Lost
Presenter:
This webinar was presented by Eddie de Vries, a PECB ISO 31000 Certified Risk Manager and Trainer with 20 years’ experience in Quality Management and more than 12 years’ experience in Enterprise Risk Management.
Link of the recorded session published on YouTube: https://youtu.be/UR6ObDfY1QM
Safety Health, Environment and Quality Management is an all-embracing title.
Not harming the environment means more than just adhering to legal guidelines and internal corporate standards. It involves actively doing everything possible to mitigate any ecological damage resulting from our business activities.
The main SHEQ processes are tied into 'ISO Standards'. By including SHEQ into our integrated management system (IMS) we address most of the management commitment issues we face on a daily basis.
Main points covered:
• Enterprise-Wide Risk Management
• Competence Training
• BBC in context VS Awareness Campaign
Presenter:
Francois Labuschagne who is the Chief Executive Officer for DQS Pty) Ltd South Africa. Francois has more than 12 years’ experience in the management system development, education, and certification environment, including 8 years at an executive management level.
Link of the recorded session published on YouTube: https://youtu.be/XubeGiDBQow
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
ISO 27001 Implementation using Force Field AnalysisPECB
Force Field Analysis is a useful decision-making technique. It helps you make a decision by analyzing the forces for and against a change, and it helps you communicate the reasoning behind your decision. This webinar explains tools that should be used and questions that you should consider during your analysis. Also, it will explain how to use your analysis, useful tips and ISO 27001 implementation force field analysis example.
Main points covered:
• Questions to consider during your analysis
• Gap analysis
• Strategies that could be followed
Presenter:
This webinar was hosted by David Smart, PECB Certified Trainer and Managing Director of Smart ISO Systems / Smart Mentoring.
Link of the recorded session published on YouTube: https://youtu.be/Cih-6LeUA7I
Risk management is a key to success, it is about escaping threats and maximising opportunities. M_o_R framework includes principles, approach, process, embedding and reviewing M_o_R. This is a very brief introduction to M_o_R risk management.
Risck intelligence in the energy and resources industry Franco Ferrario
DELOITTE TECHNOLOGIES
Risk Intelligence in the Energy & Resources Industry
Enterprise Risk Management Benchmark Survey Report
Upload by Franco Ferrario CIO Temporary Manager
White paper pragmatic safety solutionsCraig Tappel
Small to mid-sized firms have a variety of safety-related challenges and priorities to address. The safety function is typically assumed by someone from Human Resources, Facilities, Finance, and/or Operations. We are not attempting to make anyone an expert in any of these areas; rather, we aim to provide a general guide to what key safety priorities to focus on, given limited time and capital resources.
Key considerations for an appropriate scope for all management systemsPECB
In this webinar, we will discuss key consideration for an appropriate scope of all management systems. We will focus on how to better understand the context, issues and the boundaries of all management systems.
Main points covered:
• Understanding the Context
• Understanding the Issues
• Understanding the Boundaries
Presenter:
The presenter of this webinar will be Opeyemi Onifade, CISSP, CISA, CISM, CGEIT, ISO 27001LA/LI, ISO 20000 LI; he is an IT Governance professional and management consultant. He has led teams to successfully comply with and certify to standards including PCIDSS, ISO 27001 and ISO 20000 in the last 36 months. He is also an accredited trainer and consultant for COBIT 5.
Link of the recorded session published on YouTube: https://youtu.be/9Z0crixRnlE
[D.O.W.N.L.O.A.D] Business Continuity Management System: A Complete Guide to ...rojejo121
A Business Continuity Management System (BCMS) is a management framework that creates controls to address risks and measure an organization's ability to manage disruptions. The International Standard, ISO 22301, helps protect against the threats, including natural disaster, IT failure, staff illness, terrorist threat or a disruption in the supply chain. It provides a framework for assessing critical suppliers and their associated risks, assessing current business practices and planning contingency measures, so when disruptions happen, businesses are prepared and able to respond effectively.Business Continuity Management System offers a complete guide to implementing a fit-for-purpose resilience capability in any organization. Structured in line with ISO 22301 and with a focus on performance improvement throughout, chapters cover developing, establishing and operating a BCMS initiative. Built upon the principles of the International Standard and current best practice, with a practical focus on theories and models, this book offers an objective, thorough solution for the practitioner.
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
Achieving integrated mandatory compliance with ISO 31000PECB
The webinar covers:
• Overview of ISO 31000
• Overview of PCI and HIPAA compliance
• Achieving integrated compliance through ISO 31000
Presenter:
This webinar was presented by Bogdan Dragomir, a security professional with over 24 years of experience in the IT field over 5 years as a Regional Security Manager with Savvis Communications being responsible for leading multiple security initiatives, being trusted adviser for many companies in South and Central US and coordinating penetration testing across US and UK. He is an expert in the area of Risk Management, Integrated Compliance, Secure Architecture Design and Analysis, Incident Management, Security Assessment and Auditing.
Link of the recorded webinar published on YouTube: https://youtu.be/gzwOFKCOYVo
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB
The webinar covers:
• The start of any ERM Program
• Link between Strategy, ERM and ISO 31000
• Periodic Risk Review – Game Lost
Presenter:
This webinar was presented by Eddie de Vries, a PECB ISO 31000 Certified Risk Manager and Trainer with 20 years’ experience in Quality Management and more than 12 years’ experience in Enterprise Risk Management.
Link of the recorded session published on YouTube: https://youtu.be/UR6ObDfY1QM
Safety Health, Environment and Quality Management is an all-embracing title.
Not harming the environment means more than just adhering to legal guidelines and internal corporate standards. It involves actively doing everything possible to mitigate any ecological damage resulting from our business activities.
The main SHEQ processes are tied into 'ISO Standards'. By including SHEQ into our integrated management system (IMS) we address most of the management commitment issues we face on a daily basis.
Main points covered:
• Enterprise-Wide Risk Management
• Competence Training
• BBC in context VS Awareness Campaign
Presenter:
Francois Labuschagne who is the Chief Executive Officer for DQS Pty) Ltd South Africa. Francois has more than 12 years’ experience in the management system development, education, and certification environment, including 8 years at an executive management level.
Link of the recorded session published on YouTube: https://youtu.be/XubeGiDBQow
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
ISO 27001 Implementation using Force Field AnalysisPECB
Force Field Analysis is a useful decision-making technique. It helps you make a decision by analyzing the forces for and against a change, and it helps you communicate the reasoning behind your decision. This webinar explains tools that should be used and questions that you should consider during your analysis. Also, it will explain how to use your analysis, useful tips and ISO 27001 implementation force field analysis example.
Main points covered:
• Questions to consider during your analysis
• Gap analysis
• Strategies that could be followed
Presenter:
This webinar was hosted by David Smart, PECB Certified Trainer and Managing Director of Smart ISO Systems / Smart Mentoring.
Link of the recorded session published on YouTube: https://youtu.be/Cih-6LeUA7I
Risk management is a key to success, it is about escaping threats and maximising opportunities. M_o_R framework includes principles, approach, process, embedding and reviewing M_o_R. This is a very brief introduction to M_o_R risk management.
Risck intelligence in the energy and resources industry Franco Ferrario
DELOITTE TECHNOLOGIES
Risk Intelligence in the Energy & Resources Industry
Enterprise Risk Management Benchmark Survey Report
Upload by Franco Ferrario CIO Temporary Manager
White paper pragmatic safety solutionsCraig Tappel
Small to mid-sized firms have a variety of safety-related challenges and priorities to address. The safety function is typically assumed by someone from Human Resources, Facilities, Finance, and/or Operations. We are not attempting to make anyone an expert in any of these areas; rather, we aim to provide a general guide to what key safety priorities to focus on, given limited time and capital resources.
Key considerations for an appropriate scope for all management systemsPECB
In this webinar, we will discuss key consideration for an appropriate scope of all management systems. We will focus on how to better understand the context, issues and the boundaries of all management systems.
Main points covered:
• Understanding the Context
• Understanding the Issues
• Understanding the Boundaries
Presenter:
The presenter of this webinar will be Opeyemi Onifade, CISSP, CISA, CISM, CGEIT, ISO 27001LA/LI, ISO 20000 LI; he is an IT Governance professional and management consultant. He has led teams to successfully comply with and certify to standards including PCIDSS, ISO 27001 and ISO 20000 in the last 36 months. He is also an accredited trainer and consultant for COBIT 5.
Link of the recorded session published on YouTube: https://youtu.be/9Z0crixRnlE
[D.O.W.N.L.O.A.D] Business Continuity Management System: A Complete Guide to ...rojejo121
A Business Continuity Management System (BCMS) is a management framework that creates controls to address risks and measure an organization's ability to manage disruptions. The International Standard, ISO 22301, helps protect against the threats, including natural disaster, IT failure, staff illness, terrorist threat or a disruption in the supply chain. It provides a framework for assessing critical suppliers and their associated risks, assessing current business practices and planning contingency measures, so when disruptions happen, businesses are prepared and able to respond effectively.Business Continuity Management System offers a complete guide to implementing a fit-for-purpose resilience capability in any organization. Structured in line with ISO 22301 and with a focus on performance improvement throughout, chapters cover developing, establishing and operating a BCMS initiative. Built upon the principles of the International Standard and current best practice, with a practical focus on theories and models, this book offers an objective, thorough solution for the practitioner.
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
Mrs Bianca Pasipanodya, the Group ICT executive for First Mutual Group an esteemed speaker at the ISACA Harare Chapter, gives her remarks about the implementation of an effective Information Security Management System” in Zimbabwe.
The Security Practitioner of the FutureResolver Inc.
In the face of changing business needs and threat environments, companies, organizations and individuals will continue to encounter increasingly diverse and sophisticated risks from an equally broad range of adversaries. These adversaries are equipped as never before supported by education, experience, publicly available critical information and the technology to bring their efforts to realization. Tomorrow’s security practitioner will need an array of integrated tools to effectively prepare for and counter tomorrow’s adversary. These “tools” will always include some traditional tried and proven practices; however, the need for practitioners to think critically, make risk-based decisions, implement leading practice solutions and define security optimization is required.
Presentation by:
Dennis Shepp, MBA, CPP, CFE, Consultant, Security Expert
Phillip Banks, P. Eng, CPP. Director, The Banks Group
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
We will cover:
• Brief overview of the Standard content
• What is Risk Management?
• Guidance on how to position Risk Management in an organization
• Three examples of where Risk Management must be considered
Presenter:
This webinar will be presented by Steve Tremblay, Owner and Executive ITSM/ISO Consultant at Excelsa Tech.
8 requirements to get iso 27001 certification in sri lankaAnoosha Factocert
ISO 27001 Certification in Sri Lanka does not identify a specific strategy, instead advocating a "process way." It is simply a Plan-Do-Check-Act procedure. Factocert is one of the leading ISO 27001 Certification Consultants in Sri Lanka. We provide services in Colombo, Galle, Kandy, Trincomalee, Dehiwala-Mount Lavinia, and other major cities.
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
This was presented at the AISA national seminar day. It is a helicopter view on how to implement a security strategy that is aligned with the business.
This presentation is intended for security leaders who want to create a business-based security department that provides value, and is valued by the enterprise.
The following recommendations are based on 10+ years of SEC relevancy-based research.
1. CHRISTOPHER OPARAUGO
(CISM, CRISC, CGEIT, MBA)
ENTERPRISE SECURITY GOVERNANCE
MAPPING ISO27001 TO
COBIT 4.1 BASED ON
SECURITY SELF
ASSESSMENT
2. SECURITY/RISK MANAGEMENT
We have recognized that risks
exists due to the confluence of
Assets, Threats, and
Vulnerabilities, and
accordingly mitigating controls
which reduce one or all of
these factors will reduce the
overall risk exposure of the
organization.
3. Planned improvements
based on findings and
security trends.
Security Policy
Security solution
designed, Implemented
and put into operation
Monitor/Respond to
Incidents during daily
operations
Plan,
Improve
Monitor,
Respond
Regular security
assessment conducted
by an external party.
Assess
Implement
Employ PDCA cycle….
Plan, Do, Check, Act
SEE SECURITY OVER TIME….
Adequate security level
documented in Security
Policy.
13. STRATEGIC FOCUS
BELT & BRACES
DAY DREAM
FIGHTING FIT
PANIC STATIONS
Severe
Threat
Landscape
Insignificant
Threat
Landscape
0-12
World-Class
Security Posture
Reactive Security
Posture
X
C
14. An effective and comprehensive information protection program involves
participation from all functions of the organization.
1. Roadmap
• Develop the shortfalls into task as a measure of working on the gaps
• Strive for ISO 27001 compliance and continuous assessment.
• The exercise has provided useful insight to staff understanding of
Security framework and Controls and should be extended to all
2. Information Security Balanced Score
• To improve on the Information Security balanced score systems using
the gap analysis results from data and figures above.
• To integrate the balanced scorecard into the enterprise governance
balanced scorecard KPI measures.
The mapping of ISO27001 to COBIT 4.1 has enabled me to link IT goals to
business goals that provided data used in generating an IT Security
Governance balanced scorecard aligning the data results to - Financial
perspective, customer perspective, Internal perspective; learning and growth
perspective. These results can be applied to individual KPIs for staff self
CONCLUSION