We Bought Some Tools -- Now What?
Jim Bowker at BSides Boston 2016
Everyone knows that information security isn’t something that can be ignored. Most people are doing something about it. But how do you know if you’re focusing on the right things, and where your gaps are? Is your focus based on a checklist your CIO read in a magazine? The key to a successful information security program is organization and documentation, the less fun but still vital part of information security. In this presentation I plan on outlining the steps to setting up a formal information security program and identifying gaps for current programs.
- Creating the main framework document & what should be in it
- What to do when your boss gives you a security checklist he read in a magazine.
- Strategies on selecting a security framework SANS Top 20, NIST, ISO 27001, Cyber Essentials
- Establishing a security council
- IR plan & template
- Policies
- Change management
- Vulnerability management
Jim Bowker, CISSP, has been in IT for over 20 years with the last decade or so focusing on information security. He has a Bachelor's in Computer Technology from Purdue University, a Master's in Information Assurance from Northeastern University. He currently head up the Information Security team at Charles River Associates here in Boston, an economic and management consulting firm. Previous experience includes working in government contracting in the DIB space.
- Creating the main framework document & what should be in it
- What to do when your boss gives you a security checklist he read in a magazine.
- Strategies on selecting a security framework SANS Top 20, NIST, ISO 27001, Cyber Essentials
- Establishing a security council
- IR plan & template
- Policies
- Change management
- Vulnerability management
Jim Bowker, CISSP, has been in IT for over 20 years with the last decade or so focusing on information security. He has a Bachelor's in Computer Technology from Purdue University, a Master's in Information Assurance from Northeastern University. He currently head up the Information Security team at Charles River Associates here in Boston, an economic and management consulting firm. Previous experience includes working in government contracting in the DIB space.