The Open Group Conference - Rome 2010


Security Management
Wednesday, April 28, 2010

9.00 - 10.30
Moving Information Security from Art to Science
Information security is at a critical juncture with increasingly sophisticated threats and vulnerabilities, reduced budgets and over-extended security practitioners. The advanced persistent threat environment that organizations face demands security managers have a broad understanding of security threats and controls, while also communicating effectively about risk within the organization. As a relatively new discipline, IT security management is starting to be less an art, and more a science. This session will provide an overview of problems in IT security management, including:

  • Lack of data and useful security metrics to base decisions and measure progress
  • Bar-setting compliance regulations without continuous improvement clauses
  • Inconsistent risk analysis methods and frameworks
  • Shortcomings of existing security management frameworks
  • Misalignment of business and security objectives

Various approaches to addressing these problems will be explored, including:

  • Available external data sources for informed decision-making
  • Adoption of a metrics and maturity model approach (such as ISM3) versus an “all or nothing” approach
  • Aligning business objectives with security controls and metrics

Jim Hietala, VP Security, The Open Group
Jim HietalaJim Hietala, CISSP, GSEC, is Vice President, Security for The Open Group, where he manages all security and risk management programs and standards activities.

Jim is a frequent speaker at industry conferences, and he recently authored a comprehensive course on IT risk management. He participates in the SANS Analyst/Expert program, having written several research whitepapers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

An industry veteran, he has held leadership roles at ControlPath, Avail Networks, Alternative Technologies, eSoft, Qwest, Concentric Network, and Digital Pathways. He holds a B.S. in Marketing from Southern Illinois University.

 


10.30 - 11.00
Break

 

Return to agenda


   
   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page