Program Number: C020-15032016
Creating a Culture of Information Security
Category: A
Activity Sponsor: PMINJ Chapter (C020)
PDUs: - 1.5
Leadership - 1.5
Strategic - 0.0
Technical - 0.0
This presentation urges enterprises to adopt a culture of security and explains how enterprises can put one in place. Every enterprise has a corporate culture and one component of that is its attentiveness to the security, privacy and recoverability of its information resources. An information security culture – good or bad – exists in every enterprise. It is to the organization’s benefit to ensure that it is an intentional culture promoting strong, consistent and well-organized security. The first step to creating an information security culture is understanding management’s intentions and obtaining a clear-eyed assessment of the current state of an organization’s commitment to security. This helps to illuminate the gaps between expectations and reality. This presentation addresses the benefits of an intentional culture of information security, inhibitors to achieving a positive one and how to create, institutionalize and sustain an information security culture.
Bio:
Steven Ross is Executive Principal of Risk Masters
International and holds certification as a Certified
Information Systems Security Professional (CISSP) as well as
a Master Business Continuity Professional (MBCP) and a
Certified Information Systems Auditor (CISA). Mr. Ross is a
specialist in the field of information systems security and
control, specializing in Information Security, Business
Continuity Management, and IT Disaster Recovery Planning
services. He has implemented Information Security programs
for numerous banks, government agencies and industrial
corporations. Prior to founding Risk Masters, Mr. Ross was a
Director and global practice leader with Deloitte.
In consulting engagements, Mr. Ross specializes in planning,
policy development, implementation, and standardization of
Information Security processes. In recent years, his
focus has been on prevention, detection and recovery from
natural and malicious attacks on information systems and
business operations. He is editor of the multi-volume
series, e-Commerce Security, and author of several of the
books in the series, including e-Commerce Security: Public
Key Infrastructure. He has recently published Creating a
Culture of Security. Since 1998, Mr. Ross has regularly
published the column, “IS Security Matters”, in the ISACA
Journal.
Topic: Networking & LinkedIn Masters Gail Rolls and Michael Milutis Reveal PM-Specific Strategies
Topic: Interactive Session: Current Topics on PMO