September 10th, 2021 meeting

DATE:September 10th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Measuring how well you are managing Information Security
PRESENTER(S):  Walter B. Williams (CISSP, SSCP)

ABSTRACT

We create controls to manage the risk of a compromise of availability, integrity, confidentiality, privacy, control, authenticity, and utility to the organization for which we are responsible for. To understand if the controls are effective, you have to measure their performance against goals established for each control against the risk tolerance of the organization. This sounds good on paper, but is one of the hardest things to get right in the management of an information security program. We’ll examine what NIST, CIS, and ISO has to say regarding the measurement of our controls, and how to construct metrics. We’ll look at how to identify the applicable controls per each risk to your organization. We’ll construct metrics for completeness of implementation, for effectiveness, and for adverse impact to your organization for those controls and look at ways to map these back to the risks your organization is managing.

BIOGRAPHY

Walter has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group and EMC. He has since moved to security leadership, where he’d served as at IdentityTruth, Passkey, Lattice Engines, and Monotype. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides, Source Boston, Boston Application Security Conference, Rochester Security Summit, Wall of Sheep Village within DefCon, RiskSec Toronto and other venues . His articles on Security and Service Oriented Architecture have appeared in the Information Security Management Handbook, and he has a book with CRC press on the same topic. He has a book on How to Create an Information Security Program from Scratch which will be available for purchase on September 15. He sat on the board of directors for the New England ISSA chapter and was a member of the program committee for Metricons 8 and 10. He has a masters degree in Anthropology from Hunter College.