seminar: Enterprise Security for the Executive: Setting the Tone From the Top
 |
Monday, September 28, 2009 |
 |
Enterprise Security for the Executive: Setting the Tone From the Top |
 |
CyLab Business Risks Forum presents Jennifer Bayuk, Information Security Specialist, www.bayuk.com |
 |
12:00pm |
Talk Abstract
Both the public and private critical infrastructure of the United States, as well as all developed countries, is at serious risk due to the ease by which it can be penetrated by malicious and criminal interests. Leaders in many organizations are keenly aware of this risk, but the only literature currently directed at educating them is coming out of think-tank-like organizations and is not likely to reach them or resonate with their way of thinking about the problem. This talk is designed to address them in their own language and tell them what they can do about security. It provides a theoretical foundation for security management that can be used to monitor security programs without getting too deep into details about the field of security management itself. It makes use of fact-based scenarios to illustrate security management concepts. It is intended to educate executive managers, but it is also an accessible introduction to the field for business school and other non-technical graduate programs.
The basic theme is that tone at the top exists whether an executive cultivates it or not. It is reflected in how an executive leads to ensure people think about the things he or she really cares about. It provides enough information about how security works to give an executive what he or she needs to know to prevent security horror stories from happening on their watch.
The book upon which this talk is based (to be published by Praeger this fall) includes 30 illustrative examples of security horror stories, as well as other analogies and terminology not commonly shared outside of the security profession. Earlier chapters lay groundwork for more complicated scenarios in later chapters. The book ends with an optional case study that allows a reader to test their comprehension of the material.
Speaker Bio
Jennifer L. Bayuk is an information security management and information technology due diligence consultant, experienced in virtually every aspect of the field of information security. She specializes in security roadmaps, and is engaged in a wide variety of industries with projects ranging from technical architecture requirements to security governance. She has been a Wall Street chief information security officer, a manager of information systems internal audit, a Price Waterhouse security principal consultant and auditor, and a security software engineer at AT&T Bell Laboratories. While in financial services, Bayuk chaired the Securities Industry and Financial Markets Association Information Security Subcommittee and the Financial Services Sector Coordinating Council Technology R&D Committee. Working with the Department of Treasury’s Office of Critical Infrastructure Protection, she coordinated committee activities to support the Department of Homeland Security’s National Infrastructure Protection Plan. Bayuk frequently publishes on IT governance, information security, and technology audit topics. She has authored two textbooks for by the Information Systems Audit and Control Association: Stepping through the IS Audit and Stepping through the InfoSec Program. A third book on Enterprise Security for the Executive, Setting the Tone from the Top will be published by Praeger this fall. Jennifer has also co-edited a collection of works on Enterprise Information Security and Privacy for Artech House. She has lectured for organizations that include the Computer Security Institute, the Institute for Information Infrastructure Protection, the Information Systems Audit and Control Association, the National Institute of Standards and Technology, and the SysAdmin, Audit, Network, Security Institute. She is a Certified Information Security Manager, a Certified Information Systems Security Professional, a Certified Information Security Auditor, and Certified in the Governance of Enterprise IT (CISM, CISSP, CISA, and CGEIT). Bayuk is an adjunct professor at Stevens Institute of Technology and has masters degrees in computer science and philosophy. She can be reached at www.bayuk.com.