Topic:

IT COMPLIANCE PROGRAMS

Date:

November 5, 2008

1:00 - 5:00 (4 CE Hours)

800 Park Office Drive, RTP - Building # 20  (Directions)

In today's corporate environment, compliance programs are a necessary evil. As security and audit professionals, we need to keep up with what is going on in the technology arena and with new regulations and standards coming out on a regular basis, it can be a full-time job. In addition, we must rely on over-worked IT staff and management who are inundated with project deadlines, shrinking budgets, and information requests from internal and external auditors. In this session, we will discuss how to possibly simplify and make your process easier and more efficient. Highlights of this session will include:

• Assessing how and what you are monitoring for compliance violations

• Identifying key areas for IT controls

• Defining and maintaining these controls, then incorporating remediations with assigned owners

• Developing a matrix of critical IT controls to ensure regular testing and ownership

• How and where to report violations and finding the root cause

• What you can do to enable compliance enforcement

• Ensuring that the defining and testing of controls is a repeatable process

Visit our Documents section to view the presentation slides.

Sandy Bacik, author and Senior Security Consultant has over 12 years direct development, implementation, and management information security experience in the areas of Audit Management, Disaster Recovery/Business continuity, Incident investigation, Physical security, Privacy, Regulatory compliance, Standard Operating Policies/Procedures. Throughout her career Ms. Bacik has managed, architected and implemented comprehensive information assurance programs and managed internal, external, and contracted/outsourced information technology audits to ensure various regulatory compliance for state and local government entities and Fortune 200 companies. She has developed methodologies for risk assessments, information technology audits, vulnerability assessments, security policy and practice writing, incident response, and disaster recovery. She has implemented cross-functional Business Continuity Programs and developed an enterprise-wide security conscious culture through information assurance programs.

Ms. Bacik is a Certified Information Systems Security Professional (CISSP), Information System Security Management Professional (ISSMP), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Homeland Security (CHS) - Level III. She is a regular presenter at MIS Training Institute security conferences and is the author of Building an Effective Security Policy Architecture.