These talks can be customized for the type of executive, e.g. for CIOs or CFOs, as well as by industry.
Tone at the Top:
The way an executive views security makes a huge different in the security posture of
the organization. Few executives would state that they have no interest in securing the assets of
their organizations. Nevertheless, that message is often communicated by the level of attention
that is paid to security efforts. This talk prepares the executive to lead on security issues
without getting into detail on the security management profession itself. It shows them how
to sort out hype and come to a common understanding of goals and metrics about information security
across the organization.
Information Security Management Strategies:
The plethora of corporate titles that refer to the security management function often leave
both auditors and security officers with concerns about gaps in an overall enterprise security program.
This seminar ties together the “what” must be done to management security, separates it from the “who,”
and provides a holistic view how today’s security management tools and techniques may be
used to to create efficient and effective security programs.
Security Metrics:
How do you know if you are secure? Only by having an InfoSec program and being able
to measure its effectiveness. This teaches an executive how to separate the
scare decks and risk management exercises from the true picture of the security
of organizational assets. This entertaining lecture is designed to show
CEOs and CIOs how to figure out whether they have a security program that works
or if they are being schmoozed with meaningless numbers.
Security Technology:
When put in your first firewall in 1996 you thought you were done, right? So why
has the budget for security technology skyrocketed with no end in sight?
Defense-in-Depth mantras have spawned a wide range of InfoSec tools and techniques,
adding layer after layer of technology between users and services.
Are all those layers really needed?
This topic explores the security technology landscape and questions the logic of many
popular opinions with respect to InfoSec technology requirements.
Third Party Data Handling:
Service providers routinely sign confidentiality agreements.
But organizations are now required to perform
"due diligence" to assess whether the provider is actually
has enough security in place to keep them.
This entertaining lecture is designed to show
CEOs, CIOs, or managers in Legal, Procurement, and Information Security
positions how to figure out whether their service providers are keeping their data safe.
Home