The University of Minnesota's Carlson School of Management and MIS Research Center have teamed up with IP3 Inc., the nation's leader in information security education and research, to offer a workshop on IT security on June 9-10, 2009 "Strategy to Reality" is a 2-day technical workshop for corporate IT security directors will be offered at Carlson School of Management, University of Minnesota, Minneapolis.
Strategy to Reality-2009
Date: June 9-10, 2009 (Tues-Wed)
Time: 8:00 a.m.- Check in and Continental Breakfast
Seminar Time: 8:30 am to 4:30pm
Place: 2-206 Carlson School of Management
Strategy to Reality – 2009
“Real Risk, Real Management, Real Risk Management”
Strategy to Reality 2009 is an all new workshop on Information Assurance and IT Security. It is based on an application of IP3's Strategy to Reality methodology . This unique risk management program will take attendees through four distinct stages of IP3's Risk Management realization process with new content and new applications. Some of the more persistent challenges are revisited with updated best practices.
Step One: An Updated Threat Assessment
Step Two: Impact Analysis
Step Three: New Technology Deployment
Step Four: Mitigation
Once again we begin with an updated THREAT ASSESSMENT. The threats have changed and evolved. Gone are the highly visible viruses whose telltale presence is their explosive propagation. Today's spam is far more likely to carry the spores of a botnet where a controller can launch one of a hundred different exploits from the compromised machine. What's worse, while management waits to see evidence of actual exploits, the critical characteristic of successful exploits is that they go undetected.
There are so many potential threats that it's easy to become overwhelmed and lose any rational perspective on IT security, but sound risk management provides a simple and direct method of prioritizing issues based on their potential impact. IMPACT ANALYSIS puts threats into perspective. Which ones merit our attention? How do we communicate these issues to management and engage their commitment? New best practices for IMPACT ANALYIS are evolving. Here is an opportunity to learn the painful lessons from others.
What makes IT security so complex is the profound changes in our technology platforms that occur continuously in most enterprises. While the physical facility has a fixed location and a well defined perimeter, the information systems change almost daily. Integrating management practices to support a true Security Life Cycle across the enterprise is a unique requirement for IT Security that stands out when we do root cause analysis and ask why things have gone wrong in the past. The lessons learned in managing NEW TECHNOLOGY DEPLOYMENT require a solid understanding of these technologies and the appropriate controls that should be integrated with their deployment.
Finally, appropriate mitigation strategies can be developed to address the risks associated with the current and future systems. Development of a systematic RISK TREATMENT PLAN completes the cycle.
It used to be said, the more things change, the more they stay the same.
That simply isn't true today. For Strategy to Reality, our 2009 message is simple: The more things change, the more we should be preparing for change.
While most of the buzz words remain the same, NAC, access control, VoIP, convergence, e-Discovery and certainly risk and risk management, the last year has seen a profound change in each of these domains.
Certainly the most profound and far reaching change is with respect to risk management. While FISMA, Sarbanes-Oxley, PCI-DSS and state disclosure laws all added demands for more systematic risk management, the industry spoke to the challenges of compliance – how do we address the letter of the law rather than the intent. This no longer works. In 2008, history will show that inadequate controls over operational risk allowed the US financial industry to transition into a casino, taking phenomenal risks for higher returns and losing. Not only did they lose everything they held as shareholder equity – they lost more.
Important lessons of classical risk management were systematically ignored in our largest enterprises.
Whether it was the banks, mortgage brokers and insurance companies, or the Federal agencies and institutions in place to regulate, appropriate operational monitoring was not in place. We've heard one executive after another from regulators and regulates testify before congress of their complete ignorance of the threats they faced.
The exploits all came from within. Insiders seeking bonuses and quick returns took extraordinary risk that was systematically ignored. The COSO Risk Management Framework we review in our workshop states that management is to identify its risk appetite and manage risk accordingly. Somehow the insiders responsible for our risk management failed to even identify the risks.
Some fun factoids to think about :
Airport Insecurity : 12,000+ Laptops Will Go Missing this Week
Panda Labs has identified malware containing a virus, a worm and a Trojan – maybe we'll call it a Viroman?
In November, 2008, Spam dropped precipitously from 180 Billion per day to about 60 Billion! What a victory in traffic management.Express Scripts – extortion threatened disclosure of compromised data.
Register directly with IP3 Inc. Click here to register
Only for current MISRC Corporate Members- First 20 to register- Use the registration code UMN20 to receive your complimentary admission to the seminar.
(includes registration, workbook, security tools CD and Certificate of Completion for 16 CPE's.)
(iPod not included)
Only for current MISRC Corporate Members -Number 21- unlimited discount seating - Use the registration code UMN150 to receive a discount admission to the seminar. (includes registration, workbook, security tools CD and Certificate of Completion for CPE's.)
Discount Price: $150pp (iPod not included)
$545 value courtesy of University of Minnesota, Carlson School of Management, MIS Research Center.
Upgrade registration package, $695 per person (includes registration, course materials, and choice of an Apple video 80G iPod or 8G iPod Touch. Use Registration code UMN695
We look forward to seeing you there!
For registration questions, please contact Judy at IP3 (989) 771-1007