Information Security:  Metrics, Measures, & Myths

By

Krag Brotby, CISM

8:00 am – 5:00 pm

October 16,, 2008

Houston Club

Note:  Krag had the highest attended workshop at CACS International Toronto 2008

Register Online to guarantee your place.  This great seminar will fill quickly! 

Who should attend:  IT Auditors, IT Security Professionals, Financial Auditors, Students, CISOs

The Seminar Manual is worth the price of attendance.

Brotby Books will be given as door prizes

Krag will be our luncheon speaker:  Information Security Metrics, Measures, and Myths

What is the background for this seminar?

You can’t manage what you can’t measure.

The fact is that audits and trends just aren’t enough to guide increasingly critical and complex information security programs that typically contain thousands of moving parts. The way forward can’t just be charted with just 20-20 hindsight.

Historically, progress in effective management has invariably been accompanied by the ability to increasingly measure processes and results with greater accuracy. An increasingly troublesome aspect for security management is the absence of meaningful, actionable management metrics to guide the program.  While technical metrics have improved substantially, they often just generate a deluge of data absent much useful information.  The result all too often is a reactive, point-solution, ineffective approach to managing a security department perpetually operating in crisis mode.

A new approach developed through ITGI sponsored research offers a way forward that finally addresses this issue in a practical and meaningful way.  It answers the key questions for achieving effective security governance by developing metrics that specifically address the requirements of management to make appropriate decisions about the organization’s safety.

Topic:

"Information Security :  Metrics, Measures, and Myths "
About the topic

Presented by:

Thursday, October 16,, 2008 8:00 am to 5:00 pm

The Houston Club , 811 Rusk Street, Houston, Texas 77002

Map and Directions

Krag Brotby, CISM

Krag Brotby has more than twenty-five years of experience the area of enterprise computer security.  Experience includes intensive involvement in all aspects of current and emerging security architectures and is a principle in the SABSA Institute.  Brotby currently serves as CRO for a new insurance industry organization developing digital risk insurance products and risk determination methodologies.

He holds a foundation patent for digital rights management, has published a variety of technical and IT security related articles, and books.  Brotby has served as principal author and editor of the ISACA Certified Information Security Manager Review Manual during the past several years, and the researcher and author of the widely circulated Information Security Governance, A Guide for Directors and Executive Management, 2nd ed., and the just published Information Security Governance: Guidance for Information Security Managers as well as a new approach to Information Security management metrics to be published in ‘08.  In addition to consulting, he has authored reference books on security metrics and governance for Auerbach and Wiley and Sons scheduled for publication in ‘08.

Brotby has served on the ISACA Security Practice Development Committee, appointed to the Test Enhancement Committee and in 08, to a new committee charged with developing a Business Model for Information Security.