|
Page 1 of 30 Objective of Continuing Professional Education Meets: As part of our membership services, the Bangalore Chapter conducts meetings every month. The chapter invites professionals from the field of Information Technology, IS Audit, Security and Control to share their experiences. This helps the members get a practical overview on various issues thereby giving them valuable information to further their skills. These meetings are occasionally held jointly with other professional bodies such as the Institute of Internal Auditors, Computer Society of India, Institute of Chartered Accountants of India, etc. CISA® s & CISM® s who attend the meeting are entitled to continuing professional education (CPE) credits which is required for maintaining their certification. Non-members are also welcome to attend these meetings to gain insight on the activities of the organization. Call for Papers Download the proposal form here The ISACA® Bangalore Chapter is issuing a call for papers for its monthly CPE meets we have a growing number of information security professionals in our ranks... and call upon them to share their experiences for the benefit ot the IS community Oops! I found my secret business data in the thrash can! Date: 7th August 2010
Time: 6:00 - 8:00 PM
Venue: Chapter Office Topic: Oops! I found my secret business data in the thrash can! A talk on managing the PEOPLE aspect of information security: The difference between being "security aware" and being security responsible. Let us assume that a person knows all the driving rules. But, does knowing all the driving rules make a person a better driver? This is exactly what is wrong with the way organizations manage the “HUMAN” aspect of information security. Organizations are smart enough to know that the “human” aspect of information security is important. But, they focus only on “AWARENESS” and not “BEHAVIOR”. The end result is that they have employees who know the “security rules”, but do not “apply them or break them”. The talk shall focus on the following:
1) Introduction to the problem: Focus on “security awareness”, not “behavior”
2) Real life case study of why a US$100, 000 “security awareness” project failed
3) Solution to the problem:
a. Defining ESP’s (Expected Security Practices)
b. Dividing each ESP into “awareness” and “behavior” components
c. Awareness creation strategies: Clarity, Visibility, Impact Visualization, Using psychology
d. Behavior motivation and enforcement strategy
4) Real-life case study of “success” in behavior change The Speaker Mr. Anup Narayanan CISA, CISSP, is an information security entrepreneur and professional. He is the founder of First Legion Consulting, an information security management company based in Bangalore, India. Anup specializes in reducing information security risks due to human error.
At First Legion, he has created "Information Security Quotient" a web service for reducing security risks due to human error through awareness and behaviour management. He is also the author of HIMIS (Human Impact Management for Information Security), methodology for security awareness and behaviour management.
He has more than 10 years of experience in information security and is a CISA and CISSP. He has delivered security projects for clients that include Ericsson, Vodafone, Allianz Cornhill, Airtel, Fidelity, UST Global and more. His training and speaking experiences covers India, Mauritius, Spain, Portugal and Vietnam.
Prior to becoming an information security entrepreneur, Anup worked in information security positions for HCL Comnet and Global e-Secure. Anup can be contacted at: anup@firstlegion.net.
|
