The Binomial Bookstore

IT SECURITY AND REGULATORY COMPLIANCE
Video on CD or VHS
by WatchIT, featuring Ken Smith

- What are the key issues IT departments face as a result of regulations such as
Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act?
- How can IT staff best prepare for dealing with an audit?
- Is there a case study of an organziation dealing with these regulatory issues?
- What are the top ten threats to information security?
- Why are regulatory requirements necessaary? What are best practices for
implementation?
- How should an enterprise conduct a vulnerability assessment, and are there key
recommendations?

- - - - - - -

Ken Smith, Principal Information Security Consultant for Akibia network and security
solutions, discusses
the key issues IT departments face as a result of regulations such as Sarbanes-Oxley,
HIPAA, and the
Gramm-Leach-Bliley Act. He explains how IT staff can best prepare for dealing with an audit
and working
with internal or external audit staff. In a case study, Troy Preble, Manager of Corporate
Networks and
Security for Varian Semiconductor Equipment Associates, relates his experiences dealing
with
regulatory issues. Smith begins his presentation by describing the top ten threats to
information security,
and then examines the reasons for regulatory requirements. He explains how to get started
with security
management, and examines best practices for implementation. Smith describes how to
conduct a
vulnerability assessment, and closes with key recommendations.

After completing this program, you will:
- Learn how to identify potential IT security threats;
- Understand how they relate to regulatory compliance; and
- Learn how to improve IT security management in line with recent regulations.

- - - - - - - -

For viewers of the CD version, this program provides a selection of Web links, including
articles such as
‘Information Security News: Security Experts: Insider Threat Looms Largest,’ ‘ISSA Seek to
Define
Generally Accepted Security Principles,’ Regulatory Requirements Place New Burdens on
IT’ and
‘Security Threats From Within.’ The program also includes white papers, such as ‘An
Introduction to
Computer Security: The NIST Handbook,’ ‘Combating Malicious Mobile Code,’ ‘Information
Security and
Privacy for Your Global E-Business,’ and ‘Information Security as a Business Enabler.’

- - - - - - -

PROGRAM TOPICS

INTRODUCTION
AGENDA
TOP TEN THREATS TO INFORMATION SECURITY
- Top Ten Threats to Information Security: 10. Vulnerable Applications
- Top Ten Threats to Information Security: 9. Open or Unpatched Systems
- Top Ten Threats to Information Security: 8. Lack of Security Awareness
- Top Ten Threats to Information Security: 7. Malware – Malicious Software
- Top Ten Threats to Information Security: 6. Portable Points of Ingress
- Top Ten Threats to Information Security: 5. Hackers With Specific Goals
- Top Ten Threats to Information Security: 4. Insider Threats
- Top Ten Threats to Information Security: 3. Litigation Due to Non-Compliance
- Top Ten Threats to Information Security: 2. Inexperienced Security Staff
- Top Ten Threats to Information Security: 1. Lack of Management Support
REASONS FOR REGULATORY REQUIREMENTS
- Most Common Regulatory Requirements
- Common Regulatory Requirements: GLBA
- Common Regulatory Requirements: HIPPA
- Common Regulatory Requirements: GLBA and HIPPA
- Common Regulatory Requirements: Sarbanes-Oxley
- What You Need to Know About Regulatory Requirements
GETTING STARTED WITH SECURITY MANAGEMENT
- Computer Emergency Response Team – CERT
- Regulations Help Promote Best Practices
IMPLEMENTING BEST PRACTICES
- Recommended Information Security White Papers for Best Practices
- Additional Useful Information Security Publications and Tools
CONDUCTING THE VULNERABILITY ASSESSMENT
- Vulnerability Assessment Action Items
- Vulnerability Assessment and Regulatory Requirements
CASE STUDY OF SECURITY AUDITS
- Troy Preble: Varian Semiconductor Equipment Associates
SUMMARY AND RECOMMENDATIONS
- Summary and Recommendations: Document Everything
- Summary and Recommendations: Take a Holistic View
- Summary and Recommendations: Gather Recent Assessment Results
- Summary and Recommendations: Create a Security Controls Matrix
- Summary and Recommendations: Create a Security Policy Progress Matrix
- Summary and Recommendations: Common Best Practice Security Guide

- - - - - - - -

ABOUT THE PRESENTERS

KEN SMITH is the Principal Information Security Consultant for Akibia and has developed
their
vulnerability assessment services. Mr Smith has more than ten years of experience and
holds CISSP and
SANS Incident Handling certifications and was a contributor to the SANS Incident Handling
Guide.

TROY K. PREBLE is Manager of Corporate Networks & Technology for Varian
Semiconductor
Equipment Associates.

- - - - - - - -
September, 2004. Video on CD or VHS (Specify), 37 minutes.
Order #DR751
- - - - - - - -

The Binomial Bookstore

MORE Videos!

Rothstein Associates Inc.