NAC, ID 2.0 and Other Top Issues
May 14, 2008, Washington, D.C.
Register now at no charge.
MEMBER LOGIN: PASSWORD:
Log-in Questions? Forgot/Change Password
 
 
The CSI View
Conferences & Events
Awareness & Training
Membership
About CSI
 
 

Return on Investment for Information Security

David Lynas

You Will Learn:
  • The importance of measuring the value in security
  • What value the business needs from security
  • How to measure the value in security
  • How to measure investment in security
  • How to measure return on investment
  • How to create, measure, and use security metrics and performance indicators
  • How to use benchmarks
  • How to evaluate your security against relevant standards and legislation
  • A structured process to evaluate and measure security value and return on investment
You Will Leave With:
  • A structured approach to measuring security success
  • Experience in using the model
  • A White Paper on metrics and benchmarking security
  • A detailed plan of action and methods for prioritizing and managing actions

Security exists to support our business or mission. When we fail to offer this support, or are perceived as not offering it, we will be seen as a "Business Prevention Department" — a mere cost center, contributing little and therefore given little in terms of resource allocation and budget, without which we can achieve even less.

What does "security" mean to us? Do we have enough of it? How do we measure it and the purpose it is serving? How do we know if it is succeeding and if our program has value? This innovative two-day class, exclusive to Computer Security Institute, presents the issues and takes the participant through a structured step-by-step process to define the answers.

Along the way we will examine case studies and our own environments, resulting in a clear picture of our investment in security and the value our business gains from it. We will create an action plan for improvement, learn how to measure and manage it, and learn how to assess our program against standards such as ISO 17799 and relevant directives and legislation.

Day One:
  • Introduction — the Challenge
  • What are Security Metrics and why do we need them?
  • What the Information Security Manager needs to know
  • What the Security Team Members need to know
  • What Senior Management needs to know
  • Risk Management & Control
  • Controls & measurement
  • Dealing with changing paradigms
  • Dealing with changing risk cultures including 'Fast Time to Market'
  • Performance Goals
  • Key Performance Indicators (KPI)
  • The Risk Management Dashboard
  • Measuring Security
  • What can be measured?
  • What should be measured?
  • What benchmarks can we measure against?
  • Using Standards as Benchmarks
Day Two:
  • Benchmarking
  • Benefits of benchmarking
  • Risks of benchmarking
  • Benchmarking techniques
  • Possible Benchmarks
  • ISO 17799 (Standard for Information Security Management)
  • ISO 15408 (Common Criteria)
  • Security Forum Surveys
  • Self-Assessment Benchmarks
  • GISRA, HIPAA, Directives, & Regulations
  • Self-Assessment Processes
  • Computer Security Institute IPAK
  • Taking Action
  • Identifying gaps to be closed
  • Project Planning
  • Project Classification
  • Project Prioritization & Identifying Quick Wins
  • Project Impact Analysis
  • Project Management for Security Professionals
  • Evolution of Security Performance Indicators

  
 
HOME   ABOUT   CONTACT US   Privacy Statement   Copyright © CMP Media LLC