Version v.1.0

workshop: The art and Science of Security Management

Become your company's infosec Superhero

Preview

Information security isn't alway about "0-days", "pwning boxes" or getting shells. Most of our daily struggle involves more lower profile tasks that are crucial to keeping your network safe. This workshop will provide the fundamental checklists, processes and state-of-mind necessary to become an "Infosec Superman"

This workshop will provide you with everything you need to build an effective Information Security Management System (ISMS) within your organization. Key aspects of Information Security Management will be included leaving out "boring and useless paperwork" but keeping "things you need to avoid getting pwned".

Following topics will be covered:
Critical importance of having an ISMS
ITIL, COBIT, SOX, and all these good things
Introduction to ISO27001
Key aspects of ISMS according to ISO27001
ISO27001 control objectives and how you could use them
SANS 20 critical controls
Tips for an efficient ISMS
How to use "hacking tools" to secure your network

At the end of the workshop attendees will;
- Have understood the key aspects of Information Security Management
- Acquire a simple, usable and effective information security management framework
- Given a CD with all tools used during the workshop
- Given a detailed "am I secure?" checklist including daily, weekly and monthly checks to keep every network secure

Requirements;
- A computer that can run 2 or 3 virtual machines at once
- All virtual machines needed will be shared through a link BEFORE the workshop and will also be included in the CD given during the workshop

Deliverables;
- CD with security tools
- "Am I secure?" checklist (100+ control points)
- A simple Information Security Management Framework
- "Infosec Superhero" certificate for participation