There are three (3) phases to creating an Information Security Program for any organization: 1) planning and preparation, 2) implementation, and 3) testing and verification. When it comes to testing your ISP, one of the big questions you should ask – both of yourself and your auditor(s) – is “where does our risk really live?” Are you testing your ISP because you have to, or are you testing your ISP because you really want to protect your organization and your customer’s data from a cyber attack?
This presentation will cover the following areas/topics:
• People, Process, and Technology
• Minimum Requirements for Testing Your ISP
• Best Practices for Testing Your ISP
• Reactive Testing vs. Proactive Testing
• Additional Security Testing to Consider
Who should attend:
Information security officer, IT manager, risk officers