10 Security Questions You Need to Ask presented at AUScert 2007

by Jeff Paine,

Summary : No-one disputes that security risks are growing in volume and complexity. With a continuing fall in expertise internally and an increasingly fragmented security product and service industry, organisations are finding it tougher to get a REAL perspective on where they stand. One way forward is to ask better questions of the internal techs or the outsourced provider. Determining what those questions should be is a joint exercise for management and IT, whose objectives are frequently different when performing these evaluations.
This presentation aims to explore a number of issues that face executive management, who need to understand what their information security coverage is but find it difficult to ask the right questions. Management can begin to evaluate what their security risk exposure is, without drowning in the technical jargon that frequently fills a conversation with IT personnel
This presentation is also useful for system administrators, who are required to provide information to management about the state of information security. The issues facing organisations (and the IT department) are complex and difficult to explain - this presentation will provide some tips on making this information exchange a little easier.
Attendees will leave the presentation with a practical insight into the types of questions that need to be asked by both management and technical personnel (and the answers that can be expected) when discussing information security to ensure the security of the organisation is comprehensive, and is well managed and maintained.