Information Security Management in difficult Economic Times presented at AUScert 2009

by John Harrison,

Summary : On occasion, information security professionals working in large organizations feel overwhelmed or unappreciated. This may simply be the result of the increasing challenges inherent in the profession, which have been aggravated further by recent severe financial constraints. However in many cases the root cause of the problem is how the information security team engages the rest of the organization. Improvements in this engagement can result in very significant benefits for both the information security team and the organization.
This presentation aims to assist those who hold technically orientated information security roles by providing them with an effective approach for implementing information security programs with less difficulty and stress. It will also assist them acquire resources for information security investment with less organizational resistance. This presentation may also assist those with newly acquired managerial responsibility for information security governance in their efforts towards implementing a risk-based engagement model, which is generally considered “best-practice”. The presentation will also include some practical techniques and hazards to avoid.