CERIAS Weekly Security Seminar – Purdue University
Gene Kim, Prioritizing Processes and Controls for Effective and Measurable Security
Are your security & IT controls really effective? Do you know how your security & IT operations compare to high performers? In this presentation, Gene Kim will share the work he has been doing over the last six years with the IT Process Institute (ITPI), Software Engineering Institute, and Institute of Internal Auditors, codifying the observed practices of high-performing IT organizations. These high performers have a culture of change management, a culture of causality and a perpetual desire to detect variance before it causes a catastrophic event.Specifically, Gene will discuss the ITPI IT Controls Benchmarking Survey of practice, a recently completed research project which has quantified the value, effectiveness, efficiency and security of controls. This landmark research has uncovered an alternative approach to being an effective security executive, based on measuring security by its ability to maintain its existing commitments; integrate controls into daily IT operations (prevent); put automated controls in place to variance before loss events (detect); reduce the percent of security incidents that result in loss events (detect); and successfully investigate and conclude security investigations.Attendees will learn about the key research findings:* That high performers have 5-8x higher operational and securityeffectiveness and efficiency measures* The 20% of IT controls that have 80% of the measurable benefits, andhow to implement and the prescriptive steps to take in order to achievedefined security results* The certain processes and controls that have shown catalytic andsustaining properties, meaning that the value they add demonstrablyexceeds the cost to implement, and report out on them. About the speaker: Gene Kim is the CTO and founder of Tripwire, Inc. In 1992, heco-authored Tripwire while at Purdue University with Dr. Gene Spafford.Since then, Tripwire has been adopted by more than 5,000 enterprisesworldwide. In 2004, Kim co-founded the IT Process Institute, which isdedicated to research, benchmarking and developing prescriptive guidancefor IT operations and security management and auditors. He alsoco-authored the "Visible Ops Handbook: Implementing ITIL in FourPractical And Auditable Steps" and was a principal investigator on theIT Controls Performance Study project, completed in 2006 Kim currentlyserves on the Advanced Technology Committee for the Institute ofInternal Auditors, and was part of the team that defined changemanagement best practices for the recently released IIA GlobalTechnology Guide "Change and Patch Management Controls: Critical forOrganizational Success." Since 1999, Kim has been working with SANS, the Software EngineeringInstitute and the IIA to capture how "best in class" organizations haveIT operations, security, management, governance and audit workingtogether to solve common business objectives. Kim holds a M.S. incomputer science from University of Arizona and a B.S. in computersciences from Purdue University. Gene is certified on both ITmanagement and audit processes, possessing both ITIL Foundations andCISA certifications.
Senaste avsnitt
En liten tjänst av I'm With Friends. Finns även på engelska.