SANS Technology Institute Master's Presentation
- Creating a Monthly Information Security Scorecard for CIO and CFO
- Michael Hoehl
- Thursday, December 13th, 7:15pm - 7:55pm
Summary:
Executives are increasingly interested in the state of information security for their organization. The media and press frequently report new methods of technology attack and how another organization has become a victim. Regulators and auditors, including PCI, GLBA, SOX, HIPAA, etc., are demanding more executive time and attention. Routinely communicating in a clear and concise manner with the CIO and CFO is necessary for today's information security leader. Determining what should be communicated and in what format can be a challenge. This presentation provides an approach for creating a Security Scorecard to routinely update the CFO and CIO regarding information security compliance, investment, and risk metrics. A cyclical, sustainable process for managing the Security Scorecard content is proposed--not a once and done endeavor that will become irrelevant over time
The GIAC GSLC Gold Paper is posted at http://www.sans.org/reading_room/whitepapers/leadership/creating-monthly-information-security-scorecard-cio-cfo_33588.
Benefits:
The Security Scorecard is an effective communication tool that can help organizations with risk management and strategic decision support. Benefits include:
ยท Improve security program
ยท Increase accountability
ยท Increase credibility
ยท Improve awareness
ยท Better resource investment and prioritization justification
BIO: Michael Hoehl has the sweet job of Global IT Security Officer and Director of Internal Controls for a global premium chocolatier. Michael has over 20 years of information technology and security experience. He has established security programs and developed teams in Health, Financial Services, and Manufacturing organizations. He completed his undergraduate studies at Lehigh University and is currently enrolled in the SANS Technology Institute (STI) Master of Science in Information Security Management program. He holds several certifications including CISA, CISSP, PMP, and GIAC GSLC, GCIH, GCIA, and GSNA.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
Sunday, December 9
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Dr. Eric Cole | Sunday, December 9th, 8:15am - 8:45am | Special Events |
| Future Trends in Network Security | Eric Cole, Ph.D. | Sunday, December 9th, 7:15pm - 9:15pm | Keynote |
Monday, December 10
| Session | Speaker | Time | Type |
|---|---|---|---|
| Forensic Campus Open House inviting non-attendees to reception | — | Monday, December 10th, 6:00pm - 7:00pm | Reception |
| Women in Technology Meet and Greet | — | Monday, December 10th, 6:30pm - 7:15pm | Reception |
| Top 8 Steps for Effective Mobile Security | Josh Wright, Ed Skoudis | Monday, December 10th, 7:00pm - 8:00pm | Special Events |
| Building a Portable Private Cloud | Paul Henry | Monday, December 10th, 7:15pm - 8:15pm | SANS@Night |
| Forensic Campus - "Malware Analysis Essentials using REMnux" | Lenny Zeltser | Monday, December 10th, 7:15pm - 8:15pm | SANS@Night |
| Gone In 60 Minutes | David Hoelzer | Monday, December 10th, 8:15pm - 9:15pm | SANS@Night |
| Forensic Campus - "Detecting Persistence Mechanisms" | Alissa Torres | Monday, December 10th, 8:15pm - 9:15pm | SANS@Night |
Tuesday, December 11
| Session | Speaker | Time | Type |
|---|---|---|---|
| Vendor Expo | — | Tuesday, December 11th, 12:00pm - 1:30pm Tuesday, December 11th, 5:00pm - 7:00pm |
Vendor Event |
| Unleashing the Dogs of (cyber) War | Ed Skoudis | Tuesday, December 11th, 6:30pm - 8:30pm | SANS@Night |
| SANS Technology Institute Open House | Chancellor Toby Gouker | Tuesday, December 11th, 7:15pm - 8:15pm | Special Events |
| Knock-off Phone Forensics -Some Handsets Aren't What They Appear To Be | Heather Mahalik | Tuesday, December 11th, 7:15pm - 8:00pm | SANS@Night |
| SANS Technology Institute Master's Presentation | Jim Horwath | Tuesday, December 11th, 8:15pm - 8:55pm | Special Events |
| Gamification: Hacking Your Brain for Better Learning | Yori Kvitchko | Tuesday, December 11th, 8:30pm - 9:30pm | SANS@Night |
Wednesday, December 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| GIAC Certification Program Overview | Scott Cassity | Wednesday, December 12th, 6:15pm - 7:00pm | Special Events |
| NetWars Tournament of Champions | Ed Skoudis, Yori Kvitchko | Wednesday, December 12th, 6:30pm - 9:30pm | Special Events |
| Why Our Defenses Are Failing Us. One Click is All it Takes... | Bryce Galbraith | Wednesday, December 12th, 7:15pm - 8:15pm | SANS@Night |
| Securing the Kids | Lance Spitzner | Wednesday, December 12th, 7:15pm - 8:15pm | SANS@Night |
| Forensic Campus - "Intelligence-driven Response for Combating the Advanced Persistent Threat". | Mike Cloppert | Wednesday, December 12th, 7:15pm - 8:15pm | SANS@Night |
| Information Assurance Metrics: Practical Steps to Measurement | James Tarala | Wednesday, December 12th, 8:15pm - 9:15pm | SANS@Night |
| Tactical SecOps: A Guide to Precision Security Operations | Kevin Johnson | Wednesday, December 12th, 8:15pm - 9:15pm | SANS@Night |
| Securing the Human | Lance Spitzner | Wednesday, December 12th, 8:15pm - 9:15pm | SANS@Night |
| Forensic Campus - "How memory forensics will help you lose weight and look ten years younger" | Jesse Kornblum | Wednesday, December 12th, 8:15pm - 9:15pm | SANS@Night |
Thursday, December 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| NetWars Tournament of Champions | Ed Skoudis, Yori Kvitchko | Thursday, December 13th, 6:30pm - 9:30pm | Special Events |
| What's New in Server 2012 and Windows 8 | Jason Fossen | Thursday, December 13th, 7:15pm - 8:45pm | SANS@Night |
| Security Onion: One Step Closer to a Safer Network with Almost no Budget | Chris Mohan | Thursday, December 13th, 7:15pm - 8:15pm | SANS@Night |
| SANS Technology Institute Master's Presentation | Michael Hoehl | Thursday, December 13th, 7:15pm - 7:55pm | Special Events |
