LSEC - Leaders in Security

In 2008, LSEC organized a seminar on Information Security Management Standards and the impact and interest for organizations interested in applying those. Two years later, we would like to understand what the current level of expertise, typical organizational structure, challenges, facilities and interests are of organizations, both enterprise and government in managing information security.

Security Management Seminar 2010

The aim for this seminar was not only to understand the current market situation, by means of best practices and real cases; but also in an attempt to find sufficient expertise to demonstrate the level of professionalism in this domain, and to present to companies and people challenged with the day to day operations a further guidance to professionalize their activities.

By means of presentations on IT and Information Security Management, a panel with respective CSO-CISO-CIO explaining their professional experiences, presentations on best practice guides and standards, cases and discussions; we had liked to gather an indication of the situation in Belgium.
Simultaneously, we are planning an industry-wide survey on the current market situation in Belgium on the responsibilities of Security within organizations.

This seminar “Security Management in 2010 – A Day On Security Management” offered the opportunity to listen to expert presentations, participate in panel discussions, sharing your expertise with peers , or any other type of witness, … during ,

Some of the following topics have been highlighted:
- Information Security Management, a good practice
- Information and IT Security, part of Risk Management, Information Management, Security Management, or an expert practice
- Panel discussion with CIO’s, CISO’s and CSO’s : the search for the white rabbet
- The CISO/IT Security Manager in Belgium and abroad
- The typical Information Security Organization
- A budgetary approach to Security Management
- Good Cop – Bad Cop : Security Manager – Audit & Controller : who’s who
- In- or Out? Should IT & Information Security Management
- Theory & Practice : Risk-IT, ISO27000, …
- …

Final Program

9.00 : Welcome & Registration

9.45 : Opening Notes & Introduction by Ulrich Seldeslachts, CEO LSEC

10.00 :  Six lessons learned for effective security management, by Ward Duchamps - Vinti-Q
A collection of best practices from more than 10 years experience in the field on security management, collected in 45 minutes.

Or visit : http://sixlessons.vinti-q.com/

Abstract : Despite all standardization efforts, Information Security Management remains - just like any other management discipline - a subjective matter. In this presentation Ward will reflect on some lessons learned that he collected during 10 years of field experience. Starting from “the art of getting things done through people”, this session puts business, people, standards and daily operations in a cohesive perspective that may inspire security practitioners to think about their management approach.

About : Ward is cofounder of VintiQ, a new company of senior security consultants that specialize in convincing the C-suite and business leaders to think positively about the risks related to information processing. With his in depth specialist knowledge combined with management capabilities and business insight he enabled several blue chip companies to manage information security in an effective and efficient manner. Ward is certified as CISM, CISSP, CISA, CGEIT and ISO27001 Lead Auditor. He holds a Master in Engineering and is in the process of obtaining the degree of MSc Information Security at the Royal Holloway University of London

11.00 : Risk-IT and COBIT in practice, by Dirk Steuperaert - IT In Balance

Abstract: Risk IT provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. Risk IT is a framework based on a set of guiding principles for effective management of IT risk. The framework complements COBIT, a comprehensive framework for the governance and control of business-driven, IT-based solutions and services.

While COBIT provides a set of controls to mitigate IT risk, Risk IT provides a framework for enterprises to identify, govern and manage IT risk. Simply put, COBIT provides the means of risk management; Risk IT provides the ends. Enterprises who have adopted (or are planning to adopt) COBIT as their IT governance framework can use Risk IT to enhance risk management.

Being one of the authors of both COBIT and Risk-IT, Dirk was also part of the Development Team of the “Risk IT Practitioner Guide”, a 135p guide published in 2009 on Risk Universe, Appetite and Tolerance;
Risk Awareness, Communication and Reporting; Expressing and Describing Risk, Risk Scenarios; Risk Responses and Prioritisation; Using COBIT® and Val ITTM

With all of this background and his personal experiences as both auditor and guiding companies in their efforts on implementing COBIT and Risk IT, Dirk is a unique expert in Belgium.

About : Dirk is Managing Director of IT In Balance BVBA, - delivering consulting services on IT Governance issues, focussing on COBIT and related frameworks, and including COBIT related training.
Dirk used to be steering committee member for COBIT within ISACA, the association for the development, adoption and use of globally accepted industry-leading knowledge and practices for information systems. He provided consulting support to ISACA as project manager of the development team for the new Risk IT framework and is currently performing a similar role for the new COBIT® 5.0 research initiative. Since 1997, Dirk has been active within PricewaterhouseCoopers (PwC), as a Director responsible for IT governance services. Earlier, Dirk has worked with ING and SWIFT, as engineer and IT auditor. Dirk has been studying Electronics Engineering at the university of Ghent and mastered in Computer Auditing at the Management School of the Antwerp University.

12.00 : Sandwich Lunch, snacks soft drinks & Coffee

13.00 : Security Management, a challenging metier?, by Olaf Jonkers, Belgacom ICT - Telindus

Abstract : Security Management is without a doubt a challenging “métier”, where different areas of conflict come together. In different market segments, the challenges seem to be different from a business point of view, whereas the IT-service implications often boil down to quite similar issues and solutions. From their longstanding IT-Service outsourcing contracts Belgacom provides insights on these issues, and how contractual obligations are enforced throughout an IT-Service catalogue and towards subcontractors. For this presentation, Security Managers from these contracts provided their insights, issues and solutions in order to manage security across an ICT Services Catalogue, and a complex delivery organisation

About : Olaf has been active in the field of Information and ICT Security for over 12 years. His roots lie within the field of PKI and cryptography, but his knowledge also covers network-specific as well as system-based security technology and tools. The processes governing the management of information security, including risk assessment methods, have been the centerpoint of the more recent years at Belgacom ICT, where he worked as a business consultant, focussing on ICT / information Security.”

14.00 : Information Security Governance in Practice, by Peter Houtmeyers - Consultant, TITANS Consulting

Abstract: Peter will be focusing on using the ISO 27000 family of standards to guide us through ways of governing Information Security in practice. From the various drivers to the choice of a good standard, understanding the changing shift in Information Security and by showing some concrete case examples on how to get to real implementations. He will walk us through the different steps of assessment, choice, implementation, certification up until audit, a practical guide for future Information Security Management practitioners.
About : Peter is a highly qualified senior level Information Security and Security Governance expert holding various certifications, including CISSP, CISA, CISM, CGEIT and ISO 27001Lead Auditor. After his career as an information security specialist at a leading inter-banking and financial telecommunications company, Peter joined as a senior security advisor in a distinguished security consultancy company in which he gained a considerable amount of experience in Incident Response Management, Compliance Auditing, Information Security Policy Implementation and the development and implementation of Corporate Security Governance frameworks. As an Information Security Advisor Peter was active as an advisor and consultant in the Information Security Governance practice, mainly delivering professional services for governmental, military, financial companies and automotive institutions on Information Security Management related projects. With a bachelor’s degree in informatics, Peter applies a structured and methodological approach in combination with clear and direct communication to deliver pragmatic high-quality results in line with client expectations. Peter lectures at various business schools and institutions in Belgium such as UAMS, Solvay Brussels School of Economics and Management and ISACA. In his spare time, Peter is a basketball enthusiast, and loves books related to IT and security. Prior to joining Branswijck, Peter had worked with ACROSS Technology as Principal Consultant, at Belgacom ICT - Telindus as Senior Consultant Information Security and as Senior Security Advisor with Uniskill. Prior to that, Peter was Security Administrator at SWIFT.

15.00 : Coffee Break

15.30 : Practical Experiences with implementing Security Management, Pierre Dewez, Devoteam

About : Married and happy father of four children, active in the field of information technologies for 13 years and member of the executive board of directors within Devoteam Belgium for global security and education related matters, Pierre has been Lead Auditor for management systems (quality, information security, IT service management and business continuity) and advisor in IT risk management for many financial, insurance or service delivery companies in Belgium and abroad (Germany, France, Luxembourg, Netherlands, Canada). Member of the Belgian federation of the technological enterprises (Agoria) and the JTC1/sc27 sub-committee, Pierre takes part as an international ITSMS, ISMS and risk management expert while contributing to the elaboration of recommendations intended to improve the contents and the relevance as of these international standards (ISO 20000, ISO 27001, BS 25999, ...) towards the market. Trainer and author of various articles and operational support tools relating to the information security audit and the IT service management, Pierre collaborates with other international trainers to the continuous improvement of the courses contents, audit activities and seminars associated with these practices around Europe and Canada.

16.15 : Panel discussion : the role of the Security Manager, CSIO and CSO in 2010

17.00 : Closing Notes

17.30 : Reception & Networking

18.30 : Special Evening activity : The future of internet networks and security by Nir Zuk, CTO PaloAltoNetworks

20.30 : Close of Seminar

Practical Details

Monday, October 25th 2010.

Day Seminar, from 9 am onwards, with closing special event from 17.30h onwards.
SAP Lounge, Vilvoorde
Participation : free to attend, if registered prior to October 20th. Afterwards : 150 € (excl vat) participation fee or cancellation fee. Free to attend for LSEC, VICTOR, EEMA, AGORIA, ISACA, ISSA, TeleTrusT, Systematic & SITC Members.