ISSA Chicago - September 2022 Chapter Meeting

6111 N. River Road,Rosemont IL 60018

15 September, 2022

Description

Talk Title: Writing Cybersecurity Policies: You Don't Have to be Michael Jordan Abstract: Cybersecurity policies are often viewed as the pinnacle of what a mature business represents. They are often created and pushed out during late-stage development because of how much time and emphasis must be given to them. This is a fallacy; mainly due to the fact that when you are looking at people, process, and tools, the process comes before tools. You won’t know what tools you need until you outline and agree on a set of processes, which are dictated by policy. In addition to the word policy, there are standards, guidelines, regulations, procedures, controls, control objectives, metrics, influences, risks, and regulations...It's no wonder smaller shops are completely lost!In this talk, we will start off by working through the terminology together and then walk through the hierarchy of how they connect. With that out of the way, we can now discuss how you do not have to "Be Like Mike" (Michael Jordan) when writing policy. Too often, we are scared to implement something unless we can perfect it on the first round. Policies are a continual maturation process. Simply getting some basics down counts as a written policy! In this talk, we will go over how you can get started immediately after Blue Team Con, on Monday, with writing your corporate cybersecurity policy. About Speaker: Frank McGovern is a Cybersecurity Advisor, Mentor, & Trainer for the US Marine Corps Cyber Auxiliary ·Frank is a cybersecurity focused professional with more than a decade of experience in Fortune 100s implementing ground-up cybersecurity technologies, processes, and initiatives including: Information Security Strategies, Enterprise Risk Management, Education and Awareness, Vulnerability Management, Policies and Procedures, Compliance and Audit, Architectural Design and Incident Response Frank believes in high-performing and fast-moving teams that hit the ground running and allow organizations to thrive in the midst of risks. He focuses on shifting the minds of everyone around him to take security to heart and implement it in their workflows. Frank has a professional and personal dedication to cybersecurity. More on Frank is here: https://www.linkedin.com/in/frankmcgovern/ and https://twitter.com/FrankMcG