Risk-Based Approach to IT Infrastructure Security & Control Assessments

Session Highlights 

Key information security governance controls, including a risk-based approach to design, operation and assessment of security and controls are critical to ensuring that an organization’s information assets are adequately protected to prevent compromise.  

This session will discuss a risk-based approach to assessment of security and control in the following areas:

  •  Configuration Management Controls
  •  Security Configuration Standards
  •  Build Processes 
  •  Patch and Change Management Processes
  •  Security Event Monitoring 
  •  Vulnerability Assessment & Management
  •  Security Compliance Processes


1. IT Infrastructure Risk & Control

  • Information Security Governance

  • Security Policy and Standards Framework

  • Mapping IT Infrastructure to Application Systems and Business Processes

  • Security Architecture & Design

  • Risk Assessment Processes

  • Threat and Vulnerability Management

  • Security Compliance Processes

  • Key Security Metrics  

2. Security Standards and Baselines

  • Key Baselines and Security Configuration Standards

3. Security Compliance Process and Control Assessment

  1. Assessment Methodologies and Approaches

  2. Key Assessment Tools

  3. Results Reporting and Management  


    The approach to building risk profiles, key controls and assessment methodologies will be discussed   and applied to the following technology environments:

    1. Virtualization Security

         - E.g. VMware

   2. Operating System Security

        - E.g. Windows Server, Linux

   3. Database Security

       - E.g. Oracle, SQL Server

    4. Network Security

        - Network Perimeter, Firewalls


Speaker Profile:

John Tannahill, CA, CISM, CGEIT, CRISC, CSXP

John is a management consultant specializing in information security and audit services.

His current focus is on security and control in large information systems environments and networks. Specific areas of technical expertise include Windows and Linux operating system security, network security, database security and cybersecurity.

John is a frequent speaker in Canada, USA, Europe, Africa and Asia on the subject of Information Security.  He is a member of the Institute of Chartered Accountants of Scotland.

Date & Time: Nov 15, 2018 08:30 AM to
Nov 15, 2018 04:00 PM
[America/Toronto UTC -5]


Add to my Calendar
Location: Holiday Inn (Kitchener)
30 Fairway Road S
Kitchener ON

Get Driving Directions
Registration Closes: Nov 14, 2018 05:00 PM

Event Coordinator:

Admin Support
 Registration Fees
Member Price
Registration Fee  
Non-member Price
Registration Fee  

Registration is now closed.


Powered By