Most organisations have a consistent need for adjusting to changing market conditions and new customer demands if they want to survive in the long run. As business objectives and priorities are being adjusted as in response to the market, organisations need to adapt and fine tune their business capabilities, including their security services. Security service gaps need to be identified and immature services need to be optimised, in order to survive the constant battle for supremacy.
From a security perspective, one of the challenges for organisations often appears to be that they have immature processes in place to quickly adjust their business, including their security services. While SABSA provides a mature methodology for the delivery of security architecture, organisations often struggle to implement a framework around it that optimises the delivery process itself. Further tools and processes need to be developed to address this issue and assist organisations in maturing and adjusting their security services faster and in a more efficient way. One of these tools could be security capability model that complements the idea of a security service catalogue by providing a pre-defined security service taxonomy through the definition of meaningful security capability domains.
In this session we will be looking at a an organisation independent security capability model that defines a well-structured set of security capability domains and associated security capabilities. This model, as part of an Enterprise Security Architecture Framework, can assist larger organisations in more systematically assessing, communicating and transforming their security services landscape. The presented security capability model is based on experience gained through the implementation of similar models at various organisations across different industries. It has also been analysed against various control frameworks and their grouping of controls, which we also touch on.
At the end of this session, participants should be able to understand the value of such a reference model and how it can be utilised within an organisation.
The key takeaway from this session will hopefully be a new viewpoint of looking at the importance of security governing structures when faced with the challenge of more systematically and efficiently maturing an organisations security architecture service landscape.
1 hours, based on the assumption you have signed the attendance sheet when attending
Registration and Admittance
- Due to our sponsoring partner’s facilities, access requirements and for catering purposes, we request that you register for this event to ensure you are able to attend.
- Registration to this session is open and free of charge to all current and prospective ISACA members.
- If you registering please do attend, this is very important for the Chapter and the Sponsors.
- A registration door prize will be drawn from the list of duly registered attendees
|· 5.30pm – Registration and session sign-in – required to receive applicable CPE credits
· 6:00pm – START – Welcome, Introductions, Agenda
· 6:05pm – Monthly PD Session, Questions & Answers
· 6:50pm – The Soapbox – Chapter Updates, Announcements and Issues of interest to members
· 7:00pm – 15min Topic presentation
· 7:15pm – Networking opportunity – drinks and finger food to be served
· 8.00pm – Event Ends
About the Speaker
|Andreas E. Dannert,
Enterprise Security Architect at nbn
Andreas is an Enterprise Security Architect for Australia’s national broadband network (nbn), which is a government owned enterprise. At nbn he is responsible for defining nbn’s Security Strategy and Roadmap across the organisation.
Prior to nbn, Andreas has worked for Deloitte and HSBC in the role of Enterprise Security Architect, developing Enterprise Security Architecture Frameworks and Enterprise Security Architecture solutions.
In addition to his work at nbn, Andreas is currently the Research Director on the ISACA Melbourne Chapter board and an industry advisor to various organisations, like the Victorian’s Government Box Hill Institute and the Security Architecture Working Group of the IoT Alliance Australia. He is also running monthly workshops for security architects in Melbourne that allow attendees to explore ideas and challenges they face when developing and implementing security architecture solutions.
Before working for nbn and Deloitte, Andreas has worked eleven years for Accenture, with clients in Europe, Asia and Australia, delivering and providing training in Technical Architecture to various clients across different industries.
Andreas holds a Master of Computer Science degree from the Technical University of Berlin/Germany, is a Certified Information Systems Auditor (CISA), GIAC Security Essentials certified (GSEC exp.), ITIL Foundation certified, and a SABSA certified (SCF) professional.