A log can be defined as a trace generated by an application, a system or a device capturing information about a specific event that has occurred. Logs can be physical, such as the logs contained in a visitors log book, or more usually electronic, such as web transaction logs, firewall logs, database logs etc. A typical midsized organization will have devices, computer systems and applications generating thousands of logs daily. Logs contain information of varying degree of sensitivity, such as information that needs to be kept confidential and stored securely for a defined number of years with specifc access control restrictions. For this reason logs need to be adequately managed to avoid exposing the organization to information security risks. This seminar address the challenges faced by modern organizations with regards to Log Management, which can be defined as the process of managing the confidentiality, integrity and availability (CIA) of logs in order to comply with business requirements, as well as the requirements imposed by the law, regulations and contractual agreements. In this seminar the author will present a risk-based approach to log management where the use of tools and technologies is only a means to an end and log management is a top down process driven by the company risk evaluation criteria (what is important for the organization) while also knowing which risks are defined as acceptable. The author will also reference tools and technologies which can be readily adopted for cost effective log management.
Mobile Device Management
In today's information economy every person has at least one mobile device, being that a phone, smartphone, a tablet pc, a laptop etc. In a business environment it is not uncommon for people to own multiple such devices, some of them provided by the company for business purposes, some others privately owned by the employee. Mobile devices such as smart phones have become extremely powerful, integrating the computing power and functionalities of small portable computers and, while the use of such devices can increase productivity and revenue, most modern organizations face enormous new challenges. How can an organization control the information stored, processed and communicated through mobile devices, such as corporate emails and sensitive documents? How can an organization draw the boundaries between personal use and business use of mobile devices? How can the information stored on mobile devices be protected from attacks when the user is inside and outside the organizational perimeters? How can an organization manage the risks associated to the use of personal mobile devices, i.e. non-company provided, such as powerful smart mobile phones? Should an organization allow the use of such personal devices? And if so, how can it be best achieved to minimize security risks while maximizing the user experience and well being? In this workshop the author will present a range of strategies that can help modern organizations successfully address the above challenges.
About the Author - Dr. Almerindo Graziano
Almerindo Graziano is the CEO of Silensec, a management consulting, technology services and training company, specialised in information security services. Dr Graziano holds an MSc in Electronic Engineering and a PhD in mobile computer security, both from the University of Naples, Italy. For five years he also been the founder and course Leader for the MSc in Information Systems Security at Sheffield Hallam University, in collaboration with the British Standard Institution (BSI). He has personally authored a number of training courses from ethical hacking to intrusion detection, along with the ISO27001 Lead Implementer certification course offered by BSI worldwide. He has consulted in formation security for private and government organisations across Europe, Africa and Middle East. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor.