IS Risk Management Framework Workshop Outline
Date: Thursday, November 24th, 2016
Location: MoTC Building, Al Nasr Tower B, 3rd Floor Training Room
Time: 9:00 AM – 12:00 PM (3 Hours)
Mr. Ashraf Ismael - CS Information Assurance Section Head
Mr. Zouheir Abdallah - CS Sr. Risk Specialist
Arabic & English
Who Should attend:
· IS/IT Security Managers and Auditors
· Governance Risk & Compliance Managers
· CIO/IT Managers
· Business Managers (Process Owners)
· System and Information Owners
· Learn the detailed steps for the activities to be followed to implement the Information Security Risk Management framework and procedure
· Understand your role and responsibilities with regard to information security risk management
· Practice concepts and tools
· Risk Management & Information Security (IS) Risk Management
· Why and How to manage IS Risk
· Information Security Risk Management (ISRM) Framework
· IS Risk Governance
· Roles & Responsibilities
· Approach & Worked Example
Participants will gain knowledge in the following
· Visibility to IS risks / opportunities
· Compliance with regulatory requirements
· Identify critical information assets
· Reduces frequency & magnitude of IS incidents
· Raise awareness about information security risks & make more informed decisions
· Increase the level of trust from customers and shareholders
· Drive business continuity planning & Demonstrate good corporate governance
Application Security for Managers by SecureNinja
As an initiative to equip organizations to keep their technology infrastructure secure, The Ministry of Transport and Communications cordially invites IT professionals in Qatar to register for the upcoming Application Security for Managers course to be conducted by SecureNinja. The 2 days course arms managers with the knowledge necessary to make effective, risk-based decisions about application projects that balance business needs with security requirements..
Shadow Brokers and Cisco Systems [Advisory]
Body:A mysterious group named "The Shadow Brokers" compromised a group named "Equation Group", a hacking group believed to be a NSA offshoot for a long time. They have publicly released exploits developed by them. Some of the exploits have been made available free as a Proof and the others believed to be of high value are available on an auction. One of the multiple vendors that has been impacted by this disclosure is Cisco, which is globally deployed on a large scale. 1 The following advisory is aimed to study how Cisco was affected by "The Shadow Brokers". Two main products were targeted, Cisco ASA and legacy Cisco PIX firewalls.
OpenSSL Security Advisory [DROWN]
Body:DROWN is a vulnerability that affects HTTPS, and associated services like browsing the internet, mail, Instant messages that rely on SSL/TLS.
DROWN allows attackers to decrypt the communication and steal sensitive information like passwords, financial data, emails, Instant messages, and credit card numbers.
Guidelines for Securing Social Media Accounts v1.0
Social networks / media is an organization’s identity in the virtual world. This social identity is very much linked to its corporate public image and needs to be protected as much in the virtual world as in the real world. The social media account if not secured may open a floodgate to compromising and maligning your corporate public image. This document provides mitigation advice and security controls to help reduce threats such as unauthorized access as well as steps to follow in order to retrieve a stolen account.