Seattle University, Engineering Building, Room 304
9/8/2008
6:00p to 8:00p
Outsourcing any or all of your organization’s security functions can be a tough but necessary business decision. The impacts of outsourcing even a "small" security function, however, are often far-reaching and can have negative consequences if not properly planned for. In addition, when you do outsource your security, are you prepared to answer the inevitable question from your auditors: "How do you justify outsourcing this security function?" Kip Boyle will share his lessons learned—both good and bad—from outsourcing security on many occasions in his role as Chief Security Officer for several organizations. Marc Menninger will look at the issue from the perspective of the solution provider and share with you the tips you need to know to protect your organization when you outsource security. This session will cover: - How to plan the implementation process and determine its impact
- How to control and manage the outsourced security function
- How to derive and monitor security vendor service metrics
- How to evaluate a managed security services provider or professional services company
- Why you need a written Outsourcing Policy and what it should look like
- What you need to include in your vendor Service Level Agreements (SLAs)
If you currently outsource any of your security functions you’ll get helpful suggestions for ensuring that the relationship with your current vendor is as successful as possible. If you aren’t outsourcing security yet, you will walk away with useful knowledge to apply when your organization considers making that important decision. PRESENTERS:
Kip Boyle is the Chief Information Security Officer for PEMCO Insurance. His extensive InfoSec background began in 1992 when he was charged with protecting classified information related to the US Air Force’s "Combat Archer" air-to-air weapons testing program and later for the F-22 Advanced Tactical Fighter. His areas of expertise include security architecture and strategy, network infrastructure protection, applied encryption, systems integration, and project management. Kip is a Certified Information System Security Professional (CISSP) and Certified Information Security Manager (CISM). He holds a BS in Computer Information Systems from the University of Tampa and an MS in Management from Troy State University. Marc Menninger is the Security Manager for PEMCO Corporation in Seattle, WA. Prior to joining PEMCO Corporation, Marc was a Vice President in the Corporate Information Security department of Washington Mutual. Before Washington Mutual, Marc’s career included roles as a network and information security consultant, network administrator and help desk supervisor. He also served as a Computer and Communications Officer in the United States Air Force. Marc has been a speaker at numerous conferences and seminars, has written several Cisco white papers and contributed to a published study guide for Cisco certification. He received his Bachelor's degree in Mathematics from the University of Tampa in 1991 and has been a CISSP since 2000. |
|
