 |
|
|
|
| |
| Home > Event Details |
| |
 |
| Event Name |
Quantitative Assessment of IT Controls - CPE Program in August |
| Event Details |
As professionals who work in the area of IT Control assurance, we are often faced with the following questions when finalizing the response as part of the ECA process:
• When you say you are satisfied with controls, you making a position-in-time observation; so, how much can your assertion satisfy governance requirements along a long time-line? What is the conceptual justification to extrapolation and how much of it can be proved mathematically?
• Do we distinguish between operational assurance and life cycle assurance? If yes, what weightage is assigned to each? Will these weightages vary from system to system and is there a time dimension variation to the weightages being assigned?
• Is the time of detecting a control violation relevant? Or should the focus confine itself to the detection process efficacy?
• Can we have a quantitative process to monitor and measure control effectiveness – both operational and life cycle?
• Can we quantify the cost of delayed measurement of control violations? Can we attach a value to the degree of delays in measurement?
• How reliably can we know when the losses are about to exceed the acceptable risk bar?
• Is the timing of losses crossing the risk bar detectable and if so, in what time frame?
A study of contemporary literature on this subject and understanding of various recognized practice paths in this area point to the need for some structured study in this area. Valiant, in association with ISCCRF (a not-for-profit trust involved in research into information security and cyber crime related areas) has embarked on an attempt to build a quantitative model that will attempt to address some; if not all of the questions raised above.
The presentation will discuss the summary of some of the studies and attempts undertaken globally to address the above questions and also present Valiant’s approach to these issues.
|
| Date & Time |
26 August 2008 , 19:30
to 21:30 |
| Venue |
College of Banking and Financial Studies, Bausher |
| Speaker |
Dr K Rama Subramaniam |
| Speaker Details |
Dr K Rama Subramaniam is director & CEO of Valiant Technologies Pvt. Ltd. He has been an Information Security Consultant, trainer and educator for over two decades. He has trained experts in many Information Security domains across Gulf nations, India, Far East and Africa. He is a consultant to a number of organizations in the commercial, government, armed forces, and Judiciary and law enforcement segments in these countries.
He serves as India’s country representative at International Federation of Information Processing (IFIP); serving on their Technical Committee TC-11 dealing with information security. He is current Chairman of ISCCRF, a not for profit trust carrying out research in cyber crime management.
His current research and development interests cover techno-legal processes for data security and privacy. He was invited by ENISA, the European Union agency for Information Security to speak the EU security experts who had gathered in Athens in Nov 2006, on the need for and process to guarantee data privacy in the Indian ITES business. He had chaired a technical session at the World Criminology Congress in Stockholm in June 2006 where he called for a revisit of the criminal justice system in the light of growing violations to information privacy.
He served earlier as Global Chair of the Education awareness Principles Expert Group of Globally Accepted Information Security Principles (GAISP), based in the United State and is former Global Chair of the Accreditation Process Committee of Open Information Systems Security Group (OISSG), based in the UK where he established their certification and accreditation processes. He is the charter President of the first chapter of ISSA (Information Systems Security Association) in Asia and served on the boards of Dubai and Chennai Chapters of ISACA.
|
| Download Attachment |
|
|
|
|
