If we've learned anything from the past couple of years, it's that security flaws are inevitable. Systems break, vulnerabilities are reported, and still many people believe they will not be hit or they put their faith in the next product, or the next upgrade, or the next patch. "This time it's secure." they say. So far, it hasn't been.
Security does not end with buying, installing, and configuring the best products in the industry today. It requires a clear framework or methodology that involves people, products, and processes.
Products provide some protection, but the only way to effectively do business in an insecure digital world is to put processes and policies in place that recognize the inherent insecurity in the products. The trick is to reduce your risk of exposure regardless of the products or patches.
Security processes are how you avoid risk. Just as businesses use the processes of double-entry bookkeeping, internal audits, and external audits to secure their financials, businesses need to use a series of security processes to protect their networks.
Security processes/policies are not a replacement for products; It's about using security products effectively. They can help mitigate the risks. Network security products will have flaws; processes are necessary to catch attackers exploiting those flaws, and to fix the flaws once they become public. Insider attacks will occur; processes are necessary to detect the attacks, repair the damages, and prosecute the attackers. Large system wide flaws will compromise entire products and services; processes are necessary to recover from the compromise and stay in business.
POWERTIPS 2006 will dwell more on this process by presenting the "Security Secrets and Strategies" conference on March 16, 2006 at Dusit Hotel Makati. While most conferences and events focus on products - its features and functionalities. The POWERTIPS Security conference will focus on what's more essential - the processes involved in an IT Security Methodology or Framework.
The speakers mostly certified security experts and engineers will discuss and share new, proven and effective worldwide accepted security processes and policy that will help companies define clear procedures, guidelines and practices for configuring and managing security in your environment.
The Powertips Security Secrets and Strategies conference is supported by the International Information Systems Security Certification Consortium, Inc., or (ISC)². The very FIRST local seminar supported by the said group. CPE points will be awarded to all CISSPs attending the seminar. (ISC)² is a non-profit organization, incorporated in the Commonwealth of Massachusetts, based in Palm Harbor, Florida that promotes the CISSP exam as an aid to evaluating personnel performing information security functions and to share knowledge and communication amongst certified information system security professionals.
The Powertips Security Secrets and Strategies conference will be the venue for the launching of the Philippine's Certified Information Systems Security Professionals Users Group called "PH-CISSP". Officers of the new group will be inducted on the day of the event by a senior representative from (ISC)².
Knowing the threats, processes and available solutions is the best way to fight security concerns. Learn them all in Powertips "Security Secrets and Strategies" conference.
