September 2004
 Central Maryland ISACA Chapter 
Monthly Meeting

Presentation: You have security policies, but are you following them?  For many organizations the answer is "not sure."  Security policies play a critical role in today's online economy.  The increase in Internet attacks, viruses, worms, and internal security incidents along with new regulatory compliance requirements has caused organizations to focus more attention and resources on their security policies.  However, once a policy is developed and approved, most organizations do not have a consistent way to implement it across their IT infrastructure and measure if their IT infrastructure is in compliance with their security policy.  In this session we'll discuss how an approach to integrated security policy management can enable you to quickly measure, report and demonstrate IT infrastructure compliance against your established security policies in a consistent manner across your enterprise.  Our discussion will include:

* Security policy management leading practices
* The impact of regulatory compliance on security policy
* Case study examples from major corporations that have automated the policy management process
* How policy compliance data can be correlated with security event data to enable faster containment and eradication of threats. 

SPEAKER PROFILE: 

Speaker:  Mr. Aiello is the Director leading PricewaterhouseCoopers' Security & Privacy team in the Mid-Atlantic. He has more than eleven years of experience as an information security professional, specializing in Threat and Vulnerability Management.  He has extensive security consulting experience encompassing the IT security lifecycle of assessment, design, implementation, and operation of information security programs and systems. He has managed numerous engagements for Fortune 500 companies and other private sector organizations, as well as large Federal government entities.