Atlantic City, NJ (PRWEB) July 13, 2008
Speaking to a diverse audience of government Information Technology professionals, Pivot Point Security (http://www.pivotpointsecurity.com) Principal Enterprise Security Consultant John Verry (CISA) joked, "The title wasn't my idea. In the hundreds of control environments we've done assessments in, I have yet to see an environment where information security has been 'mastered'." Mr. Verry spoke about the unique challenges in Information Security that governmental entities face.
Co-presenter Mark Kretchmer from Metropolitan Technologies, a company that specializes in physical security, complimented GMIS' decision to represent the issues that government security faces from both perspectives--physical and logical, "I think it is great that GMIS is addressing the issues that government security personnel face from a holistic perspective, covering everything from the front door all the way to the innermost areas of the datacenter."
Tapping into his experience of 20 years in IT and over 7 focused exclusively on IT Security, Mr. Verry's presentation offered practical guidance on reducing the complexity of meeting the myriad of regulatory compliance challenges such as the Payment Card Industry Data Security Standard and relevant Identity Theft Prevention laws.
Michael Esolda, CIO of Woodbridge Township, NJ and NJ GMIS Chapter President stated, "John and his team are well versed in helping government entities develop security environments and policies that are enforceable, manageable, and most of all, appropriate to the organization's specific needs. We thought they would be an ideal fit to speak on this subject."
Verry's 40 minute talk began with the evolution of the definition of information security and then moved into the challenges of this complex issue and wrapped up with a summary of the pressing issues that public sector entities face as well as a simplified approach that can be leveraged in the government sector to focus resources on the highest risk areas in a shorter time frame than conventional approaches.
Verry also spoke about a number of free resources for government professionals to better understand vulnerability, including the Nessus vulnerability scanner, SANS Top 20 and the Open Web Application Security Project (OWASP). In addition to understanding vulnerabilities, Verry stressed the importance of acquiring guidance on controls over the ongoing development of security policy and procedure; in relation to this, he cited the ISO 27001/27002 set of good information security practices as well as the Control Objectives for Information Technology (COBIT) framework and the National Institute of Standards (NIST) Special Publication (SP) 800-37 Federal guidelines on the certification and accreditation of systems.
Following the resource review and wrap up, Mr. Verry fielded numerous questions from the live audience and engaged in offline conversations with individuals after the session had concluded.
About Pivot Point Security:
Point Security is a boutique Information Security firm uniquely focused on helping organizations reduce Information Technology risk and achieve compliance with laws and regulations through a combination of Information Technology controls auditing, Ethical Hacking, & Security Information Event Management.
Robert Nolan, Director of Sales & Marketing
Pivot Point Security
888-748-6876 ext. 321