|
|
Security Incident Management or Incident Response? CFOs, CIOs, CTOs and their staffs and consultants can always be better prepared for the inevitable “computer incident.” Rather than responding to a break-in, companies are better off if they manage the way they respond to incidents. Using a fire fighting versus fire detection and prevention analogy, an Oct. 14 continuing professional education morning presentation organized by the New York State Society of CPAs’ Technology Assurance Committee will focus on the elements of incident management and how it differs from incident response. The session will address the definition and characteristics of an incident, such as loss prevention issues, violations of policy, malicious code, intrusions and attacks. While each of these incidents has unique containment and recovery procedures, there are some commonalities and best practices that can be leveraged regardless of the size of the organization and the types of technology in place. The session also will cover some of the tools, processes and strategies that can be applied for preventing, detecting and assessing an incident. It will conclude with best practices for implementing a successful incident management program within small, medium- and large-sized organizations. Recent incidents and case studies from a variety of industries and organization types will be reviewed to illustrate how an incident management approach impacts the outcome or extent of the fire. Date:
Tuesday, Oct. 14 About the Presenter Christine M. Orshesky has more than 14 years of information technology and security experience. Her extensive security background includes working as a senior virus response manager for the U.S. Department of Defense, as a lead information security engineer for Lockheed Martin and the MITRE Corporation, and as a computer scientist for the Federal Bureau of Investigation. She currently is a managing consultant in security practice at Greenwich Technology Partners in New York City. Ms. Orshesky supports Global 2000 companies in security policy and procedure development for their incident management and security programs. She is a recognized name in the security industry through publications and participation in international information security conferences. Ms. Orshesky can be reached at corshesky@greenwichtech.com. Additional Information This NYSSCPA/Foundation for Accounting Education (FAE) CPE morning presentation is free to NYSSCPA members and $15.00 for nonmembers to qualify for one hour of CPE credit. At the session you will get the chance to network with the profession’s and the industry’s IT leaders. Advance registration is encouraged, because seating is limited. For additional information, contact Gary E. Carpenter at 315-487-4567 or gcarpenter-cit@worldnet.att.net or Bruce H. Nearon at 973-403-6955 or bnearon@jhcohn.com. For more information on the Technology Assurance Committee, visit www.nysscpa.org, click on the Find Committees tab on the left-hand side of the page and then scroll down to the Technology Assurance Committee link. Registration To register: contact FAE at 212-719-8383 or 800-537-3635 or visit the Society’s website at www.nysscpa.org (you will need your Society member number to register). Go to the Technology Assurance Committee homepage and select “10/14/03-Security Incident Management or Incident Response?” located under the Free IT CPE banner. Acknowledgments J.H. Cohn LLP and Carpenter Information Technologies, Inc., helped provide the funding and resources for the continental breakfast, marketing and publicity, and administration of this event. Bruce H. Nearon is a past chairman of the NYSSCPA Technology Assurance Committee and is director of IT security audit for J.H. Cohn LLP. |
Print