Topic: IT Assurance Across System Boundaries
IT administrators and security experts face a daunting challenge assuring information security and privacy across numerous interconnected systems, many of which they may not exercise authority over. These integrated entities, such as vendor applications and industrial control systems, are housed both on-premise and in the cloud. In this presentation, David will outline the challenge of providing security assurance across system boundaries, show some examples of breaches across system boundaries, and explore risk management techniques for dealing with this seemingly intractable problem.
Speaker: David Trepp, M.S., Partner, IT Assurance
A technology entrepreneur since 1989, David has led over 1,300 comprehensive information security penetration test engagements for satisfied customers across all major industries throughout the United States and abroad. He has given dozens of presentations to audiences nationwide, on a variety of information security topics. David, a US Army veteran, is founder and CEO of Info@Risk (now BPM), a leading comprehensive penetration test firm. David has worked in information security with banking, law enforcement, government, healthcare, utilities, and commercial organizations since 1998. When not at work testing security controls, David exercises his risk management skills as an avid rock climber and long-distance cyclist.
About BPM: Our Member Meeting Sponsor!
The BPM Information Security Assessment team (formerly Info@Risk), has worked with all types of organizations throughout the United States. A large percentage of the Information Security Assessment team’s clients are repeat customers, with many of our relationships stretching back nearly to our beginning in 1998. We attribute these enduring relationships to three facts:
- our clients value the depth and comprehensive quality of our work
- our clients recognize that to truly manage risk, an unbiased assessment and remediation plan are a priority when choosing a vendor
- our clients seek a partnership with their impartial assessment vendor to guide them in making informed, risk-based decisions for their organization
BPM’s Information Security Assessment team provides thorough and comprehensive information security assessments so they can make informed, confident risk-based decisions best suited for their organization. We are proud of the work we have done and are confident our references will support this pride.
Our assessment-focused services include:
- Comprehensive Penetration Test
- Targeted Application Penetration Test: Web/Mobile/Client-Server
- Targeted Wireless Penetration Test
- Stand-Alone Penetration Test, e.g. email Test, Social Engineering Test, Physical Security Test, etc.
- Password Audit
- Firewall Ruleset Review
- Configuration Review
- Vulnerability Assessment
- Infosec Program Review
- IT General Controls Audit
- Infosec Risk Assessment
- Infosec Training
- Social Engineering Awareness