 |
|
|
TOPIC: UNDERSTANDING FACILITATED RISK ANALYSIS PROCESS (FRAP) AND SECURITY POLICIES FOR OUR
ORGANISATION
Tom Peltier offered us valuable insights on the common sense of risk assessment. Using FRAP, he brought us through examples
after examples of fallacies that occur in security departments all over the world. So you think you need a PKI infrastructure.
You need an IDS. You need a biometric system. Think again. Think FRAP! Many thanks to Justin for sharing his "war stories"
too!
Tom's Presentation slides!
Photos taken during the event!
- Tom Peltier
Tom Peltier is in his fourth decade of computer technology. During this time he has shared his
experiences with follow professionals and because
of his work has been given the 1993 Computer Security Institutes's (CSI) Lifetime Achievement Award.
In 1999 the Information Systems Security
Association (ISSA) bestowed its Individual Contribution to the Profession Award and in 2001 he was
inducted into the ISSA Hall of Fame. Tom was
also awarded the CSI Lifetime Emeritus Membership Award. He began his career five decades as an
operator, an applications programmer and systems
programmer, systems analyst and information systems security officer. Currently he is the President of
Peltier & Associates, an information
security training firm. Prior to this he was Director of Policies and Administration for the
Netigys's
Global Security Practice. Tom was the
National Director for Consulting Services for CyberSafe Corporation, the Corporate Information
Protection Coordinator for Detroit Edison. This
program has been recognized for excellence in the field of computer and information security by
winning the Computer Security Institutess
Information Security Program of the Year for 1996. Tom previously was the Information Security
Specialist for General Motors Corporation.
Responsible for implementing an information security program for GM's worldwide activities.
Over the past decade, Tom has averaged 4 articles published a year on various computer and
information
security issues, including developing
policies and procedures, disaster recovery planning, copyright compliance, virus management and
security controls. He has had four books published:
Policies, Standards, Guidelines and Procedures: Information Security Risk Analysis: Information System
Security Policies and Procedures: A
Practitioners' Reference; The Complete Manual of Policies and Procedures for Data Security and is the
co-editor and contributing author for the
CISSP Prep for Success Handbook; and a contributing author for the Computer Security Handbook, Third
and Fifth Edition and Data Security
Management. Tom and his son Justin are co-authoring How to Manage a Network Vulnerability Assessment.
Tom is also one of the pioneers who co-developed the 10 domains of Common Body of Knowledge (CBK)
used
for the CISSP certification.
- Justin Peltier
Justin Peltier, Senior Security Consultant with Peltier & Associates, has seven years of experience in firewall and security
technologies across a wide range of operating environments and topologies. As a consultant, Peltier has implemented,
supported, and developed security solutions, and has taught courses on a variety of topics including vulnerability assessment
and CISSP preparation.
Peltier formerly directed the security practice development of Suntel Services, and prior to that was with Netigy
Corporation,
where he served as the company’s primary technical instructor in the areas of vulnerability assessment and penetration
testing.
He has developed and delivered courses for Computer Security Institute, provided instruction for MIS, Netigy Corporation,
Suntel Services and Sherwood Associates as well as private instruction for several U.S. federal government agencies and
private corporations. Peltier currently holds ten certifications in an array of technical products.
Thanks to GM Trust for getting Tom to speak to SIG^2. Also many thanks to IDA for lending us the
venue!
webmaster@security.org.sg
|
|
