Information Security Standards, Laws and Regulations

Information Security Standards, Laws and Regulations

How to establish your corporate security policy

26 April 2007 (14-21)
Location: Sofitel Diegem (Diegem near Brussels (Belgium))
Presented in English
Price: 540 EUR (excl. 21% VAT)

This event is history, please check out the List of Upcoming Seminars, or send us an email

Check out our related open workshops:

Check out our related in-house workshops:

Full Programme:
13.30h - 14.00h
Registration, coffee/tea and croissants
14.00h - 15.00h
Introduction to Security Standards, Laws and Regulations
- Steven Ackx (Ascure)
  • Laws:
    • Why are they your concern?
    • Sources of Legislation
    • Overview of applicable Laws
  • Regulations:
    • Why are they your concern?
    • Sources of Regulation
    • Overview of applicable Regulations
  • Standards:
    • Why are they your concern?
    • Sources of Standardization
    • Overview of applicable Standards
  • Who and where to implement:
    • A generic business model
    • Information (Technology) within the generic business model
    • Mapping laws, regulations and standards
  • Criteria to determine your compliance
    • Risk-based approach
    • Ownership and responsibility
15.00h - 16.00h
How to Implement Laws, Regulations and Standards
- Geert Vandenbranden (Ascure)
  • Positioning:
    • Position in the organization
    • Obtaining Buy-in
    • Project or Program?
    • Ownership
  • Assess:
    • Risk
    • Which information to collect?
    • Where and how to get it?
  • Design:
    • The PPT- Triad
    • Corporate Maturity
    • The Cost vs. Risk/Benefits
  • Implement:
    • Integration
    • Support
  • Monitor & Audit:
    • Difference between monitoring and auditing
    • Who?
    • Follow-up
  • Manage:
    • Closing the Circle
    • At the center
16.00h - 16.20h
Coffee/Tea and Refreshments
16.20h - 17.00h
ICT Security Governance at the Flemish Government
- Peter Debasse (Vlaamse Overheid)

ICT Security Governance is not the responsibility of one single person. It requires the engagement of top management, involvement of all stackholders during the decision process and support of all users. The selection of standards and the development of a policy are key aspects but a governance organisation and risk management approach must guarantee a continuous life cycle.

The approach of the Flemish Government, a large and complex organisation, is presented, with special focus on its ICT security policy, security organisation and risk management process.

17.00h - 17.40h
Audit standards and international norms on information security and continuity at Partena
- Jean-Pierre Christians (Partena)

Partena defined projects to ensure continued accuracy, and to provide due diligence security checks on controlled activities regarding confidentiality, integrity and availability needed to verify security for business processes. Partena defined controls, audited controls and closed the gab towards predefined controls, in successfully gaining SAS 70 Type II certification.

17.40h - 19.00h
19.00h - 19.40h
Birth, Life and Death of a Standard
- Dr. Marijke De Soete (ISO-Shadow Committee)

In the last 20 years, security has evolved from an “exclusivity” within the IT department of a company with limited resources to an inherent part of the corporate governance and strategy. It is obvious that for reasons such as interoperability and cost-effectiveness “Standardization” plays today a major role in IT Security. Standardization provides interoperability and cost-effectiveness in an area of in-depth complexity. The presentation will provide an overview on the main standardization bodies in ICT security. Further it will handle in more detail the work of ISO/IEC JTC 1 SC 27, and more in particular the 2700x family of ISMS standards.

  • ISO organization:
    • What is it?
    • How is it organized?
    • History
  • Lifecycle of an ISO-standard
  • History and status of information security standards
  • Future on the ISO-standard (27000 Family)
19.40h - 20.40h
Writing a Corporate Security Policy - The story from the trenches
- Geert Vandenbranden (Ascure)

  • Approach and flow
  • Writing cycle of an information security policy
  • Key success factors
  • Tips & Tricks
  • Pitfalls
  • Shopping lists
  • Implementing, maintaining and keeping an information security policy alive

20.40h - 21.00h
Final Q & A
End of this seminar
        SPEAKERS »

Questions about this ? Interested but you can't attend ? Send us an email !