"The International Association of Privacy Professionals (IAPP) has approved "Security & Compliance by Objects using UML and SysML (PCI DSS, NERC,...)" seminar for 12 CPE credits"
Areas Covered in the Session:
- Governance objects
- Compliance by objects
- Security Controls Definition and Implementation
- UML/SysML - Object Management Group (OMG)
- PCI DSS, NERC, etc.
Who Will Benefit:
- Chief (CEO, CTO, CSO, etc.)
- Senior Director
- IT Manager
- Project Control Officer (PCO)
- Project Manager
- Technological/Security Architect
- Security Advisor
- Auditor
Many organizations have short delay to get their information system compliant to standards such as PCI DSS, NERC or any other standards.
This seminar will guide you in the application of a Compliance Object Model approach to evaluate the risk, determine gaps and implement security controls.
This seminar will focus on how to apply Unified Modeling Language (UML) concepts from the Object Management Group (OMG) such as communication/collaboration diagrams and activity diagrams.
We will explore the SysML approach to elaborate system architectures and engineering model. During the seminar, we will design a Data Leak Prevention System using UML and SysML. The output diagram will present the functional and technical requirements (ex.: Diagram of the Security Controls for a Data Leak Prevention System).
Day 1 –Agenda
| Lecture | Agenda Content |
|---|
| Lectur 1: |
During the first day, we will explain the following:
- What is UML?
- What is SysML?
- What are the relations between objects, compliances and security
- We will enumerate the various elements and basics concepts to understand prior going forward with a real example
- We will evaluate potential organizational data losses and the impact of loss
- We will explain what are the requirements in order to apply the method: "Security & Compliance by Objects using UML and SysML"
Day 2 –Agenda
| Lecture | Agenda Content |
|---|
| Lecture 1: | The second day, we will work with objects. We will evaluate the gaps between the current situation of an organization with the acceptable situation based on a "Risk Profile". |
| Lecture 2: | We will design the security controls using UML and SysML. The final output will be the technological architecture to be implemented by the operational team. |
| Lecture 3: | We will cover strategic aspects of the PCI DSS standard and NERC CIP to explain how we can quickly define tactical security controls and how we can collaborate the operational team regarding the implementation of each security control. |
| Lecture 4: | After this seminar, you will be able to use the Compliance Object Model to quickly resolve security issues on a daily basis or apply the method for larger compliance project. |
| Lecture 5: | Finally, you will be comfortable with many UML concepts of the Object Management Group (OMG) and will better armed to manage security and compliance in your organization. |
About Speaker
 Marc Andre Heroux
Senior Security Advisor, GRCSI
Mr. Heroux cumulates over 16 years of experience in Governance, Risk Management, Compliance, Security & IT consulting.
Marc been involved in many Linux, Security & SaaS/Cloud Computing Projects. He has a solid technical background.
Since 2000, he especially acted as a security, compliance & risk management specialist. Marc leaded many critical security projects such as: AS2 certification with the AAFES (US Army and Air Force Exchange Service), compliance of Sears Canada and GE Commercial Finance transactions, ASC X12.58 encryption and architecture analysis for Banks, US Custom Border EDI integration and SOX compliance.
He also worked on compliance projects against ISO 27000, COBIT, ANSI, NIST standards, Basel II, SAS 70 (SSAE no. 16), PCI, CICA 5970, Article 17 Directive 95/46/EC & NERC.
Contact
Information:
Event Coordinator
Toll free:
1800 447 9407
Fax: 302 288
6884
EITAGlobal
NetZealous
LLC,
161| Mission
Falls Lane| Suite 216, Fremont| CA 94539
|
|
|
