HISP Certification Course (5 days) - 35 CPEs ***HISP stands for Holistic Information Security Practitioner.
This is the only integration course available today, which teaches the integration of ISO 27002/27001 with COBIT, COSO, ITIL and Multiple Regulations, pertaining to Information Security & Privacy. The Holistic Information Security Practitioner (HISP) Certification course is an internationally recognized
differentiator in the Information Security space and one of the fastest growing information security certifications for Information Security Practitioners, Managers and Officers. In the current global economic recession, a recent CareerBuilder.com report indicates that the Information Security Manager position falls within one of the top 5 industries that are considered to be recession proof.
The objective of this course is to provide participants with the necessary skills to implement a corporate Information Security Management System (ISMS) framework that is compliant with the requirements of ISO 27002, UK Data Protection Act, EU Directive on Privacy, HIPAA Security, GLB Act, Sarbanes-Oxley Act (Security), FACT Act, PCI Data Security, NIST 800-53, PIPEDA, PIPA and California SB-1386 and meets the certification requirements of ISO 27001.
This is the only integration class that provides practical education on the integration of best practices for Information Security Management, Information Systems Auditing and multiple Regulatory Compliance requirements and how to map multiple regulatory requirements to the internationally accepted best practices framework of ISO 27001/27002.
Who should attend?
• Staff tasked with the implementation and management of an formal internationally accepted Information security management system (ISMS).
• Staff tasked with ensuring compliance with standards and requirements such as (but not limited to) UK Data Protection Act, EU Directive on Privacy, HIPAA Security, SOX Security, FFIEC, GLBA, California SB1386, FACT Act, PCI Data Security, NIST 800-53, OSFI, PIPEDA, PIPA, Canadian Bill C-168 and other regulations.
• Information Security Consultants or Third Party Auditors. • Auditors (External and Internal).
• Information Security Officers. • IT Managers/Directors. • Privacy/Compliance Officers.
Course Curriculum: Day 1 – 3
Content: ISO 27001/27002 Compliance
Description: 5 days / 35 CPEs / (On Demand web based class also available) Benefits to Your Business
• Learn how to adopt international best practices pertaining to Information Security. • Take the knowledge and skills imparted during this exercise and use them to improve
confidentiality, integrity and availability of information systems. • Gain competitive advantage.
• Improve customer and investor confidence. • Show due diligence and due care.
Content
This module is designed for people who have a reasonable awareness of Information security management.
• History of the ISO 27000 series. • Evolution of the ISO 27000 Series • ISO 27001 certification requirements. • Determination of scope.
• Identification of information assets.
• Determination of the value of information assets. • Determination of risk.
• Determination of policy(ies) and the degree of assurance required from controls. • Identification of control objective and controls.
• Definition of polices, standards and procedures to implement the controls. • Production and implementation of policies, standards and procedures. • Completion of ISMS documentation requirements.
• Establishment of Management Framework and Security Forum. • Audit and review of ISMS.
• Case Studies. Course Curriculum: Day 3-4
Module: COBIT auditing framework.
Description: The objective of this module is to provide delegates with the necessary skills to audit information technology systems using COBIT as a benchmarking standard.
Benefits to Your Business
• Learn how to adopt COBIT as an IT governance framework.
• Take the knowledge and skills imparted during this exercise and use them to improve confidentiality, integrity and availability of information systems.
• Gain competitive advantage.
• Improve customer and investor confidence. • Show due diligence and due care.
Content
• History of COBIT.
• Understanding COBIT Controls.
• Understanding COBIT mapping to ISO 27002. • Understanding COBIT mapping to COSO.
• Understanding COBIT mapping to ISO 27002 and ITIL. • COBIT case studies.
Course Curriculum: Day 5
Module: Mapping Methodology
Description: The objective of this module is to provide delegates with the knowledge of how ISO 27002 (Annex A of ISO 27001) requirements map to HIPAA, FFIEC, GLB Act, Sarbanes-Oxley Act, OSFI, PIPEDA, PIPA, Canadian Bill C-168 and other various regulations.
Benefits to Your Business
• Learn how to effectively map multiple standards through a Compliance Matrix. • Take the knowledge and skills imparted during this exercise and use them to improve
confidentiality, integrity and availability of information systems. • Gain competitive advantage.
• Improve customer and investor confidence. • Show due diligence and due care
• Learn how to use your management system to track a measurable return on investment Content
• Case Study/Group Exercise
Certification Exam
Attendees can chose to take the HISP Certification Exam the afternoon of Day 5, consisting of: • 100 multiple-choice questions.
Instructor Biographies
Taiye Lambo CISSP, CISM, CISA, HISP, ISO 27001 Auditor
Taiye Lambo is a Security subject matter expert in the area of Information Security Governance; with years of experience in design & implementation of Intrusion detection and prevention systems, Honeypots, Computer Forensics, Ethical Attack & Penetration Testing, Biometric Identification, Network Security Architecture, Information security governance. He founded the UK Honeynet project – www.honeynet.org.uk and the Holistic Information Security Practitioner (HISP) Institute – www.hispi.org
He has successfully executed information security projects for a number of United Kingdom government agencies and also provided information security consulting to State of Georgia agencies. In the commercial sector he has completed Consulting engagements for clients, in the Manufacturing, Financial Services and Healthcare sector.
He was the Director of Information Security for John H. Harland (now Harland Clarke), the leading provider of solutions to the Financial Services industry, including check and check related products and accessories, direct marketing solutions, and contact center solutions.
He has dual expertise as a hybrid technical and business information security consultant with a pragmatic holistic approach to the management of information security and regulatory compliance, as well as a subject matter expert on Information Security governance and compliance relating to regulatory standards such as HIPAA, Sarbanes-Oxley Act, Gramm-Leach Bliley Act (GLBA), FDIC and others. His presentations at security events include conferences organized by organized by ISSA, InfraGard, ISACA, CPM, SOFE, EDUCAUSE, Kuwait Information Security Conference and HITRUST.
Taiye is President and Founder of eFortresses, an Atlanta based Cyber security, risk and compliance management solutions company founded in 2002. In the United Kingdom, he founded a successful information security firm CyberCops Europe, gained assignments in the USA for commercial and government agencies where he continued Information security and compliance consulting and became a subject matter expert in several of the current regulations. His involvement in the USA grew with speaking engagements at leading seminars & conferences. He left CyberCops Europe, came to the USA and founded eFortresses in October 2002. He has established numerous valuable contacts nationwide and has name recognition in the information security/regulatory compliance space.
eFortresses developed the industry’s first integrated security and compliance assessment product, Compliantz - an automated process to assess an organization's processes, policies, procedures and standards against internationally accepted information security best practices and multiple regulatory requirements, including HIPAA Security, Sarbanes-Oxley Act (Security), GLB Act, California SB-1386, NIST 800-53, FACT Act and PCI Data Security. eFortresses also developed and holds classes nationwide in the industry's very first information security, audit and compliance certification course - Holistic Information Security Practitioner (HISP).
With a Bachelors degree in Electrical Engineering, he also earned a Masters degree in Business Information Systems from the University of East London (United Kingdom).
Charles Edward Wilson CISM, ISSM, HISP, MTS
Ed Wilson is CISM, DoD Certified Information Systems Security Manager (ISSM), and a retired US Navy Cryptologic Technical Technician with over 27 years experience in INFOSEC - securing, auditing, and accrediting IT systems to include protection of sensitive corporate information in compliance with DoD regulations, ISO 9000, BS7799/ISO 17799, ISO 15408, FISMA, COSO, COBIT, GLBA, SOX, and HIPAA legislation.
Ed Wilson is a Certified Master Training Specialist, Testing Officer/Testing Supervisor, Curriculum Developer, and Technical Writer that strengthens his demonstrated excellence in leadership, technical competence,
application of instructional methodology, and desire to improve educational awareness through quality instruction.
As an INFOSEC Subject Matter Expert, Ed Wilson developed 3 Information Systems Security Manager (ISSM) courses, consisting of 31 INFOSEC topics at the master level. Ed was an adjunct lecturer on INFOSEC manners for the National Security Agency (NSA) having taught twenty-six (26) National Cryptologic School courses for NSA.
John A. DiMaria Certified Six Sigma Black Belt; HISP; Master HISP, CBCI
John DiMaria (Co-Author of “How to Deploy BS 25999”) is a management system professional and certified Holistic Information Security Practitioner (HISP) with 25 years of successful experience in Management System Development, including Information Systems, Quality Assurance, International Quality Standards, Statistical Process Control, Regulatory Affairs, Customer Service, Subcontractor Analysis and Marketing/Sales in a highly competitive National and international environment. As the former Product Manager for BSI
Management Systems America, John was the technical, audit, scheme and marketing specialist responsible for overseeing development, education and expertise for BSI Americas regarding all information security and business continuity activities including ISO 27001, World Lottery Association (WLA), ISO 20000 and BS 25999. John was also the recipient of the BSI Global Innovation Award.
He serves on committees that influence legislation and drive international harmonization such as the ANAB PS-Prep (Title IX) committee of experts and the BITS Shared Assessment Program. He is the President of the HISPI (Holistic Information Security Practitioner Institute) and has been featured in many publications concerning various topics regarding information security and business continuity.
such as Computer World, Quality Magazine, QSU, SC Magazine, Campus Technology, Continuity Insights, ABA Banking Journal, CPM Magazine, GSN Magazine (dubbed “Business Continuity’s new standard bearer”) and the featured interview on the cover and of PENTEST Magazine.
Prior to joining BSI, DiMaria was the Managing Consultant responsible for Information Security Services for LECG a global expert services firm. He has experience working with both national and international environments.
John holds formal BSI qualifications in several areas of ISMS, ITSM and BCMS:
I001 BSI Learning Instructor, I003 Instructor Trainer, I0LA BSI Lead Auditor Instructor (ISO 27001, BS 25999 Business Continuity Instructor), IHIS Holistic IS Practitioner, BSI ITSM ISO 20000 Technical Audit and standards Specialist (TS), BSI ISMS ISO 27001 Technical audit and Standards Specialist, BS 25999-2 Assessor.
HIGHLIGHTED EXPERIENCE
• Served as the BSI Americas Technical & Marketing specialist in the areas of ISO 27001, ISO 20000, BS 25999 and all other areas of Information Security and Business Continuity.
• Designed and delivered training to Field Development Staff on ISO/BS 7799/27001 processes and mapping an ISMS to best practice regulatory and IT Standards.
• Designed and delivered projects for building, training and servicing in all areas of TQM, Regulatory Affairs, Information systems, Risk Analysis, the International Management System Standards, Statistical Process Control, Customer Service and Marketing and Sales, showing a cost savings through process improvement
These projects included but were not limited to:
EXPERIENCE CONT.
• Served 4 years as member of the Top Management Operations Board of Directors for a multi-site $100M corporation. Prior 16 years managed implementation of SPC, Regulatory Affairs, process controls, information systems and international management systems standards.
• Performed over 100 internal quality system and external supplier quality audits. • Complete ISMS and other
Management System Implementation
• Management System Analysis and Improvement
• Process Mapping • Process Flow Analysis • Process Control Planning • Fault Tree Analysis • Technical Writing
• Preventive Action Planning and Implementation
• Use Case Modeling
• Six Sigma
• Statistical Analysis
• Failure Mode Effect Analysis
• Regulatory Analysis and Compliance (Including EMS & OSHA processes) • Employee Engineering
• Training Development & Delivery • Auditing (Internal and External) • Subcontractor Evaluation • Risk Assessment & Management • Business Process Re-engineering
• Served on an Automotive Advisory Committee to represent the Chemical Industry during the original conception of the QS 9000 international automotive standard.
• Implemented Six Sigma strategies and led a cross-functional team for a major multi-million dollar corporation in St. Louis, MO.
EDUCATION
• HISP (Holistic Information Security Practitioner); Certification
• B.B.(Black Belt) Six Sigma Certification, GE Six Sigma Academy
• Certificate, Six Sigma Leadership
• Certificate, Quality Operating Systems(QOS) FMEA; Eastern Michigan University
• Certificate. Electronic Data Interchange; EDI, INC
• Certification; Internal Auditor, Quality Management Institute
• DMACS Computerized Process Controls
• A.S. Computer Information Systems, Columbia College PUBLICATIONS
• How to Deploy BS 25999 Version 2, April 2008
• How to Deploy BS 25999; September 1, 2007
• BS 7799 Audit Preparation; BSI Management Systems, March 2005
• Benefits of BS 7799 and ISO 17799; BSI Management Systems, April 2005
• BS 7799 Drivers and Advantages; BSI Management Systems, March 2005 PROFESSIONAL AFFILIATIONS
• HISP (Holistic Information Security Practitioner Institution); President • Business Continuity Institute (BCI) – Member
• Business Continuity Institute (BCI) Training Affiliate
• BITS Financial Institution Shared Assessment Program Working Group Member • DHS PS-Prep Program Committee of Experts
• EC Union iAffiliate
• Rainmakers Marketing Group – Founding Member
• American Society for Quality (Secretary; Board of Directors; 2001 - 2003) CHARITABLE AFFILIATIONS
• St. Patrick Center for the homeless and addicted – St. Louis, MO
• New Life Evangelistic Center (NLEC) for the homeless – St. Louis, MO • Catholic Charities Association – (Board of Directors) – St. Louis, MO Over 44 Speaking Engagements both national and international – 6 Keynotes .
Gary Sheehan; CISSP, HISP
Professional Summary
Gary Sheehan possesses over 20 years of information security experience. Gary has held a variety of information technology positions since 1977. Gary has strong leadership, communication and people management skills. As Director of GRC Services, Gary is responsible for managing the design, delivery and implementation of governance, risk, security and compliance solutions that meet customer needs and keep pace with the constantly evolving regulatory and security requirements. Gary has assisted a number of companies with large-scale security management initiatives to facilitate the voluntary and mandatory compliance requirements of their organizational directives.
Achievements & Accomplishments
• Speaker at industry events such as Information Security Summit, CSI Conference and MIS Institute InfoSec World.
• Developed and implemented security policy, security awareness programs, vulnerability management solutions, risk management solutions, security process improvements, security organization studies, and wireless security solutions for multiple organizations.
• Provided Security Advisory services to a number of Northeast Ohio organizations
• Certificate of Appreciation from the Cleveland FBI office for exceptional service in the public interest. • Letter of commendation from the Cleveland FBI office for exemplary service to the local chapter. • 2003 Winner of the Linda Franklin Award.
• Founded the Information Security Summit
Education & Certifications
• Graduated cum laude from Baldwin-Wallace College in 1989 with a Bachelor of Arts Degree in Business Administration.
• Continued education including classes, seminars and self-study in multiple security areas. • Obtained CISSP certification in 2002
• Completed the FBI Citizen’s Academy in Cleveland, Ohio in 2006. • Obtained HISP certification in 2007
Professional Affiliations
• Northern Ohio Members Alliance of InfraGard – President. • Information Security Summit - Executive Director.
• Northeast Ohio Think Tank – Advisory Board • HISP Institute – Board of Directors
Skill Summary
• OS system Security
• Mainframe Security (Top Secret, ACF2, RACF) • Windows NT Security
• ISS Security Product Suite • QualysGuard Enterprise
• ISO 27001 • ISO 27002 • Security Policy
• Security Process Improvement • Project Management
• Vulnerability Management • Risk Management
• Security Awareness & Training
• M&A Security Program Implementation • ISO 20000
• Frameworks
Ralph Johnson; CISSP, CISM, HISP, CIPP/G
Ralph Johnson is the Chief Information Security and Privacy Officer for King County, Washington and Secretary to the Governance Board of the Holistic Information Security Practitioners Institute (HISPI). Mr. Johnson’s has filled numerous positions within King County over the past 22 years.
King County is Located on Puget Sound in Washington State, and covering 2,134 square miles, King County is nearly twice as large as the average county in the United States. With more than 1.9 million citizens, it ranks as the 14th most populous county in the nation, with approximately 15,000 employees, 14 departments and multiple lines of business. For the past 7 years Mr. Johnson has held the position of Chief Information Security and Privacy Officer in which he oversees information security and privacy issues for the entire county infrastructure. In this capacity he established the information assurance program from policy development to controls selection, implementation, monitoring and evaluation.
Mr. Johnson has served as Security Architect for King County, Network Services Manager, PC Support Supervisor, and Network Engineer for the county’s department of Public Health.
He has held the position of Secretary of the HISPI Governance Board for the past three years.
Mr. Johnson has a Bachelor’s degree in Business Administration from Eastern Oregon University and an Associate’s degree in Mortuary Science form San Francisco College of Mortuary Science.
He holds multiple certifications in information security, information privacy, network administration and project management.
