Jim Hietala of The Open Group made the opening remarks on Governance, Risk, Compliance and Audit followed presentation on Professional Trends in Governance, Risk, Compliance and Audit by David Foote of Foote Partners LLC.
Mr. Foote says there is lot of investment now happening in Security Architecture and there is growing demand for security architects. An average salary of 125K USD can be expected by Security Architect and 149K USD by a Security Director in the US.
Peter T. Davis of Peter Davis and Associates shared his thoughts on IT Governance and the various methodologies. He explained the need for organizations need to have goals and strategies; why they should have a process and how they need to monitor performance; why there is a need for continuous process improvement.
Joel Winterergg of NetGaurdians, Switzerland introduced the concept of XDAS Audit & Logging Standard for servicing today’s regulatory / compliance requirements. Today every vendor defines its own audit trails with their SIEM solutions. There are no standards followed. There is a strong need to have uniform format and taxonomy for audit trails. XDAS is not a logging standard, it is an auditing standard.
Tim Grance of NIST presented their view of standards on Compliance. He introduced the Security Content Automation Protocol (SCAP) used by National Vulnerability Database (NVD) to the community. It helps to standardize the communication of vulnerabilities.
Shawn Mullen shared his thoughts on how ACEML standard will meet compliance and Shawn Chanput from Privity Systems gave an overview on security in Cloud Computing from a Canadian perspective.
According to Shawn Chanput, there are few organizations that have done comprehensive data classification which is critical in securing the cloud. He says it’s important to understand where the data will reside and how it is duplicated. He explained the new effort for version 2.0 and invited participation in various domains.