Ever wonder how we defined the programs that we have today? Many security professionals security started with PCI, HIPAA or SOX compliance. This presentation will take you on a journey from the creation of the Computer Security Program for Mission Operations at Johnson Space Center, NASA. That program was based on data security principles, the Orange Book and the Computer Security Act of 1986. The journey continues through the creation of several more programs; adding compliance, metrics and, in the end, drawing on the past to create a program that was able to be agile enough to meet the rapidly changing needs of the business during a pandemic. This presentation will focus on tricks, traps, lessons learned and standards created along the way.
Appreciate much of the history upon which many of our standards and programs are built.
Use (often forgotten) principles and lessons learned from the past to help create a data-centric and risk-based program that meets the changing needs of business.
Ask questions from a seasoned professional who has helped to create some of the processes and standards through the evolution of computer security, network security, cloud security to cybersecurity.