TIFAC-CORE in Cyber Security conducted a hands-on workshop about “A Practical Approach to Information Security & Foundational Risk Management” – on July 22, 2017.
The speaker of the day, Mr. Srivathsan Chellam, Senior Manager Technology Audit, Target Corporation, delivered a brief introduction about Information security and the types of information assets. The importance of information assets and why they should satisfy the CIA (Confidentiality, Integrity and Availability) principles. Many examples related to CIA principles were addressed with real world examples. For the most part the information security myths and the realities in IT industry were explained perfectly. Another important aspect of the session is about Risk Management followed by the types of risks such as People risks, Business risks, Legal, Regulatory & Compliance Risks, Reputational Risks, and Technology Risks discussed with appropriate examples from his experience.
The main concepts of risk management is about identifying the threats, vulnerabilities, impact and its probability of occurences. So the different ways to smartly classify threats and vulnerabilities were also discussed in the session. The impact and the probability of a risk were also addressed with industry examples. Risk management lifecycle in Industry’s perspective was illustrated in a better way. Details about the control measures of the risk is also covered during the session. A practical approach towards risk analysis, control measure was done with a case study and the score/rating of the risk in the scenario was evaluated by the participants in the Hands-on session. Finally, an open discussion about the case study given and the various possible careers in information security and risk management were also elaborated in the session.
Around 11 years of experience in Information Security, IT Security, IT Infrastructure Management and Internal Audit. Presently, I am employed with Target Corporation (US retail giant) as a Senior Manager for the Technology Audit team in Bangalore. Prior work experience with First Advantage Pvt Ltd & technology giants like Hewlett Packard (HP), International Business Machines (IBM) where I worked with partners across geographies & verticals like Technology, Telecom & Healthcare.
Hands on Experience
Enterprise & Operational Risk Management, Information Security Policy management, awareness & training , Information Systems Auditing, Internal Audits, Vendor Risk management, IT Security & Business Operations due diligence, IT infrastructure Services & Business Continuity Management, Security Governance for various regulatory & compliance requirements like SOX (Sarbanes Oxley Act) & PCI DSS (Payment Card Industry Data Security Standards)