Configuration Management facilitates the availability, reliability, and security of an organization’s systems by establishing minimum baseline standards for server builds, developing systems based on those standards, and ensuring the integrity of those systems throughout their life-cycle
Where deviations from approved standards occur, they should be captured by auditing or monitoring processes and reported to management, and if necessary reconciled to ensure the security of affected systems.
In this session, various presenters will cover the key elements of configuration management, and how to overcome common challenges.
Session 1: Building Minimum Baseline Standards
Speakers: Francis Yom | Senior Security Engineer at TripWire
Minimum Baseline Standards (MBS) are developed by organizations as a matter of due diligence and industry regulation. The standards are developed to reflect your business, best practices and to comply, where possible, with industry guidelines.
However, the task of coordinating resources and obtaining “buy-in” in the development of these standards can be daunting. This discussion will offer some methods to overcome these challenges.
Francis Yom is a Senior Sales Engineer at Tripwire. He brings over 12 years of security software experience, and is responsible for driving sales and evangelizing Tripwire in New York and the Financial Enterprises.
Francis joined Tripwire in 2007. Prior to joining Tripwire, Francis was a sales engineer at Novell and e-Security. He is certified on both IT management and security, holding both ITIL and CISSP certifications as well as being an MCSE and a GSEC incident handler.
Session 2: Deploying Security Configurations
Speakers: Kenneth Ramcahran, Protiviti
Once a configuration standard is identified and constructed, an organization must develop a procedure to quickly and seamlessly implement a new, or newly updated, standard. This must be done without disrupting the course of normal business and without damaging the organization’s technical infrastructure.
A deployment plan allows organizations to maintain secure configurations and assists in identifying security vulnerabilities, which often occur as deviations from the plan.
This discussion will focus on the phased implementation of minimum baseline standards throughout an enterprise.
Kenneth Ramcahran is a Manager based out of Protiviti’s New York office. He has experience across multiple industries in the solution areas of IT and Enterprise Application Solutions. Kenneth has formulated process documentation that captures activities related to the regulatory and business IT compliance. He is also knowledgeable in testing and documentation of IT controls related to multiple, key business areas as well as those controls relevant to the IT regulations
He's managed the execution and provided subject matter consultation of configuration management solutions for a global financial institution to over 9,000 critical production severs across four regions including Singapore, Germany, UK, and US.
Session 3: Monitoring and Maintaining Compliance
Once deployed, a configuration standard should be monitored or periodically audited for any deviations from the standard. Data from systems should be aggregated and analyzed in order to identify any systems which may deviate from the standard configuration.
Mechanisms for monitoring range from automated tools to manual review. Once identified, deviations from the standard should be documented and cause of the deviation should be addressed in the deployment plan.
“If for any reason you are prevented from registering, and you would like to attend the event, please send a communication to [masked] .”