Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is SABSA? Sherwood Applied Business Security Architecture

Published byIsabel Hoover Modified over 9 years ago

Similar presentations

Presentation on theme: "What is SABSA? Sherwood Applied Business Security Architecture"— Presentation transcript:

0 Changing the Security Landscape

1 What is SABSA? Sherwood Applied Business Security Architecture
The world’s leading free-use and open-source security architecture development and management method Methodology for developing business-driven, risk and opportunity focused enterprise security & information assurance architectures, and for delivering security infrastructure & service management solutions that traceably support critical business initiatives Development, maintenance, certification and accreditation is governed by the SABSA Institute  SABSA Foundation 2010

2 What is SABSA? Sherwood Applied Business Security Architecture
Comprised of a number of integrated frameworks, models, methods and processes, including: Business Requirements Engineering Framework (also known as Attributes Profiling) Risk & Opportunity Management Framework Policy Architecture Framework Security Services-Oriented Architecture Framework Governance Framework Security Domain Framework Through-life Security Service & Performance Management  SABSA Foundation 2010

3 What is SABSA? SABSA History & Development
White Paper originally authored by John Sherwood 1995 First use in global financial messaging (S.W.I.F.T.net) 1995 SABSA Textbook (CMP / Elsevier version) by John Sherwood, Andrew Clark & David Lynas, 2005 “Enterprise Security Architecture: A Business-driven Approach” ISBN X Adopted as UK MoD Information Assurance Standard 2007 Certification programme introduced March 2007 Upcoming publications: SABSA Pocket Guide (Van Haren) SABSA Textbook (Van Haren)  SABSA Foundation 2010

4 Why is SABSA So Successful?
Institute Status In UK “Institute” has a protected and highly-regulated status SABSA Institute is a formal non-profit ‘Community-of-Interest’ Corporation SABSA Intellectual Property can never be sold Underwrites free-use status in perpetuity Guarantees protected on-going development Independently certifies & accredits SABSA Architects to provide confidence & assurance to industry, government & the professional community  SABSA Foundation 2010

5 Why is SABSA So Successful?
Features & Advantages Summary FEATURE ADVANTAGE Business-driven Value-assured Risk-focused Prioritised & proportional responses Comprehensive Scalable scope Modular Agility - ease of implementation & management Open Source (protected) Free use, open source, global standard Auditable Demonstrates compliance Transparent Two-way traceability  SABSA Foundation 2010

6 Why is SABSA So Successful?
Unique Selling Points & “Elevator Pitches” Each of the seven primary features and advantages can be interpreted and customised into key “elevator pitch” messages and unique selling points (USPs) for specific stakeholders or customers There is a case study example created for eight stakeholders / job titles at a global bank in the reference document “SABSA Features, Advantages & Benefits Summary”  SABSA Foundation 2010

7 Why is SABSA So Successful?
Competency-based Professional Certification Real ‘professionals’ (such as pilots and doctors) are not certified by their professional body based on knowledge They are required to demonstrate application of skill Career progression is achieved by ‘doing’ not ‘knowing’ Certification by the SABSA Institute is competency-based It delivers to stakeholders the assurance, trust and confidence that a professional has demonstrated the skill and ability to use the SABSA method in the real world  SABSA Foundation 2010

8 How is SABSA Used? Applications of SABSA
Enterprise Security Architecture Enterprise Architecture Individual solutions-based Architectures Seamless security integration & alignment with other frameworks (including TOGAF, ITIL, ISO27000 series, Zachman, DoDAF, CobIT, NIST, etc.) Filling the security architecture and security service management gaps in other frameworks  SABSA Foundation 2010

9 How is SABSA Used? Applications of SABSA
Business requirements engineering Solutions traceability Risk & Opportunity Management Information Assurance Governance, Compliance & Audit Policy Architecture  SABSA Foundation 2010

10 How is SABSA Used? Applications of SABSA Security service management
IT Service management Security performance management, measures & metrics Service performance management, measures & metrics Over-arching decision-making framework for end-to-end solutions  SABSA Foundation 2010

11 Who Uses SABSA? SABSA User Base
As SABSA is free-use and registration is not required, we do not have a definitive list of user organisations However, we do know the profiles of the thousands of professionals who have qualified as SABSA Chartered Architects There are SABSA Chartered Architects at Foundation Level (SCF) in more than 40 countries, on every continent, and from every imaginable business sector  SABSA Foundation 2010

12 Who Uses SABSA? Growth & Standardisation
SABSA is a standard (formal & de facto) world-wide, including: UK Ministry of Defence - Information Assurance Standard Canadian Government - Architecture Development Standard The Open Group – TOGAF Security Standard USA Government – NIST Security Standard for SmartGrid Finance Sector – including European Central Bank & Westpac And is widely referenced as a recommended approach, including: ISACA - CISM Study Guides & Examinations IT Governance Institute – Executive Guide to Governance  SABSA Foundation 2010

13 Where is SABSA Used? SABSA Demographics
SABSA is used world-wide and SABSA Chartered Architects exist in more than 40 countries, including those shown on the next slide:  SABSA Foundation 2010

14 Where is SABSA Used? SABSA Demographics Europe Americas Asia Pacific
Belgium, Finland, France Germany, Hungary, Ireland Italy, Netherlands, Poland Portugal, Slovakia, Spain Sweden, United Kingdom Americas Argentina Canada Colombia Mexico United States Asia Pacific Australia, China, Hong Kong India, Korea, Malaysia, New Zealand, Philippines, Singapore Taiwan, Thailand, Vietnam Africa & Middle East Algeria, Bahrain Oman, Saudi Arabia South Africa United Arab Emirates  SABSA Foundation 2010

15 When is SABSA Used? SABSA as a Through-Life Solution Framework
SABSA is used ‘through-life’ – throughout the entire lifecycle from business requirements engineering to managing the solutions delivered Business View Contextual Architecture Architect’s View Conceptual Architecture Designer’s View Logical Architecture Builder’s View Physical Architecture Tradesman’s View Component Architecture Service Manager’s View Operational Architecture Strategy & Planning Design Implement Manage & Measure  SABSA Foundation 2010

16 Independent Assessment of Frameworks
Independent assessment on behalf of UK Government (Jan 2007) Assessed Information Assurance and Architecture frameworks Open source e.g. SABSA Proprietary e.g. Gartner Provider e.g. IBM MASS Pre-existing in-house methodologies and frameworks SABSA top-scored in every assessment category Discriminating factors included Comprehensive, flexible and adaptable Competency development and training Non-proprietary / open source Business and risk focus No ties to specific vendors or suppliers No ties to specific standards or technologies Enables open competition  SABSA Foundation 2010

17 The Problem of Architecture
 SABSA Foundation 2010

18 The Issue with Architectural Strategy
Every morning in Africa, a Gazelle wakes up. It knows it must run faster than the fastest lion…….or it will be killed. Every morning in Africa, a Lion wakes up. It knows it must run faster than the slowest Gazelle …….or it will die of starvation. Is it better to be a Lion or a Gazelle? Business View – Survival Strategy When the sun comes up in Africa, it doesn’t matter what shape you are: If you want to survive, what matters is that you’d better be running!  SABSA Foundation 2010

19 The Importance of a Framework
 SABSA Foundation 2010

20 SABSA Architecture Guiding Principles
Architecture must not presuppose any particular: Cultures or operating regimes Management style Set of management processes Management standards Technical standards Technology platforms  SABSA Foundation 2010

21 SABSA Architecture Guiding Principles
Architecture must meet YOUR unique set of business requirements Architecture must provide sufficient flexibility to incorporate choice and change of policy, standards, practices, or legislation ISO 27001, ACSI 33, DSD ISR, HIPAA, ISF Code, CobIT, SOx, PCI, NIST, etc ITIL, TNN, ISO 9000, etc AS / NZS 4360, Basel ii, ISO 27005, etc Balanced scorecards, capability maturity models, ROI, NPV, etc When a question is asked starting with “Is this Architecture compatible / compliant with….?” a good Architecture framework with automatically have the answer “Yes” A good architecture provides the roadmap for joining together all of your requirements, whatever they might be, or become It does not replace ITIL or ISO or NIST etc but rather enables their deployment and effective integration into the corporate culture  SABSA Foundation 2010

22 Built to Drive Complex Design Solutions
SABSA influenced in 1995 by need to enhance ISO SABSA Views Logical Architecture Physical Architecture Contextual Architecture Conceptual Architecture Business Driven Requirements & Strategy ISO ISO Logical Security Services Physical Mechanisms Applications Presentation Session Transport Network Link Physical Component Architecture Operational Architecture Service Management Detailed Custom Specification  SABSA Foundation 2010

23 Architecture Reconsidered
Business View Contextual Architecture Architect’s View Conceptual Architecture Designer’s View Logical Architecture Builder’s View Physical Architecture Tradesperson’s View Component Architecture Service Manager’s View Operational Architecture  SABSA Foundation 2010

24 Vertical Analysis: Six Honest Serving Security Men
What What are we trying to do at this layer? The assets, goals & objectives to be protected & enhanced Why Why are we doing it? The risk & opportunity motivation at this layer How How are we trying to do it? The processes required to achieve security at this layer Who Who is involved? The people and organisational aspects of security at this layer Where Where are we doing it? The locations where we are applying security at this layer When When are we doing it? The time related aspects of security at this layer  SABSA Foundation 2010

25 The SABSA Matrix Assets (What) Motivation (Why) Process (How) People
(Who) Location (Where) Time (When) Contextual Business Decisions Business Risk Business Processes Business Governance Business Geography Business Time Dependence Conceptual Business Knowledge & Risk Strategy Risk Management Objectives Strategies for Process Assurance Roles & Responsibilities Domain Framework Time Management Framework Logical Information Assets Risk Management Policies Process Maps & Services Entity & Trust Framework Domain Maps Calendar & Timetable Physical Data Assets Risk Management Practices Process Mechanisms Human Interface ICT Infrastructure Processing Schedule Component ICT Components Risk Management Tools & Standards Process Tools & Standards Personnel Management Tools & Standards Locator Tools & Standards Step Timing & Sequencing Tools Service Management Service Delivery Management Operational Risk Management Process Delivery Management Personnel Management Management of Environment Time & Performance Management  SABSA Foundation 2010

26 Architecture Strategy & Planning Phase
Assets (what) Motivation (why) Process (how) People (who) Location (where) Time (when) Contextual Business Decisions Business Risk Business Processes Business Governance Business Geography Business Time Dependence Taxonomy of Business Assets, Including Goals & Objectives Opportunities & Threats Inventory Inventory of Operational Processes Organisational Structure & the Extended Enterprise Inventory of Buildings, Sites, Territories, Jurisdictions etc. Time Dependencies of Business Objectives Conceptual Business Knowledge & Risk Strategy Risk Management Objectives Strategies for Process Assurance Roles & Responsibilities Domain Framework Time Management Framework Business Attributes Profile Enablement & Control Objectives; Policy Architecture Process Mapping Framework; Architectural Strategies for ICT Owners, Custodians & Users; Service Providers & Customers Security Domain Concepts & Framework Through-life Risk Management Framework  SABSA Foundation 2010

27 Architecture Design Phase
Assets (what) Motivation (why) Process (how) People (who) Location (where) Time (when) Logical Information Assets Risk Management Policies Process Maps & Services Entity & Trust Framework Domain Maps Calendar & Timetable Inventory of Information Assets Domain Policies Information Flows; Functional Transformations; SOA Entity Schema; Trust Models; Privilege Profiles Domain Definitions; Inter-domain Associations & Inter-actions Start Times, Lifetimes & Deadlines Physical Data Assets Risk Management Practices Process Mechanisms Human Interface ICT Infrastructure Processing Schedule Data Dictionary & Data Inventory Risk Management Rules & Procedures Applications, Middleware; Systems; Security Mechanisms User Interface to ICT Systems; Access Control Systems Host Platforms & Networks Layout Timing & Sequencing of Processes & Sessions Component ICT Components Risk Management Tools & Standards Process Tools & Standards Personnel Man’nt Tools & Standards Locator Tools & Standards Step Timing & Sequencing Tools ICT Products, Data Repositories & Processors Risk Analysis Tools; Risk Registers; Risk Monitoring, Reporting & Treatment Tools & Protocols for Process Delivery Identities, Job Descriptions; Roles; Functions; Actions & ACLs Nodes, Addresses & Other Locators Time Schedules; Clocks; Timers & Interrupts  SABSA Foundation 2010

28 Design Framework (Service Management View)
Contextual Security Architecture Conceptual Security Architecture Logical Security Architecture Management Architecture Security Service Physical Security Architecture Component Security Architecture  SABSA Foundation 2010

29 SABSA Service Management Architecture
Assets (What) Motivation (Why) Process (How) People (Who) Location (Where) Time (When) Service Delivery Management Operational Risk Management Process Delivery Management Personnel Management Management of Environment Time & Performance Management The row above is a repeat of Layer 6 of the main SABSA Matrix. The five rows below are an exploded overlay of how this Layer 6 relates to each of these other Layers Contextual Business Driver Definitions Business Risk Assessment Service Management Relationship Management Point-of-Supply Management Performance Management Conceptual Proxy Asset Definitions Developing ORM Objectives Service Delivery Planning Service Management Roles Service Portfolio Service Level Definitions Logical Asset Management Policy Management Service Delivery Management Service Customer Support Service Catalogue Management Evaluation Management Physical Asset Security & Protection Operational Risk Data Collection Operations Management User Support Service Resources Protection Service Performance Data Collection Component Tool Protection ORM Tools Tool Deployment Personnel Deployment Security Management Tools Service Monitoring Tools  SABSA Foundation 2010

30 Built to Integrate Management Practices
SABSA Service Management designed to comply with, integrate, and enable management best practice of the day Code of Practice For Information Security Management Designed-in then Technology Service ISO 20000 ITIL BS7799(1) (controls library) BS7799(2) (ISMS) ISO 17799 ISO 27001 ISO 27002 Compatible now Operational Architecture Service Management  SABSA Foundation 2010

31 SABSA Top-Down Process Analysis
Vertical Security Consistency Contextual: Meta-Processes Conceptual: Strategic View of Process Logical: Information Flows & Transformations Physical: Data Flows & System Interactions Component: Protocols & Step Sequences Horizontal Security Consistency  SABSA Foundation 2010

32 Traceability For Completeness
Contextual Security Architecture Conceptual Security Architecture Logical Security Architecture Physical Security Architecture Component Security Architecture Security Service Management Architecture Every business requirement for security is met and the residual risk is acceptable to the business appetite  SABSA Foundation 2010

33 Traceability For Justification
Contextual Security Architecture Conceptual Security Architecture Logical Security Architecture Physical Security Architecture Component Security Architecture Security Service Management Architecture Every operational or technological security element can be justified by reference to a risk-prioritised business requirement.  SABSA Foundation 2010

34 The Problem of Defining Security
Availability “Security is the means of achieving acceptable level of residual risks” “The value of the information has to be protected” “This value is determined in terms of confidentiality, integrity & availability”  SABSA Foundation 2010

35 Security Reconsidered
 SABSA Foundation 2010

36 SABSA Business Attributes
Powerful requirements engineering technique Populates the vital ‘missing link’ between business requirements and technology / process design Each attribute is an abstraction of a business requirement (the goals, objectives, drivers, targets, and assets confirmed as part of the business contextual architecture) Attributes can be tangible or intangible Each attribute requires a meaningful name and detailed definition customised specifically for a particular organisation Each attribute requires a measurement approach and metric to be defined during the SABSA Strategy & Planning phase to set performance targets for security The performance targets are then used as the basis for reporting and/or SLAs in the SABSA Manage & Measure phase  SABSA Foundation 2010

37 Sample Taxonomy of ICT Attributes
Business Attributes User Attributes Management Attributes Operational Attributes Risk Management Attributes Legal / Regulatory Attributes Technical Strategy Attributes Business Strategy Attributes Accessible Automated Available Access-controlled Admissible Architecturally Open Brand Enhancing Accurate Change-managed Detectable Accountable Compliant COTS / GOTS Business-Enabled Anonymous Continuous Error-Free Assurable Enforceable Extendible Competent Consistent Controlled Inter-Operable Assuring Honesty Insurable Flexible / Adaptable Confident Current Cost-Effective Productive Auditable Legal Future-Proof Credible Duty Segregated Efficient Recoverable Authenticated Liability Managed Legacy-Sensitive Culture-sensitive Educated & Aware Maintainable Authorised Regulated Migratable Enabling time-to-market Informed Measured Capturing New Risks Resolvable Multi-Sourced Governable Motivated Monitored Confidential Time-bound Scalable Providing Good Stewardship and Custody Protected Supportable Crime-Free Simple Providing Investment Re-use Reliable Flexibly Secure Standards Compliant Responsive Identified Traceable Providing Return on Investment Transparent Independently Secure Upgradeable Reputable Supported In our sole possession Timely Integrity-Assured Usable Non-Repudiable Owned Private  SABSA Foundation 2010 Trustworthy

38 Attributes Usage Attributes must be validated (and preferably created) by senior management & the business stake-holders by report, interview or facilitated workshop Pick-list of desired requirements Cross-check for completeness of requirements Key to traceability mappings Measurement & operations – contracts, SLAs, performance targets Return on Investment & Value propositions Procurement Risk status summary & risk monitoring Key to a SABSA integrated compliance tool Powerful executive communications  SABSA Foundation 2010

39 SABSA BAP - the Key to Framework Integration
Extract reproduced with permission from Hans Hopman, ISO committee  SABSA Foundation 2010

40 Security Services Value Reconsidered
 SABSA Foundation 2010

41 Risk Reconsidered - SABSA O.R.M.
Negative Outcomes Threats Loss Event Positive Outcomes Opportunities Beneficial Event Risk Context Assets at Risk Overall likelihood of loss Likelihood of threat materialising weakness exploited Overall loss value Asset Negative impact Overall benefit value Asset Positive impact likelihood of benefit Likelihood of opportunity materialising strength exploited  SABSA Foundation 2010

42 Feedback Control Loop System
Monitoring & Measurement Sub-System Decision Sub-System Control Sub-System Affects state of system Reports new state of system Calls for new parameter settings  SABSA Foundation 2010

43 SABSA Multi-tiered Control Strategy
Deterrence Prevention Containment Detection & Notification Recovery & Restoration Evidence Collection & Tracking Audit & Assurance  SABSA Foundation 2010

44 SABSA Operation of Controls
reduces Threats Deterrent Controls exploit reduces Vulnerabilities Preventive Controls causing triggers discovers Incidents Detective Controls affecting Assets triggers producing reduces Business Impacts Corrective Controls Risk Assessment Selection of Controls leads to  SABSA Foundation 2010

45 Taxonomy of Cognitive Levels (Foundation)
Competency Level Skill Demonstrated Task Examples 1 Knowledge Observation and recall of information Knowledge of facts Knowledge of major ideas Mastery of subject matter Carry out research to find information List, define, tell, describe, identify, show, label, collect, examine, tabulate, quote, name, find, identify 2 Comprehension Understand information Grasp meaning Translate knowledge into new context Interpret facts, compare, contrast Order, group, infer causes Predict consequences Summarise, explain, interpret, contrast, predict, associate, distinguish, estimate, differentiate, discuss, extend  SABSA Foundation 2010

46 Taxonomy of Cognitive Levels (Practitioner)
Competency Level Skill Demonstrated Task Examples 3 Application Use information Use methods, concepts, theories in new situations Solve problems using required skills or knowledge Apply, demonstrate, calculate, complete, illustrate, show, solve, examine, modify, relate, change, classify, experiment, discover 4 Analysis Seeing patterns Organisation of parts Recognition of hidden meanings Identification of components Analyse, separate, order, connect, classify, arrange, divide, compare, select, infer  SABSA Foundation 2010

47 Taxonomy of Cognitive Levels (Master)
Competency Level Skill Demonstrated Task Examples 5 Synthesis Use old ideas to create new ones Generalise from given facts Relate knowledge from several areas Predict, draw conclusions Combine, integrate, modify, rearrange, substitute, plan, create, build, design, invent, compose, formulate, prepare, generalise, rewrite 6 Evaluation Compare and discriminate between ideas Assess value of theories, presentations Make choices based on reasoned argument Verify value of evidence Recognise subjectivity Assess, evaluate, decide, rank, grade, test, measure, recommend, convince, select, judge, discriminate, support, conclude  SABSA Foundation 2010

48 For More Information SABSA Text Book “Enterprise Security Architecture: A Business-driven Approach” Currently - CMP Books (Elsevier) Van Haren SABSA Book Store Accredited Education Provider for Australia – SABSA Executive White Paper SABSA – TOGAF White Paper  SABSA Foundation 2010

49 “Quite simply the greatest information
security conference on Earth.” John O’Leary, President, O’Leary Management Education, USA For More Information SABSA World Congress at COSAC Sept 30 – Oct 4 …..Fly Free to Ireland!! “Totally incredible!! COSAC is by far The greatest event I have ever had the privilege to attend. Luc de Graeve, CEO, Sensepost, South Africa “Brilliant! A rare opportunity of the highest standard to gain access to expert opinion on matters of real importance.” Tim Evans, Assistant Commissioner, Australian Electoral Commission “COSAC starts where other events stop. Challenging, professional and hugely useful.” Brian Collins, Chief Scientific Advisor, Dept for Transport, UK “I’ve been to dozens of conferences that bill themselves as best. None can possibly be as good as COSAC.” Dan Houser, Principal Security Architect, Huntington Bank, USA “Exceptional! More interaction and valuable discussion than any other conference.” Helvi Salminen, CISO, Gemalto, Finland “Attending COSAC is one of the most valuable decisions an organisation can make. The ultimate contribution to knowledge assets. Richard Nealon, Assurance Reporting Manager, AIB Group, Ireland “Outstanding! The calibre of speakers, delegates and the whole experience is truly unsurpassed. Tadashi Nagamiya, CTO, InfoSec Corp, Japan “Year on year COSAC exceeds my now sky-high expectations for professionalism, content and organisational excellence.” Ahmed Ali, InfoSec Manager, BaTelCo, Bahrain “Wonderful! Like discovering a whole new profession. Herve Schmidt, CEO, GASPAR, France  SABSA Foundation 2010

50 (non-commercial only)
THANK YOU David Lynas CEO, SABSA Institute (non-commercial only)  SABSA Foundation 2010

Download ppt "What is SABSA? Sherwood Applied Business Security Architecture"

Similar presentations

Bloom’s Taxonomy.

Bloom’s Taxonomy.
DEVELOPING QUESTIONS FOR SCRIPTURE STUDY THAT SUPPORT MAXIMUM LEARNING J AN P ARON, P H D A LL N ATIONS L EADERSHIP I NSTITUTE Bloom’s Taxonomy: Six Levels.

DEVELOPING QUESTIONS FOR SCRIPTURE STUDY THAT SUPPORT MAXIMUM LEARNING J AN P ARON, P H D A LL N ATIONS L EADERSHIP I NSTITUTE Bloom’s Taxonomy: Six Levels.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Intellectual Challenge of Teaching

Intellectual Challenge of Teaching
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
The Information Systems Audit Process

The Information Systems Audit Process
Relevant Impact Building an Enterprise Security Program Tech Security ConferenceMinneapolis April 10, 2014.

Relevant Impact Building an Enterprise Security Program Tech Security ConferenceMinneapolis April 10, 2014.
Introduction to Security Architecture

Introduction to Security Architecture
Enterprise Architecture

Enterprise Architecture
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
Domains of Learning tartomány

Domains of Learning tartomány
Project Human Resource Management

Project Human Resource Management
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
Consultancy.

Consultancy.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Similar presentations

Ads by Google