On May 27th I will be presenting an eSymposium session on Internal Information Security Threats for ISACA. The session is titled Data Protection/Data Security and I will be giving a 45 minute session on Internal Threats.

The session is a web based seminar and is good for 3 CPE credits. It is free for ISACA members and will be about 3 hours in total. Go to the ISACA web site for more info and to register.

 Here is a brief overview of the session I will be leading. Hope to 'see' you there. Andrew.

Security and compliance have become a must in boardrooms around the world. At the same time the lines between an organization's internal and external network have been blurred by a plethora of access mechanisms, mobile devices, and web based services. Our users are increasingly tech-savvy and many business services are available to them with a click of the mouse. All of these factors are making the job of protecting sensitive information more and more challenging.

Internal information issues are not always caused by malicious external parties, more often than not it is an insider purposefully or accidentally compromising internal information security. In this presentation we will look at the information security challenges around keeping our internal information safe. The presentation will touch on the key concepts of assessing internal information security risks and how security professionals profile potential impacts to information confidentiality, integrity and availability. The session will provide some practical examples of internal information threats and discuss control strategies for managing these risks.