Security & Compliance by Objects using UML and SysML (PCI DSS, NERC,...)
About This Event
Overview:
In order to quickly identify the global compliance posture of an organization, we will be exploring how to define a Use Case using objects, actors and relationship.
Areas Covered in the Session:
Governance objects
Compliance by objects
Security Controls Definition and Implementation
UML/SysML - Object Management Group (OMG)
PCI DSS, NERC, etc.
Who Will Benefit:
Chief (CEO, CTO, CSO, etc.)
Senior Director
T Manager
Project Control Officer (PCO)
Project Manager
Technological/Security Architect
Security Advisor
Auditor
Why should you attend :
Many organizations have short delay to get their information system compliant to standards such as PCI DSS, NERC or any other standards.
This seminar will guide you in the application of a Compliance Object Model approach to evaluate the risk, determine gaps and implement security controls.
This seminar will focus on how to apply Unified Modeling Language (UML) concepts from the Object Management Group (OMG) such as communication/collaboration diagrams and activity diagrams.
We will explore the SysML approach to elaborate system architectures and engineering model. During the seminar, we will design a Data Leak Prevention System using UML and SysML. The output diagram will present the functional and technical requirements (ex.: Diagram of the Security Controls for a Data Leak Prevention System).
About the Speaker:
Marc Andre Heroux
Senior Security Advisor, GRCSI
Mr. Heroux cumulates over 16 years of experience in Governance, Risk Management, Compliance, Security & IT consulting.
Marc been involved in many Linux, Security & SaaS/Cloud Computing Projects. He has a solid technical background.
Since 2000, he especially acted as a security, compliance & risk management specialist. Marc leaded many critical security projects such as: AS2 certification with the AAFES (US Army and Air Force Exchange Service), compliance of Sears Canada and GE Commercial Finance transactions, ASC X12.58 encryption and architecture analysis for Banks, US Custom Border EDI integration and SOX compliance.
He also worked on compliance projects against ISO 27000, COBIT, ANSI, NIST standards, Basel II, SAS 70 (SSAE no. 16), PCI, CICA 5970, Article 17 Directive 95/46/EC & NERC.