Speaker: Karin Höne, Senior information Security Consultant, Exponant

Presentation topic: SIM/SEM

Presentation abstract:
There is an old adage that says you cannot effectively manage that which you cannot measure.  Security Information Management / Security Event Management (SIM/SEM or otherwise referred to as SIEM) offers information security practitioners and stakeholders the opportunity to measure the status of information security controls and capture events.  Through the correlation of these measurements, potential weaknesses in controls, possible attacks and incidents that would otherwise have gone unnoticed, can then be identified and used to improve the efficiency of the information security function.  The value of information that was previously often exclusively understandable to technical information security practitioners can now be unlocked and presented to decision makers and stakeholders in an understandable manner.

About Karen Höne:
Prior to joining Exponant in September 2007, Karin held various Information Security-related positions, the most recent being a Manager in the Ernst & Young Information Security and Availability team.  Her experience includes:

• Developing Information Security Governance documents, including policies and standards;
• Developing awareness material for internal use and clients;
• Establishing and running the Information Security division at an investment bank;
• Managing Information Security engagements and implementations on behalf of clients;
• Defining Information Security Implementation Roadmaps based on risk assessments and/or gap analyses;
• Identifying relevant Information Security-related business rules for clients embarking on large Information Security implementations;
• Providing guidance to clients on alignment with internationally recognised standards, e.g. ISO17799 / BS7799, the Information Security Forum (ISF) Standard of Good Practice, CobiT and ITIL.
• Reviewing and auditing Information Security implementations for statutory and internal audit purposes.

 At Exponant, Karin is responsible for the Advisory Services competency within the Information Security Team and aims to deliver practical and feasible solutions to clients, while at the same time growing the appreciation and understanding of Information Security within her client base.  She is also experienced in Business Continuity Management and Software Asset Management.
 
Additionally, Karin holds an M.Com Informatics degree specialising in Information Security and is a CISSP.
 
.