< IT Governance, Compliance, Security and Audit from the Pros: Topics

PDA Logo.gif (6595 bytes)

Security and Audit-Related Speaking Topics


our services

about Peter Davis+Assoc.


security/audit info

legal info

privacy info

Peter Davis+Associates is pleased to offer the services of our senior staff to provide keynote speeches, seminars or security awareness for your company, your organization, your professional association, your academic institution, your school, or your community group.  You can offer these sessions to heighten security awareness or introduce a new subject.  You can select from these recent sessions or we can develop and customize one for your organization. Call for more information. You can schedule an in-house session by contacting PDA at 416-907-4041 or by using the contact link and sending a message for more information.
Strategies for Auditing Web Servers and Web Sites
IDS: Your Cyber Burglar Alarm
Best Practices for an IIS Configuration
Security Tools for the NT-Based Internet Server
 Understanding TCP/IP Security and Audit
 Protecting Your Privacy on the Internet
 Windows 2000 Server Security
 Audit and Security of Cisco Routers: An Introduction
 Information Security for IT Managers
 Selling Information Security to Your Organization
 Countermeasures to Network Security Attacks
 How to Secure Your Networks for E-Business
 Understanding PKI
 Securing Wireless Local Area Networks: Shooting in the Air?

Strategies for Auditing Web Servers and Web Sites

If your organization is running a public web site, this session is for you.  You will discover the key control points associated with a web server.  Also, you will learn how to use commercial and publicly available tools to audit a web server configuration and uncover weaknesses in the underlying operating system and TCP/IP configuration.  You will learn about:

  Web site auditing

  Web server configuration

 Auditing Web content

  Web and server logs

  Network security

[Back to top] [To schedule]

IDS: Your Cyber Burglar Alarm

You do not create a good security program by buying a point product such as a firewall.  You build a good security program by developing administrative and management processes.  Tools provide the data to the process, but you must analyze the data to gather information about your security.  In this timely session, you will learn about an effective tool to help manage your security processes—intrusion detection systems.  At the end of this session, you will understand the who, what, where, how and why of IDS.

  IDS defined

  Types of IDS

  Network versus host-based IDS

  Point-in-time versus continuous

  Deploying IDS

  Reacting to alerts

[Back to top] [To schedule]

Best Practices for an IIS Configuration

Microsoft's Internet Information Server, coming as it does free with Windows NT, is the default for many Web servers.  An understanding of the parameters to set in IIS and Windows NT is key to securing your system.  In this session, you will learn about:

   Installing server software and adjusting file and directory access

   Fixing file system and Registry permissions

   Disabling unneeded network services

   Disabling unnecessary Web server features, CGI scripts and extensions

   Setting up Secure Sockets Layer for IIS

   Remote administration

   Monitoring Web server and Event logs

[Back to top] [To schedule]

Security Tools for the NT-Based Internet Server

Maintaining and monitoring Windows NT and IIS security is a full time job, especially in large organizations.  Automating these processes will help you in your effort to remain vigilant.  In this session, you will learn about administrative tools as well as security and audit tools to help you.  You will learn about:

   Windows NT auditing programs

   NT software assistants

   Security scanners

   Event log analyzers

   Web log analyzers

[Back to top] [To schedule]

Understanding TCP/IP Security and Audit

If you need to understand TCP/IP this session is for you.  You will discover the TCP/IP and OSI models.  Also, you will learn how to use commercially and publicly available tools to audit a host running TCP/IP and uncover weaknesses in the underlying protocols.  You will learn about:

   TCP/IP protocols log

   Network layer protocols and their risks

   Transport layer protocols and their risks

   Application layer protocols and their risks

[Back to top] [To schedule]

Protecting Your Privacy on the Internet

With its myriad resources, the Internet has become a valuable tool.  However, using the Internet is fraught with dangers.  One such danger is the compromise of your privacy.  Anytime you visit a site you give up information about yourself you might want to protect.  In addition, many sites write information to your system that compromises your privacy.  Attend this session and learn how to find a middle course between protecting yourself and using Net resources.  This session will cover:

   Identifying key threats to your privacy on the Internet

   Defending against packet sniffers

   Evaluating the security and privacy issues associated with the use of cookies in web applications

   Using anonymizers, proxy servers, and other countermeasures to mask your identity in e-mail and web applications

   Sources of information on privacy advocacy

[Back to top] [To schedule]

Windows 2000 Server Security

With its power, scalability, compatibility, and networking features, it was no wonder that Windows NT was widely used by organizations.  Now, Microsoft has improved it and has entered the new century touting Windows 2000 as the operating system of the next century. W2K is richer in security features then Windows NT.  In this timely session you will learn how to safeguard your data using the security features of Windows 2000 Server.  This session will cover:

   New security features

   Active Directory security

   Domain security policies


   Leveraging built-in security features and tools

   Selecting tools for auditing Windows 2000

[Back to top] [To schedule]

Audit and Security of Cisco Routers: An Introduction

Cisco routers are used to provide secure, reliable and efficient corporate-wide internetworking.  To deploy a Cisco router successfully, audit, security and networking professionals require a thorough understanding of the security and audit features and functions.  This important session provides an introduction to Cisco IOS network security.  This session will cover:

   Internetworking terminology

   Setting up and administering the router

   Review of Routing Information Protocol (RIP)

   Authentication, Authorization and Accounting (AAA)

   Security Server Protocols

   Building basic and advanced access lists

   Applying access lists to interfaces

   Preventing Denial-of-Service attacks

[Back to top] [To schedule]

Information Security for IT Managers

Is information security an important issue within your organization?  Many CIOs don’t see security as an important issue in their organizations.  Surprised? Well, management’s resistance to costs having uncertain payoffs, and paybacks difficult to quantify, is understandable; however, security has become an important performance parameter.  This timely session will introduce you to the chief components of an information security program.  This session will cover:

   Defining business drivers and objectives for an enterprise information security program

   Defining the role of line managers, IT managers, IT technicians, information security, internal audit, and other employees in the security program

   Defining a high-level architecture for information security

   Tips and techniques for performing information security self-assessments

[Back to top] [To schedule]

Selling Information Security to Your Organization

Computer criminals grow more cunning by the minute and no organization can afford to be without a sound information security program. In this practical session you will master proven tactics for raising the organization’s collective consciousness about security and controls, and learn how to implement motivational strategies that make awareness effective.  This session will cover:

   Identifying the key ingredients for a successful awareness program

   Appealing to all parts of the organization: tips and techniques

   Tapping the people factor: the key to security awareness

   Keeping security awareness consistent throughout the organization

[Back to top] [To schedule]

Countermeasures to Network Security Attacks

In this session, you will learn about some common network and application attacks: IP spoofing, SMURF, DDoS, and spamming. You will discover controls for preventing or mitigating the effects of these attacks. This session will cover:

   Evaluating recent security advisories and exploits

   Sample network security attacks

   Developing a Network Security Plan

   Defining a network perimeter security strategy




   Intrusion detection

   Testing your network

[Back to top] [To schedule]

How to Secure Your Networks for E-Business

Companies are engaging in all types of e-business—from electronic publishing to e-commerce.  This informative session will look at the basics of e-business.  You will learn about:

   Protecting transaction confidentiality

   Types of encryption

   Authentication schemes: digital signatures, digital certificates, certification authorities, smart cards, biometric identification

   Enterprise infrastructure protection: firewalls, virtual private networks

[Back to top] [To schedule]

Understanding PKI

Encryption is an important part of a security architecture.  Understanding the various types of encryption algorithms and how they are used is essential to your security program.  This informative session will cover the following:

   Introduction to cryptography: private key, public key, message digest

   Public Key Infrastructure (PKI)

   Certificates and signatures

   Certification Authorities and Directories

   Defining roles & responsibilities of a Certification Authority (CA)

   Evaluating the trade-offs associated with internal and external CA's

[Back to top] [To schedule]

Securing Wireless Local Area Networks: Shooting in the Air?

Wireless LAN use is growing fast. Research company Dell’Oro Group predicts the worldwide market for all products based on the 802.11 standard by 2006 will grow to $3.1 USD billion in annual revenue, from $1.2 USD billion in 2001. These WLANs are popping up in the government and companies in a manner reminiscent of the first departmental LANs. WLAN technology makes setting up a network relatively simple. But securing them is another matter altogether. They are creating major security and configuration management headaches for IT infrastructure managers. In this state-of-the-art session, you will learn how to improve your control of wireless LANs as we highlight:

   Security issues associated with the different wireless LAN infrastructure devices and the potential for undermining existing network infrastructure security

   Evaluating built-in and add-on safeguards for WLANs: wired equivalent privacy (WEP), server set identifiers (SSIDs), authentication and association, cell sizing, multi-pathing, hidden node, near/far, interference, WPA, and EAP

   Security threats and safeguards for wireless LANs

   Defining effective policies for the safe use of WLANs

[Back to top] [To schedule]

To schedule


416-907-4041, Eastern Time, 9:00 a.m. to 5:00 p.m., Monday-Friday





[Back to top]