It does not have an ISO standard. NIST barely mentions it. Despite dozens of publications coming out in Information Security every year, no dedicated book is on sight. Enterprise Risk Management frameworks barely touch on it – if they even do. A chapter in Tipton’s book dating 2007, proprietary solutions and sparse articles is all we have. In 2007 there was no Cloud yet – and that can be both a big help or a major issue in the process. Mergers & Acquisition is a matter left to Business Administration professionals, who don’t like thinking about Information Security risks anyway.

Information Security for Mergers & Acquisition is often an afterthought and rarely a deciding factor in due diligence exercises – but when your company acquires a new firm every quarter, you need to start thinking about something. This session will propose a simple framework and you will walk away with actionable material you can start using tomorrow.

Marco Ermini defines himself as a senior ICT security expert. In his almost 20 years in ICT he was programming video games and Linux kernel device drivers, managing networks and UNIX systems, spending a decade as consultant travelling on client’s sites, becoming responsible for the security of the network of the biggest telco in the world, delivering risk assessments for virtualization and Cloud platforms, and finally being an Enterprise Security Architect. Marco has spoken at IDC Sofia 2010 and ISACA EUROCACS 2016, beside having delivered BrightTalk webinars and countless internal trainings.
Time permitting, he enjoys endurance sports such as ultra-running, as well as wandering through the world with his wife, meeting different cultures while trying all of the possible food they can get their hands on.

Comments are closed.