InterSec 2009 - Indianhead Region

Rick Ensenbach

Mr. Ensenbach is an information security professional with over 25 years of experience in the field of information security. Mr. Ensenbach has worked for a diverse range of organizations. He has been responsible for creating the information security programs for the Air Force, 934th Airlift Wing - Air Force Reserve, Children’s Hospitals and Clinics of Minnesota and Conseco Finance. He has also consulted independently and for several security consulting companies. He currently works in the State of Minnesota’s Enterprise Security Office.

Mr. Ensenbach’s background includes information security risk management, security auditing and regulatory compliance assessments, policy/standards development, program development and strategic planning. He has an extensive knowledge of regulatory requirements (e.g. HIPAA, GLBA, FFIEC) and internationally accepted standards such as NIST, ISO17799/27001 and COBIT.

Rick holds a number of internationally recognized certifications, to include Certified Information Systems Security Professional (“CISSP”), Certified Information Security Manager (“CISM”), Certified Information Systems Auditor (“CISA”), Information Systems Security Management Professional (ISSMP). Rick has also successfully passed examinations for the Payment Card Industry (PCI) Qualified Data Security Professional, Information Technology Infrastructure Library (ITIL) Foundations versions 2 & 3 and ISO27001, Lead Auditor.

Rick is the former President of the Information Systems Security Association (ISSA) Minnesota chapter and the Upper Midwest Security Alliance. He is also a United States Air Force retiree with over 21 years of honorable service.

Presentation: Proactive Lifecycle Security Management
Security Authorization Process Overview

Security professionals are often faced with the daunting task of having to retrofit security controls into systems after it has already been put into production. The bad news is that this commonly occurs after sensitive or confidential information has exposed as a result of a preventable system vulnerability, which often leads to public embarrassment, unnecessary litigation, regulatory fines, loss of customer confidence and numerous man-hours spent performing incident response and breach notification activities.

Attend this session and learn how to ensure that security is addressed early in the system development or acquisition process by implementing a simple, scalable process that Federal agencies and the Department of Defense have practiced for years.

Mr. Ensenbach will also discuss available resources you can use and provide and example of a “System Security Plan” that you can immediately start using in your own organization and get you started on implementing your own security authorization process.

This is a “must” attend session for all organizations that are required to comply with Federal Information Security Management Act (FISMA).