Conformity Assessment Meets Cybersecurity | FIRST & AfricaCERT Symposium 2025 - Taher Amine ELHOUARI скачать в хорошем качестве

Conformity Assessment Meets Cybersecurity | FIRST & AfricaCERT Symposium 2025 - Taher Amine ELHOUARI

🎙️ Conformity Assessment Meets Cybersecurity: Building a Common Language Between Auditors and Analysts Taher Amine ELHOUARI – LIVE at the 2025 FIRST & AfricaCERT Symposium | Mauritius 🇲🇺 🌐 Event Website: https://www.first.org/events/symposiu... 🌐 Event Program: https://www.first.org/events/symposiu... In this recorded session from the 2025 FIRST & AfricaCERT Africa & Arab Regions Symposium, I explore one of the most critical challenges facing cybersecurity and assurance today: Why do audits say “everything is compliant” while security teams still struggle to contain attacks? The answer lies in the assurance gap between: Conformity assessment & certification audits, and Real-world SOC operations & incident response teams. This talk introduces a shared language and operational bridge between auditors, assessors, regulators, SOC analysts, and CSIRT teams — transforming compliance from a periodic checkbox into a model of continuous, evidence-driven cyber assurance. 🎯 Session Focus: During the presentation, we connect international standards and operational security practice, including: 🔹 ISO & Assurance Standards: ISO/IEC 17021 & ISO/IEC 27006 – accreditation/certification (conformity assessment) ISO/IEC 27007 & ISO/IEC TS 27008 – audit & control assessment methodologies ISO/IEC 19011 – audit guidelines ISO/IEC 27035 – incident management lifecycle 🔹 Operational & Community Frameworks: OWASP ASVS & SAMM practical security assurance models CSA CCM & STAR continuous cloud security assurance AfricaCERT 3CF – Africa’s Common Cybersecurity Controls Framework 🧩 Topics Covered: ✅ Translating SOC telemetry into audit evidence ✅ Applying ISO 27008 to measure real control effectiveness ✅ Mapping detection metrics and IR tickets to ISO clauses ✅ Linking SOC maturity to certification readiness ✅ Applying ISO 19011 principles inside operational environments ✅ Designing continuous assurance models to replace static audits ✅ Integrating AfricaCERT 3CF for regional cyber maturity benchmarking 🌍 Why This Matters: Attacks evolve daily — audits happen once per year. Cyber assurance must evolve too. This session demonstrates how: Security operations can become self-auditing environments Audits can become continuous validation mechanisms Evidence becomes a shared asset across governance and operations Certification reflects real capability, not just documentation 🇩🇿 Representing Algeria on the Global Stage: I was deeply honored to be selected as the only Algerian speaker featured in the official plenary program of the FIRST & AfricaCERT Symposium 2025, representing Algeria alongside national and international CSIRTs, regulators, and security leaders from across Africa, the Arab region, Europe, and beyond. This participation reflects the growing cybersecurity ecosystem emerging in Algeria through community leadership and professional initiatives including: OWASP Algiers; CSA Algeria; CAS Algeria; EKSec Group; AfricaCERT. 🧭 About the Speaker: Taher Amine ELHOUARI: Independent Information Security Consultant Global Cybersecurity Advisor | Accredited Auditor | Certified Trainer Founder & CEO – EKSec Group Founding President – OWASP, CSA & CAS Algeria Chapters AfricaCERT Professional Member (SME) FIRST/AfricaCERT Program & Planning Committee Member 🤝 Let’s Stay Connected: Feel free to connect with me for knowledge exchange, collaboration, training, or advisory discussions: 🌐 Website: https://www.TaherAmine.org 📩 Email: [email protected] 💼 LinkedIn:   / mrtaheramine   🔔 Don’t forget to: ✅ Subscribe if you value real-world cybersecurity insights 👍 Like the video if it was useful 💬 Leave your questions or feedback in the comments — I personally engage with the community.