Security Awareness: As long as Information Security is covered somewhere in the organization, to what degree does anyone need to pay attention to it personally? This talk described real-life scenarios wherein organizations thought they had covered InfoSec from a due diligence perspective and it turned out not to be enough to thwart major damage to their organizations. It shows that the risk-management philosophy often associated with security is not the same as actual evidence of due care. It prepares the audience for communicating with and understanding the jargon of the InfoSec professional without going into any technical detail.

Security Horror Stories: Security Horror Stories are tales of organizations that did not pay attention to security, and thus fell victim to some criminal, who exploited an obvious vulnerability to steal or destroy something so valuable that the company had to disclose its inadequacy. The disclosure could be by announcing a security breach, by filing financial statements that show material weakness, or. in the worst case, by going out of business. Variations on the definition of Security Horror Story replace the criminal with an auditor. This talk demonstrates that Security Horror Stories are, by definition, preventable.




Home