Key Sessions at the CISO Executive Summit 2011

Saturday, December 03, 2011

Steven Fox, CISSP, QSA


The EC-Council will host a gathering of public/private sector information security executives and thought-leaders at the CISO Executive Summit 2011 on December 5-6 in Las Vegas.

The agenda features panel discussions addressing issues that emerge from the intersection between technology, people, and business.

Below are three panels on which I was asked to contribute my knowledge as an industry analyst and experience as a practitioner. If you’re at the event next week, I hope you’ll attend and listen in.

Managing Insider Threats

According to a 2010 CyberSecurity Watch Survey, “the mean monetary value of losses due to cyber crime was $394,700 among the organizations that experienced a security event.”

An analysis of the survey responses showed that 67% of respondents stated that insider threats are more costly than outsider threats. Many organizations admit to the damage an insider can do if so inclined, yet they dismiss investments to mitigating these risks.

This session will explore the indicators of an insider threat before it becomes hard to manage. It will also highlight techniques to mitigate this risk while respecting the individual that poses the potential threat.

Structuring and Managing your Infosec Workforce

A 2011 (ISC)2 Security Workforce Study “shows a clear gap in skills needed to protect organizations in the near future.” While the survey does cite technology developments such as Cloud Computing and Mobile security challenges, it also mentions their business implications.

As the practice of information assurance matures, its identity in the organizational culture is merging slowly with the business units it supports. Practitioners are challenged to adapt their skills to the evolution of an infosec business function separate from its legacy association with the IT department.

The competitive landscape now calls for a blend of technology, business, and consulting skills. This session will discuss the opportunities that leaders have in positioning and managing the security function to survive the evolving competitive environment.

Factors with Greatest Impact on the Information Security Profession

The 2011 (ISC)2 study also highlighted factors that impact the information security profession as a whole. The Cloud, Social Business, Cyber Crime, APTS; these are among the challenges that IA professionals are asked to address.

The new workforce must be versatile and bilingual; skilled in the lingua franca between IT and business. Compliance and Consumerization are two areas cited in the study where this ability will help when evaluating the proper controls to mitigate the associated risks.

This session will discuss the skills, experiences and perspectives required to advance not only individual careers but also the profession.

I will be posting highlights from the summit on the Security Connected blog, and be sure to follow @McAfeeBusiness for insights from the event as well.

Cross-posted from the McAfee Security Connected blog

Possibly Related Articles:
Security Training
Information Security
Insider Threats Information Security Infosec Conferences ISC2 EC-Council CISO Executive Summit
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.