Infosec Island is pleased to continue our coverage of the Black Hat conference, which takes place from July 21st through July 26th at Caesars Palace in Las Vegas, NV.
Black Hat remains the biggest and the most important technical security conference series in the world by remaining true to their core value: Serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
Infosec Island would like to extend a special thanks to Tripwire for making possible our presence at the Black Hat Las Vegas 2012 event.
Headquartered in Portland, Oregon, Tripwire has operations in 15 countries around the world.
Tripwire’s IT security software reduces risk, ensures systems and data security, and automates regulatory compliance. Tripwire offerings solve the security configuration management, continuous monitoring, and incident detection problems facing organizations of all sizes, as stand-alone solutions or in concert with other IT security controls.
Come by the Tripwire booth during the conference for a chance to meet some of the company's key personnel, including Dwayne Melançon, Tripwire's Chief Technology Officer. Dwayne brings over 25 years of security software experience, and is responsible for leading the company's long term product strategy to meet the evolving data security needs of global enterprises.
And look for Jim Wachhaus, Tripwire's Corporate Systems Engineer. Jim has extensive experience in project management and post-sales implementation expertise in large, complex enterprise security software deployments.
Also present for the day on Wednesday, July 25th will be Infosec Island's Managing Editor Anthony M. Freed. Infosec Island is a vendor-neutral professional information security community serving the needs of SMBs, mid-market enterprises, and large corporations across multiple industries, government agencies, educational, legal, financial, and healthcare organizations.
In the run-up to the Black Hat event, be sure to check out Tripwire's recently released detailed study examining The State of Risk-Based Security Management, produced in cooperation with the Poneman Institute.
The study is designed to discover what organizations are doing with respect to Risk-based Security Management (RBSM), where RBSM is defined as the application of rigorous and systematic analytical techniques to the evaluation of the risks that impact an organization’s information assets and IT infrastructure.
Key findings in the study include:
- All Talk, No Walk with RBSM: Over three quarters (77 percent) express significant or very significant commitment to RBSM, yet barely more than half (52 percent) have a formalized approach to it, and less than half (46 percent) have actually deployed any RBSM program activities.
- A Lack of Formalized RBSM Strategy: Around a third (30 percent) of organizations have no RBSM strategy, and close to a quarter (23 percent) only have an informal or ad hoc strategy.
- Taking a Formal Approach to RBSM Means Walking the Talk: Of those who indicate they have a formal RBSM program, almost three quarters (74 percent) report that they have partially or completely deployed some or all RBSM activities.
- Failing to Categorize What to Protect from Risk: A full 41 percent report that they do not categorize their information according to its importance to the organization—thereby missing a key step in knowing what is critical to protect.
- An Unbalanced Approach to Information and Risk Management: Between 80 to 90 percent of organizations have partially or fully deployed preventive controls, but only about 50 percent have deployed the majority of detective controls.
- No Metrics = No Success: Less than half (45 percent) have metrics to help demonstrate program success— a must if organizations are to convince leadership to allocate funding and resources.
The full State of Risk-Based Security Management report can be accessed at no charge here: The State of Risk-Based Security Management
Infosec Island would again like to extend a special thanks to Tripwire for making possible our presence at the Black Hat Las Vegas 2012 event. See you there!