It’s good if your organisation has someone to take on information security. However it’s bad if you are the person in this position. Few are lucky enough to actually deal with improving information security. And some are caught in compliance fighting an uphill struggle against regulations and audits that have nothing to do with the threats to your business.
The management of Information Security has become over-regulated and to some degree, over-focused on compliance to policy/regulation, architectural decisions, network access, and vulnerability management. As a result, many CISOs struggle to define success in terms that match the goals of their business, and struggle to make their risk management efforts relevant to senior executives.
How do you achieve that? Alex Hutton will tell you in his keynote talk at DeepSec 2014. His goal is for attendees to walk away after the talk with two things. First, a technique they can take back to their jobs with them that will help them make the concept of “aligning security with the business” less of a platitude and more of a reality. Second, we will discuss a new, threat-centric framework that uses metrics to understand how security operations reduces risk.
Curious? Cursed with being a CSO? Dreaming to become one someday? Having nightmares about metrics? Well, then you should probably avoid missing Alex’ keynote!