Dr. John Leach, Director and Principal Consultant, John Leach Information Security Ltd, www.jlis.co.uk
About this talk
Current approaches to IT security are based too much on guesswork and unproven “best practices”. We measure some threats but can’t be sure we are covering all the main threats or are measuring the right things. We assess software vulnerabilities but we know that these give us only part of the picture. We look to “best practices” to maximise our protection but have no way of knowing how effective these practices really are. And we do not know how much of each control is good enough. Indeed, we don’t know how to assess “good enough” let alone what we have to do to achieve it.
This is a symptom of the fact that IT security has, since its inception, been conducted as a craft rather than as a science. What we need is a different approach that would give us more reliable, cost effective and assured protection against cyber threats. This we can get if we start to think about IT security as a science rather than just as a craft. In this talk I will sketch out what a scientific approach to IT security would look like and show what steps people could take to move in this direction. Many of these steps are useful things that would provide valuable benefits today even without people having to commit to a wholesale change in their security approach. This is an evolution, not a revolution.
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.…