SlideShare une entreprise Scribd logo

The Great Compliance Debate: No Child Left Behind or The Polio Vaccine

Security B-Sides
Security B-Sides

Joshua Corman, Jack Daniel, Anton Chuvakin, Andy Ellis, Michelle Klinger

Technologie
1  sur  10
Télécharger pour lire hors ligne
 Dr. Anton Chuvakin, is a recognized security expert in the field of log management and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others.  Joshua Corman, is Research Director for the 451 Group and leads 451 Group's research team in the area of IT enterprise security. Previously Josh was Principal Security Strategist at IBM Internet Security Systems.  Andy Ellis, Akamai's Senior Director of Information Security and Chief Security Architect, responsible for overseeing the security architecture of the company's massive, globally distributed network.  Michelle Klinger, Independent Information Security Engineer with extensive experience in the compliance field.  Jack Daniel, InfoSec Curmudgeon, Community Development Manager, Astaro Corporation
 We do not speak for our employers, clients or customers. Nor for our spouses, siblings, or offspring, etc.  Our opinions are our own, the facts are as we see them.  We aren’t lawyers…etc.  But some of these folks are pretty damn smart, so pay attention.
 We want an honest discussion, compliance issues are changing what we call security.  These issues are much bigger than just PCI.  Monday was day one for MA 201CMR17.00  There have been plenty of Compliance LoveFests  And quite a few uninformed rants  This is neither of those
 Think before you speak.  No Religion  We’ll take time in the beginning to bicker among ourselves before fielding questions, then please join in the discussion.
 We fear the auditor more than the attacker.  Compliance, the No Child Left Behind act of InfoSec?  Or is it the polio vaccine for security?  How do we use it to our advantage?  How does Compliance misuse us?  What about unintended consequences?  Impact on R&D and VC investments?  Alternatives?
 Anton Chuvakin chuvakin.org  Twitter: @anton_chuvakin  Joshua Corman 451group.com  Twitter: @joshcorman  Andy Ellis CSOAndy.com  @csoandy  Michelle Klinger  @diami03  Jack Daniel blog.uncommonsensesecurity.com  @jack_daniel

Recommandé

Secure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure Channels Inc.
 
Cyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyCyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyInternet Law Center
 
20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security Threats20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security ThreatsJesse Wilkins
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)YUSRA FERNANDO
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
5 Cybersecurity Threats Your Business Can't Afford to Ignore
5 Cybersecurity Threats Your Business Can't Afford to Ignore5 Cybersecurity Threats Your Business Can't Afford to Ignore
5 Cybersecurity Threats Your Business Can't Afford to IgnoreWSI WebAnalys
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 

Recommandé

Secure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure Channels Inc.
 
Cyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyCyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyInternet Law Center
 
20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security Threats20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security ThreatsJesse Wilkins
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)YUSRA FERNANDO
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
5 Cybersecurity Threats Your Business Can't Afford to Ignore
5 Cybersecurity Threats Your Business Can't Afford to Ignore5 Cybersecurity Threats Your Business Can't Afford to Ignore
5 Cybersecurity Threats Your Business Can't Afford to IgnoreWSI WebAnalys
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
Injectable polio vaccine
Injectable polio vaccineInjectable polio vaccine
Injectable polio vaccinedichmu
 
Vaccines,types,composition & failure etc
Vaccines,types,composition & failure etcVaccines,types,composition & failure etc
Vaccines,types,composition & failure etcDr. Waqas Nawaz
 
Polio Final Presentation
Polio Final PresentationPolio Final Presentation
Polio Final PresentationAnkush Ankush
 
POLIO VACCINE
POLIO VACCINEPOLIO VACCINE
POLIO VACCINESha Shi
 
Poliomielitis
PoliomielitisPoliomielitis
PoliomielitisDaniel MArtinez
 
The benefits of the polio vaccine for child
The benefits of the polio vaccine for childThe benefits of the polio vaccine for child
The benefits of the polio vaccine for childIhsan Umraity
 
How to Secure America
How to Secure AmericaHow to Secure America
How to Secure AmericaSecurityStudio
 
Building World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsBuilding World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsJoyce Brocaglia
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPNick Selby
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Staying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters NowStaying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters NowCapgemini
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentationRashid Khatmey
 
Hacking_SharePoint_FINAL
Hacking_SharePoint_FINALHacking_SharePoint_FINAL
Hacking_SharePoint_FINALIan Naumenko, CISSP, CRISC
 
Privacy awareness full book-l
Privacy awareness full book-lPrivacy awareness full book-l
Privacy awareness full book-lcoedfvaliantvoora
 
1st Russian CSO Summit Trends 2008
1st Russian CSO Summit Trends 20081st Russian CSO Summit Trends 2008
1st Russian CSO Summit Trends 2008Anton Chuvakin
 
News letter June 11
News letter June 11News letter June 11
News letter June 11captsbtyagi
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...RedZone Technologies
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 

Contenu connexe

En vedette

Injectable polio vaccine
Injectable polio vaccineInjectable polio vaccine
Injectable polio vaccinedichmu
 
Vaccines,types,composition & failure etc
Vaccines,types,composition & failure etcVaccines,types,composition & failure etc
Vaccines,types,composition & failure etcDr. Waqas Nawaz
 
Polio Final Presentation
Polio Final PresentationPolio Final Presentation
Polio Final PresentationAnkush Ankush
 
POLIO VACCINE
POLIO VACCINEPOLIO VACCINE
POLIO VACCINESha Shi
 
The benefits of the polio vaccine for child
The benefits of the polio vaccine for childThe benefits of the polio vaccine for child
The benefits of the polio vaccine for childIhsan Umraity
 

En vedette (6)

Injectable polio vaccine
Injectable polio vaccineInjectable polio vaccine
Injectable polio vaccine
 
Vaccines,types,composition & failure etc
Vaccines,types,composition & failure etcVaccines,types,composition & failure etc
Vaccines,types,composition & failure etc
 
Polio Final Presentation
Polio Final PresentationPolio Final Presentation
Polio Final Presentation
 
POLIO VACCINE
POLIO VACCINEPOLIO VACCINE
POLIO VACCINE
 
Poliomielitis
PoliomielitisPoliomielitis
Poliomielitis
 
The benefits of the polio vaccine for child
The benefits of the polio vaccine for childThe benefits of the polio vaccine for child
The benefits of the polio vaccine for child
 

Similaire à The Great Compliance Debate: No Child Left Behind or The Polio Vaccine

Building World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsBuilding World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsJoyce Brocaglia
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPNick Selby
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Staying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters NowStaying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters NowCapgemini
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentationRashid Khatmey
 
Privacy awareness full book-l
Privacy awareness full book-lPrivacy awareness full book-l
Privacy awareness full book-lcoedfvaliantvoora
 
1st Russian CSO Summit Trends 2008
1st Russian CSO Summit Trends 20081st Russian CSO Summit Trends 2008
1st Russian CSO Summit Trends 2008Anton Chuvakin
 
News letter June 11
News letter June 11News letter June 11
News letter June 11captsbtyagi
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...RedZone Technologies
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 

Similaire à The Great Compliance Debate: No Child Left Behind or The Polio Vaccine (20)

How to Secure America
How to Secure AmericaHow to Secure America
How to Secure America
 
Building World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsBuilding World Class Cybersecurity Teams
Building World Class Cybersecurity Teams
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLP
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
Staying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters NowStaying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters Now
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentation
 
Hacking_SharePoint_FINAL
Hacking_SharePoint_FINALHacking_SharePoint_FINAL
Hacking_SharePoint_FINAL
 
Privacy awareness full book-l
Privacy awareness full book-lPrivacy awareness full book-l
Privacy awareness full book-l
 
1st Russian CSO Summit Trends 2008
1st Russian CSO Summit Trends 20081st Russian CSO Summit Trends 2008
1st Russian CSO Summit Trends 2008
 
News letter June 11
News letter June 11News letter June 11
News letter June 11
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and Technologies
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
 

Plus de Security B-Sides

Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c 2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c Security B-Sides
 
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Security B-Sides
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySecurity B-Sides
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
 
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonRisk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonSecurity B-Sides
 
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity B-Sides
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Security B-Sides
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsSecurity B-Sides
 
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldEnterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldSecurity B-Sides
 
From fishing to phishing to ?
From fishing to phishing to ?From fishing to phishing to ?
From fishing to phishing to ?Security B-Sides
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the faceSecurity B-Sides
 
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Security B-Sides
 

Plus de Security B-Sides (20)

Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atl
 
The road to hell v0.6
The road to hell v0.6The road to hell v0.6
The road to hell v0.6
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c 2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
 
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
 
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonRisk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex Hutton
 
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity? Who cares! - Brett Hardin
Security? Who cares! - Brett Hardin
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource tools
 
2009 Zacon Haroon Meer
2009 Zacon Haroon Meer2009 Zacon Haroon Meer
2009 Zacon Haroon Meer
 
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldEnterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the Gold
 
From fishing to phishing to ?
From fishing to phishing to ?From fishing to phishing to ?
From fishing to phishing to ?
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the face
 
Make Tea Not War
Make Tea Not WarMake Tea Not War
Make Tea Not War
 
OWASP Proxy
OWASP ProxyOWASP Proxy
OWASP Proxy
 
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)
 
Exploitation
ExploitationExploitation
Exploitation
 
Layer 2 Hackery
Layer 2 HackeryLayer 2 Hackery
Layer 2 Hackery
 

Dernier

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Dernier (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

The Great Compliance Debate: No Child Left Behind or The Polio Vaccine

  • 1.
  • 2.  Dr. Anton Chuvakin, is a recognized security expert in the field of log management and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others.  Joshua Corman, is Research Director for the 451 Group and leads 451 Group's research team in the area of IT enterprise security. Previously Josh was Principal Security Strategist at IBM Internet Security Systems.  Andy Ellis, Akamai's Senior Director of Information Security and Chief Security Architect, responsible for overseeing the security architecture of the company's massive, globally distributed network.  Michelle Klinger, Independent Information Security Engineer with extensive experience in the compliance field.  Jack Daniel, InfoSec Curmudgeon, Community Development Manager, Astaro Corporation
  • 3.  We do not speak for our employers, clients or customers. Nor for our spouses, siblings, or offspring, etc.  Our opinions are our own, the facts are as we see them.  We aren’t lawyers…etc.  But some of these folks are pretty damn smart, so pay attention.
  • 4.  We want an honest discussion, compliance issues are changing what we call security.  These issues are much bigger than just PCI.  Monday was day one for MA 201CMR17.00  There have been plenty of Compliance LoveFests  And quite a few uninformed rants  This is neither of those
  • 5.  Think before you speak.  No Religion  We’ll take time in the beginning to bicker among ourselves before fielding questions, then please join in the discussion.
  • 6.  We fear the auditor more than the attacker.  Compliance, the No Child Left Behind act of InfoSec?  Or is it the polio vaccine for security?  How do we use it to our advantage?  How does Compliance misuse us?  What about unintended consequences?  Impact on R&D and VC investments?  Alternatives?
  • 7.
  • 8.
  • 9.
  • 10.  Anton Chuvakin chuvakin.org  Twitter: @anton_chuvakin  Joshua Corman 451group.com  Twitter: @joshcorman  Andy Ellis CSOAndy.com  @csoandy  Michelle Klinger  @diami03  Jack Daniel blog.uncommonsensesecurity.com  @jack_daniel