Didn't attend the 2013 Information Systems Security Association's International Conference in Nashville, Tenn.,...
this past week? Don't worry; SearchCompliance and Twitter have got you covered. As you await our extensive video coverage from the show, check out some of the conference's top tweets from sessions and keynotes on the first day of the conference, Wednesday, Oct. 9.
More tips for security professionals
CISO's cloud procurement and security responsibilities
Skills necessary for CISO survival
Security conscience is key for CISO
Glenn Harlan Reynolds kicked things off with a keynote titled, "Don't Fear the Leaker." Blue Ö yster Cult jokes aside, the talk by Reynolds, the Beauchamp Brogan Distinguished Professor of Law at the University of Tennessee, gave a unique perspective on law and the role of technology in empowering ordinary people to follow the "if you see something, say something" rule, while also illuminating the differences between ethical leaking and whistleblowing:
In light of the recent National Security Agency revelations and other government leaks, it's clear that whistleblowing often provokes controversy. Reynolds pointed out the key benefit of this phenomenon: trust.
Cutting down on whistleblowers makes our government less legitimate — Glenn Harlan Reynolds #ISSAConf— Alex Wood (@abwoodrow) October 9, 2013
Reynolds proposed organizations build a culture around appropriate and inappropriate whistleblowing:
"Culture is much more powerful than law" Glenn Reynolds at #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
Following Reynolds' keynote, ISSA conference attendees filtered into several different information sessions led by security professionals. Here are highlights from some of the Day One sessions:
Every Move You Make, Every Step You Take: Geolocation Privacy: How can "they" know where you were last year, month, week or even minute, and who are "they," anyway? Derek E. Isaacs, a senior cybersecurity engineer at Colorado Springs, Colo.-based Boecore Inc., discussed the effects of geolocation and location-based services with regards to personal and professional movement:
"If you are unable to remove the battery from your phone, it is never off... Not the way you think it is." Derek E. Isaacs #ISSAConf— Josh Gieringer (@JGieringer) October 9, 2013
While Smart products, such as cars and phones, may be efficient; if put in the wrong hands, you become public. Derek E. Isaacs #ISSAConf— Josh Gieringer (@JGieringer) October 9, 2013
Enhancing Visibility and Response to Provide Effective Information Risk Management and Security: Jay Leek, chief information security officer at New York City-based The Blackstone Group LP, suggested that for many it's no longer a matter of if, but rather when their defenses will be infiltrated and systems compromised. Leek's session provided advice for adjusting defense approaches by shifting some focus away from a prevention strategy and investing more in enhancing visibility and response capabilities. Here's what conference tweeters took away:
Jay Leek of Blackstone Group: Retail stores plan (and prepare) to get robbed, and most security programs plan to get hacked. #ISSAConf— Mark Burnette (@muzikcitee) October 9, 2013
Focusing on Your Data to Change the Information Security Game: In his mobile security session, James Robinson, security architecture and strategy officer at San Diego-based Websense Inc., touched on transforming users, evolving your threat model and implementing new data-driven approaches to identifying, mitigating and combatting threats. Here are some tips from Robinson's session:
"Start with the 'So what?' principle when evaluating risk" J. Robinson at #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
Phishing emails are more effective on Monday morning or Friday afternoon according to James Robinson #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
"Security organizations are outnumbered, outgunned and steps behind the bad guys" James Robinson at #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
Real-Time Risk Management: Death of the Rainbow: "We are doing it WRONG!" read the abstract for Caleb Merriman's real-time risk management session. Merriman, chief information security officer at Blue Cross Blue Shield of Tennessee, suggested that current efforts to effectively manage information security risk only create confusion, increase cost and provide a false sense of security:
"Information, no rating risk" Caleb Marriman #ISSAConf— ISSA Uruguay (@ISSAUruguay) October 9, 2013
"Risk rating obscures the facts, that's why I don't like it" Caleb Merriman at #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
"Policies: don't write shelfware...policy is intended to drive behavior" Caleb Merriman #ISSAConf— Brad Hibbs (@herctek) October 9, 2013
"Information improves risk management not ratings' Caleb Merriman at #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
Closure time of a risk finding dropped from 1 year to 1 month with appropriate risk management! Caleb Merriman at #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
Stay tuned for more Twitter session recaps and video coverage from ISSA International Conference on SearchCompliance. To read more online conversations from the conference, search "#ISSAConf" on Twitter.