Last week's 2013 ISSA International Conference in Nashville, Tenn., touched on a number of hot cybersecurity topics and stirred up quite the buzz on Twitter among attendees during keynotes and breakout sessions. In our first ISSA conference Twitter recap of the Oct. 9-10 event, SearchCompliance looked specifically at Day 1 sessions. In this roundup, we cover sessions pertaining to identity systems, access management, security roadmap...
development and the relationship between government and corporate cybersecurity from both days of the conference.
More Twitter roundups from SearchCompliance
Buzz on the CISPA cybersecurity bill
Online risk and cybersecurity make waves in government
The Gartner Identity and Access Management Scenario, 2014-2020. Identity systems give users access to applications and data, but how is "identity" as an enabler changing as the IT landscape becomes more vast, diverse and disconnected? Ray Wagner, a managing vice president at Gartner Inc., gave session attendees a look at the changes IT organizations can expect in identity management during the next several years and the ramifications of those changes on those managing identity today. Here are some highlights:
"Everything is going to be on the web by 2020" Ray Wagner talking about the future at #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
"Real time attributes will be used in the future instead of plain roles in access control" Ray Wagner at #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
The idea that in a few years we'll be able to be perform trustworthy identification using a FB account is fascinating. #ISSAConf— Gabriele Petronella (@Gabro27) October 9, 2013
Compromising keys and certs is now an everyday attack method. "We're living in a world without trust" - Gartner #ISSAConf— Sarah Brownell (@brow0787) October 9, 2013
Advanced threat protection provides important layer of protection but isn't a substitute for securing keys & certs - Gartner #ISSAConf— Sarah Brownell (@brow0787) October 9, 2013
Creating an Effective Security Roadmap. While Wagner discussed identity systems management and threat protection, Elliott Franklin, information security manager at Whataburger, tackled security roadmap development. In his conference session, Franklin proposed a cascading approach to creating a security roadmap that does away with PowerPoint slides and expresses a roadmap on one easy-to-follow page. Franklin's approach has been credited with assisting in executive-level comprehension and quick buy-in for multiple enterprise-wide security projects. The session room was packed and attendees were active on Twitter (even begging for chairs):
Evening keynote, Oct. 9: Wednesday's closing keynote was delivered by Eugene H. Spafford, executive director at the Center for Education and Research in Information Assurance and Security and a professor in the Department of Computer Sciences at Purdue University. Spafford asked how IT executives should plan to measure confidentiality, integrity and availability. Several members of the keynote audience tweeted highlights:
"How do you measure confidentiality, integrity, and availability?" Great line from tonight's keynote speech #ISSAConf— J.J. Powell (@johnjpowell) October 9, 2013
Morning keynote, Oct. 10: To kick off Thursday's Day 2, ISSA welcomed the Right Honorable Baroness Pauline Neville-Jones, U.K. special government representative to business for cybersecurity, to share her unique perspective on cybersecurity and cyberdefense. After Neville-Jones discussed her role in the U.K.'s special government task force, she addressed common problems with cybersecurity management in business:
"That's the problem with being out front is you don't know what is going on behind you". - Baroness Neville-Jones #ISSAConf— James McQuiggan (@James_McQuiggan) October 10, 2013
Not enough progress in getting CEOs to pay attention to security and bring to board level says Baroness Neville-Jones. #ISSAConf— Greg Barnes (@pwnjeetdo) October 10, 2013
Cybersecurity is not just for the techies. It needs to go into the boardroom. Baroness Neville-Jones #ISSAConf— ISSA International (@ISSAINTL) October 10, 2013
Exercising the system all the way to the top will better prepare us for real emergencies. #ISSAConf— ISSA International (@ISSAINTL) October 10, 2013
To ensure cybersecurity efforts are successful, the Baroness suggests that government and business foster relationships that benefit both sides:
Government must lead, but it can't do it on its own. It can help distribute responsibility. #ISSAConf— ISSA International (@ISSAINTL) October 10, 2013
Threat, tradecraft, & incident info easier to exchange between govt and .biz in UK than US says Baroness Neville-Jones #ISSAConf— Greg Barnes (@pwnjeetdo) October 10, 2013
For successful sec policy partnership- both .gov & .biz must accept new relationship boundaries. says Baroness Neville-Jones #ISSAConf— Greg Barnes (@pwnjeetdo) October 10, 2013
Stay tuned for more ISSA International Conference coverage on SearchCompliance. To read more conversations from the 2013 ISSA conference, search "#ISSAConf" on Twitter.