Thursday, 12/8/2016, 11:00 AM - 12:00 PM
Session Title: B9: How Did Cybersecurity Go So Horribly Wrong and How Do We Get it Back on Track?
At the IT Auditors Conference in New Orleans, LA, Ford Winslow closed the track with a session on the history of cyber and what we can expect in the coming years.
The presentation closed with several recommendations for the industry to get back on track:
#1 - Use a Risk-Based Approach
A common-sense approach to implementing security makes security practical and attainable. Overkill leads to complexity and risk, under-funding leads to gaps and risk as well. Justifying your security program based on risk is the only way to sped the right amount at the right time on the right thing.
#2 - Better Auditing
Not only do auditors need to be better educated on the latest trends, technologists need to be better educated on audit and the needs of auditors. Both sides need to come together to come up with pragmatic audit approaches that yield trust.
#3 - Make Cyber Cool
Consumer technology gets adopted because it's "cool". If cybersecurity is something you have to do because your parents, your doctor or your teacher says you have to, you will resist. Once being secure is cool, we won't have to try to be secure anymore. It'll just happen.
#4 - Speed
The #1 resistance to security is speed. Security is "slow". Security is "expensive". These are all things I hear constantly. In fact, the opposite is true. Not taking a secure approach is slow. By not having a framework or requirements, teams don't know what to do. Practical security requirements teams can use from the first day help teams go faster. Brakes on cars help you go faster....