Presented at
DeepSec 2014 „Do you want to know more?“,
Unknown date/time
(Unknown duration)
One of the most significant changes technology has wrought over the last decade is the current movement to use data and quantification as a means to better our everyday lives. In both our work life and leisure life, almost no aspect of modern life has escaped our desire to become better using evidence, data, and quantitative methods.
This talk discusses one method to help a Security Department build a better understanding of historically amorphous goals like "effectiveness, efficiency, secure, and risk" using data and models.
Presenters:
-
Alexander Hutton
- IANS Research, "Systemically Important Financial Institution"
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is a VP in Information Security for a "Systemically Important Financial Institution." A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon's PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups.
Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum. Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).
Links: