Compliance: The Enterprise Vulnerability Roadmap

Presented at DEF CON 16 (2008), Aug. 8, 2008, 10 a.m. (50 minutes).

Compliance is no longer new. Compliance has been accepted by the corporate-state. Compliance is common-place. Compliance is the intruders' new friend. Decision makers thinks Compliance == Security. While many compliance standards have resulted in the implementation of some very important controls, they have also left a roadmap for intruders, ill doers and the sort to hone their attack. This presentation will go over such weaknesses and show how compliance entities are, regardless of intent, proving that compliance != security.

Presenters:

• Weasel - Nomad Mobile Research Centre
  Weasel is a veteran member Nomad Mobile Research Centre. Over the years he has performed deep research into areas ranging from Forensics/Anti-Forensics to Enterprise Culture to Cyber Warfare and Binary Analysis. Weasel is the last surviving international member of NMRC as Canada has been ruled too lame to be considered "international."

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#Weasel
• https://infocon.org/cons/DEF CON/DEF CON 16/DEF CON 16 video/DEF CON 16 - Weasel - Compliance Enterprise Vuln Roadmap - Video.mp4
• https://www.youtube.com/watch?v=wos-Dftc8fU

Similar Presentations:

• GrrCON 2018 / InSpec: Compliance as Code
• DerbyCon 1.0 (2011) / Compliance: An Assault on Reason
• RVAsec 2019 / Compliance, Technical Controls, and You