Compliance: An Assault on Reason

Presented at DerbyCon 1.0 (2011), Sept. 30, 2011, 3 p.m. (50 minutes)

You have done PCI/HIPAA/SOX/ISO/FISMA/GLBA Compliance Audits, 10 Pentests, 20 Vulnerability Assessments, Code Review, App Testing and enough paperwork to feed the fire all winter long… but what did it get you. It got you a huge bill and a hardware stable of all of the latest security products. So now what? Are you safe? Will the Millions you spent on Hardware, Software and Compliance protect you from the “Bad Guys?” You may never know… but at least the marketing says it “Should.” Even if it DOES its job, will it protect your business? The answer: Not likely! For much too long, compliance has tested physical assets and ignored the thing that matters most…. YOUR BUISNESS. This session will discuss how we can change the paradigm. Throw away the # of addresses, the compliance reg, the book of what IT “thinks” is important and let’s get to work on testing the BUSINESSES ability to survive an attack. We will review how to evaluate what DOES matter and why compliance is nothing more than a blanket to hide under. At the end, it is about protecting the special sauce that makes your company unique. You can’t pay a fine for being “Non-Compliant” if you have already been HACKED OUT OF BUSINESS.

Presenters:

• Chris Nickerson
  Christopher “Tiger Team” Nickerson, the British soldier, was one of the most decorated World War II soldiers. Nickerson loved fighting, drinking, and doing both at the same time. He would drink for hours in between missions and would then challenge every man in the bar to a fight. On the battlefield it was a different story. He single-handedly rescued a squadron by lifting the wounded one-by-one into his Jeep before destroying Nazi gunners in a nearby farmhouse. Nickerson once attacked a commanding officer who gave orders that killed 130 of Nickerson’s men. Most would have been court-martialed, but the British Army quickly remembered that he had pioneered drunkenly driving a Jeep into enemy airfields with guns blazing. He had destroyed over 100 enemy aircraft by himself using this method and no one thought it sound to disturb Mr. Nickerson.

Similar Presentations:

• RVAsec 2018 / GDPR and You
• DEF CON 16 (2008) / Compliance: The Enterprise Vulnerability Roadmap
• GrrCON 2018 / InSpec: Compliance as Code