Securing Sensitive Data: A Strange Game

Presented at BSidesLV 2014, Aug. 5, 2014, 12:10 p.m. (30 minutes)

Information security compliance regulations like PCI, HIPAA, SB1386 have been around for many years now, but we continue to suffer large data breaches. In this talk, an experienced PCI QSA will discuss why even the best efforts at compliance fail to prevent breaches, provide examples from the field of what goes wrong despite these best efforts, and how to win by not playing - by getting the sensitive data the thieves want out of your environment.

Presenters:

• Jeff Elliot
  Jeff Elliot is an Associate Director at Protiviti, where he is responsible for delivering Information Security services to many of Protiviti's largest clients. With seven years as a PCI QSA, and as the "Primary Contact" for Protiviti with the PCI Council, Jeff leads or consults on many of Protiviti's largest PCI assessment and remediation projects. Jeff and his teams typically find real security gaps that other assessors and client personnel have missed, sometimes for years.

Links:

• https://bsideslv2014.sched.com/event/1p3T0wH/securing-sensitive-data-a-strange-game
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2014/securing sensitive data a strange game jeff elliot.mp4

Similar Presentations:

• DerbyCon 2.0 Reunion (2012) / Are You HIPAA to the Jive?: How Focus on HIPAA Compliance Over Better Security Practices Hurts Us All
• ToorCon San Diego 14 (2012) / Stop Patching, for Stronger PCI Compliance
• DEF CON 19 (2011) / PCI 2.0: Still Compromising Controls and Compromising Security