Back To Schedule
Wednesday, April 24 • 14:00 - 14:45
What Are We Doing Here? Rethinking Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Have you ever noticed that much of the mission of cyber- and information security professionals seems to be focused on vulnerabilities? Have you ever heard of the risk equation? Perhaps you are familiar with one or more versions that help you derive the risk to your organization (sometimes referred to as residual risk). I have been wondering for a while how to suggest to our industry that there is perhaps TOO much focus on vulnerabilities and not enough attention or focus on the other elements that derive the standard risk equation. Remember how the disclosure of Meltdown/Spectre introduced a "perfect storm" scenario where the vulnerability wasn't easy to patch or fix, and the solution seemed to be break things? This created a situation where the "security solution" wasn't simply to apply the patch - and that left many organizations scrambling to figure out how to deal with this example of a persistent vulnerability. This is a great example of what I've wanted to discuss for a while - what else should we focus on in terms of security if/when the vulnerabilities still remain.  Interested? Intrigued? Come join the discussion!

avatar for Jeff Man

Jeff Man

Sr. Information Security Consultant, Online Business Systems
Respected Information Security expert, advisor, evangelist, co-host on Paul's Security Weekly, and recently returned to a Consulting/Advisory role at Online Business Systems. Over 35 years of experience working in all aspects of computer, network, and information security, including... Read More →

Wednesday April 24, 2019 14:00 - 14:45 ADT
Track 1 Ballroom