People perceive information security to be a complicated and expensive process. Likewise, they believe that the evil doers are technological geniuses or trained intelligence operatives, who can get through even the most sophisticated security measures.
The reality is that security is much easier to achieve than other people believe. Despite the fact that we have many analogies from other disciplines that demonstrate that effective risk management is achievable, people want to treat computers and information like they are special.
Ira shows that by taking a simple philosophy with information protection, everyone can comprehend the threat, and learn how to adequately protect information.
Chapters: 00:00:00 introduction; 00:01:52 penetration tests; 00:14:02 presentation start; 00:22:02 security; 00:34:20 security attacks are preventable; 00:38:02 what is security?; 00:43:49 information resource management; 00:59:30 Q&A
Outline: Breaking into organisations: spies and operatives / blackbag. espionage simulations / penetration tests in commercial world. ‘People don’t even know what they don’t know about security’ / art vs science: talking to hackers who get a ‘feel’ for computers / morris worm / two ways to hack into a computer: (1) take advantage of configuration problems (2) take advantage of problems built into the software / passwords / managing risk. Risk = ( ( threat + vulnerability) / countermeasures ) + value. Optimisation of risk / ‘when you don’t understand your enemy, they seem like geniuses’. Q1: What should be done by software developers / government legislators / internet engineers? Q2: is a solution possible? Q3: creating security stategies is easier than making people follow boring security processes; Q4: maximising hacktivism; Q5: raising the barrier for entry-level hackers
About the speakers
Ira Winkler is considered to be one of the world’s most influential security professionals, and has been named a ‘Modern Day James Bond’ by the media. He obtained this status by identifying common trends in the way information and computer systems are compromised. He did this by performing penetration tests, where he physically and technically ‘broke into’ some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these penetration tests, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association.