NEW YORK METRO JOINT CYBER SECURITY CONFERENCE
 |
| NY Metro Joint Cyber Security Conference |
I recently attended
the Third Annual New York Metro Joint Cyber Security Conference (http://nymjcsc.org/), held in mid-town
Manhattan. Security conferences are now
a dime-a-dozen, but this event is unique in that it is a collaborative effort
developed by a consortium of eight leading security, audit, and risk focused,
NY metropolitan area, not-for-profit professional associations. Each
organization brings its best to the table, creating a rare combination of
expertise and diversity of talent.
There
were many informative sessions – some standing room only – but some of the
greatest value was in the interaction with the other professionals. For example, in sessions, we learned that
security professionals must adopt the language of Directors to be understood by
a Board. The Internet Security Alliance
is even working on metrics for Boards to use in evaluating security risks and
controls. But, after all the talk of
security maturity models, cyber risk management frameworks, and “cyber balance
sheets,” CISOs (Chief Information Security Officers) will tell you that Boards
still “just don’t get it” and don’t seem to be that interested. Perhaps CISOs as a group aren’t very good at
explaining how greater focus on preventing and mitigating cyber threats is in
the self-interests of very diverse sets of Directors. Maybe, despite approaching the problem with
the best of business concepts and lingo, CISOs just don’t have influence with
Directors. (As one CISO put it,
“formulas don’t work. Relationships
do.”) Or, perhaps it’s because, as one speaker put it, there is not a single
instance of a cyber breach that has been demonstrated to have a material impact on a company. In the end, the surprising takeaway may not
be that CISOs are becoming more adept at speaking the language of the Board,
but that some Boards are beginning to listen at all.
This
sold-out event offered excellent, high-quality presentations with plenty of
actionable content. If you weren't able to attend, you can still benefit
from the recordings of many of the sessions. They are available at http://livestream.com/internetsociety/nymjcsc/. Presentation slides may be found at http://tinyurl.com/z3fz44d. I would highly recommend reviewing them.
And, don't forget to sign up early for next year's
conference. It's one of the best values in information security education
that you'll find anywhere. Follow www.nymjcsc.org and
@NYMJCSC for details.
Phil Froehlich is Chief Operating Officer of Integris
Security and a member (who listens) of the Executive Board of New York Metro
InfraGard.
No comments:
Post a Comment