Chris will be presenting two sessions at COSAC 2016 held in Ireland between the 2 – 6 October 2016. The following provides a synopsis of his sessions, visit the COSAC website here for more information and the full conference schedule.
12A Security Service Design
Chris Blunt (NZ)
We all know that services are comprised of people, processes and technology, but what does this really mean? Since COSAC 2015 I have been involved in a number of discussions with clients and other security professionals that make me wonder if this axiom is not as widely understood and accepted as it would first appear. During this interactive session we will explore and discuss a range of topics related to the design and delivery of security services. The following highlights some questions that will be considered:
- What do we really mean by people, processes and technology?
- Does everyone mean the same thing when they use these terms
- What is the relationship between the each of these components?
- Are any of these service components more important than the others?
- What about Assurance? Where does it fit in the design and delivery of security services?
- Does addressing each of these components really result in better business outcomes?
W2 COSACopoly: A Surprisingly Serious Approach to Enterprise Security
Chris Blunt (NZ) and Lisa Lorenzin (USA)
How can a lifelong information security practitioner find a new way of looking at enterprise security? By learning the way that a child does – through play. Our update to a popular childhood game provides a new lens for examining common issues in information security; players start with money and data, and must spend that money acquiring “properties” (security services) to protect their data from “chance” (random risks and opportunities). Like all great conference presentations, this one was inspired by a conversation in the pub after a previous COSAC… We learn best from each other, and from the chance to go off-script and see where inspiration takes us. From resource utilisation to risk mitigation to adaptability in the face of changing circumstances, COSACopoly will spark conversations, demand tough decisions, and offer a free-form venue for exploring a variety of approaches to today’s information security challenges.