Dr. Hugh Thompson, Program Committee Chair for RSA Conferences discusses on Protecting businesses with security compliance - Info Security Products Guide

New Readers

News and World Report

Global Excellence

About Info Security

Taking a practical proactive approach to fighting online fraud
RSA Conference helps drive the global information security agenda with annual events in the U.S., Europe and Japan. Throughout its almost 20-year history, RSA Conference consistently attracts the world’s best and brightest in the field, creating opportunities to learn about information security’s most important issues through face-to-face and online interactions with peers, luminaries and emerging and established companies. As information security professionals work to stay ahead of ever-changing security threats and trends, they turn to RSA Conference for a 360-degree view of the industry. In the following interview, Dr. Hugh Thompson, Program Committee Chair for RSA Conferences discusses 1:1 with Rake Narang, Editor-in-Chief of Info Security Products Guide, on Protecting businesses with security compliance. Rake Narang, Editor-in-Chief: Attacks on public and private networks are becoming more and more sophisticated every day. How is this scenario affecting everyone from businesses and governments to industry groups? Dr. Hugh Thompson, Program Committee Chair for RSA Conferences: The attacker community is more organized and innovative that they were in years past. This has forced businesses and government agencies to take a more risk-centric and agile approach to security. We’ve also seen attackers act more like corporations, seeking out new opportunities and then mobilizing a team to seize them. For businesses that manage valuable data, this means that you can no longer afford to lag behind on previously neglected areas of information security. It’s important to keep up to date on attack trends. Every year at RSA Conference we try to put together a program that looks at the spectrum of threats to enterprises-- and defenses that have worked in practice. It’s clear that attackers pick off weak members of the herd.
Dr. Hugh Thompson is Program Committee Chair for RSA Conferences. He is a world renowned expert on application security having co-authored four books and over 80 articles on the topic. He is also Chief Security Strategist at People Security, a New York based security consultancy and supplier of security courses. Dr. Thompson is also an adjunct professor in the Computer Science department at Columbia University in New York where he teaches courses on software security.
Rake Narang: What should businesses and organizations know about security compliance? Dr. Hugh Thompson: The most successful IT security departments are the ones that focus on operational security (take a risk-management approach) while fulfilling regulatory obligations. The sad truth is that operational security and compliance have diverged over the years and a business can be compliant with relevant standards and regulations without being secure. IT security professionals need to understand there is a fundamental difference between compliance and security, and take steps to bridge the gap. Rake Narang: What are some of the most important steps businesses can take to start bridging the gap between compliance and security? Dr. Hugh Thompson: The most important step is to start by looking at enterprise risk. There are several interesting risk management frameworks that have appeared over the past few years and working through them helps answer the most critical question: Where is the enterprise exposed? The next step is to ask: How do we meet compliance requirements in a way that minimizes risk? By approaching security in that order - risk followed by compliance instead of the other way around - you can use compliance as a tool to help get risk-reducing projects funded and executed. Putting risk first is critical. Rake Narang: How is the growing popularity of smartphones and mobile Internet devices creating further threats of identity theft and data security for businesses? Dr. Hugh Thompson: The increased mobility of workers presents a few new challenges. First, attackers are now heavily incentivized to attack mobile devices because of the sensitive data they manage. We’ve been relatively lucky so far when it comes to mobile malware, but as the attacker opportunity grows, economics and history tells us that attacks will grow too. Second, worker mobility means that each employee has an even greater responsibility to make good security choices. This includes being careful about the WiFi networks they connect to, take precautions to shield their screens from onlookers in public places, and generally practice good security hygiene. Finally, Mobility and cloud-based services are the final blows to the notion of a “secure perimeter.” Enterprise security defenses need to be recalibrated to enable mobility while defending sensitive information.
Company: RSA Conference RSA, The Security Division of EMC 2831 Mission College Blvd. Santa Clara, CA 95054 Founded in: 1991 CEO: Area GM Sandra Tom LaPedis Public or Private: N/A Investors: N/A Number of Employees: N/A Productsand Services: Expo and Conferences Company’s Goals: RSA Conference seeks to arm participants with the knowledge they need to remain at the forefront of the information security business.

	ABOUT INFO SECURITY PRODUCTS GUIDE	\|	UPDATED PRIVACY POLICY/TERMS OF USE	\|	CONTACT US
Corporate Office and Mailing Address: Editors - Info Security Products Guide, Silicon Valley Communications, 560 South Winchester Boulevard Suite 500, San Jose CA 95128 United States of America Copyright © 2003 onwards - Info Security Products Guide - All rights reserved.