Description: This is the video of the talk titled "Policy - the Biscuit Game of Infosec" given at LayerOne 2009 by Jim O’Gorman. The slides can be downloaded here.
Talk Description: We love to say that policy is the foundation of our information security programs, and go on and on about how important it is. But when it comes time to create policy, all the good intentions go out the window and the game of CYA and liability transfer starts up. The output from the policy creation process has less to do with improving security for the organization and more with politics. Risk acceptance has become something no one will admit too, yet we all do. We will break down what is wrong with current policies and how to correct it. If you are ready to stop playing the biscuit game of Infosec and want to make real improvements, this is the talk for you.
Author Info: Jim O’Gorman is a life long computer geek starting with getting away with tech murder in high school. His over eleven years in the field started at a mom and pop ISP up to working at Netscape doing large scale mail, LDAP and PKI deployments. For years now, Jim has specialized in system security and has been active in the community for quite a while. Jim can be found at Elwood.net and blogs at binint.com.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.