Stefan Jakoubi will give a talk on Risk Communication – “To be informed, or not to be informed: that is the question” at DEEPINTEL
DEEPINTEL focuses on Security Intelligence, which is one of the newest disciplines in the IT security zoo. It covers the strategic view, tells you who is intending to attack you where, why and which capabilities your attacker has.
Abstract:
Making correct and effective decisions requires complete, meaningful and tailored data. This is nothing new and what sounds like an easy challenge is nowadays still surprisingly difficult and not well (enough) implemented.
Although large enterprises and SMEs differ in many ways, they have at least one thing in common: immature risk communication. This leads to a lack of awareness and insight regarding a company’s security posture and risk profile. This problem is exacerbated by the fact that most companies are lacking adequate, complete, meaningful and tailored data that are an indispensable prerequisite for an informed and effective security steering function.
A fundamental problem is that security metric projects – if at all existent – are often implemented without proper planning and consequently are highly prone to scope creep and neglect. This leads to various well-known effects such as a lack in top management awareness, “buy in” and support, risks not being adequately addressed, risks being accepted too hastily, a false sense of security, ineffective resource usage, defending against the “wrong” threats or buying tools that are not utilized effectively.
Without proper alignment with business needs and impacts, information security is often seen as a cost sink and a business disrupter – in combination this creates an explosive mixture that threatens business continuity.
Let us together have a look on common pitfalls in risk communication and some “KISS possibilities” – keeping it simple and smart.
For further details please see the event website.