Atlanta Member Meeting 10.13.09

WHAT:: Security Religions &amp; Risk Windows

WHERE:: TSRB auditorium : Web : Directions : Google-Maps

WHEN:: October 13, 2009 6-8pm

WHO:: Jeremiah Grossman, CTO WhiteHat Security

ABSTRACT::  Information security threats are way up, fraud losses continue to rise, regulatory fines are increasingly common, and budget dollars to solve these myriad problems are in short supply. Hampered by a sluggish economy, organizations simply cannot afford to hire all the talent they need, implement every best-practice, or buy every blinking-light widget on the market. Sacrifices are unavoidable, and still risk must be managed. Each organization must decide for itself the level of risk it is willing to accept.

There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously, we must also keep in mind that a vulnerability's mere existence does not necessarily mean it will be exploited, or indicate by whom or to what extent. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms &amp; viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.

In this presentation, Jeremiah Grossman will discuss the two prevailing but opposing security religions - Depth Religion and Breadth Religion. Jeremiah will then review the common misconceptions associated with each religion as it pertains to website security.

Download slides from the talk

COST: No costs, but all donations will be accepted as it helps pay for meeting related materials and provisions. Best way to support the chapter is to become a member.