The three-day meeting at the Westin Resort gave delegates the chance to hear from top thinkers in IT security on the most pressing issues facing the industry, as well as an opportunity to network and exchange ideas off the record with peers and vendor representatives in an informal setting. Attendees also had the opportunity to earn continuing education credits from ISC2 through hour-long sessions held throughout both days.
Will Pelgrin, director of the New York State Office of Cyber Security and Critical Infrastructure Coordination, kicked off the event with an informative keynote that touched on an array of topics, including identity theft, laptop safety, and risks posed by disgruntled employees. A key part of his message, which provided a general analysis of the current threat landscape: "Cybersecurity is everyone's responsibility."
Session speakers who followed over the next two days focused on a range of topics, including implementing two-factor authentication, making sense of an increasingly intricate set of global laws and regulations, and dealing with insider threats. Others offered advice to organizations wrestling with increasing vulnerabilities and outsourcing concerns. Each session concluded with a question-and-answer session, with audience members participating freely.
As the program progressed, it became clear through speaker and delegate dialogue that the overarching concern for most was developing the right risk management techniques to tackle threats inside and outside the organization, as well as meeting compliance demands.
Other discussions, in sessions and over drinks and meals, centered on the fact that many delegates still have a more difficult time handling cultural issues than more specific IT problems.
"When it comes down to it, my biggest job right now is changing the attitude of my users and co-workers to be more security conscious," one delegate told us during the first night's cocktail reception. "No amount of technology can fix that, that's why it is so hard."
Relevant to that discussion was the session on insider threats lead by Lloyd Hession, vice president and CSO of BT Radianz. Hession discussed the dangers facing organizations from within by not just malicious end-users, but also by the oblivious and the dangerously curious. The more distributed the workforce is, the greater the risks, he said, while sharing some hands-on advice on employing better controls, such as minimum duration vacations and better separation of functional boundaries to keep employee activities in check.
But it wasn't just the employee threat that many delegates were worried about. Others attended to gain knowledge of how to reduce risks posed by partners with less-than-ideal security postures.
Stephen Scharf, a member of the international board of directors for the Information Systems Security Association, discussed best practices for auditing partners to reduce risks. Scharf gave advice on how to create an effective auditing program and offered his opinions on prioritizing partners based on their impact on the organization's security.
In a related talk, Jody Westby, CEO of Global Cyber Risk, weighed in on the dangers organizations face when outsourcing. She told audience members that companies must realize that many of the top outsourcing nations lack privacy laws. The burden, therefore, falls on the organization to establish a suitable contract with the outsourcing vendor.
The forum was not all work-related. Attendees received time to unwind from their daily routines by laying poolside, hitting the beach or taking advantage of the hotel's vast amenities.
FROM THE FORUM:
Words of wisdom
Seven leading information security thinkers spoke during May's SC Forum in Hilton Head Island, S.C., providing audience members with an informative and unabashed look at the industry's current events. Here is a sampling of some of their key points.
Will Pelgrin, director, New York State Office of Cyber Security and Critical Infrastructure Coordination:
Jody Westby, CEO, Global Cyber Risk:
Lloyd Hession, CSO, BT Radianz:
Rick Baich, managing director, PricewaterhouseCoopers:
Stephen Scharf, Board of Directors, ISSA International:
SC Forum 2006