Wednesday, October 8, 2014
Des Peres Lodge, 1050 Des Peres Rd, St. Louis, MO 63131
Click HERE to register
Mobile Device Security
Mobile devices have become an integral part of society. Business needs to learn to conform to new technology. Unfortunately, mobile devices have largely been developed as a ‘prosumer’ device first, with business needs a secondary concern. Now, manufacturers and vendors are trying to ‘build it in’ with security with varied results.
Remote Access Security
Increasingly, we need to be able to work from where ever we are. The world is paced for on-demand information which is available at all times. Remote access is a conundrum in that it fulfills it’s promise of extending the local network to anywhere in the world.
Culture Of Being Educated About Information Security
Information security is a relatively new formalized discipline which operates in the information technology sphere. Mistakenly, even IT professionals think of security as an afterthought, often held at a length of arms reach. This is a contrarian position, considering information security crosses many domains. Nor, is it an all or nothing proposition, small increases in knowledge can have a net positive effect on the overall security posture of an organization.
Missing Or Outdated Security Policies
Policy is a necessary burden on the shoulders of the employees of an organization. It lays out the by-laws which in a hierarchical fashion all standards, guidelines and procedures can be built. Policy does not have to be a struggle, it can simply be thought of as the task of putting to paper the business processes and knowledge wrapped up as capital in the minds of the employees.
End-User Over Access (Too Much General Access)
Information security as a principle of least privilege. It means to give access that is only necessary to complete a task or fulfill a job function. The challenge is that it is simpler to give an employee access to all things that they might need as a way to combat potential inefficiencies by avoiding technology from standing in the way of job function. At its core, this principle violates Occam’s Razor, a principle in which decisions can be made by taking the obvious solution that makes the simplest assumptions … or does it?
Missing Security Patches
Patching is the low hanging fruit of the information technology/information security world. Why is it rarely done on a consistent basis? Here lies challenges and inconvenient truths about human nature.
Stages Of Compromise And Detection
OMG! What do we do? What is happening? How did we get here? Who do we need to notify? Are all questions in the hopefully unlikely event of a compromise you don’t want to have to answer completely for the first time during an incident. Planning is still the best combative technique available to our arsenal and will be our strongest ally. The art of planning for a compromise presupposes that other important necessary steps have been acted upon. In part, due diligence of having a polished computer security incident response plan.