Sunday, March 13, 2011

Bangalore Cyber Security Summit 2011

The Department of IT, BT and S & T, is organizing the second edition of Bangalore Cyber Security Summit 2011’ on 17th & 18th March, 2011, at NIMHANS Convention Centre, Hosur Road, Bangalore.

The objective of the conference is to enhance the knowledge of law enforcement agencies and other stakeholders to combat cyber crimes. The second edition of the Bangalore Cyber Security Summit is intended to focus attention on the issue of Cyber Security and extend the deliberations of the previous year regarding the threat of Cyber Wars and the challenges of integrating law, technology and human factors involved in Cyber Security.

Agenda and registration information is available on the website

Saturday, March 12, 2011

White House is proposing a big increase in cybersecurity research - report

Computerworld reports that the White House is proposing a big increase in cybersecurity research and development in next year's budget to improve, in part, its ability to reduce the risk of insider threats and ensure the safety of control systems such as those used at power plants.

The report further adds, Philip Coyle, associate director for national security, said at the budget briefing on Monday that the administration is proposing "considerable growth" in cybersecurity research. When all the cybersecurity spending plans across the board are added together, cybersecurity research and development spending will increase 35% to $548 million next year, he said.

This is good news overall for the security industry and information security job market in particular.

OWASP Appsec Tutorial project

OWASP started a new educational project called Appsec Tutorial Series.

The OWASP Appsec Tutorial Series breaks down security concepts in a easily accessible, friendly way. Each video will be 5-10 minutes long and highlights a different security concept, tool or methodology.

So far, they have posted two videos, you can check them out here.

Sunday, March 6, 2011

Do business leaders care about information risk?

One of the complaints that we hear from information risk practitioners is that the management does not show enough support and concern for the program.

There is no doubt that good management comittment makes the program successful and management's efforts lead to making information security and risk management as a culture within the organization. But, at the same time as information risk professionals, it is absolutely essential that one understand the business. In order to build a program that suits the business requirement, one should understand the business processes, business objectives, key stakeholders, key customers, other business interests, legal and regulatory requirements, etc.

So, do we have any evidence of enough management concern towards information risk?

In a recent interview, Ram Charan, the acclaimed advisor to many CEOs world over was asked,

What are the challenges and problems CEOs are coming to you with post the financial crisis?

This varies from business to business, economy to economy. I will give you what is generally on the minds of the leaders. One is enterprise risk, that’s because uncertainty has increased. There is more regulation and more volatility in the financial system. So they all have to think about risk and how to mitigate it. Two, corporate governance and succession have become important items.

This is definitely good news as information risk plays important roles in both corporate governance and enterprise risk.