Join Our Mailing List Here

INsecurity Conference 2018 Schedule Builder

View, browse and sort the list of sessions by pass type, track, and format. Sessions do fill up and seating is first come, first serve, so arrive early to sessions that you would like to attend. Check back as we add more sessions soon.

Cyber Risk: All About People

John Bass (Director, Cyber Risk, Kroll)

Date: Wednesday, October 24

Time: 11:15am - 12:15pm

Session Type: Track Session

Track: Strategy

Vault Recording: TBD

Audience Level: Intermediate

In organizations, employees, customers and vendors now expect to be able to interact dynamically with core systems. Therefore, the enterprise needs to be concerned about its entire ecosystem of partners and their associated cyber risks. In that regard, the cyber security supply chain and vendor risk is critical. One important aspect is not to overlook the human element in cybersecurity risk. A large percentage of major breaches have a human dimension, whether unwitting – someone clicked on a weaponized link because of a lack of training -- or witting – a trusted contractor deployed a Trojan device to a conferencing telephone. Yet often, we are uncomfortable talking about people and prefer to veer discussion back to technology. Much cybersecurity vulnerability lies in this disconnect between studying only the technical issues, and ignoring the human dimensions of the problem. The modern corporation can't hope to secure itself simply by endlessly hardening the shell with more and more technology working to build a moat around itself. In this talk, the speaker discusses a holistic approach to cybersecurity, examining both the technical and human elements of risk, for a comprehensive corporate security program including c-suite engagement on cyber risks.

Learning objectives:

a. Understand that the dominant approach in commercial cyber security is technical, involving penetration testing. This model is predicated on understanding possible attack capabilities and methods of likely attackers.
b. Learn how to implement a comprehensive corporate security program – with employees, customers and vendors expecting to interact dynamically with core systems, and managing the cyber risks of the partner ecosystem, supply chain and vendors.
c. Determine ways to handle the human element in cyber-security risks, what happens when someone clicked on a weaponized link because of a lack of training, or a trusted contractor deployed a Trojan device to a conferencing telephone.
d. Involve c-suite engagement on cyber risks: Corporations need to ask who on high has the responsibility to bridge the gap between technical and human aspects of cybersecurity, and the implications for the modern corporation.