Chris Nickerson – Compliance: An Assault on Reason Derbycon 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
Chris Nickerson – Compliance: An Assault on Reason
Derbycon 2011

(Not really the talk he gave, but just watch it anyway. The one he gave is called "Guerrillas in the Wires")
You have done PCI/HIPAA/SOX/ISO/FISMA/GLBA Compliance Audits, 10 Pentests, 20 Vulnerability Assessments, Code Review, App Testing and enough paperwork to feed the fire all winter long… but what did it get you. It got you a huge bill and a hardware stable of all of the latest security products. So now what? Are you safe? Will the Millions you spent on Hardware, Software and Compliance protect you from the “Bad Guys?” You may never know… but at least the marketing says it “Should.” Even if it DOES its job, will it protect your business? The answer: Not likely! For much too long, compliance has tested physical assets and ignored the thing that matters most…. YOUR BUISNESS. This session will discuss how we can change the paradigm. Throw away the # of addresses, the compliance reg, the book of what IT “thinks” is important and let’s get to work on testing the BUSINESSES ability to survive an attack. We will review how to evaluate what DOES matter and why compliance is nothing more than a blanket to hide under. At the end, it is about protecting the special sauce that makes your company unique. You can’t pay a fine for being “Non-Compliant” if you have already been HACKED OUT OF BUSINESS.
 

Back to Derbycon 2011 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek