BSides DC 2018 - What’s the Point of Compliance? Making Paperwork Useful
Compliance isn’t security, but that doesn’t mean it’s useless. Compliance is about choosing your security strategy and then making sure you did what you meant to do – and that it’s working. It’s a way to keep yourself honest, and be able to show others that you’re doing what you say you are. How do you know for sure that you’ve patched all your systems unless you check? How do you know that legacy protocol is ok unless you wrote it down?
In this presentation, I’ll cover what governance, risk, and compliance are and what they’re for. I’ll discuss the different compliance requirements for U.S. organizations, outline a minimalist compliance structure, and show you how to make that structure work for you – and how to talk to auditors and assessors about it
By law and by contract, security teams have to generate a lot of paperwork showing that people’s information and systems are protected. The goal is paperwork that isn’t just busywork – that actually helps your program fulfill your primary objectives, saves time, and helps you improve your strategies. Your security can be better for doing all this compliancy stuff, and this talk will show you how.
Rachael Lininger (Free Agent)
Information security analyst, risk consultant, Cthulhu cultist. Lawful good. Opinions belong to her autocorrect, not her employer. @0xdaeda1a
Видео BSides DC 2018 - What’s the Point of Compliance? Making Paperwork Useful канала BSides DC
In this presentation, I’ll cover what governance, risk, and compliance are and what they’re for. I’ll discuss the different compliance requirements for U.S. organizations, outline a minimalist compliance structure, and show you how to make that structure work for you – and how to talk to auditors and assessors about it
By law and by contract, security teams have to generate a lot of paperwork showing that people’s information and systems are protected. The goal is paperwork that isn’t just busywork – that actually helps your program fulfill your primary objectives, saves time, and helps you improve your strategies. Your security can be better for doing all this compliancy stuff, and this talk will show you how.
Rachael Lininger (Free Agent)
Information security analyst, risk consultant, Cthulhu cultist. Lawful good. Opinions belong to her autocorrect, not her employer. @0xdaeda1a
Видео BSides DC 2018 - What’s the Point of Compliance? Making Paperwork Useful канала BSides DC
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
BSides DC 2019 - We Do In The Shadows: "Going Dark" With Consumer Electronics
BSides DC 2018 - Network Traffic is an Open Book
BSides DC 2019 - Overcoming Workforce Retention & Recruitment Challenges in Cybersecurity
BSides DC 2019 - Sun - T1 - What did the SIEM See?
BSides DC 2016 - Tipping the Scales Back In Our Favor
BSides DC 2018 - Isolated to Constrained Language Mode - Living within the Confines
BSides DC 2016 - A Notional Framework for applying Antifragile thinking to the RMF
BSides DC 2019 - SCADA: What the next Stuxnet will look like and how to prevent it
BSides DC 2015 - Welcome and Keynote: The New Face of Card Fraud
BSides DC 2019 - Malware Behavior Catalog
BSides DC 2019 - What did the SIEM See?
BSides DC 2016 - What’s the Big Deal with Assessing ICS/SCADA?
BSides DC 2015 - Bridging the Gap: Lessons in Adversarial Tradecraft
BSides DC 2016 - A Hacker’s Guide to Usability Testing
BSides DC 2016 - Attacking Patient Health: The Anatomy of Hospital Exploitation
BSides DC 2014 - Building and Using A GPU Password Cracker
BSides DC 2014 - Once upon a time... InfoSec History 101
BSides DC 2019 - Digital Canaries in Coal Mines: Detecting Adversarial Enumeration with DNS & AD
BSides DC 2019 - Are you ready to leverage DevSecOps? Get ready and use it for good.
BSides DC 2017 - Hacking ASUS Routers