26
Compliance: Poison or Cure? By: Ron Perris, CISM CISSP Chief Technology Officer Outpost24

Ron perris compliance-v-security - atlseccon2011

Embed Size (px)

Citation preview

Page 1: Ron perris compliance-v-security - atlseccon2011

Compliance: Poison or Cure?

By: Ron Perris, CISM CISSP

Chief Technology Officer

Outpost24

Page 2: Ron perris compliance-v-security - atlseccon2011

Compliance: conformance, obedience, resignation,

submission, yielding.

Page 3: Ron perris compliance-v-security - atlseccon2011
Page 4: Ron perris compliance-v-security - atlseccon2011
Page 5: Ron perris compliance-v-security - atlseccon2011
Page 6: Ron perris compliance-v-security - atlseccon2011
Page 7: Ron perris compliance-v-security - atlseccon2011
Page 8: Ron perris compliance-v-security - atlseccon2011

Compliance here to stay and growing fast.

CANADIAN

Federal Desktop Core Configuration

Page 9: Ron perris compliance-v-security - atlseccon2011

Why Compliance?

• To ensure a certain level of Security.

• To ensure measurable baselines.

• To ensure controlled environments.

• To establish responsibility.

• Complement to existing Security.

Page 10: Ron perris compliance-v-security - atlseccon2011

Sounds great, so what is the problem?

Page 11: Ron perris compliance-v-security - atlseccon2011

Ensuring a certain level of

security for everyone?

• One size fits all

• Great for non-efficient organizations, so it helps the

clueless but is a distraction for the skilled.

Page 12: Ron perris compliance-v-security - atlseccon2011

Measurable Baselines?

“the responsibility of management for establishing and

maintaining an adequate internal control structure

and procedures for financial reporting.”

Sarbanes Oxley Section 404

Page 13: Ron perris compliance-v-security - atlseccon2011

Ensure Controlled

Environments?

• Not by you, but by Industry or Government entity.

• Complience is/feels forced.

• Top down = your only choice is to adopt.

• It is someone else’s concept of Security.

• Your Brain is taken out of the equation.

Page 14: Ron perris compliance-v-security - atlseccon2011

Establish Responsibility?

• A part of compliance that cannot be

overestimated.

• From ”them” to you.

Page 15: Ron perris compliance-v-security - atlseccon2011

Complements Existing

Security?

• More Documentation and Red Tape.

• Compete for Focus.

• Compete for Budget.

• Often takes presedence.

• Very big distraction to the existing Security work.

• Will give you less control of your own Strategy.

Page 16: Ron perris compliance-v-security - atlseccon2011

Do you fear the auditors more the the attackers?

Page 17: Ron perris compliance-v-security - atlseccon2011

How are organization reacting?

Page 18: Ron perris compliance-v-security - atlseccon2011
Page 19: Ron perris compliance-v-security - atlseccon2011
Page 20: Ron perris compliance-v-security - atlseccon2011
Page 21: Ron perris compliance-v-security - atlseccon2011
Page 22: Ron perris compliance-v-security - atlseccon2011

Security Vendors Reaction?

• New packaging.

• New messages.

• Same solutions with additional cost.

Page 23: Ron perris compliance-v-security - atlseccon2011

Unprescribed Solutions?

• Losing focus in the market.

• Lacking funding to continue good work.

Page 24: Ron perris compliance-v-security - atlseccon2011

What can we as security

professionals do?

• Question vendors claims.

• “How will vulnerability scanning help me achieve

data encryption mandates?”

• “How can technical tools claim to solve my process

issues?”

Page 25: Ron perris compliance-v-security - atlseccon2011

What can we as security

professionals do?

• Get involved with standards that you believe in.

• Give feedback to standards that force your

compliance.

Page 26: Ron perris compliance-v-security - atlseccon2011

Would you rather adhere or comply?


Henry stern - turning point on war on spam - atlseccon2011

Henry stern - turning point on war on spam - atlseccon2011

Technology
Jean pier talbot - web is the battlefield - atlseccon2011

Jean pier talbot - web is the battlefield - atlseccon2011

Technology
COLLECTIVE BARGAINING AGREEMENT between · 2015-10-04 · Perris Elementary Teachers Association — Perris Elementary School District Collective Bargaining Agreement 2013-2015 Page

COLLECTIVE BARGAINING AGREEMENT between · 2015-10-04 · Perris Elementary Teachers Association — Perris Elementary School District Collective Bargaining Agreement 2013-2015 Page

Documents
Overview of the Embankment Remediation Project of the Embankment Remediation Project November, 2013 Perris Dam Remediation Project Location of Perris Dam and Lake Perris Dam Remediation

Overview of the Embankment Remediation Project of the Embankment Remediation Project November, 2013 Perris Dam Remediation Project Location of Perris Dam and Lake Perris Dam Remediation

Documents
Welcome to the Perris Valley Museum Historical Archives

Welcome to the Perris Valley Museum Historical Archives

Documents
Perris Water Filtration Plant Reject Recovery Project Award

Perris Water Filtration Plant Reject Recovery Project Award

Documents
Jonathan raymond 2010 rotman telus - atlseccon2011

Jonathan raymond 2010 rotman telus - atlseccon2011

Technology
Adam w. mosher - geo tagging - atlseccon2011

Adam w. mosher - geo tagging - atlseccon2011

Technology
BLD Perris Tournament 12/23 - Big League Dreams Perrisperris.bigleaguedreams.com/images/flyers/12-23_SBTourney.pdf · 2017. 12. 7. · BIG SPORTS PARKS /bldperris LEAGUE DREAMS PERRIS

BLD Perris Tournament 12/23 - Big League Dreams Perrisperris.bigleaguedreams.com/images/flyers/12-23_SBTourney.pdf · 2017. 12. 7. · BIG SPORTS PARKS /bldperris LEAGUE DREAMS PERRIS

Documents
CITY OF PERRIS · city of perris memorandum of understanding between the municipal employee relations representative of the city of perris and local 911 of the california teamsters

CITY OF PERRIS · city of perris memorandum of understanding between the municipal employee relations representative of the city of perris and local 911 of the california teamsters

Documents
CITY OF PERRIS · ordinance number 1194 an ordinance of the city council of the city of perris, california, revising perris municipal code chapter 14.22 relating to stormwater

CITY OF PERRIS · ordinance number 1194 an ordinance of the city council of the city of perris, california, revising perris municipal code chapter 14.22 relating to stormwater

Documents
 · gano cafe preg membru 50 ron 55 ron 62 ron 50 ron 58 ron 54 ron 37 ron 56 ron 73 ron 73 ron 73 ron 109 ron 109 ron 330 ron 330 ron 122 ron 130 ron 122 ron 98 ron pre! non-membru

 · gano cafe preg membru 50 ron 55 ron 62 ron 50 ron 58 ron 54 ron 37 ron 56 ron 73 ron 73 ron 73 ron 109 ron 109 ron 330 ron 330 ron 122 ron 130 ron 122 ron 98 ron pre! non-membru

Documents
Perris Design Symposium

Perris Design Symposium

Documents
NEXT WEEKEND: Pentecost Sunday, Year 13.pdf · cfc, Lyn Crooks, George Keil, Ivy Davidson, Manual Perris, Ron Deeble ... Welcoming, Lector and Eucharistic ministry rosters are due

NEXT WEEKEND: Pentecost Sunday, Year 13.pdf · cfc, Lyn Crooks, George Keil, Ivy Davidson, Manual Perris, Ron Deeble ... Welcoming, Lector and Eucharistic ministry rosters are due

Documents
My FashionBook modello NICOLA BRINDISI - "Stratego Comunicazione Vittoriano Perris"

My FashionBook modello NICOLA BRINDISI - "Stratego Comunicazione Vittoriano Perris"

Documents
City of Perris Interim Incurred Cost Audit

City of Perris Interim Incurred Cost Audit

Documents
Form of Payment Guaranty - Perris Park Apartments (AATF)

Form of Payment Guaranty - Perris Park Apartments (AATF)

Documents
Casa Perris apuesta por la venta on-line · Josep Maria Teixé, propietario de Casa Perris Casa Perris apuesta por la venta on-line Lo que comenzó siendo una apuesta más emocional

Casa Perris apuesta por la venta on-line · Josep Maria Teixé, propietario de Casa Perris Casa Perris apuesta por la venta on-line Lo que comenzó siendo una apuesta más emocional

Documents
RECOMMENDED LEA PLAN TEMPLATE - Perris Elementary …

RECOMMENDED LEA PLAN TEMPLATE - Perris Elementary …

Documents
WEB-BASED REAL-TIME MONITORING AT PERRIS DAM

WEB-BASED REAL-TIME MONITORING AT PERRIS DAM

Documents
City of Perris Pets on Parade

City of Perris Pets on Parade

Documents
Andrew kozma - security 101 - atlseccon2011

Andrew kozma - security 101 - atlseccon2011

Technology
Preliminary Design Report Perris II Desalination Facility · 2014-04-14 · WB032008001SCO/PERRIS II PDR - JULY 22 2008.DOC/080670002 Final Preliminary Design Report Perris II Desalination

Preliminary Design Report Perris II Desalination Facility · 2014-04-14 · WB032008001SCO/PERRIS II PDR - JULY 22 2008.DOC/080670002 Final Preliminary Design Report Perris II Desalination

Documents
Perris Elementary School · 2015. 10. 15. · Perris Elementary School Informe del Cumplimiento de Responsabilidades de 2012–2013 Perris Elementary School District 200 300 400 500

Perris Elementary School · 2015. 10. 15. · Perris Elementary School Informe del Cumplimiento de Responsabilidades de 2012–2013 Perris Elementary School District 200 300 400 500

Documents
City of Perris, CA | Home

City of Perris, CA | Home

Documents
Arved sandstrom - the rotwithin - atlseccon2011

Arved sandstrom - the rotwithin - atlseccon2011

Technology
Escuela Primaria Perris Informe de Responsabilidad Escolar

Escuela Primaria Perris Informe de Responsabilidad Escolar

Documents
Wayne richard - pia risk management - atlseccon2011

Wayne richard - pia risk management - atlseccon2011

Technology
CITY OF PERRIS

CITY OF PERRIS

Documents
Perris Gateway Commerce Center Noise Study · Perris Gateway Commerce Center Noise Study May 2016 (13481) Prepared for: Perris Gateway Investors, LLC C/O Real Estate Development Associates

Perris Gateway Commerce Center Noise Study · Perris Gateway Commerce Center Noise Study May 2016 (13481) Prepared for: Perris Gateway Investors, LLC C/O Real Estate Development Associates

Documents