Security is a topic and mission that firms must take on holistically. There are threats all along the way, and each area must be considered and accounted for. This year at ILTACON 2018, we will be moderating a series of sessions covering the three big areas of your security initiative - PREVENTION, DETECTION, AND RESPONSE. Here's a quick high-level look at each.
Of course, it is best to stop things before they happen. Preventing the intrusion, breech, attack, infection, etc. before it impacts your organization is always the goal. This includes learning the lessons of the past (NotPetya), to evaluating your Cloud Security, to managing your vulnerabilities. This also includes addressing the new perimeter defense …your identity.
It should be a forgone conclusion that prevention is not enough. Many vulnerabilities are already in your environment. Your security strategy must include all the steps, processes, procedures, and tools that detect vulnerabilities inside your organization. This will include Data Loss Prevention (DLP) solutions, behavioral analytics, anomaly detection, working with your vendors closely as partners, and engaging your human assets.
Sometimes bad things happen to good people. It is important to hope for the best but plan for the worst. Having a working plan to recognize, address, and remediate a breech is an essential part of an organization's security plans. We don't like to think about this, but we must. Make a plan. Test the plan. Educate people about the plan. Be ready to use the plan. During a crisis is not the time to come up with a response.
AND A CONSTANT ELEMENT OF EACH PHASE - PEOPLE!
At each stage of your security initiative, the human element is present and can't be overlooked. People are hacked more than systems by far every day. However, people can also be your first line of defense, the first to detect, and critical to your response efforts. Awareness is key. At each stage make sure your people know that security is a part of EVERYONE'S job.
Attending ILTACON? Learn more about the trifecta at the following sessions:
Monday 1-2pm - "Prevention: Be Afraid...Be Very Afraid." in Maryland D (#G014) will feature Robert Holloway, Director of Information Services at Patterson Belknap Webb & Tyler LLP, and Bill Kyrouz, Senior Manager of Information Security Detection & Response Ropes & Gray and winner of ILTA's award for 2018 Security Professional of the Year.
Tuesday 1:30-2:30pm - "Detection: Early Detection Saves Careers" in Annapolis 1&2 (#G052) will include speakers Joe Lee, Director of Information Security & Compliance at Arnold & Porter Kaye Scholer LLP, and Jeff Lolley, Chief Information Security Officer at Wilson Sonsini Goodrich & Rosati, PC.
Wednesday 1:30-2:30pm - "Response and Remediation: You’ve Been Attacked! Now What?" in Woodrow Wilson A (#G090) will feature Kevin Wixted, the CISO at DLA Piper.
Also check out "Everyone is a CISO: Ready Player One" in Maryland B (#G003) on Monday 11am-12pm!