David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise and strategy development
SECURITY BENCHMARKING, BEST PRACTICE AND STRATEGY DEVELOPMENT
• Created CERT on a Financial Intranet trading $3.5
Trillion a day ,CPNI Member 10 Years.
• Managed Global Managed Security Services with a
$100-$300 million Global install base 500 + Customers
with $3.4 Billion dollar Contracts.
• Created , maintained and improved regulatory and
compliance commitments including Global PCI-DSS,
ISO 27001 (10,000+ Security Devices/Systems ).
• Breach Legislation, IT or Legal?
• " the proposed regulation of up to 5% of
annual worldwide turnover, or €100"
• Information Sharing , Who,When, How
• "The ICO has imposed a monetary penalty
of £200000 on the British Pregnancy
Advice Service (BPAS) for exposing
thousands of personal"
• Compliance is the best protection?
• "Resistance is futile" Gartner
• "Brighton and Sussex University Hospitals NHS
Trust fined £325k after hard drives with highly-sensitive
patient data were sold on eBay, - "
• Best Practice or is this Compliance ?
• "The ICO can issue fines of up to
£500,000 for serious breaches of the Data
Protection Act and Privacy and Electronic
Communications Regulations." ICO
• Incident Response,Strategy
• "There are two kinds of big companies in the
U.S. Those who’ve been hacked by the Chinese
and those who don’t know they’ve been hacked.”
• Internal Threat
• External Threat
• Regulatory Threat
• The Threat of “inadvertent human