Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

An Economic Approach to Info Security


Published on

Ed Bellis Keynote at IANS Twin Cities Security Forum.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

An Economic Approach to Info Security

  1. 1. An Economic Approach to InfoSec
  2. 2. Nice To Meet YouAbout Me CoFounder HoneyApps Former CISO Orbitz Contributing Author Beautiful Security CSO Magazine/Online Writer InfoSec Island BloggerAbout Risk I/O Data-Driven Vulnerability Management as a Service 16 Hot Startups - eWeek 3 Startups to Watch - Information Week
  3. 3. Security is a Lemons Market
  4. 4. Lacks Incentives
  5. 5. Negative Externalities
  6. 6. An Industry Built on FUD
  7. 7. A Data DrivenApproach
  8. 8. Example Use Case 1 DLP CMDB Vuln SIEM Mgmt
  9. 9. Example Use Case 2 HD Moore’s Law - Josh Corman aka Security Mendoza Line “Compute power grows at the rate of doubling about every 2 years” “Casual attacker power grows at the rate of Metasploit”
  10. 10. Example Use Case 3Predicting Vulnerability (or even breach) Trending Key Attributes Outcomes
  11. 11. Example Use Case 4CVSS &The Base credit:Rate Fallacy Jeff Lowder
  12. 12. Example Use Case 5CVE Trending Analysis Gunnar’s Debt Clock
  13. 13. Example Use Case 6 Targets of Opportunity?My(vuln posture X other threat activity) / (other vuln posture X other threat activity)
  14. 14. (we need more of this)
  15. 15. talking about our mistakes
  16. 16. Q&Afollow us the blog twitter @ebellis And one more thing.... @risk_io We’re Hiring!