Level Up: How Security Isnt Like Playing A Video Game presented at Security B-Sides 2011

by Logan Kleier,

Tags: Security

Summary : Security professionals look to level up their organizations security posture whenever possible. This presentation how the City of Portland used the SANS Top 20 Critical Security Controls to prioritize its security investments and avoid the need to constantly level up its security. The presentation discusses strategies that enabled the City of Portland to achieve a balance between the need for better security on one hand and the increasing cost and complexity necessary to achieve ever higher levels of control.
Attendees will take away the following: 1) an understanding of the strengths and weaknesses of SANS Top 20 Critical Controls 2) a framework to evaluate security investments as it relates to the improvements in an organizations SANS Top 20 controls posture. This framework includes a discussion of organizational motivation factors (those factors that drive an organization to invest in new technologies) and 3) City of Portlands progress on various SANS Top 20 controls and organizational reasons behind this progress. .