Putting Your Business On the Witness Stand presented at GrrCon 2013

by Jim Redd,

Summary : Security In the Age of Due Care
Living in this age of APTs when something bad happens to your company (and it will), how will it defend itself against both traditional lawsuits as well as the “Internet judge, jury, and brand executioner”? The concept I have found useful in working with business leaders is “due care.” On the witness stand will your company’s collective efforts in protecting information (especially customer information) measure up against “generally accepted standards of care”? Do you have to be at a level of “best practice,” or are “good enough” risk-based practices acceptable?
I will highlight some of the success I have had using this concept to help executives and my IT peers get their arms around IT security FUD, technical mumbo-jumbo to move Amway’s security practice forward.