The foundation is rotting and the basement is flooding: A deeper look at the implicit trust relationships in your organization presented at Troopers 2015

by Jacob Torrey,

Summary : In this session, a new hardware-level attack on PCIe is presented as an example for the implicit trust your organization places in 3rd parties. These implicit trust relationships that are typically overlooked will be closely examined under the lens of "InfoSec debt" and providing guidance to InfoSec decision makers on the ROI or risks of adding additional IT services/appliances to an organization's network. The "InfoSec debt" metric can then be tracked over time and provides an intuitive way to explain the cost/benefits of IT security to other organizational stakeholders.