Information risk management and security is as much an art as it is a science. The adversary community has evolved their approach to integrate innovative capabilities such as social concepts and business process knowledge into their attack techniques and technologies to increase their likelihood of success. They are also becoming more protective of their knowledge and capabilities and no longer freely advertise their capabilities in the name of research or status achievement. Organizations have also evolved and matured their approach to their defenses to incorporate new capabilities into their arsenal that include improved risk and security intelligence, advanced security technologies, broader education, and enhanced business alignment. And so, the epic battle between good and evil continues with no clear winner in site.

The constant changing and evolving landscape of attacks, adversaries, regulations, and compliance requirements has forced many organizations to aggressively implement best effort capabilities to meet their immediate needs that often operate on a challenged and reactive basis. By using a risk based and business aligned approach to design, implementation, and operation comprehensive and proactive programs and their associated capabilities can be easily introduced, sustained, and matured within organizations.

This workshop will explore the current state of information risk management and security and where it is evolving to in order to continue to meet the business requirements and demands that are ever present. Topics will include the development of information and risk management and security strategies and profiles, cultural considerations, threat and vulnerability management, and metrics and measures for risk management and security programs and capabilities. Interactive discussions, examples, and cross industry case studies throughout the workshop to provide examples of discussion points as well as identify and explore current and evolving industry-leading practices associated with information risk management and security.