|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > No One to Blame, but... : Fear and Failure in Securing Large Organisations
No One to Blame, but... : Fear and Failure in Securing Large OrganisationsAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Kieron Ivy Turk. When staff at a critical national infrastructure organisation were recently polled to associate a word with infosec, they chose “fear”. This is a talk about fear and failures – unavoidable and avoidable – their systemic and institutional causes, and how to overcome them. Using case studies from large organisations such as the civil service, aviation, CNI , and media, I will discuss the role of security engineering, purple team operations, threat and compliance. Drawing from experiences as a head of information security/chief information security officer, I attribute poor organisational security to failures in correctly interplaying people, processes, and technology. I will discuss issues such as why user access is breached despite multi-factor authentication and dedicated identity and access teams; why legacy technology remains misunderstood, and friction in patch management; how to know you’ve hired the right (or wrong) expertise, and why we still get hacked despite all the right intentions, if not the right incentives. I will explore third-parties and supply chains, deploying security tools, disjointed processes undermining secure behaviours, the perils of confusing regulation as a threat model for security, incident management and reactive security, as well as why boards struggle to care about information security, and how to make them. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsLet cout in Language Acquisition and Processing Research Cluster The Microsoft AI ResidencyOther talksTuning the parameters of random particulate materials CANCELLED: ‘Rendered much cheaper, than our work-people can make’; Women’s employment in textile manufacturing and English political economy, 1688-1722 Computationally efficient data-driven solutions to inverse problems in X-ray CT Gene-based vaccines to combat bacterial diseases, hurdles and opportunities’ SCIENCE AND THE FUTURES OF MEDICINE One Day Meeting Bridging the gap between data-driven and mechanistic modelling: the latent force model approach |
Tuesday 21 February 2023, 14:00-15:00