Organisations have never had so much to gain – and so much to lose – from cyberspace. The relentless forces of network unification of the corporate, factory, home, school and the machine-to-machine environment, combined with the industrialisation of cyber-crime, the emergence of hactivism and the development of mation-state cyber warfare is leading to an explosion of risk, a new Big Bang of opportunity. In a world where executives are increasingly held to account for the actions of staff they no longer directly control, making good business purchase decisions about security has never been so important and yet so difficult. If security vendors were taken on face value, the security issue has been long solved and indeed most CSOs should be riddled with silver bullets, instead of drowning in snake oil. So what’s the truth? How secure can an organisation be made? In a break with tradition, this presentation does not profess to answer this question nor offer the ultimate solution. Instead it lays down a reasoned set of guidelines to help CSOs and architects test the validity of vendor solutions when applied to their environment.

There are 5 key areas this will cover:

1. Visibility + control – you cannot control what you cannot see

2. Contextualisation – extracting relevant information from raw data

3. Adaptation – ensuring security products ‘fit like a glove’

4. Commensurate Response – responding to a spectrum of events in the threat landscape

5. Anticipation, observation and retrospection – understanding and processing key phases to the security event.