Infosecurity to host mock security breach trial

Home
Topics
IT security
Hackers and cybercrime prevention
Infosecurity to host mock security breach trial

News

Infosecurity to host mock security breach trial

Ian Grant

Infosecurity will this week host a mock courtroom trial to demonstrate that the boardroom has ultimate responsibility for information security breaches.

The trial will be based on a fictionalised account of the real theft of thousands of credit card account details. In the dock will be the chief executive, the chief information officer, the chief information security officer and other suspects.

Paul Williams, former president of the Information Systems Audit and Control Association, will defend the CIO's role. "Ultimate responsibility for information security rests with the board and the chief executive, " he said. "This cannot be delegated. It is up to them to set the policies and to monitor their implementation."

Williams said security was more than the "box-ticking" exercises demanded by regulations such as Sarbanes-Oxley and PCI DSS. "I am not convinced more regulation helps," he said. "Jail means that all else has failed."

He said regulations such as PCI DSS were the application of common sense. "The basic principles are simply good housekeeping for anyone who processes credit card data," he said. "Of course you should encrypt customer data, and use firewalls to stop attacks."

Williams said regulations had sharpened boards' focus on IT security, but many were still ignorant of all that it entails.

Related Topics: Hackers and cybercrime prevention, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Read More

Show me more

COMMENTS powered by Disqus // Commenting policy

More from Related TechTarget Sites

CIO
Security UK
Networking UK
Virtual Data Centre
Data Management UK

CIO
- CIO role through the lens of MIT: Agile rebel or company dishwasher?
  
  The CIO role was under the microscope at MIT this week. Will CIOs be the standard bearers of the IT revolution or just stuck cleaning up the mess?
- Download the latest Enterprise CIO Decisions issues
  
  Download the latest Enterprise CIO Decisions issues
- Innovation and agility start with application process optimization
  
  This tip discusses how to achieve the goals of business process reengineering, including application process optimization for innovation and agility.
Security UK
- Prep and test your Olympics 2012 security contingency plans
  
  To maintain information security during the 2012 Olympics, security and IT contingency plans must be tested in several key areas.
- File upload security best practices: Block a malicious file upload
  
  Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks.
- MDM, security vendors scramble to address BYOD security issues
  
  Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.
Networking UK
- Cisco Live London: 40 and 100 GbE, souped up WLAN
  
  At Cisco Live London, Cisco launched 40 and 100 GbE switching, a souped-up 4-antenna WLAN access point, and a host of network virtualisation technologies.
- UK Networkers should gear up for mobility implementations in 2012
  
  Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.
- Cloud gets vote of confidence from UK buyers in 2012 IT priorities
  
  The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.
Virtual Data Centre
- Is Dell eyeing Quest Software following its Wyse acquisition?
  
  Dell may acquire Quest Software to expand its desktop virtualisation offerings and gain Quest’s customers. Experts wonder if there is too much product overlap for such a deal to make sense.
- Data centre design: Using engineered racks, pods and containers
  
  IT pros must adopt a new approach to data centre design and consider using engineered racks, pods and containerised systems for better scalability, capacity and efficiency.
- Microsoft volume licensing costs to increase up to 33.5%
  
  Microsoft will increase its volume licensing prices in the UK between 7.5% and 33.5% starting July 1 to maintain price consistency owing to the sustained currency difference in Europe.
DataManagement UK
- SAS: High-performance analytics frees data scientists to model faster
  
  High-performance analytics on "big data" could aid European companies as they struggle to make headway in the recession, say senior SAS executives. All sectors are turning to big data, they claim.
- Organisational design for analytics function needs governance
  
  Scant are the absolute rules for the organizational design of the analytics function. It can be outsourced or in-house; sit within a business unit or run from the centre. But it needs governance.
- History lesson points way forward on data management projects
  
  Data management projects often suffer from historic amnesia. Projects that co-locate business and IT staff and keep to a manageable scale can achieve remarkable results, says consultant Andy Hayler.

All Rights Reserved, Copyright 2000 - 2012, TechTarget