Gartner IT Security Summit - Day 2

The down-side of spending a couple of days sitting through presentations from people offering enlightenment as to how you can be more effective in your job, is that you end up feeling like you’ve not been doing your job very well. Listening to Les Stevens of Gartner discuss “The Art of Policy Management” during todays Gartner IT Security Summit had me almost running back to the office so that I could quickly implement the framework he described. However, it would have been a long way to run so I stayed to the end and enjoyed his relating the challenges of implementing security policies to Sun Tzu’s “The Art of War.”

Les made a big point about achieving a conscensus within the business. I don’t disagree with the guidance but I do often get frustrated with governance through democracy. I don’t think it does the business many favours when it comes to security and personally believe that a more authoritative approach is needed. I challenged Les on that very point and he agreed, stating that if you are in an organisation where you can get away with an autocratic approach then that will certainly make it easier to push policies into operation.

Other presentations today were equally interesting. “Zen and the Art of International Data Protection Compliance” discussed the implications and constraints around moving personal data between the UK and the USA. Surprisingly it’s a lot easier than you might think with a lot less risk than you might believe. I’ll talk about this more in a latter blog.

In the meanwhile go to and type in your company name (or your own name). You might find the results interesting!