Risk management at a systemic level is complicated enough that many organizations deem it practically impossible. Yet constructing and applying risk and threat models appropriately is the cornerstone for any successful security program; since they focus energy on 1) what needs to be protected and 2) how much investment is needed. In this talk Alex Hutton and Allison Miller will show how risk models can be translated from the white-board to implementation.
Verizon Business Alexander Hutton is a Principal in Research & Risk Intelligence with Verizon Business. Over the past 15 years he's served a number of different roles (from grunt to executive) for various security companies. He is a co-author of the Verizon Data Breach Investigation (2009), writes regularly for the Verizon Security Blog (http://securityblog.verizonbusiness.com). He's also a co-founder of The Society of Information Risk Analysts, and an author at the New School of Information Security blog (http://www.newschoolsecurity.com). Alex also contributes to the Cloud Security Alliance, ISM3 security management standard, the CIS metrics project and the Open Group Security Forum.
Paypal Allison Miller manages PayPal's Account & Identity Risk team, responsible for protecting PayPal customers from fraud. Allison has over 10 years of experience in risk management and security, and currently focuses on leveraging network graph data to improve fraud detection and designing risk controls for new accounts. Miller is active in the security community and presents research on fraud prevention and account security issues regularly to both industry and government audiences, including the ITWeb Security Summit, SOURCE Boston, and RSA. Prior to joining PayPal, Miller was Director of Product and Technology Risk at Visa International.