Corporations and governments alike are faced with staggering risks from members of their own organization. Whether willful or inadvertent, human-induced leaks fueled by mass distribution through organizations like WikiLeaks can create breath-taking exposure. While the risks are not new, the targeted threats towards individuals are increasing with ever-more sophisticated deceptions. Likewise, the consumerization of technology has added new challenges in controlling leaks from malicious insiders. Once leaked, information can be globally distributed through highly visible activists, monetized through criminal syndicates, or leveraged by unethical competitors. In this workshop, CISOs/directors of information security discussed how companies are managing the human element of security. Using a moderated roundtable, panel discussions, and structured breakouts, we:
- Discussed the risks associated with the consumerization of technology and the prominence of social media.
- Explored the human issues in information risk.
- Examined how behavioral science can be used to reduce risk.
- Shared experiences with employee education.
- Discussed the role of incentives in improving security hygiene.
- Looked for opportunities to reduce risk through public/private dialog and partnership.
- Considered the challenges of mitigating behavior risks from the workforce of outsourced vendors and partners.
- Anticipated if/how behaviors need to change when using cloud services.
- Discussed the impact of Gen Y in the workplace.
Discussed the impact of role-based security on behaviors and risk.
Workshop Executive Advisory Council:
- Eric Cowperthwaite, System Director, Enterprise Risk Management Services & CISO, Providence Health & Service
- Ann Halford, VP of World Wide Security, Staples
- John Stewart, VP, Chief Security Officer, Cisco Systems Inc.
- Phil Venables, Managing Director, Chief Information Risk Officer, Goldman Sachs
We welcomed executives from the following companies to the workshop:
"Interview with the Editor" during dinner. Professor Eric Johnson asks Bill Brenner, Senior Editor of CSO/CIO Magazines, about his security predictions and current considerations. Hot topics to watch include security in the cloud and mobile finance.
Bill Brenner's slide.
The full room considers findings from the recent CISO Workshop survey in Europe.
Roberta Stempfley of the U.S. Department of Homeland Security turns to hear John Stewart, the VP and CSO of Cisco Systems, respond to a question on privacy. Between them are Phil Venables, the Managing Director and CIRO of Goldman Sachs and Prof Eric Johnson.
Bobbie Stempfley, Acting Assistant Secretary, Cybersecurity and Communiations, U.S. Department of Homeland Security
Robert Duran, Information Security and Privacy Officer/VP of Information Risk Management at Time Inc., listens in the foreground. Dave Cullinane, CISO and VP at eBay, sits at his left. Debra Cody, Karen Carman, Charles Burns and Shari Lawrence Pflegger sit in the background.
Hans leads a breakout session in the summer heat.
John discusses how surprising it can be to see what goes viral and resonates with the workplace culture.
Justin Albrechten, Senior Applied Psychologist at Mitre Corp and Juhee Kwon, CDS Research Fellow.
Dave Cullinane, CISO and VP at eBay, responds to a question concerning customer security.