If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2011 Feburary - Using Trust to Influence Risk Decisions and Analysis

When: February 2, 2011 1:00 p.m. to 4:30 p.m.

Registration: Through our website
Fees (members need log in): ISACA Member - Free; ISACA Partners(IIA, ISSA, Infragard etc.,) - $25; Non-Members - $40
CPEs: Upto 3
Speaker: Michael Menefee, President, WireHead Security
Summary of Session
Risk is a funny thing: In a room of 100 people, there may be 20 differing opinions about the "riskiness" of any given example. What seems like a risk to some, may not seem like a risk to others. How, then, can risk be quantified scientifically so that all 100 people always agree to the level of risk as presented? Risk itself cannot be.
This is where Trust comes in handy. Although trust also cannot be directly quantified, Reasons to Trust can be, and therefore used as a basis for making "Trust" decisions. With the knowledge of the Reasons you have to either trust or not trust any given person, interaction, or component, a clear risk decision can be made AND justified to all parties based on mathematically formed analysis.
For the past 5 years and based on more than a hundred years of behavioral research, ISECOM has begun to identify the "Trust Properties" that can be used to make trust decisions for all sorts of interactions. These trust properties are being applied all over the world to help make
better risk decisions and increase the operational security of numerous organizations, governments and groups.
During this talk, we will present the results of our research in the form of Trust Properties. We will walk through several examples of how these metrics allow trust decisions to be made. We'll show how Trust Analysis can be used to quickly identify missing Operational Security controls and how those same controls can be used to increase the Reasons to Trust.
Speaker Bio
Michael is the President & CEO of WireHead Security, a consulting firm in Raleigh, NC. He is also the Founder and President of Infosec Island (www.infosecisland.com), a free online information security community. He has 15 years of direct Information Security research and consulting experience, working with clients in all verticals, markets and mentalities.
Michael is keenly interested in "Trust" and it's role in Operational Security, regularly speaking on the topic and contributing to the Trust research for OSSTMM4 at ISECOM (the Institute for Security and Open Methodologies). Coincidentally, he is also fond of risk, having been married in Las Vegas, NV, gone sky-diving 12 times and fathering 2 sons with his wife.