I am excited to share that I will be presenting at the 2015 Educause Security Professionals Conference by means of an online-only session. It will take place on May 5th from 9:15-10:15 AM. Although I am not a complete stranger to public speaking, this will be my first presentation at Educause and my very first online presentation. It should be an adventure!
Title: Good Enough Security: When is it good enough?
Session Abstract: While many security professionals focus on “best” practices, in many cases “good enough” security would suffice for deflecting the majority of threats. In an effort to maintain a balanced viewpoint and avoid becoming myopic regarding security requirements, it is important that we come to terms with what level of security is “good enough” within the culture of higher education. Join us for an interactive, spirited and subjective discussion regarding what level of security is “good enough” in areas such as password complexity and change requirements, network architecture, endpoint security, and many other specific scenarios.
Session Participant Engagement Strategies: After a brief discussion surrounding the selfish herd principal and why risk based “good enough” security should not be discounted, I will present various multiple choice examples and scenarios. Each participant will vote on what option they feel is “good enough” by means of live polling via the internet. After voting is completed, I will offer my own perspective / experience and then go through each choice one by one. As time allows, advocates for each option will have the opportunity to justify their choice and others will have the opportunity to express why they disagree. The intention is to stimulate a meaningful discussion and help participants reach a reasonable viewpoint regarding what configurations, standards and designs are likely “good enough.”
What do you think of the session topic? Do you have any ideas regarding what I should cover during this session? Any strong opinions regarding what is “good enough security” in the environments you support or work in? Are there security measures you have encountered that seem unnecessary or overkill?
Share your thoughts in the comments below and don’t forget to subscribe!