Five Key Cybersecurity Lessons from ISACA’s CSX North America Conference

October 27, 2016         By: Payment Week

Rolling Meadows, IL, USA (27 October 2016)— ISACA’s CSX 2016 North America conference convened last week in Las Vegas to discuss emerging cybersecurity challenges and opportunities.

Key lessons that emerged from the event include:

  1. Prioritize people. While automation is necessary and inevitable, addressing the global cyber security skills shortage is chiefly about people. Opening keynote speaker Brian Krebs, an investigative journalist and founder of the KrebsonSecurity blog, was among several speakers to call upon organizations to make further investments in staffing and training.
  2. Don’t overlook firmware. The hard-coded software frequently stored in Read-Only Memory (ROM) is “low-hanging fruit” for attackers that must be accounted for with embedded controls and emphasized in organizational risk assessments, according to keynote speaker Justine Bone, director and CEO, MedSec. Bone presented the findings of ISACA’s new firmware security report.
  3. Take an approach that resonates with executives. Reframing discussions about return-on-investment into cost-avoidance conversations can help garner executive-level support for strengthening security programs. A forum for chief information security officers prompted discussions about how to win buy-in for security programs from senior management while delving into an array of challenges affecting today’s CISOs.
  4. IoT devices require comprehensive security. The proliferation of Internet of Things devices requires security and privacy that is embedded into the strategy and design of a connected device program, as well as emphasis on full life-cycle protection. Security specific to each category of device—including strong authentication and access control, data privacy protection and robust application security—also is recommended.
  5. Proactively prepare for ransomware threats. Ransomware is becoming more targeted and more expensive. Ensuring the availability of high-quality backups for their data can help organizations avoid paying the ransom and incentivizing hackers.

The conference’s networking opportunities included a reception as part of ISACA’s Connecting Women Leaders in Technology program, which aims to advance female leadership within the global technology workforce.

More highlights from CSX North America can be found in ISACA’s post-conference report.

“The quality of insights that were shared and the networking connections that were made gave security professionals—including myself— valuable new tools and resources that they can take back to help strengthen their organizations,” said Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA’s Board of Directors and group director of Information Security for INTRALOT. “We look forward to expanding the CSX event and the opportunities it brings to Europe and Asia for the first time this year.”

While last week marked the second annual CSX North America conference, a pair of new CSX conferences will make their debuts in the coming weeks. CSX 2016 Europe will take place 31 OctoberNovember 2 in London, UK, while CSX 2016 Asia Pacific is set for 14-16 November in Singapore.

Next year’s CSX North America conference will take place in Washington, DC, USA, 2-4 October 2017.

About ISACA

ISACA (www.isaca.org) helps professionals around the globe realize the positive potential of technology in an evolving digital world. By offering industry-leading knowledge, standards, credentialing and education, ISACA enables professionals to apply technology in ways that instill confidence, address threats, drive innovation and create positive momentum for their organizations. Established in 1969, ISACA is a global association with more than 140,000 members and certification holders in 187 countries. ISACA is the creator of the COBIT framework, which helps organizations effectively govern and manage their information and technology. Through its Cybersecurity Nexus (CSX), ISACA helps organizations develop skilled cyber workforces and enables individuals to grow and advance their cyber careers.