• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Career360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Culture Trumps Calculation

Why can it be so hard to gain traction with security metrics? Metrics should help people make better, more informed decisions, right? We measure a lot of things to get them right and eek more efficiency, so shouldn’t security metrics do the same? Why isn’t this just obvious to leadership how important this is? This presentation takes a look at these questions, and more, in a slightly different light.
It will also explore a little about how people make decisions, from the group think to type A personalities that seem to dominate the decision making process. When logic and reason come in contact with personality and passion, the clash can be interesting at times and can make our jobs as security professionals a pain.
The discussion will explore ways to identify these potential clashes and still show value of security metrics by supporting a risk decision process.
It will also cover some of the basics of what security metrics can do for an organization from a small set of measurement capability to going for it with a full set of security program performance measures.

Key learning points:
  • Risk management and decision making processes.
  • Basic security metrics and how to use them.
  • Understanding risk tolerance and your organization's risk appetite.

About Eric Breece

Eric is an information security professional with over 16 years of IT and information security experience that ranges from application development to infrastructure implementation to program management. He has worked for companies that have provided a diverse range of experience that covers the healthcare, manufacturing, financial, government, legal, and consulting industries.

He has created the information security programs and has expertise with information security risk management, security auditing and regulatory compliance, policy/standards development, program and process development, enterprise architecture, and strategic planning. He brings knowledge on many regulatory requirements (e.g. HIPAA, GLBA, IRS 1075) and internationally accepted standards such as NIST, ISO27001, HiTrust, and others. He strives to always balance these types of requirements with core business objectives so security is an enabler, not a hindrance.

Primary Sidebar

Details

Wednesday May 15, 2013
2:35 PM - 3:35 PM
Room 11
Level: Basic

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.