How many times as information security professionals have we heard “There is a policy that covers this.”, or “The reason there was a leak is because John didn’t follow our procedure?”
How many hours have we spent writing policies, and dealing with the politics of implementing those policies, just to not have them followed or enforced?
This presentation is targeted to information security management and will focus on the harsh reality of relying so heavily on policy and process, with subpar results in protecting our organizations.
We will address information security by emphasizing the importance of holding information security professionals responsible. Too often information security professionals point the blame to a policy or process that is not being followed. While this paper trail has its place in information security, we have created this false façade that management hides behind. As information security professionals we need to begin spending our policy time on proactive security. We will discuss how to develop an information security program and build a team that will more effectively protect your organization.
- Policies Pass Audit Review But Don't Provide Infomation Security
- Promotion Of Proactive Security Testing To Enhance Security Program
- There Is A Need For Information Security Accountability
About Scott Erven

Scott Erven is an Associate Director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and healthcare security. Scott has consulted with the Department of Homeland Security, Health and Human Services, Food and Drug Administration and advised national policymakers. His research on medical device security has been featured in Wired, Forbes, BBC and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. Scott also has served as a subject matter expert and exam writer for numerous industry certifications. His current focus is on research that affects human life and public safety issues inside today’s healthcare landscape.