Fico muito feliz em anunciar que meu trabalho foi selecionado para apresentação no (ISC)² Security Congress Latin America 2015, que acontecerá em São Paulo nos dias 24 e 25 de novembro.
Minha apresentação tem o tema Information Security – Surviving a poor cybersecurity corporate culture, para os que se interessarem, segue o resumo* que enviei para o congresso:
During the last couple of years, several companies have learned – the hard way – that neglecting Information Security can have disastrous impacts on operations, brand and financial results. This scenario prompt us to believe that the manager mindset should have evolved to a more mature approach, where security is seen as a business enabler and incorporated on every aspect of the strategy.
The truth is that – even now – little has changed. Security is still mostly regarded as a pure technical discipline and perceived as unnecessary cost and bureaucracy by managers and business alike. That is until a major incident happens, and all of the sudden those alerts sent by the security team become relevant.
Who is to blame? The business that disregarded sound advice, or the Security Team that did not know how to communicate in business terms?
The great challenge is not a technical one. Cloud, Big Data, Business Transactions, Data Leakage, for each risk there are several technologies that could be implemented to solve the issue. However, that amounts to nothing compared to the trials of create a strong cybersecurity culture, involving strategy, mature processes and specially people.
The main objective of this presentation is to discuss the creation of communication bridges from the Information Security Team to all levels of the business. Going beyond the simple implementation of technology, to address the challenge of creating a proactive cybersecurity mindset.
* o resumo ainda está em inglês, pois isso era uma exigência para avaliação dos trabalhos. Nos próximos dias pretendo publicar a versão integral do artigo original em português.