I was lucky enough to attend the latest IISYG (Independent Information Security Group) meeting hosted by Iain Sutherland, Managing Director of Information Security Solutions, this was my first attendance, up till now I had lacked either the experience or expertise to attend and now I see why
I am limited on what I can discuss as I signed Chatham House rules, but I did want to jot down my experiences.
Normally small discussion groups like this (about 20 - 25) have their fair share of people who just talk and don’t get anywhere or those with a lack of experience but don’t realise it, I found neither of these here, it was a gathering of experts and I found that I was too wrapped in following the discussions and the huge number of valid points raised, to venture any of my own publicly (although I did shuffle up to one the presenter and have a chat afterwards) , the presentation on the nature of risk transference as how it is pertains to companies and the attempt to mitigate the problem with insurance was particularly fascinating, now I know what you are thinking, but genuinely it was, it showed you the mind process of insurance underwriters and how you should present your security risk to them, what loopholes they will use in your policy and how to watch out for them. a true ‘how to’ guide.
The debate section of the meeting initially sounded quite dry but that only turned out to be due to its government title, it dealt with the opposing sides of the question of government security standards, these standards deal with the certification of the people who get to state if the IT systems we entrust our governmental data to are secure, bearing in mind that this goes from simple personal data such as voting registers all the way up the most secure of state secrets, it is something you really want to get right, opinion varied hugely and dealt with the problem from all sides, if the official speakers took away half as much as I did them it was well worth doing..
All in all a fascinating morning.