RSACE2012 Podcast: GRC-303: Adversary ROI: Evaluating Security from the Threat Actor’s Perspective

Summary: Joshua Corman, Director, Security Intelligence, Akamai Technologies David Etue, VP, Corporate Development Strategy, SafeNet, Inc.   The security community has failed for years to determine return on investment (ROI) or return on security investment (ROSI). It’s failed as you can’t evaluate security efficacy without assessing the adversary’s perspective. Updated from the highly rated RSA US 2012 session, we’ll discuss the “Adversary ROI” model and provide mappings for different threat actors, ranging from organised to chaotic.  Joshua Corman Director, Security Intelligence at Akamai, is a well known industry expert.  He is the former Research Director at The 451 Group, where he lead the research team in the area of IT enterprise security. Previously, he was Principal Security Strategist at IBM Internet Security Systems. Mr. Corman has more than a decade in security and networking software, and in his previous role at IBM was responsible for driving the strategy for emerging technologies, including secure virtualization and secure cloud computing. Prior to his role at IBM, Corman was a product development leader at vCIS Technology, when IBM Internet Security Systems acquired the company in 2002 for its preemptive behavioral inspection technology.   David Etue brings together experience and perspective from a number of security roles including security program leadership, management consulting, product management and technical implementation. He is the VP of corporate development strategy at SafeNet, where he is responsible for strategic decisions regarding partnerships, and mergers & acquisitions. He was previously the cyber security practice lead at management consultancy PRTM, VP of Products & Markets at Fidelis Security Systems, led General Electric's global computer security program, and held various positions in technology strategy, operations and product management. He is a Certified Information Privacy Professional, a Certified CISO, a graduate of GE’s Information Management Leadership Program, and a Six Sigma Green Belt.  Download <13:21>