Sometimes, we have to do information security without a playbook. Sometimes, we have to evaluate the playbook and figure out if it's well-written, or if it is the right playbook for a specific context. In order to practice information security beyond compliance regimes and best practices lists, we need to understand where security comes from.
In this presentation, Susan Sons will introduce the Information Security Practice Principles developed by her and colleagues at Indiana University's Center for Applied Cybersecurity Research. The ISPPs offer a mental model for reasoning about, planning for, and communicating security needs that starts from the basics and is easily translated into practical social and technical controls. While most information security professionals, programmers, and systems administrators who can secure the unknown got there through years of hard-won trial-by-fire, there's now a guidebook, in the form of the ISPPs, to help technology practitioners not just get to that point faster, but to help their management and other non-technical contacts get on board with security needs and processes. CACR's work with research and development technologies across throughout the US and abroad have forced them to learn to be adaptable while also demonstrating that recommendations and critiques were not pulled from a hat. We hope to pass on these tools to others.
This day-long workshop will provide practical instruction in six essential activities that every security-conscious software engineer, software architect, and software project manager should know:
We won't get very deep into any particular code base: this is a completely programming language neutral presentation. We'll be focused on the process of producing secure and reliable code: what your team needs and what they need to do. The workshop is a combination of lecture, Q&A, and some planning and communication activities.
You'll receive, included with the workshop, some print and digital reference material to help you put what you've learned into action.
Susan Sons is an information security professional from Bloomington, Indiana, USA with a penchant for securing edge-case technologies and environments. As Chief Security Analyst at Indiana University's Center for Applied Cybersecurity Research (CACR), Susan works with her team to secure the infrastructure that makes research and development projects possible as well as to help organizations introduce security to nascent or unusual technologies. Serving as President of the Internet Civil Engineering Institute (ICEI), Susan has focused her energies on building the next generation of internet infrastructure software maintainers and saving often-neglected infrastructure software. Susan is also a mom, a martial artist, search and rescue volunteer, and author of several technical books and articles.