Threat vectors against information systems are constantly changing and increasing in both diversity and frequency. This talk will review the latest threats to global information assets and mechanisms to assess risk exposure and mitigation approaches. Using examples from academia, industry, personal experience, and audience members; a spotlight will be cast on the major vulnerabilities that pervade our daily lives.
Appropriate access to most information technology resources inherently requires some risk. Assessing, eliminating, mitigating, and accepting risk then become functions that are necessarily performed by both individuals and organizations. Just as the threats themselves are misunderstood, so too are each of these four risk management elements often mismanaged. We’ll explore structures to address each element, common theoretical and practical errors in application, and how these gaps might be closed by a different approach or through future research.
Finally, we’ll review how the very actions that expose individuals and companies to significant risk may be exploited to thwart and prosecute criminals, by looking at recent approaches in digital forensics.