Every day we roll the boulder up hill. Every morning we find the boulder back down in the valley. Like Sisyphus, defenders face the daily challenge of getting all the systems secure and the morning realization that new vulnerabilities have crept in. It is so bad we say it is not if we will get breached but when we will get breached. Worse, defenders say most breaches are career-ending events. Ouch. There has to be a better way. In this talk, we will cover using business impact and risk management as a driving force for prioritizing security efforts. This reduces the likelihood of a breach and prevents any breaches from being career-ending event. We’ll round out the hour with a case study showing these principles applied to securing a million dollar website. Guaranteed, you will leave this talk a smarter boulder roller.

Download:
http://archive.org/download/BsidesCleveland2012Bsidescle/11NakedBoulderRolling-ApplyingRiskManagementToWebApplicationSecurity-JWolfgangGoerlich.avi

Back to Bsides Cleveland 2012 video list