BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//talks.cam.ac.uk//v3//EN
BEGIN:VTIMEZONE
TZID:Europe/London
BEGIN:DAYLIGHT
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
TZNAME:BST
DTSTART:19700329T010000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
TZNAME:GMT
DTSTART:19701025T020000
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
CATEGORIES:Computer Laboratory Security Seminar
SUMMARY:No One to Blame\, but... : Fear and Failure in Sec
 uring Large Organisations - Ahana Datta\, Universi
 ty College London
DTSTART;TZID=Europe/London:20230221T140000
DTEND;TZID=Europe/London:20230221T150000
UID:TALK195853AThttp://talks.cam.ac.uk
URL:http://talks.cam.ac.uk/talk/index/195853
DESCRIPTION: When staff at a critical national infrastructure 
 organisation were recently polled to associate a w
 ord with infosec\, they chose “fear”. This is a ta
 lk about fear and failures - unavoidable and avoid
 able - their systemic and institutional causes\, a
 nd how to overcome them. Using case studies from l
 arge organisations such as the civil service\, avi
 ation\, CNI\, and media\, I will discuss the role 
 of security engineering\, purple team operations\,
  threat and compliance. Drawing from experiences a
 s a head of information security/chief information
  security officer\, I attribute poor organisationa
 l security to failures in correctly interplaying p
 eople\, processes\, and technology. I will discuss
  issues such as why user access is breached despit
 e multi-factor authentication and dedicated identi
 ty and access teams\; why legacy technology remain
 s misunderstood\, and friction in patch management
 \; how to know you’ve hired the right (or wrong) e
 xpertise\, and why we still get hacked despite all
  the right intentions\, if not the right incentive
 s. I will explore third-parties and supply chains\
 , deploying security tools\, disjointed processes 
 undermining secure behaviours\, the perils of conf
 using regulation as a threat model for security\, 
 incident management and reactive security\, as wel
 l as why boards struggle to care about information
  security\, and how to make them.
LOCATION:Webinar &amp\; FW11\, Computer Laboratory\, Willia
 m Gates Building.
CONTACT:Kieron Ivy Turk
END:VEVENT
END:VCALENDAR