RSA Conference 2014 Day One: Cloud Summit, CISO values


Though there has been plenty of discussion on RSA’s relationship with NSA leading up to this week’s 23rd annual RSA Conference 2014, held February 24-28 at the Moscone Center in San Francisco, there are plenty of IT security topics on tap for attendees.

From information security leadership needs to mobile device security, there will be a great deal of overlap between the show’s educational sessions, which are enterprise focused, and healthcare’s IT security concentrations.

Cloud security, unsurprisingly, will be a prominent theme throughout the conference and the Cloud Security Summit (CSA) Summit 2014 will be among the show’s early events on Monday from 9-1 p.m. PST. Cloud security has multiple layers, such as network repercussions and impact on mobile security, and many organizations are already using cloud-based infrastructure or are making efforts to implement cloud based services. In addition to other areas of interest, the session will cover latest threats and areas of concern and how organizations can adopt and integrate elements of the NIST CyberSecurity Framework to protect their cloud based critical infrastructures and mitigate their risk against attacks.

Another presentation of interest for healthcare organizations will be Monday’s “Advancing Information Risk Practices Seminar“, which will analyze risk management challenges such as ranking security gaps, handling business interactions and building a qualified resource pool.

Healthcare CISOs may want to check out Todd Fitzgerald’s, Director of Information Security with Grant Thornton International, “So Why on Earth Would You WANT to be a CISO?” presentation on Monday at 2:25 p.m. During his presentation, Fitzgerald will describe what the deal “DNA” of a CISO’s job is, including laws and regulations, incident handling, security strategy, control frameworks, senior management metrics, security policy, investment, auditing and data privacy. Additionally, he will break down the differences between a “Techie” and a CISO, such as differences in thought process and the ability to handle business relationships.

Also on Monday will be “Running Secure Server Software on Insecure Hardware without a Parachute“, which focuses on the state of server hardware security misconceptions. Nicholas Sullivan, Systems Engineer at CloudFlare, will discuss advanced techniques for protecting software on untrusted clients and how to apply them to servers running on untrusted hardware, including anti-reverse engineering methods, secure key management and how to design a system for renewal.

While these sessions aren’t specific to healthcare, there will be plenty of lessons to be learned for organizations looking to be proactive about new-age security threats. Continue to check back to this week for more RSA Conference 2014 coverage.

By Jarrett Neil Ridlinghafer
Chief Cloud Consultant
Compass Solutions, LLC