ISSE 2008 in Madrid - some key learnings from the conference
07-Oct-2008
Madrid, October 7th, 2008.
Besides the obvious weather improvement versus the Europe of the North, the yearly ISSE conference also tries to improve on the awareness of security througout Europe. Already at its 10th edition, we congratulate our partners EEMA, Teletrust and ENISA for this visionary conference in Europe.
ENISA’s director Ronald De Bruin raised the question on “how big is the problem” regarding information security. Disappointing result still : no answer to the question. By now one would expect at least some basic answers to this simple question from a European Government supported organization. Also amazingly is the map shown by Ronald on the number of C-CERT’s in Europe, and still, in the exact middle of the European map there is small blank dot called “Belgium”.
Ronald’s fair evaluation of the European market that 2 out of 3 private sector jobs are with European SME’s, but that probably not enough is being done for that segment of enterprises to help protect them.
In a keynote by Chis Kenworthy, Senior VP of McAfee some interesting data on Data Loss (DLP) were shared. According to a study done by Datamonitor last year, 60% of the companies interviewed (European companies with more than 250 employees) have experienced some form of dataloss. One out of three respondents indicated to have had a major impact because of this data loss. Even with almost 80% indicating that these losses were unintentional, the average amount of cost of such an incident were still in the lower 2 million EUR.
It should not be a complete surprise coming from the EC, but still quite strange that Detlef Eckert from the DG INFSO and Media promoted strongly the use of IPv6 as a means to use. Especially because there was no major improvement on security, even correct warnings issued on potential threats when using IPv6. By implementing quite a serious additional investment in infrastructure would be needed, increasing the level of education of system engineers, the lack of solid industry concerns such as data loss, compliance and still too many uncertainties about the implementation on large scale of such a network. The only potential advantage being relatively interesting would be the option to remove Network Address Translation (NAT) the procedure to protect IP-addresses within your local network to the outside world. So “do implement, but don’t try this at home” in one EC contribution is definitely not the best form of transparency in this complicated market.
An interesting point of view for the future internet of things (eg all devices small and strong connected to the internet), was the view about the lack of security for Consumer Electronics (CE) devices. Even from a Trusted Computing Platform perspective, it was clearly indicated that not much thought has gone into such devices.
Hackers and attackers will have a gorgeous feast focusing on these devices in the near future. Security won’t be out of business soon ....
Ulrich Seldeslachts
Ulrich Seldeslachts 07-Oct-2008
Are you a
leader in Security ? Do you want to share your expertise and join the
Leaders in Security as a Core Expert Member ?
Contact us via email! Or call +32.16.32.85.41 for a direct contact and more information.
An information set and your Membership Welcome Pack awaits you.
Copyright LSEC vzw 2007-2008 with the support of the IWT.
LSEC vzw Kasteelpark 10 - 3001 Heverlee - VAT BE BE 478 045 395 - fax. +32.16.32.19.69 - info @ lsec.be