By Jeff Jones, Microsoft
Following RSA President Art Coviello on the keynotes this morning was John Thompson, CEO of Symantec. The topic of the keynote was "Information Centric Security: The Next Wave."
On one hand, this was one of the more interesting sessions of the morning, because John brought up his Research Labs VP, Steve Trilling, who shared lots of interesting security factoids from their research:
In the underground economy:
This last point was interesting - a WoW account can be worth 100x that of a valid credit card number. As was said in the keynote, "Even in virtual worlds, there is real money for hackers."
On the other hand, there wasn't a lot of new information discussed concerning the title - Information Centric Security. Mr. Thompson did say that we should start taking a more information-centric approach to security, or as he paraphrased it, "take a risk-based approach to protecting data."
Most security professionals, (not security technologists or security product folks, necessarily), have advocated a risk-based approach to protecting data for as long as I can remember. It is still a good idea and while I am glad Thompson reinforced the importance, I don't see it as the next wave.
One other call to action that John Thompson made was the call for a national approach to security and privacy disclosure laws. He pointed out that in addition to the well-known California law, 40 other state-level bills are currently being considered. In my opinion, should they pass, it would be a nightmare of overlapping and conflicting requirements.
Regards ~
Jeff Jones, Microsoft