Video above published Apr 25, 2017 by Black Hat - Thomas Dullien / Halvar Flake: In IT security, offensive problems are technical - but most defensive problems are political and organizational. Attackers have the luxury to focus only on the technical aspects of their work, while defenders have to navigate complex political and regulatory environments. A previous talk ("Rearchitecting a defendable internet") discussed what technical measures would yield defendable devices - and intentionally omitted the political and economics side. This talk, on the other hand, explores the economics and incentive structures in IT security: Who is incentivized by who to do what - and how these incentives fail to produce the security level we desire.
The talk looks at different players in IT security: CISOs, security product vendors, computer manufacturers, cyber insurances - and examine their economic incentive structures, their interplay, and reasons for failure. The talk will also discuss an alternate reality where things work smoothly, and examine the differences to our current reality.
Black Hat USA 2017: "Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more."
Tweets by BlackHatEvents