Information risk management and how to protect IT resources with the increasing disappearance of the network boundary were the dominant themes at the 15th Annual World Information Security Forum (ISF) Congress in Miami.
Over 400 security managers from companies and public sector organisations attended the event to debate and discuss issues and developments in information security.
Top of the agenda for many delegates was the impact of legislation such as Sarbanes-Oxley that is driving the need to monitor, measure and analyse information security risk. In particular, ISF Members felt that there is a strong need for practical business-oriented tools to automate the management of information risk.
The other hot topic at the Congress was the growing demand for remote access to networks for employees and third-parties combined with the trend towards deperimiterisation. With increasing threats from within corporate networks and more people accessing resources remotely, the traditional network boundary is under threat. This is forcing security managers to reassess the way they look at protecting their IT infrastructures and to draw up new strategies to meet these challenges.
"While issues such as hacking, viruses, ID and spam don’t go away, it is clear that our Members are increasingly concerned about how they are going to comply with legislation such as Sarbanes-Oxley and managing information risk," said, Adrian Davis, project manager at the ISF.
"In addition, deperimiterisation represents the first radical shift away from traditional boundary security and is gaining momentum from both end users and vendors. Our detailed ISF report on this key emerging subject is currently in progress and will be published in March 2005," added Miles Clement, senior manager at the ISF.
The ISF Annual World Congress this year heard keynote presentations from US industry figures including Dr Whitfield Diffie, CSO of Sun Microsystems; Eugene Schultz, Principal Engineer at the Berkeley Lab of the University of California and Mike Nash, Corporate VP of the Security Business and Technology Unit at Microsoft. There was also a range of workshop and networking opportunities to share knowledge and experiences in a confidential peer-group. Topics included complying with standards, implementing security programmes, dealing with specific threats, network security and security awareness. Sponsors of the conference included PricewaterhouseCoopers, Symantec, Lucent, Energis, Unisys and ISC2.
Founded in 1989, the Information Security Forum (ISF) describes itself as a not-for-profit international association of 260 organisations which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems. The ISF says it has invested more than US$75 million over the past 14 years in providing best practice material for members who have access to a library of over 150 research reports. To find out more about becoming a member of the ISF visit
