Synopsis:
This talk will center around CISA's Binding operational Directives, specifically the Known Exploited Vulnerabilities database and why it is important for policy, specifically in areas of risk and compliance, and infosec to work hand in hand.
Policy tends to be a bad word in the infosec community. In many cases, standards are either objective or placed in the wrong areas. What I would like to do is show how effective policy can be, given the right framework. Policy in tech can result in the following advantages:
- Lowered overall risk for a company
- Outline standards and guiderails for emerging technologies
- Clearer understanding of goals and "what success looks like"
- Implementing better defined security frameworks.
Policy can seem stuffy and boring, but my talk aims to make it more interesting and how it can be applied not only in work, but for the future.