I have submitted a topic for consideration for Security BSides San Francisco 2010 which happens concurrently with RSA.
For those not familiar with Security BSides, the following is from the website:
What is BSides?
BSides is an ad-hoc gathering of information security types born from the desire for people to share and learn in an open environment. It is an intense event with discussions, demos and interaction from participants. It is entirely community driven. It is where conversations for the next-big-thing may be happening. We've followed the BarCamp format... because it works.
- Title: Discussion: What Makes a Good Risk Management Practice?
- Abstract: All of our organizations have to manage risk, specifically information security risk. What does it mean to do that well? What are the moving parts that make up a good risk management practice? This discussion/panel/talk will not focus on assessment methodologies or frameworks. It will also not focus on the "information security program." We will spend some time focusing on the other moving parts of a risk management practice. Engagement with our business partners, how we bring it all together, how we can manage the inputs and outputs of the risk management process, etc. It will be an opportunity for those interested to share and learn from each other.
This topic is modeled after the RSA Peer-2-Peer sessions in that it is not a presentation. I anticipate a discussion where we can all contribute to the conversation and try to define what we it means to build a good risk management practice in our organizations.
Please vote for my topic by tweeting the following if this sounds like a conversation you'd like to be a part of:
@SecurityBSides I vote for “What Makes a Good Risk Management Practice?” by @kriggins #BSidesSF http://bit.ly/BSidesSFtalks