Gartner Security and Risk Summit Recap
Last week I had the privilege of attending the Gartner Security and Risk Summit in National Harbor, Maryland. Anyone who is anyone in the IT industry was present.
The agenda was filled with presentations from C-level executives from major enterprise organizations, including Robert Herjavec from the Herjavec Group. Needless to say, the speaker line-up was certainly A+. Various topics were discussed, including the coveted Gartner Magic Quadrant, GDPR, integrated risk management, and cloud integration.
The overall theme was Gartner’s CARTA, or continuous adaptive risk and trust assessment, approach. CARTA is a very broad concept. Plainly stated, it is gathering and reviewing information on overall consumer behavior and flagging potential malicious actions. To be more specific, it may range from monitoring static parameters, such as browsers, or geographic locations, to behavioral analysis, including standard patterns of behavior.
For example, say you’re a banking institution – understanding what browser a customer uses when doing online banking could would be a static parameter. However, also understanding the consumer’s behavior patterns could also be important in identifying fraud. For instance, if they usually login, check account balances, pay their credit card, then transfer money to savings, then suddenly they’re logging in and transferring money to an offshore account – that’s a red flag. All of these analytics go into risk and trust analysis.
The CARTA approach also integrates risk management in a way that diverts from traditional risk management. In the past, security teams would identify risky options and choose to forego them because of the potential risk. Now organizations are willing to accept some level of risk, leaving professionals with the following tasks:
- Identifying each component of the risk
- Which devices, systems or users would be impacted if the risk were to occur
- Implement controls to mitigate risk
- Implement controls for disaster recovery