Post by rabiakhatun on Nov 3, 2024 5:45:59 GMT -5
And I must say that the atmosphere of the event has not changed one iota. Backstage, saunas, dumplings, mountain, karaoke, heated debates, exchange of opinions, guitar... Everything is as before and no COVID-19 has interfered with it. I will not discuss the content; I will only say one thing - I did not like it. But I will tell you a little more about the anti-plenary session that opens the conference - it is worth it. When it was content writing service conceived, I wanted to discuss the dilemma that our information security specialists increasingly face - to comply with the regulations or to engage in effective information security? But no one has canceled the former after February 24th of last year, there have been more threats, and fewer solutions with which to fight them.
There is a pressing need for radical changes in regulations, since it is no longer possible to live the old way, and we don’t have anything new yet.
This is what I thought when I came up with the concept of the anti-plenary, and many colleagues agreed with me, who are scolding regulators to the fullest, unable to take into account the current situation and only increasing the paperwork burden that falls like a heavy burden on the shoulders of IB specialists. But at the anti-plenary itself, everything went a little differently than planned. Perhaps the presence of regulators did not allow all participants in the discussion to open up, perhaps the presence of the media in the room, but no one directly said everything they thought about regulation Quite the contrary. Several arguments were made in favor of IB regulation:
It helps to knock out a budget and obtain resources.
But that's not the job of information security, is it? It's necessary to make unacceptable events impossible, to repel threats, to prevent incidents. And this doesn't always directly correlate with the budget.
The growth of regulation is a global trend and Russia cannot remain aloof from it.
And why should we look to the Western and Eastern world? And why does the growth of regulations there signal that this is good?
Regulation helps to punish organizations that allow information security incidents.
Well, a bunch of examples with leaks of personal data show that the presence of regulations does not help at all. And some (especially from the state sector) are not punished at all.
Some participants in the discussion said that the regulations do not help them, but do not hinder them either - they can twist them as they like for their own purposes. And here too the question arises - why twist them if you can refuse them altogether? Why maintain a whole staff of those who deal with compliance if these resources can be spent on something more important and effective for information security.
There is a pressing need for radical changes in regulations, since it is no longer possible to live the old way, and we don’t have anything new yet.
This is what I thought when I came up with the concept of the anti-plenary, and many colleagues agreed with me, who are scolding regulators to the fullest, unable to take into account the current situation and only increasing the paperwork burden that falls like a heavy burden on the shoulders of IB specialists. But at the anti-plenary itself, everything went a little differently than planned. Perhaps the presence of regulators did not allow all participants in the discussion to open up, perhaps the presence of the media in the room, but no one directly said everything they thought about regulation Quite the contrary. Several arguments were made in favor of IB regulation:
It helps to knock out a budget and obtain resources.
But that's not the job of information security, is it? It's necessary to make unacceptable events impossible, to repel threats, to prevent incidents. And this doesn't always directly correlate with the budget.
The growth of regulation is a global trend and Russia cannot remain aloof from it.
And why should we look to the Western and Eastern world? And why does the growth of regulations there signal that this is good?
Regulation helps to punish organizations that allow information security incidents.
Well, a bunch of examples with leaks of personal data show that the presence of regulations does not help at all. And some (especially from the state sector) are not punished at all.
Some participants in the discussion said that the regulations do not help them, but do not hinder them either - they can twist them as they like for their own purposes. And here too the question arises - why twist them if you can refuse them altogether? Why maintain a whole staff of those who deal with compliance if these resources can be spent on something more important and effective for information security.