Thomas Parenty has over twenty years of experience in the computer security and cryptography fields, including employment with the National Security Agency.  He has designed and evaluated the information security protection of numerous national and global systems, including those for banking, electronic commerce, healthcare, and nuclear command and control.  In addition, Parenty has designed security features in enterprise applications that are currently used by governments and businesses across the globe.         

The security community has long recognized that technologies, such as encryption and passwords, can't by themselves protect a company, its information or its computer systems. And so there is a recognized need for organizations to apply policies and a unified framework to addressing their information security needs. However, the process of developing polices and Information Security Management Systems can easily become unwieldy, draining corporate resources and interest, without substantively improving the state of security. This presentation will discuss the fundamental elements that make security policies actionable. Covering topics from data classification to end user behavior to outsourcing, we'll examine the core security issues and provide guidance on developing effective policy.