Security in Service Provision – Different Services, Different Threats

Wednesday 4th March 2015, 6:30 pm.

Speaker: Martin Torzewski.

Venue: Room 4.31, University of Edinburgh Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB.

This event is free of charge and open to all. No registration required - just turn up.

Refreshments and networking from 6:00 pm.

This meeting is supported by NCR.

Synopsis

IT and Information Security Risk analysts make certain (usually stated!) assumptions as to threat sources associated with providing a service. These form part of the process of arriving at a consensus as to how best to mitigate the risks present in the deployed technology, and its operation (ideally to the satisfaction of all stakeholders). This presentation introduces a seldom recognised form of service provision and illustrates that the threat characteristics are significantly different, requiring correspondingly different mitigations.

About the speaker

Martin Torzewski has spent most of his career in computing (latterly IT). Initially working as a scientific and engineering applications programmer, he progressed into system programming and system management, gaining exposure to a variety of computer architectures. In the mid 90s, despondent about the direction that hardware and software design was taking, he moved into IT security, anticipating it to be the last bastion of industrial strength, to be largely disappointed. Culturally, he has worked in science and engineering, telecoms, utilities, investment, retail, and private banking and other financial sector areas, and latterly public sector, followed by management of outsourced security governance services to all sectors in the context of customers with multiple outsourced suppliers.