Our network walls have largely tumbled, which means we have to shift from protecting infrastructure to protecting the data itself. That means concentrating on data classification and on controls like encryption and authentication.

Download and listen to Building Security Across Untrusted Infrastructure

All CISOs want to build a metrics program to measure and demonstrate their programs' effectiveness, but they find it hard to select and build the right metrics. Part of the problem is the confusion between measurements (point in time) and metrics (over time and in business context).

Download and listen to Why Security Metrics Matter

Security organizations will evolve into information risk management groups. That means recruiting people with new sorts of skills and extending our own skill sets far beyond security.

Download and listen to Defining The CISO Of The Future

Adam Stubblefield postulates that we'll only truly be able to achieve confidentiality by placing that data on disconnected systems. Thus, CISOs must concentrate on tools that help recover systems and data to known good states, which will allow us to ensure integrity and availability.

Download and listen to Security's Next Decade: Part 1

Bill Cheswick lodges his predictions for the next 10 years of security's evolution. Right now, the best single thing you can do to prepare for the next decade is to run the most realistic business continuity plan tests that you can, ideally by unplugging data centers and taking whole swaths of employees offline and seeing how well you can recover.

Download and listen to Security's Next Decade: Part 2

In a panel discussion between Bill Cheswick and Adam Stubblefield, we tackle the question of software, security flaws, and whether software vendors should be subject to the same liability rules as manufacturers of physical products.

Download and listen to Security's Next Decade: Part 3