Infosec blog The Infosecurity Europe show is almost upon us again. I've personally attended the show every year since 1997, man and boy, making this year's event my tenth attendance.
Over the years the dress code has changed from jeans and t-shirt to business suits and the agenda has shifted towards the business impact of information security breaches (e.g. keynotes this year such as Security Compliance from Conglomerate to SME). New concerns - such as the security impact of VoIP technology - are emerging but hardy perennials, such as the cost of computer virus infection, remain consistent themes.
Surveys keep raining on our heads
Every two years the show serves as forum for the announcement of the DTI's Information Security Breaches Survey, touted as the UK's most authoritative look at security breaches. Latterly the lead up to the report has been accompanied by a string of press releases, sponsored by security vendors, highlighting a particular facet of security that (no surprise here) help to illustrate the importance of the particular firm's technology.
So far this year we've had releases stating "virus infection remains biggest single cause of security incidents", that companies not doing enough to reduce identity theft and on staff misuse of the internet. In the two weeks before the show at least three more releases can be expected, if what happened in 2004 is anything to go by, leaving a the press corps with little enthusiasm for writing about the main launch.
It's the information technology equivalent of releasing six different trailers to promote a movie. Please, someone, make it stop!
Not wishing to pre-empt the survey myself I'll make a small bet that it will conclude that hackers are costing UK business millions and that security incidents are on the rise. This is probably a fair reflection on the situation on the ground but just once I'd like to see a survey that said some aspect of security incidents had dropped in recent times. After all, hard working sys admins need some encouragement every now and again that their labours are not in vain.
It would be remiss of us not to mention public transportation or toilets in this pre-show blog [report - Ed]. London's Olympia is a tricky place to get to outside of rush hours, when a handy shuttle service runs from Earl's Court. Outside of these times London transport advises passage via Hammersmith or West Kensington. Typically people coming in from central London have to change three times and hop on at least one bus.
Of course for the real security freak the very idea of using an Oyster card is an anathema. They'll cycle to Olympia or, better still, take a ride in the trunk on an unmarked car.
And when they're there they'll doubtless want to use the conveniences. Olympia boasts at least three toilets on its ground floor. Unfortunately they're not particularly well marked and all located on the ground floor, a tedious slog away from most of the opportunities for free booze, which tend to happen on Olympia's first floor.
The toilets, once you find them, are well above the standard you'd likely find at most Championship grounds but all in all it's not a satisfactory arrangement. Diagonal Security's usual plan - camp out in a nearby pub and have the world come to you, rather than braving Olympia itself - has much to commend it.
Whatever happened to the likely lads
All this might make you think I'm not looking forward to Infosec. Nothing could be further from the truth. Since moving over to Spain in January the show will be my first opportunity to meet up with key contacts and share a beer. They'll be plenty of talk about defending systems beyond the perimeter, the ethics of security disclosure and malware evolution, no doubt. But what I'm really looking forward is the opportunity to spend time in an environment where law enforcement officials and hackers rub shoulders.
Perhaps it's too much to expect an incident like the arrest of infamous hacker Fluffi Bunny at Infosec three years ago but let's hope for an interesting show nonetheless. ®