Surveillance was performed by putting people on the street and watching from parked cars and vans disguised at Bell Telephone service vehicles with portholes cut out for still cameras.

Removing the power from a computer not only results in lost volatile memory, much of which can be critical to a forensic investigation (and should be imaged), but also may lead the intruder to establish other points of entry.

The office of U.S. Senator Tom Coburn of Oklahoma found that 25 percent of approved disability claims should have never been approved and another 20 percent are highly questionable.

The Federal Communications Commission developed “Small Biz Cyber Planner 2.0” by teaming with members of the public and private sector, including the Department of Homeland Security, the National Cyber Security Alliance and the Chamber of Commerce.

Travel risk mitigation plans should protect all employees, including travelers, expatriates and emerging market employees, and there should be a focus on Duty of Care. The plans should include clear and comprehensive policies governing business travel as well as the ability to locate and communicate with travelers within minutes of a significant event.

Once the risk matrix has been populated, management must then prioritize the risks and determine which are the most critical to the viability, survivability and resilience of the enterprise. When that prioritization has been completed, various functions within the organization can be tasked to design the appropriate solution for the risk involved.

By screening a provider for these qualities, you’ll accomplish much more than a manager who simply wants to “check the box” and get it over with. You’ll walk away knowing participants are getting the training that’s right for them, not an endless sea of faceless masses.

New this year is that all participating enterprises have the option to be included in the Security 500 rankings numerically or to be listed alphabetically. We have made this change to allow those concerned with numerical rankings to be included and recognized among the best security leaders in the world.

Perhaps the most valuable learning from this panel was that there is not and may never be a “one size fits all” solution for our industry. While there are many economic and operational advantages to a single provider, there are also some risks associated with this model.

The concept of remote decision making, while necessary in 2000, is not necessary today. Let’s use the significant security and power of existing IT networks, let it all be managed by IT and let security get back to their primary job, deciding who should get in and responding to those who should not.