Double entry accounting is a practice that forms the foundation of present-day bookkeeping and accounting. When the methodology was discovered, it revolutionized finance. Could a similar practice work for cybersecurity? This session will walk through ways that you can (and unknowingly already have) implemented a form of double entry accounting that can help you revolutionize your security program.
Double entry accounting (DEA) is a practice that forms the foundation of present-day bookkeeping and accounting. When the methodology was discovered, it revolutionized finance. Could a similar practice work for cybersecurity?
In this session, I’ll walk through many ways that we can (and unknowingly already have) implemented a form of DEA. For example, consider CMDBs vs logging systems. I’ll show how these two systems could serve on opposite ends of a balance sheet. This will also dive into a deeper understanding of what is an “asset” versus a “liability”. In cybersecurity, we talk often of “asset management” but what we really do is “liability management”. Properly characterizing what is truly an “asset” will help us in minimizing our liabilities.
I’ll also talk about managing expectations with respect to the accuracy of this system. For example, despite rigorous and well honed methods in finance, we still don’t always perfectly balance our books. We expect some degree of fraud and shrinkage that result in discrepancies. However, in security, we often have an unreasonable expectation that our books are perfectly balanced.
Sounil Yu is the CISO and Head of Research at JupiterOne. He created the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He's a Board Member of the FAIR Institute; is a visiting fellow at GMU Scalia Law School's National Security Institute; guest lectures at Carnegie Mellon; and advises many startups. Sounil previously served as the CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America. Before BofA, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security in 2020 by Security Magazine, Influencer of the Year in 2021 by SC Awards, a 2021 Top 10 CISO by Black Unicorn Awards, and for Lifetime Achievement in 2022 by the SANS Institute. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University.