Asking the right questions: How can business managers and project leaders gain confidence in their site security?

How can non-technical business and project leaders have confidence that their Drupal sites are secure? What questions need to be asked and what answers should we look for when considering the amount of investment we want to make in securing our sites?

There's no question that security risks to our sites are growing every day while attackers are more sophisticated and determined. But security is a constant balancing act of budget vs risk. We all want perfect security but none of us have unlimited budgets.

While an almost constant security assault is the new normal, it's not as bad as it might at first seem. In this talk we'll walk through the various techniques and technologies we can deploy to protect our investments and insure against attacks. We'll start with the cheapest, easiest, and most effective options and work our way towards more complex solutions and we'll discuss potential costs and expected rewards.

At the end of this session, it is my hope that non-technical decision makers will be better equipped to understand how they can protect their project and their organisation. When discussing projects with their teams, they'll be more able to understand the tradeoffs and implications of these decisions.