March 25, 2014
I would have thought that key issues like compliance (PCI DSS, HIPAA, etc) vs. security should be included in the discussion as the Target, Neiman Marcus, and other breaches point out that corporations are relying on compliance vs pursuing more active security. Likewise, the question of incident response effectiveness should also be called out to drive a discussion beyond "Time to detect" a threat to "Time to respond" to a threat. If the experts are right and it's only a question of "when" you'll be breached, each panelist section should dedicate time to discussion on the people, process, and technologies involved in responding to detected breaches.
In terms of consumer impact, confidence in the breach-response cycle comes in two parts: Time to detect, and Time to respond. If there is any hope in boosting the confidence in consumers and the general public, it's that time and focus needs to be spend not only on detection, but on the response. That includes disclosure and breach timelines, accountability and consumer rights, incident response planning, and even the use of automated incident response technologies for shortening the time to lock down a detected breach.
There's a good article with touches on several of these issues out
today, 3/25 --
http://searchsecurity.techtarget.com/news/2240216853/Advanced-threat-detection-products-yet-to-earn-trust-of-enterprises