Douwe Pieter van den Bos Practical insights in the day-to-day routine of an information security officer
How to be realistic about information security and don’t stress out. Practical tips that will help any organization.
Practical insights in the day-to-day routine of an information security officer
1. Practical insights in the
day-to-day routine of an
information security officer
How to be realistic about information security and don’t stress out.
Practical tips that will help any organization.
3. Information Security Management
Plan
Do
Check
Act
• Risk Appetite
• Maturity
• Risk Analysis
• Secure Software Development
• Project Management
• Security Advise
• Security Testing
• Security Audits
• Red-teaming
• Risk Management
• Improvement Planning
4. Information Security in a fast moving world
Gaining threads
Legislation
Privacy concerns
Customer awareness
Information Security is
becoming a larger issue
for all organizations,
including Oracle
customers.
5. Risk Maturity
Ad Hoc Opportunistic Systematic Managed Optimized
Plan
Do
Check
Act
10. Secure Software Development
Best Practices
Plan
Do
Check
Act
https://www.ncsc.nl/dienstverlening/expertise-advies/
kennisdeling/whitepapers/ict-beveiligingsrichtlijnen-voor-webapplicaties.
html
http://www.oracle.com/technetwork/topics/entarch/itso-165161.html
http://www.nist.gov/cyberframework/
http://www.cip-overheid.nl/downloads/grip-op-ssd/
11. Security Advices Plan
Do
Check
Act
https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/
beveiligingsadviezen
12. Learn and Act Fast! Plan
Do
Check
Act
An audit is not scary. It’s just a quick
way to investigate what you’re
doing right and where you might
improve.
14. Who is the owner of risk?
http://www.taskforcebid.nl/producten/instrumenten-informatieveiligheid/
Plan
Do
Check
Act
15. Risk Management
Risk
Low costs Low impact / chance
Quick Win Plan Accept
Just do it.
These risks are
easily
mitigated. Low
cost, despite of
the impact or
chance.
Make a project
out of it. You
will have to
plan and
prioritize.
The impact is
so low, or the
chance of
occurrence is
so low that you
can decide to
accept the risk.
Plan
Do
Check
Act