Your SlideShare is downloading. ×
0
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Akamai CSO Andy Ellis Keynotes RSA Conference 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Akamai CSO Andy Ellis Keynotes RSA Conference 2013

1,111

Published on

View Andy's keynote slides or watch the video at the end: Mind over Matter: Managing Risk with Psychology Instead of Brute Force …

View Andy's keynote slides or watch the video at the end: Mind over Matter: Managing Risk with Psychology Instead of Brute Force

Learn more about Kona Security Solutions: http://www.akamai.com/html/solutions/kona-solutions.html

Learn more about Akamai's presence at RSA Conference 2013: http://www.akamai.com/html/ms/rsa_conference_2013.html

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,111
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Mind over MatterAndy EllisChief Security Officer@csoandy #RSAkamai
  • 2. The Problem: A Typical Business Risk Conversation Business Owner Security Here is my project. Here’s our ISO 27002 checklist of Is it safe? every mistake anyone’s ever made. Prove you haven’t. That’s really long. Can you fill it out for me? Sure. You have a bunch of esoteric risk here. Really? Is that a showstopper? If I say yes, you’re going to override me, aren’t you? And if I say no, I’m in trouble if this goes wrong...
  • 3. The Goal: Increasing Value
  • 4. Steady State: Security Value Balances Perceived Risk SECURITY VALUE PERCEIVED RISK Low perceived risk leads to lower resource investment! Low perceived capability leads to lower perceived risk!
  • 5. Peltzman Effect What your organization thinks it can get away with organization thinks Organizations People do. don’t think:
  • 6. People What Do Organizations Consider Risk? Lizards Business OwnerIs my P/L good? Will CEO I gain market share? Is this profitable? Sales CFO Can I meet my Is this a good allocation quota with this? of resources? Employees Security Will I have a job? Is this safe?
  • 7. Set-Point Theory Of Risk Tolerance SECURITY VALUE PERCEIVED RISK
  • 8. Unmitigated Risk Psychosis SECURITY VALUE PERCEIVED RISKA C T U A L R I S K* *not actually actual risk Attempts to leave residual risk may result in new risk budgets!
  • 9. Training Lizards SECURITY VALUE PERCEIVED RISKA C T U A L R I S K* Risk Management can be trained like any other muscle.
  • 10. Where Is Your Residual Risk? Business Owner CEOCompetitors are gaining. Products A & B are high Have to move faster! risk. C should be safer. Sales CFO That last product didn’t sell. You came in over budget. Are your I’ll sell something else. numbers accurate? Employees Security This business is unprofitable. Here’s our ISO 27002 checklist of Update my resume! every mistake anyone’s ever made. Prove you haven’t.
  • 11. Success: A Better Business Risk Conversation Business Owner Security Here is my project. I don’t know. Is it? Is it safe? Here’s how to think about Wait, what? safety. Do you think your product is safe? Ummm.... Great, glad to hear it. Here’s my assessment of Can you fix those outliers my risk. in your next release? I think this is reasonably safe.
  • 12. An Approach: How Do You Get Better?
  • 13. Takeaway: Improve Security Value Goal of any security program: dv/dt > 0 Beating your head against the wall: focusing on increasing resources. Goal: dr/dt > 0 A good security program wants to create surplus. Goal: dc/dt > 0
  • 14. Questions, Answers, and Pontifications Andy Ellis aellis@akamai.com @csoandy http://www.csoandy.com/

×