Your SlideShare is downloading. ×
0
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

3 Executive Strategies to Reduce Your IT Risk

291

Published on


Do you want to know how ‘best-of-breed’ enterprises prioritize their IT risk? Join Richard Mason, Vice President & Chief Security Officer at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out ‘how’ and ‘why’ you can make security a prioritized function within your organization.

Join this expert panel webcast to learn how to:
1)Understand your business audiences and evaluate their risk tolerance
2)Leverage reputation management services that are appropriate for your organization
3)Utilize realistic change management to secure prioritized data depositories

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
291
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 3 Executive Strategiesto Prioritize Your IT Risk• Roger A. Grimes• Rich Mason• Pat ClawsonPROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION1
  • 2. Today’s AgendaHow to Evaluate Risk ToleranceLeveraging Reputation Management ServicesHow to Secure Prioritized Data DepositoriesRecommendations
  • 3. 3Rich MasonVP & Chief Security OfficerHoneywellPat ClawsonChairman & CEOLumensionRoger A. GrimesSecurityConsultant, Author andColumnistToday’s Panelists
  • 4. How to Evaluate RiskTolerance
  • 5. False understanding of risk tolerance:» IT and management accepts little to no riskor» Only accepts risks that do not lead to compromiseof critical assetsHow to Evaluate Risk Tolerance
  • 6. The Truth:» Every company accepts some level of risk» Too expensive to eliminate all risks» Acceptable risk is not even across all asset classes» Security is not just a technology problem» What is the acceptable risk tolerance?How to Evaluate Risk Tolerance
  • 7. “It’s a boardroom issue”» Let senior management be the risk deciders» IT should supply the facts so senior managementcan make the best decisions» Real life: Picking battles vs. productivity,prioritizing, making choices, and then followingthroughHow to Evaluate Risk Tolerance
  • 8. » Compliance does not always equal security» Checklist security doesn’t always equal security» All security solutions will have weaknessesHow to Evaluate Risk Tolerance
  • 9. How to Evaluate Risk Tolerance» Must know your threats and risks» Job #1 is Inventory: What assets are you protecting• Not as easy as it first appears» Who is attacking you and why?» Malware, APT, DDoS, Financial gain, etc.• History is a great indicator of future attacks» Attacker personas
  • 10. How to Evaluate Risk Tolerance» Not all assets and data should be protectedequally» What are your “golden egg” assets?» Often defined by physical assets» Better to define by application, service, anddatabase» Must consider all the supporting infrastructure• Often contains your most valuable data
  • 11. Leveraging ReputationManagement Services
  • 12. Leveraging Reputational Mgmt. Services» In the real world, we often rely upon a person orcompany’s reputation before we interact with them» Same concept is becoming more true in the digitalworld» Another way to say it is “trust” or assurance
  • 13. Leveraging Reputational Mgmt. Services» We should allow greater access and haveless investigative controls on processesand users we trust more
  • 14. Leveraging Reputational Mgmt. ServicesExamples» Content FilteringInspection» PKI and Digital Certificates» Trusted Publishers/Application Trust vs Reputation
  • 15. How to Secure PrioritizedData Depositories
  • 16. How to Secure Prioritized Data Depositories» You can’t secure everything equally, so betterprotect your most valuable assets» Inventory» Identify owners» Identify related infrastructure» Identify threats and risks to all involved assets» Build strong controls for these assets
  • 17. How to Secure Prioritized Data Depositories» Two-factor authentication» Separate networks» Separate forestdomains» Computer hardening» Computer and port isolation» Faster patching» Less access to the Internet and other systems» Strong auditing and alerting
  • 18. Recommendations
  • 19. Recommendations» Clearly define your critical infrastructure» Work with end users and with senior managementto set risk tolerances» Communicate the possible threats» Focus on Attack Vectors, Not Malware FamilyNames» Don’t try to protect everything equally» Plan for security control failure» Plan for unequal application of controls and gaps
  • 20. Recommendations» Measure and Improve Consistency» Create Reports With Actionable Metrics
  • 21. Questions?

×