• Save
James Beeson SOURCE Boston 2011
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

James Beeson SOURCE Boston 2011

on

  • 1,542 views

Bridging the Gaps and Preparing for the Future!

Bridging the Gaps and Preparing for the Future!

Statistics

Views

Total Views
1,542
Views on SlideShare
1,526
Embed Views
16

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 16

http://www.secdocs.org 16

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

James Beeson SOURCE Boston 2011 Presentation Transcript

  • 1. BRIDGING  THE  GAPS  AND  PREPARING  FOR  THE  FUTURE!   James  Beeson   Chief  Informa0on  Security  Officer   April  20,  2011  
  • 2. We  Are  Figh0ng  The  Same  BaCle!  Same  Risks   •  Business  Disrup0on   •  Unauthorized  Access   Don’t  Reinvent  the  Wheel   •  Data  Leakage/Loss   Collaborate   Use  Exis0ng  Frameworks   •  Data  Integrity  Issues   ISO  27001   •  Regulatory  Non-­‐Compliance   COBIT   NIST  Standards   Similar  Threats   •  Mistakes/Accidents   •  Organized  Crime  (APT)   •  Vulnerabili0es  (SW/HW/NW)   •  Unauthorized  SoVware   •  Social  Engineering  (Phishing)  
  • 3. CIO  &  CISO     Roles  Similar  •  Need  to    understand  what  the  business  does  •  How  does  technology  enable  the  business  processes  •  Branding  and  marke0ng  for  the  cause  •  Evangelist  for  the  profession  and  importance  •  Salesperson  to  get  things  accomplished  •  Leader  to  mo0vate  people  to  do  the  right  thing   Aren’t  We  All  Just  Used   Car  Salespeople?  
  • 4. Mix  of  Technical  Exper0se  and  Leadership   Informa0on  Security  Technical  Exper0se   •  CISSP  (Cer0fied  Informa0on  Systems  Security  Professional)   •  CISA  (Cer0fied  Informa0on  Systems  Auditor)   •  CRISC  (Cer0fied  in  Risk  and  Informa0on  Systems  Control)   •  CISM  (Cer0fied  Informa0on  Security  Manager)   Leadership   •  Team  Building  and  Mo0va0on   •  Effec0ve  Speaking  and  Presenta0on  Skills   •  Hiring  and  Management  Skills   •  Style  Flex  –  Understanding  Mo0va0on   •  CAP  (Change  Accelera0on  Process  Training)   •  ITIL  (Informa0on  Technology  Infrastructure  Library)    Skills   •  Six  Sigma  or  similar  Quality  Training  
  • 5. Just  Say  “Yes”  Approach   •  Works  BeCer  than  Chicken  LiCle  or  FUD   •  ShiVs  the  Ownership/Burden  of  Risk   •  As  They  Say  “It’s  All  In  The  Spin”   •  Push  for  Data  Driven  Decisions   IT  and  CISO     DO  NOT     Own  the  Risk!  
  • 6. KNOW  THE  2  MINUTE   ELEVATOR  SPEECH   Key  OperaAng  Elements  Top  Risks      InformaAon  Security  Risk  Management  Data  Leakage/Loss      IdenAty  Management  (Access  Control)  Unauthorized  Access      Monitoring  &  Incident  Response  Business  Disrup0on  Data  Integrity  Issues   Strategic  Approach  Regulatory  Non-­‐Compliance      Strong,  Simple,  Risk  Based  Policies  Top  Threats  Phishing  (Social  Engineering)      Layered,  Measurable  Approach  Unauthorized  SoVware      Ongoing  Risk  Assessment  &  Quick  IR  Organized  Crime  (APT)  SW/HW/NW  Vulnerabili0es      Con0nuous  Educa0on  and  Awareness  Mistakes/Accidents   Tarnished  Brand  Name   DRIVES     Revenue  Loss   Added  Costs  (regulatory  fines)  
  • 7. Security  is  an  Enabler  to   Compliance  and  Reducing  Risk  •  Leverage  Compliance  and  Legal  •  Take  Advantage  of  Opera0onal  and  Business   Risk  Knowledge  •  Mix  Training,  Educa0on,  and                         Communica0ons  •  Embed  Security  in  Technology                                                   and  Business  Processes  •  ShiV  from  Slowing-­‐Down  to  Enabling  
  • 8. Measurement  Drives  Behavior   As  Lord  Kelvin  once  said      “If  You  Can’t  Measure  It,  You  Can’t  Improve  It”  Typically  Improvement  is  Measured  by:  <Reduced  Cycle-­‐Time  <Reduced  Cost  <Reduced  Defects   Key  Takeaways   •  Schedule  Recurring  Reviews   •  Know  Your  Audience   •  Tie  Improvement  Metrics  to  Performance   •  Don’t  Reinvent  the  Wheel   •  Automate  and  Define  Clear  Ownership   Threat  x  Opportunity  =  Risk  
  • 9. Trends  •  I  Don’t  Buy  Your  Shoes,  Why  Would  I  Buy  Your  PC  •  Cloud  is  the  Preferred  Way  to  Manage  Data  •  Conundrum  -­‐  Digital  Na0ves  vs  Baby  Boomers  •  Power  Portability/Mobility  with  No  Perimeter  •  Organized  Crime  (APT)  is  “Big  Business”  •  Focus  on  Compliance  Not  Security  Posture  •  Social  Engineering  Rules  –  An  Educa0on  Issue  
  • 10. Things  That  Make  You  Go  Hmm  •  2  Billion  People  Internet  Connected  •  YouTube  >2B  Views/Day  •  Over  22  Billion  Tweets  in  2010  •  Facebook  –  Worlds  3rd  Largest  Country  •  Over  100  Million  Users  on  LinkedIn  •  Internet  Background  Check  Common  •  Tex0ng  &  Apps  Overtake  Voice  •  PC’s/Laptop’s  Dropping  in  Sales  •  1/5  Marriages  from  Internet  Da0ng  
  • 11. Summary  •  Figh0ng  the  Same  BaCle  –  Leverage  Everyone!   –  Risks  are  basically  the  same  •  Know  Your  Business  –  Become  an  Enabler   –  Reduces  the  “Hindrance”  factor  •  CIO  and  CISO  Roles  are  Similar   –  Aren’t  we  all  just  Salespeople  •  Measurement  Drives  Behavior   –  “If  you  can’t  measure  it,  you  can’t  improve  it”  •  Digital  Na0ves  versus  Digital  Immigrant   –     Helping  to  “Bridge  The  Gap”  
  • 12. QUESTIONS?  Contract  Informa0on:  Email:  James.Beeson@GE.com  Telephone:  01  203  205  5450