Information Security for Business Leaders
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Information Security for Business Leaders

on

  • 747 views

 

Statistics

Views

Total Views
747
Views on SlideShare
734
Embed Views
13

Actions

Likes
0
Downloads
50
Comments
0

4 Embeds 13

http://www.jurinnov.com 6
http://jurinnovtest.com 4
http://www.linkedin.com 2
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • May: http://www.monstersandcritics.com/people/news/article_1636433.php/Hackers-steal-X-Factor-detailsApril: http://news.cnet.com/8301-31021_3-20057577-260.htmlMarch: http://www.scmagazineus.com/google-remotely-killing-android-malware/article/197794/Feb: http://www.scmagazineus.com/trojan-steals-session-ids-bypasses-logout-requests/article/196816/January: http://www.depositaccounts.com/blog/2011/01/malware-on-laptop-caused-security-breach-at-penfed.htmlhttp://www.msnbc.msn.com/id/41059570/ns/technology_and_science-security/
  • May: http://www.monstersandcritics.com/people/news/article_1636433.php/Hackers-steal-X-Factor-detailsApril: http://news.cnet.com/8301-31021_3-20057577-260.htmlMarch: http://www.scmagazineus.com/google-remotely-killing-android-malware/article/197794/Feb: http://www.scmagazineus.com/trojan-steals-session-ids-bypasses-logout-requests/article/196816/January: http://www.depositaccounts.com/blog/2011/01/malware-on-laptop-caused-security-breach-at-penfed.htmlhttp://www.msnbc.msn.com/id/41059570/ns/technology_and_science-security/
  • Risk and compliance budget: 2011 Risk and Compliance Outlook report from McAfee 65% stat from Fierce CIO. http://www.fiercecio.com/story/security-business-decision/2008-01-24Government cyber security budget: http://www.computerworld.com/s/article/9209461/Obama_seeks_big_boost_in_cybersecurity_spending?taxonomyId=82

Information Security for Business Leaders Presentation Transcript

  • 1. Information Security for Business Leaders
    JurInnov, Ltd.
    May 24, 2011
  • 2. Who Are We?
    JurInnov helps organizations…
    • Apply technology to optimize electronic discovery
    • 3. Collect and uncover evidence
    • 4. Better protect, manage and track electronic information
    …and relax a little
  • 5. Who Wants a Crisis Anyway?
    Respond to a breach
    Computer Forensics
    Prevent the breach
    Information Security
  • 6. Threats to our businesses
    Approach to Information Security
    Business integration
    Creating the culture
    Making it happen
    Trade-offs
    Take-Aways
    Today’s Discussion
  • 7. In the News
    April 2011 – Sony Corp. data breach, 100 million PlayStation network accounts
    Wall Street Journal, May 18, 2011 – “Sony Corp Chief Executive Howard Stringer said he can't guarantee the security of the company's videogame network or any other Web system in the "bad new world" of cybercrime.”
    “… maintaining security is a ‘never-ending process’ and he doesn't know if anyone is 100%.”
  • 8. In the News
    Third Parties
    April 4, 2011 – Over 2500 companies who used Epsilon’s marketing services had to inform customers that their data system was exposed to unauthorized entry.
  • 9. Facts and Figures
    • Average breach costs $214 per record
    • 10. Average organizational cost $7.2 million per incident
    • 11. The Ponemon Institute Study, March 18, 2011
    • 12. Risk and compliance budgets expected to increase by 21% in 2011
    • 13. McAfee 2011 Risk and Compliance Report
  • $548 million
    Facts and Figures
    The US government is increasing cyber security R&D by 35% to $548 million next year
    Fierce CIO, January 16, 2011
    More organized outside attacks
    More pervasive inside misuse
    Computerworld, February 15, 2011
  • 14. The Security Triad
    Information
    Security
    Confidentiality
    Availability
    Integrity
  • 15. Threats
    Impacts
  • 16. Business Integration
    InfoSec
    Strategy
    Business
    Strategy
    • Priorities
    • 17. Roles and responsibilities
    • 18. Targeted capabilities
    • 19. Specific goals (timeframe)
    • 20. Core values
    • 21. Purpose
    • 22. Capabilities
    • 23. Client promise
    • 24. Business targets
    • 25. Specific goals
    • 26. Initiatives
    • 27. Action items
    • 28. Assignments and accountabilities
  • Creating the Culture
    Monitoring, measuring and reporting
    Integrating with business metrics
    Weekly management meetings
    Monthly dashboard review with employees
    Quarterly goals met
    Team rewards
  • 29. Creating the Culture
    Incenting the behavior
    Assignments and accountabilities
    Personal contribution reports
    Performance reviews
    Daily interactions with team members
    New system and process deployment
  • 30. Making it Happen
    Ask where are we today?
    High level survey – taking the pulse
    Assessment
    Define and communicate expectations
    Company policies
    Employee training
    Third party contract requirements
    (what about the Cloud?)
  • 31. Making it Happen
    Implement changes
    Workflow (make it easy)
    Technology
    Physical
    Ask how are we doing?
    Checkpoints
    Audits
  • 32. Trade-offs
    • Productive
    • 33. Responsive
    • 34. Agile
    • 35. Cost-effective
    • 36. Reasonable to use (vs. annoying)
  • Trade-offs
    • Client data
    • 37. Trade secrets
    • 38. Product details
    • 39. Competitive advantages
    • 40. Employee information
    • 41. Websites
    • 42. Blogs
    • 43. Social networking
    • 44. Employee “break time”
    • 45. Twitter
    • 46. Facebook
    • 47. LinkedIn
  • Trade-offs
    TRANSFER
    AVOID
    ACCEPT
    Cost to Secure
    MITIGATE
    DEPENDS
    Impact
    (Probability * Loss)
  • 48. Take-Aways: Build in Security
    • Integrate with business strategic planning
    • 49. Confirm workflows make good practices easy
    • 50. Know the impact of new systems/processes
    • 51. Know the impact of system/process maintenance
    • 52. Confirm mobile computing addresses risks
  • Take-Aways: Create the Culture
    • Demonstrate that security is critical
    • 53. Challenge assumptions of security
    • 54. Ask about the risks
    • 55. Monitor, measure, report
    • 56. Hold everyone accountable
    • 57. Reward behaviors
  • Take-Aways: Make it Happen
    • Take a quick pulse
    • 58. Maintain up to date security policies
    • 59. Keep security “top of mind”
    • 60. Debrief projects including security focus
    • 61. Maintain good asset management
    • 62. Plan Do Check Act
  • Take-Aways: Some Specifics
    Access
    • Server audit logs are turned on and retained
    • 63. Firewall firmware is up to date
    • 64. Mobile devices are properly encrypted
  • Take-Aways: Some Specifics
    Business continuity
    • Key systems have uninterruptable power supplies
    • 65. Backups tested regularly
    • 66. Disaster recovery plans in place
    • 67. Business continuity testing for key systems
    • 68. System maintenance as scheduled
  • Take-Aways: Some Specifics
    Application security
    • Security patches up to date
    • 69. No unauthorized programs installed
    • 70. Corporate applications have up to date security reviews
    • 71. Antivirus software installed
    • 72. Virus definitions up to date
  • Take-Aways: Some Specifics
    Security governance
    • Configuration changes approved prior to implementation
    • 73. Incidents handled by incident response plans
    • 74. Media sanitized before being reused or disposed
    • 75. Systems have documented security controls
  • Take-Aways: Some Specifics
    Security awareness
    • Password procedures
    • 76. Data storage procedures
    • 77. Mobile computing
    • 78. Software security practices
    • 79. Email security practices
  • For More Information
    JurInnov Ltd.
    1375 Euclid Avenue, Suite 400
    Cleveland, OH 44115
    1.216.664.1100