Celebrating a decade
of guiding security
professionals.
@Secure360 or www.Secure360.org
CISOs are from Mars
CIOs are from ...
CISOs are from Mars
CIOs are from Venus
Secure360
Tues. May 12, 2015 1:30P
bcaplin1@fairview.org
bc@bjb.org @bcaplin
http:...
http://about.me/barrycaplin
securityandcoffee.blogspot.com
@bcaplin
Fairview Overview
• Not-for-profit established in 1906
• Academic Health System since 1997
partnership with University of ...
Who is Fairview?
A partnership of North Memorial and Fairview
6
Different worlds
The Sword of Anti-Virus
7
The Light Saber of Endpoint Protection
8
The Shield of Next-Gen Firewall
9
Next Gen
Firewall
The Scepter of IT Budget
10
The Cloud of…
11
Different worlds – reporting structure
CISO reports to CIO
• Security overruled?
CISO reports to {CRO, CEO, CxO}
• Visibil...
Different
languages
13
• Nation States
• Hacktivists
Threats
• Malicious attackers
• Malware
14
• Over-time;
over-budget
• Outsourcing
Confidentiality
• Protection of Data
• Minimum Necessary
15
What happens in the
boardroom, stays in
the boardroom
• Coherence of
financial data
Integrity
• Data in correlates
with data out
• Chain of custody of
log and forensic data
16
...
Risk
• Probability/Impact
of Threats
• Data Breach
17
• Not meeting
business needs
• Data Breach
IO
18
CIO
C
onsidering
nterim
pportunities
OSCI
19
CISOareer
s
ver
oon
Meet in the middle
21
Unite Against the
Common Enemy
22
Key Opportunities
Mobile/BYO(x)/Cloud
• Business pressure to use mobile/BYO
• Costs v SaaS
• Figure out the business use/n...
Key Opportunities
“V”OI
• Not just cost center
• CIO/CFO need budget justification
• Not just hard $
• Value:
Efficiency
...
Key Opportunities
Management – Vendor; Configuration;
Incident; Risk
• Security v IT definition
• Metrics and Measures
• E...
Key Opportunities
Lifecycle/SDLC
• Process for project efficiency
• Security requirements defined early
• Help meet comple...
Key Opportunities
Keep the auditors happy
• External/Internal/Financial
• Easier audits = less pressure on IT resources
• ...
Key Opportunities
Keep the board happy
• Good Communication
• Better opportunities and funding for all!
29
Good Things are sure to follow
30
http://about.me/barrycaplin
securityandcoffee.blogspot.com
@bcaplin
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from Venus
Upcoming SlideShare
Loading in...5
×

CISOs are from Mars, CIOs are from Venus

398

Published on

Most organizations have a CIO; many have a CISO. These key leadership positions often approach solutions differently and have different motivations. The CIO must deliver IT, automation, innovation and efficiency. The CISO is tasked with assuring adherence to security frameworks and regulatory standards, and protecting against, and responding to, vulnerabilities and incidents. These mandates can conflict. And often the CISO reports to the CIO. We will take a light-hearted look at questions including: What are the issues?; Are CISOs and CIOs from different planets?; Can we align to meet critical business needs, deliver value and protect the organization?

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
398
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Check out my about.me, with links to twitter feed and Security and Coffee blog.
  • CISO reports to CIO – Conflict of Interest? Security overruled?
    CISO reports to {CRO, CEO, CxO} - Visibility into IT?; Budget?
  • CISO - Protection of data; Minimum necessary
    CIO - What happens in the boardroom, stays in the boardroom
  • CISO - Data in correlates with data out; Chain of custody of log and forensic data; Coherence of financial data
    CIO - Transparency; Coherence of financial data
  • CISO – Probability/Impact of Threats
    CIO - Not meeting business needs
  • Solutions? Opportunities!
  • Mobile/BYOD/Cloud
    “R”OI
    Vendor Management
    Management – Vendor; Configuration; Incident; Risk
    Lifecycle/SDLC
    Monitoring
    Configuration management
    Incident Response
    Keep the auditors happy
    Keep the board happy
  • Check out my about.me, with links to twitter feed and Security and Coffee blog.
  • Transcript of "CISOs are from Mars, CIOs are from Venus"

    1. 1. Celebrating a decade of guiding security professionals. @Secure360 or www.Secure360.org CISOs are from Mars CIOs are from Venus Barry Caplin Tues. May 12, 2015, 1:30P
    2. 2. CISOs are from Mars CIOs are from Venus Secure360 Tues. May 12, 2015 1:30P bcaplin1@fairview.org bc@bjb.org @bcaplin http://about.me/barrycaplin http://securityandcoffee.blogspot.com Barry Caplin VP, Chief Information Security Officer Fairview Health Services
    3. 3. http://about.me/barrycaplin securityandcoffee.blogspot.com @bcaplin
    4. 4. Fairview Overview • Not-for-profit established in 1906 • Academic Health System since 1997 partnership with University of Minnesota • >22K employees • >3,300 aligned physicians  Employed, faculty, independent • 7 hospitals/medical centers (>2,500 staffed beds) • 40-plus primary care clinics • 55-plus specialty clinics • 47 senior housing locations • 30-plus retail pharmacies 4 2012 data •5.7 million outpatient encounters •74,649 inpatient admissions •$2.8 billion total assets •$3.2 billion total revenue
    5. 5. Who is Fairview? A partnership of North Memorial and Fairview
    6. 6. 6 Different worlds
    7. 7. The Sword of Anti-Virus 7
    8. 8. The Light Saber of Endpoint Protection 8
    9. 9. The Shield of Next-Gen Firewall 9 Next Gen Firewall
    10. 10. The Scepter of IT Budget 10
    11. 11. The Cloud of… 11
    12. 12. Different worlds – reporting structure CISO reports to CIO • Security overruled? CISO reports to {CRO, CEO, CxO} • Visibility into IT? • Budget? 12
    13. 13. Different languages 13
    14. 14. • Nation States • Hacktivists Threats • Malicious attackers • Malware 14 • Over-time; over-budget • Outsourcing
    15. 15. Confidentiality • Protection of Data • Minimum Necessary 15 What happens in the boardroom, stays in the boardroom
    16. 16. • Coherence of financial data Integrity • Data in correlates with data out • Chain of custody of log and forensic data 16 • Transparency • Coherence of financial data
    17. 17. Risk • Probability/Impact of Threats • Data Breach 17 • Not meeting business needs • Data Breach
    18. 18. IO 18 CIO C onsidering nterim pportunities
    19. 19. OSCI 19 CISOareer s ver oon
    20. 20. Meet in the middle 21
    21. 21. Unite Against the Common Enemy 22
    22. 22. Key Opportunities Mobile/BYO(x)/Cloud • Business pressure to use mobile/BYO • Costs v SaaS • Figure out the business use/need • Solve it! 24
    23. 23. Key Opportunities “V”OI • Not just cost center • CIO/CFO need budget justification • Not just hard $ • Value: Efficiency Improvements – service, capability Maturity Tool rationalization 25
    24. 24. Key Opportunities Management – Vendor; Configuration; Incident; Risk • Security v IT definition • Metrics and Measures • Example ITIL incident process meshes with Security event/incident/investigation process 26
    25. 25. Key Opportunities Lifecycle/SDLC • Process for project efficiency • Security requirements defined early • Help meet completion target 27
    26. 26. Key Opportunities Keep the auditors happy • External/Internal/Financial • Easier audits = less pressure on IT resources • Fewer findings = less hassle for CIO 28
    27. 27. Key Opportunities Keep the board happy • Good Communication • Better opportunities and funding for all! 29
    28. 28. Good Things are sure to follow 30
    29. 29. http://about.me/barrycaplin securityandcoffee.blogspot.com @bcaplin
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×