• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
484
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
8
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • What brought you here?Role?Interest?The title?Let me tell you about the title… Luke DruryI thought it was hilarious… till I thought it was sad.http://www.flickr.com/photos/jordandelion/4370518981/
  • We’re spending a lot of time saying no to our customers, aren’t we?This is a problemhttp://www.flickr.com/photos/markdodds/5125418883/
  • The reputation is a bad one to have.The No attitude, or at least an undeserved reputation is a huge problem.It gets in the way of our effectivenesshttp://www.flickr.com/photos/amylovesyah/4444095375/
  • But I’m not here to feed you a bunch of fluff. We’re talking about requirements, today.http://www.flickr.com/photos/andrewmalone/5163291500/
  • As an Information security professional, truth is that you are an excellent defender of NASA… if you can pull off a magical balancing act.http://www.flickr.com/photos/dunechaser/142079765/
  • If you say No as a reflexhttp://www.flickr.com/photos/markdodds/5125418883/
  • Now,it might go a bit too farhttp://greatfirewallofchina.org/index.php?siteurl=http%3A%2F%2Fnews.yahoo.com%2F
  • It could have an impact on the missionhttp://www.flickr.com/photos/repoort/2645497916/
  • Think about what exactly you are saying no to.Are you responding directly to a specific request?“I want administrator rights on this machine!”Do you ask them why, or kneejerk “NO!”What are some other ridiculous requests that you get?http://www.flickr.com/photos/xurble/376588066/
  • Let’s talk about the people you work with http://www.flickr.com/photos/kaptainkobold/5181464194/
  • What are they trying to do? Do you even know? Have you asked? Do they build satellites? Do they run a training and education center?Do they make sure the bills get paid?L’Enfant’s Plan for DC
  • They are a component of the system that is NASA GSFCWhat they need from you is assurance that they can do their jobs safely.http://www.flickr.com/photos/contemna/5272576625Heather Diehl
  • So your people work on marvelousthings, complex thingsDealing with complex people, processes and requirements of their own, in order to contribute to even greater, more complex thingshttp://www.flickr.com/photos/contemna/5725291684/Heather Diehl
  • See the person, and what problem they are trying to solve.How does IT Sec enable them?http://www.flickr.com/photos/contemna/5273189110Heather Diehl
  • You are part of this. Think back to the basics….What are the 3 components of Information Security?ConfidentialityAccessibilityIntegrityhttp://www.flickr.com/photos/joelogon/346368521/
  • So, if they present you with a request don’t forget to look beyond confidentiality…have you asked what they are trying to accomplish? What problem they are trying to solve?Or are you comfortable not understanding? You should be aware that not understanding their role in the greater context actually introduces risk of its own.http://www.flickr.com/photos/askpang/5402492304/
  • Because you can offer alternatives. Ones that meet security requirements, and integrate with the constraints of our environment… But you can only do that if you start to look beyond “No” into the land of “Perhaps”http://www.flickr.com/photos/contemna/5272578725Heather Diehl
  • With knowledgeable questions, you can break down defensive postures… Find out what their needs actually are.Maybe the prickliness perceived by each side isn’t actually true.Who is the defensive hedgehog?http://www.flickr.com/photos/swamibu/1937158223/
  • Be careful about that reflexhttp://www.flickr.com/photos/markdodds/5125418883/
  • Do you want the relationships to be better? Assume noble intent on their part. Go in with noble intent yourself.Don’t sabotage the relationship from the start.Start asking “What are you wanting to do”http://www.flickr.com/photos/screenpunk/2421689164/
  • You may find that sometimes what looks like anger [and hostility], is actually pasta.http://www.flickr.com/photos/mrwalker/428510520/
  • Old habits die hard. On both sides.If you’ve made yourself an obstacle to completing their work, your customers have gone, and will actively continue to go around you, ultimately creating more risk.http://www.flickr.com/photos/davidmoisan/3153441857/
  • Remember that badgering gets you nowhere.Don’t get caught up in personal battles. Just because you are being more mission-focused, doesn’t mean that the atmosphere around you will change overnight.Badgers: Original flash animation: http://www.weebls-stuff.com/wab/badgers/Know Your Meme: http://knowyourmeme.com/memes/badger-badger-badger
  • Because they just want to do their work.http://www.flickr.com/photos/gsfc/4954529973/
  • So, how do you see the people and their requirements in the organization? http://www.flickr.com/photos/mac_filko/5491559690/
  • While most have same basic requirements, their individual roles sometimes come with a not-so common set of additional IT requirements.They must use a legacy program that wants to write it’s data to the Program Files folder… that you could redirect outside of the folder…Sound familiar?http://www.flickr.com/photos/aaron_anderer/4093181371/http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2FD253711
  • Anyone want have a similar story to share that has information that could be reused? Successful strategies?http://www.flickr.com/photos/westfieldma/31590231/
  • The more personally invested you become, the easier it is to do these things:Asking “How can I help?” “what are you trying to do?”Have you made yourself part of their mission?Do you know it?Are excited by it?Are *curious* about it?Are you proud to be part of it?If you aren’t, why not?http://www.flickr.com/photos/dunechaser/250617151/
  • The way you are treated will likely change, tooYou get to demonstrate your knowledgeYour competenceYour analytical abilityYou are a valuable professionalhttp://www.flickr.com/photos/donsolo/1344386562/
  • Because your security role significantly helps them to be more effective.This is NASA. The response of NO has a different meaning here. We do impossible things. http://www.flickr.com/photos/28476480@N04/4548378501/
  • The fact that you careAbout their workAnd their success.You become a trusted part of the team.Yes, it is “My Little Pony: Friendship is magic”. I’m going to love and tolerate the $&*! out of you. Deal.

Transcript

  • 1. I’m not happy ‘till you’re not happy
    http://www.flickr.com/photos/jordandelion/4370518981/
  • 2. http://www.flickr.com/photos/markdodds/5125418883/
  • 3. I’m not happy ‘till you’re not happy
    Building better Information Security relationships
    Heather Diehl, PMP | Enterprise Architecture | ITCD, 702
    Information Assurance @Goddard
    June 27, 2011
    http://www.flickr.com/photos/amylovesyah/4444095375/
  • 4. http://www.flickr.com/photos/andrewmalone/5163291500/
  • 5. http://www.flickr.com/photos/dunechaser/142079765/
  • 6. http://www.flickr.com/photos/markdodds/5125418883/
  • 7.
  • 8. http://www.flickr.com/photos/repoort/2645497916/
  • 9. http://www.flickr.com/photos/xurble/376588066/
  • 10. http://www.flickr.com/photos/kaptainkobold/5181464194/
  • 11.
  • 12. My photo. Thanks!
  • 13. My photo. Thanks!
  • 14. My photo. Thanks!
  • 15. http://www.flickr.com/photos/joelogon/346368521/
  • 16. http://www.flickr.com/photos/askpang/5402492304/
  • 17. My photo. Thanks!
  • 18. http://www.flickr.com/photos/swamibu/1937158223/
  • 19. http://www.flickr.com/photos/markdodds/5125418883/
  • 20. http://www.flickr.com/photos/screenpunk/2421689164/
  • 21. http://www.flickr.com/photos/mrwalker/428510520/
  • 22. http://www.flickr.com/photos/davidmoisan/3153441857/
  • 23. http://www.weebls-stuff.com/wab/badgers/
  • 24. http://www.flickr.com/photos/gsfc/4954529973/
  • 25. http://www.flickr.com/photos/mac_filko/5491559690/
  • 26.
  • 27. http://www.flickr.com/photos/westfieldma/31590231/
  • 28. http://www.flickr.com/photos/dunechaser/250617151/
  • 29. http://www.flickr.com/photos/donsolo/1344386562/
  • 30. http://www.flickr.com/photos/28476480@N04/4548378501/
  • 31.
  • 32. Upcoming IA@G Events
    Certified or Certifiable
    State of the Hack
    And… ZOMBIEFEST 2011
    Sign up for the IA@G mailing list
  • 33. LATE OCTOBER