Your SlideShare is downloading. ×
0
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Security Governance - Trends and Ideas
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security Governance - Trends and Ideas

461

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
461
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. Emerging Trends in Security Governance: Making Security a Business Success Daniel J Blander, CISM,CISSP
  2. [ agenda ] [ challenges ] [ why ] [ emerging changes ]
  3. [ challenges ] How many of you struggle to get management and users to take part in security? Do they seek out your advice? Do they follow policy? Do have their respect?
  4. [ challenges ] How consistent is your security posture?  Policies  Risk Management & Planning  Security Organization  User Awareness  System Security  Network Security  Physical Asset Security  Operational Security  Monitoring  User Access  Legal Due-Diligence
  5. [ challenges ] How good is your organization’s security awareness?
  6. [ why ] Security is driven by: • Company & Stakeholder awareness of risk • “Its never happened to us before” • Prevalent focus on: Profit, Cost, Opportunity
  7. [ why ] Security is Only for Computers • Network Security Manager • IT Security Manager • IT Compliance • CIO = Chief IT Officer • 67% of Information Security is driven by IT • 81% of Security Policies are written exclusively by IT
  8. [ why ] Security is a Cost Center • Security does not generate revenue • Security is restrictive • Security stops us from doing things The result: • Security is marginalized • Security is the first to be cut
  9. [ why ] How did we get here? • Self Inflicted Wounds • Techno-babble • Fear mongering – FUD & Hype • Troublesome list of risks that never happen • Unfulfilled Prophecies • Companies did not fail after a breach • TJX – stock up 50% one year later
  10. [ change ] Create a shared Governance Function • Involve business stakeholders • Address all department’s needs for Confidentiality, Integrity, and Availability • Discuss strategic issues • Talk about opportunities and company future Result: • Unified awareness, vision and effort • Awareness and consistency across the business
  11. [ change ] HR Finance Sales Security IT Steering Legal Committee
  12. [ change ] Coach the Team Have clear goals • Aligned with business goals • Make the meeting meaningful with take away info and tasks • Make subject matter relevant. Do not let one area grab all the focus • Risk across all business areas • Risk of all types
  13. [ change ] Security as “Business Risk Management” • Information Protection • Investigations • Privacy • Insurance • Business Continuity • Personnel Safety • Physical Security • Counter Espionage • Loss Prevention • Legal Counsel Chief Risk Officer Physical Information Legal Security & IT Security
  14. [ change ] Think how security can enhance real business drivers… • Consistent Process & Environments = Efficiency • System Availability = More Time Working • Security Systems = Consistent Environments + Availability • Consistent Processes + Environments = Security • ITIL • Process Improvement • Predictability
  15. [ the future ] Security = The Company It is not security for IT, it is security for the protecting the company. • Company is made up of people and processes. • Computers support the process. Security is not the end, it is a process contained in larger processes. • Security enables business – not through mitigating risk but promoting best practices (ITIL). • Look to give back to the company whenever you can. Be a facilitator, and show that security can tag along for the ride, not be the kick in the teeth.
  16. [ change ] Decentralize Enforcement • savings + shared responsibility Information Security Team • Consult, Guide, Monitor, Assess Network Admin Network Administrator • Network Firewalls, Routers Service Info System System Administrator Desk Security Admin • Anti-Virus Service Desk Physical Security • User Access Setup
  17. [ change ] How do you lead to achieve this? • Have a New Attitude • NO FUD • Put your business hat on! • Think of good business practices that reflect security • Think of business opportunities • Be a Team Player - Include everyone on the team
  18. [ change: sources ]

×