Helping Leaders Make
Informed Decisions
IS LEADERSHIP PRESENTATION
Agenda
Review of CISM Background
Analysis Lifecycle
Current Analysis Products
Upcoming Products
CISM Background
Skill Sets
Over 50 years of domain expertise
CIS/IA PhD, MBA, MSIM
20+ domain certifications
Average 30+ hours a month of ...
Analysis Lifecycle
Acquisition
Storage and
Processing
Analysis Reporting
Acquisition
Threat Intelligence
◦ REN-ISAC
◦ NH-ISAC
◦ VCDB
◦ Subscription Services
◦ Private Sources
Internal Data Source...
Storage and Processing
SQL Server
NoSQL
◦ MongoDB
◦ Elasticsearch
◦ Apache Pig (Hadoop)
PowerShell
Analysis
Simulation
◦ Rstats
◦ Python
Reporting
Written Reports
◦ Compliance Analysis
Visualization
◦ Tableau
Example Work Products
◦ Policy
◦ Audits
◦ Security...
Current Analysis Products
A Tale of Three Demonstrations
1. Vulnerability Performance Management
2. PCI-DSS Compliance Tracking
3. Application Risk ...
Upcoming Efforts
Modelling Application Risk
Application Risk Simulation
Which of the various options will provide the
highest returns to the safety, stability, and
se...
Project X
Application Risk Simulation
Questions?
David F. Severski
Email
Phone
Upcoming SlideShare
Loading in...5
×

CISM IS Leadership Presentation

252

Published on

Edited version of internal presentation on security risk management efforts.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
252
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "CISM IS Leadership Presentation "

  1. 1. Helping Leaders Make Informed Decisions IS LEADERSHIP PRESENTATION
  2. 2. Agenda Review of CISM Background Analysis Lifecycle Current Analysis Products Upcoming Products
  3. 3. CISM Background
  4. 4. Skill Sets Over 50 years of domain expertise CIS/IA PhD, MBA, MSIM 20+ domain certifications Average 30+ hours a month of outside outreach and training
  5. 5. Analysis Lifecycle Acquisition Storage and Processing Analysis Reporting
  6. 6. Acquisition Threat Intelligence ◦ REN-ISAC ◦ NH-ISAC ◦ VCDB ◦ Subscription Services ◦ Private Sources Internal Data Sources ◦ Orchestrate ◦ Security Logs ◦ Nessus ◦ Interviews
  7. 7. Storage and Processing SQL Server NoSQL ◦ MongoDB ◦ Elasticsearch ◦ Apache Pig (Hadoop) PowerShell
  8. 8. Analysis Simulation ◦ Rstats ◦ Python
  9. 9. Reporting Written Reports ◦ Compliance Analysis Visualization ◦ Tableau Example Work Products ◦ Policy ◦ Audits ◦ Security Findings ◦ Data Loss Protection ◦ Network Security Posture Analysis ◦ Security Incident Management
  10. 10. Current Analysis Products
  11. 11. A Tale of Three Demonstrations 1. Vulnerability Performance Management 2. PCI-DSS Compliance Tracking 3. Application Risk Overview
  12. 12. Upcoming Efforts Modelling Application Risk
  13. 13. Application Risk Simulation Which of the various options will provide the highest returns to the safety, stability, and security of my application at the lowest cost?
  14. 14. Project X Application Risk Simulation
  15. 15. Questions? David F. Severski Email Phone
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×