2. Today’s Security Realities Perception of Security Showing the business value of Security The 3 R’s Seeing Security Differently Retooling to leverage the Value Agenda
3. Threats are on the rise Time to respond has decreased Regulatory pressures are increasing Business partner integration requirements have eroded the network perimeter Spending more on security doesn’t equate to better protection Today’s security realities…
4. When we think of Information Security … Focused on keeping the lights on or hackers out Cost center focused Poorly defined metrics Lost in translation Out of alignment with business drivers Unable to show business Value
5. Not seen as a ‘value add’ or a way to grow the business Technology focused Focused on threat Avoidance vs. Risk Management Perceived as inflexible Making decisions on behalf of the business customer Loss of credibility and trust over time What’s the impact?
6. Instead of Threats – focus on the 3 R’s Revenue Are there ways to reduce or avoid costs? What are your key information assets? Reputation What is the your brand worth? Regulations What are you required to do? Showing the value of Security
7. Seeing Security Differently Revenue Opportunities Efficiency Gains and Reduced Costs How much business value do you gain with a spam filter? What security services can be easily outsourced? What processes are duplicated because security is in silos? Can security enhancements improve the Supply Chain? Market Differentiator Can your security services attract new customers? Might your security services create a barrier to competitors?
8. Loss of Information/Data theft Launching of attacks from occupied system Business Reputation Fines and penalties What is at Stake?
9. Reputation Opportunities What is your brand equity? What do you spend on demand creation (marketing) to grow your market? What would be the impact to your stock price if your customer database were hacked? Seeing Security Differently
11. Asset Protection Protect the information that matters the most to your business Apply the same principles as insuring your physical assets Could you lower your insurance premiums by implementing stronger security? Seeing Security Differently “Intangible assets such as intellectual property represent approximately 60% to 80% of a company’s assets.” – Accenture Survey 2004
12. Regulation Requirements SOX, GLBA, HIPAA, PCI…. What regulations are relevant to your industry? What are your local and overseas requirements? Are your service providers also in compliance? Do you know what’s coming? Seeing Security Differently
13. Regulation Requirements cont. Do you check to see if you’re following your Privacy policies? Is your company acting ‘unreasonably’ even though it’s not violating a regulation? Due Care “Damn Idiot List” Are there competitive advantages to anticipating the next set of regulations? Seeing Security Differently
14. Vulnerabilities, exploits, and bugs Viruses and Malicious Code Trojan Horses Worms Unprotected devices USB drives Laptops Papers How does a data breach happen?
15. Problems for Small Business Security Administrators. Less Money for Equipment and Software Less Money for Network Staff Less Money for Training Less Planning
17. 2009 Incidents by Vector Total Records Affected: 217,780,870 Current as of 12/14/09
18. Lack of knowledge Busy in day to day business Out of Date Systems Systems not updated with latest patches Lack of Perimeter Security Need more than just desktop security Open Wireless Convenient Why are small businesses at risk
19. Invest in a technology audit Hire the best IT support Upgrade systems and software Learn more about the laws and regulations that affect you business What can your business do?
20. Stop seeing Security as only technology Require your security teams to talk “Business” Ask your business customer what’s the right level of risk and critical IP Focus on process improvements Communicate the value security brings to the business – the 3 R’s Improved productivity Faster to market New revenue streams Stronger brand Changing the Paradigm
21. SaaS or Security as a Service Rather than having to become an expert yourself, you can now hire one. We do not replace you current IT support but enhance it. Allowing you to get back to business, that is what you do best. How we can help
23. Karl Hart Web: www.cyberconsecurity.com email: karl.hart@cyberconsecurity.com Phone: 513-202-3020 IT Security Solutions for You and Your Business! Contact Information
Editor's Notes
Welcome to today’s presentation on Information Security and Your Business, my name is Karl Hart a consultant with CyberCon Security Solutions. In this presentation we will cover how information security can impact your business and what can happen if you do not take it seriously.
We will be covering the following topics: Today’s Security Realities Perception of Security Showing the business value of Security The 3 R’s Seeing Security Differently Retooling to leverage the Value
Today’s security realities:Threats are on the riseBotnets are becoming more robust Hackers are not just defacing websites, it is about making money Vulnerabilities are coming out everyday for all types of applications Most homes and businesses have some type of high speed connectionTime to respond has decreased Average time that an un-patched system is detected until it gets compromised is 3.5 to 5 minutes 0-day threats, vulnerability goes public before a patch can be issued.Regulatory pressures HIPAA, PCI, GLBABusiness partner integration if the systems you connect to or connect to you are not secure then the risk increasesSpending more on security doesn’t equate to better protection You need an expert to keep you secure, a lot can happen in a short amount of time. You need to know how to quickly and properly protect your data