SlideShare a Scribd company logo

Compliance what does security have to do with it

Download as PPTX, PDF
nCircle - a Tripwire Company
nCircle - a Tripwire Company

nCircle Compliance Webinar July 2012

Technology
1 of 13
Compliance: What Does Security Have To Do With It? Thank you for joining us. The webinar will start shortly. © nCircle 2012. All rights reserved.
Compliance: What Does Security Have To Do With It? © nCircle 2012. All rights reserved.
Introductions: Panelists Rodney Brown CISSP, GIAC GISP, ITILv3 Andrew Storms Shelley Boose Dir. Security Operations Dir., Public Relation nCircle Tim Erlin Elizabeth Ireland Dir., IT Security and Risk Strategy VP, Marketing nCircle 3 © nCircle 2012 All rights reserved. nCircle Company Confidential
Which compliance regulations does your organization need to comply with? (check all that apply)  SOX  NERC  FISMA  HIPAA  PCI  GLBA  PIPEDA  Too many to name 4 © nCircle 2012 All rights reserved. nCircle Company Confidential
How often does your organization have audits?  Annually  Quarterly  Monthly  Auditors live here 5 © nCircle 2012 All rights reserved. nCircle Company Confidential
Does your security team spend too much time on audit requests?  Seems like that’s all we do  Audit requests take at more than half of our time  Occasional resource problem  We have plenty of resources to do both 6 © nCircle 2012 All rights reserved. nCircle Company Confidential
In your experience, how aligned are security and compliance efforts?  Mostly aligned  Somewhat aligned  Barely related 7 © nCircle 2012 All rights reserved. nCircle Company Confidential
Does your security team have the necessary executive support?  Yes  No  What executive support? 8 © nCircle 2012 All rights reserved. nCircle Company Confidential
In your organization, do security efforts suffer because compliance requirements drive the budget?  Yes  No 9 © nCircle 2012 All rights reserved. nCircle Company Confidential
What percentage of your security operations program is automated?  25% or less  26 – 50%  more than 50% 10 © nCircle 2012 All rights reserved. nCircle Company Confidential
In which of the following types of tools has your organization invested the most budget?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 11 © nCircle 2012 All rights reserved. nCircle Company Confidential
What’s the next major tool investment your organization has planned?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 12 © nCircle 2012 All rights reserved. nCircle Company Confidential
Thank you for participating! Continue the conversation in our online community connect.ncircle.com 13 © nCircle 2012 All rights reserved. nCircle Company Confidential

Recommended

Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)John Dillard
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityTerell Jones
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredNetIQ
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 

Recommended

Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)John Dillard
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityTerell Jones
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredNetIQ
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsnickjplott
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the SilosNeil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDITShahzeb Pirzada
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationThomas Bronack
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?🙃 Mario Platt
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)HCL Technologies
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practicetimmay0220
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic Thang Cao (He/Him)
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plainssurferdave71
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)nCircle - a Tripwire Company
 
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionnCircle - a Tripwire Company
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 

More Related Content

What's hot

Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsnickjplott
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDITShahzeb Pirzada
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationThomas Bronack
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?🙃 Mario Platt
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)HCL Technologies
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practicetimmay0220
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plainssurferdave71
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 

What's hot (19)

Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findings
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDIT
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate Certification
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practice
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final Final
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plains
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodes
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 

Similar to Compliance what does security have to do with it

Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionnCircle - a Tripwire Company
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierThe Lorenzi Group
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThreatConnect
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyChris Niggel
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Investorideas.com
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?Randy Morgan CSP, CPC
 
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqFinding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqJoe Oringel
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012AT Internet
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-CompliancePCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliancekhalavak
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! EMC
 

Similar to Compliance what does security have to do with it (20)

Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)
 
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security Policy
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?
 
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqFinding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRC
 
Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012
 
Continuous Monitoring 2.0
Continuous Monitoring 2.0Continuous Monitoring 2.0
Continuous Monitoring 2.0
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-CompliancePCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

Compliance what does security have to do with it

  • 1. Compliance: What Does Security Have To Do With It? Thank you for joining us. The webinar will start shortly. © nCircle 2012. All rights reserved.
  • 2. Compliance: What Does Security Have To Do With It? © nCircle 2012. All rights reserved.
  • 3. Introductions: Panelists Rodney Brown CISSP, GIAC GISP, ITILv3 Andrew Storms Shelley Boose Dir. Security Operations Dir., Public Relation nCircle Tim Erlin Elizabeth Ireland Dir., IT Security and Risk Strategy VP, Marketing nCircle 3 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 4. Which compliance regulations does your organization need to comply with? (check all that apply)  SOX  NERC  FISMA  HIPAA  PCI  GLBA  PIPEDA  Too many to name 4 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 5. How often does your organization have audits?  Annually  Quarterly  Monthly  Auditors live here 5 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 6. Does your security team spend too much time on audit requests?  Seems like that’s all we do  Audit requests take at more than half of our time  Occasional resource problem  We have plenty of resources to do both 6 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 7. In your experience, how aligned are security and compliance efforts?  Mostly aligned  Somewhat aligned  Barely related 7 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 8. Does your security team have the necessary executive support?  Yes  No  What executive support? 8 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 9. In your organization, do security efforts suffer because compliance requirements drive the budget?  Yes  No 9 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 10. What percentage of your security operations program is automated?  25% or less  26 – 50%  more than 50% 10 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 11. In which of the following types of tools has your organization invested the most budget?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 11 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 12. What’s the next major tool investment your organization has planned?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 12 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 13. Thank you for participating! Continue the conversation in our online community connect.ncircle.com 13 © nCircle 2012 All rights reserved. nCircle Company Confidential