S<br />The New <br />C<br />I<br />O<br />^<br />SECURITY<br />The 3rd Kuwait InfoSecurityConference<br />May 26, 2011<br ...
AGENDA<br />The Evolving Role of the CISO<br />Selling Security Internally<br />2<br />
The CISO <br /><ul><li>The role of the Chief Information Security Officer (CISO) is becoming  very strategic in nature
Some of the Key Drivers for this Strategic Visibility include:</li></ul>S<br />C<br />I<br />O<br />^<br />3<br />
Why should organizations have a CISO? <br />Fraud<br />Insider Theft<br />Lack of single source of truth<br />Third party ...
Evolution of the role for Information Security<br />Since last 2-3 years<br />5-8 years ago<br />9-12 years ago<br />Sourc...
New Responsibilities<br /><ul><li>The emerging role of the CISO and information security office calls for new skills and r...
Marketing and selling of Information Security within the organization
Quantifying benefits
Controller to Business Enabler
Program Managing Security rather than Project Managing
Representation in the Senior Management Decision Making Bodies</li></ul>6<br />
The Major Roadblocks that still CISOs face<br />7<br />
AGENDA<br />The Evolving Role of the CISO<br />Selling Security Internally<br />8<br />
Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Security could be branded as a member of the o...
Creating characters, voices and visuals that represent security in a meaningful way
E.g. - Salim from aeCERT</li></ul>9<br />
Upcoming SlideShare
Loading in...5
×

Pradeep menon how to influence people and win top management buy0in for ciso

566

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
566
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Pradeep menon how to influence people and win top management buy0in for ciso

  1. 1. S<br />The New <br />C<br />I<br />O<br />^<br />SECURITY<br />The 3rd Kuwait InfoSecurityConference<br />May 26, 2011<br />Pradeep Menon<br />Executive Vice President and Director<br />Quadrant Risk Management<br />><br />
  2. 2. AGENDA<br />The Evolving Role of the CISO<br />Selling Security Internally<br />2<br />
  3. 3. The CISO <br /><ul><li>The role of the Chief Information Security Officer (CISO) is becoming very strategic in nature
  4. 4. Some of the Key Drivers for this Strategic Visibility include:</li></ul>S<br />C<br />I<br />O<br />^<br />3<br />
  5. 5. Why should organizations have a CISO? <br />Fraud<br />Insider Theft<br />Lack of single source of truth<br />Third party exposure<br />?<br />S<br />Rate of Adoption of New Technologies<br />C<br />I<br />O<br />Hacking<br />^<br />Evolving Technologies<br />Lack of monitoring and controls<br />4<br />
  6. 6. Evolution of the role for Information Security<br />Since last 2-3 years<br />5-8 years ago<br />9-12 years ago<br />Source: Forrester Research<br />5<br />
  7. 7. New Responsibilities<br /><ul><li>The emerging role of the CISO and information security office calls for new skills and responsibilities to be undertaken including:
  8. 8. Marketing and selling of Information Security within the organization
  9. 9. Quantifying benefits
  10. 10. Controller to Business Enabler
  11. 11. Program Managing Security rather than Project Managing
  12. 12. Representation in the Senior Management Decision Making Bodies</li></ul>6<br />
  13. 13. The Major Roadblocks that still CISOs face<br />7<br />
  14. 14. AGENDA<br />The Evolving Role of the CISO<br />Selling Security Internally<br />8<br />
  15. 15. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Security could be branded as a member of the organization
  16. 16. Creating characters, voices and visuals that represent security in a meaningful way
  17. 17. E.g. - Salim from aeCERT</li></ul>9<br />
  18. 18. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Make the CEO sign important Information Security policies
  19. 19. Make the CEO speak about security
  20. 20. Educate the CEO with important news and reports through periodic meetings</li></ul>CEO Involvement<br />10<br />
  21. 21. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Organize quarterly meetings where Business users and InfoSec teams interact
  22. 22. Let Business Users express their views
  23. 23. Conduct white paper sessions to demonstrate how security issues can lead to loss of customers </li></ul>CEO Involvement<br />Business Involvement<br />11<br />
  24. 24. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Security should become a habit, not a regulation
  25. 25. Celebrate security practices and achievements
  26. 26. Place Kiosks, Stalls etc. to create awareness about following security practices
  27. 27. Let the CEO inaugurate the proceedings of the Day
  28. 28. Involve people from business units
  29. 29. Conduct contests</li></ul>CEO Involvement<br />Business Involvement<br />Security Awareness Day<br />12<br />
  30. 30. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Form Information Security sub committees in organization such as KITS (if not already in place)
  31. 31. Influence regulatory bodies and excellence centers such as CAIT and Central Banks
  32. 32. e.g., SAMA regulation for Multi Factor Authentication
  33. 33. ADSIC – Information Security Program</li></ul>CEO Involvement<br />Business Involvement<br />Security Awareness Day<br />‘External Agencies’<br />13<br />
  34. 34. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Publishing annual reports on IS activities and developments for the year
  35. 35. Creating a web portal for users to view various reports on the metrics based on which their contribution to IS initiatives are rated </li></ul>CEO Involvement<br />Business Involvement<br />Security Awareness Day<br />External Agencies<br />Annual ISMS Reporting<br />14<br />
  36. 36. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>External consultancies are SMEs
  37. 37. Their experience is wide and deep in an area
  38. 38. Utilizing consultancies for specific programs might be easier to get a management buy-in
  39. 39. Organizational hierarchy could be a bottleneck to express views and concerns regarding security issues
  40. 40. Look upon consultancies as partners or change agents, not as vendors or spenders</li></ul>CEO Involvement<br />Business Involvement<br />Security Awareness Day<br />External Agencies<br />Annual ISMS Reporting<br />External Consultancies<br />15<br />
  41. 41. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Inviting CISOs from other companies helps in knowledge exchange and gains on both sides
  42. 42. Forums such as LinkedIn and Facebook have been instrumental in generating “Networking”
  43. 43. Involvement in joint research initiatives through organizations such as CAIT (The Central Agency for Information technology) , KITS (Kuwait Information Technology Society), aeCERT, OCERT etc.</li></ul>CEO Involvement<br />Business Involvement<br />Security Awareness Day<br />External Agencies<br />Annual ISMS Reporting<br />External Consultants<br />Other CISO Involvement<br />16<br />
  44. 44. Tips for Enhancing CISO Value and Reach<br />Branding Security<br /><ul><li>Incentives for your IS team members to contribute and attend various eventssuch as conferences, trainings, seminars etc.
  45. 45. Encourage publishing of white papers on popular websites and journals, on behalf of the organization</li></ul>CEO Involvement<br />Business Involvement<br />Security Awareness Day<br />External Agencies<br />Annual ISMS Reporting<br />External Consultants<br />Other CISO Involvement<br />External Involvement<br />17<br />
  46. 46. Thank You<br />Pradeep Menon<br />Executive Vice President and Director<br />Quadrant Risk Management<br />pradeep.menon@qrmi-me.com<br />Tel: +971-4-6091970<br />Mob: +971-50-4815260<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×