• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Pradeep menon   how to influence people and win top management buy0in for ciso
 

Pradeep menon how to influence people and win top management buy0in for ciso

on

  • 706 views

 

Statistics

Views

Total Views
706
Views on SlideShare
701
Embed Views
5

Actions

Likes
0
Downloads
11
Comments
0

2 Embeds 5

http://www.linkedin.com 3
https://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Pradeep menon   how to influence people and win top management buy0in for ciso Pradeep menon how to influence people and win top management buy0in for ciso Presentation Transcript

    • S
      The New
      C
      I
      O
      ^
      SECURITY
      The 3rd Kuwait InfoSecurityConference
      May 26, 2011
      Pradeep Menon
      Executive Vice President and Director
      Quadrant Risk Management
      >
    • AGENDA
      The Evolving Role of the CISO
      Selling Security Internally
      2
    • The CISO
      • The role of the Chief Information Security Officer (CISO) is becoming very strategic in nature
      • Some of the Key Drivers for this Strategic Visibility include:
      S
      C
      I
      O
      ^
      3
    • Why should organizations have a CISO?
      Fraud
      Insider Theft
      Lack of single source of truth
      Third party exposure
      ?
      S
      Rate of Adoption of New Technologies
      C
      I
      O
      Hacking
      ^
      Evolving Technologies
      Lack of monitoring and controls
      4
    • Evolution of the role for Information Security
      Since last 2-3 years
      5-8 years ago
      9-12 years ago
      Source: Forrester Research
      5
    • New Responsibilities
      • The emerging role of the CISO and information security office calls for new skills and responsibilities to be undertaken including:
      • Marketing and selling of Information Security within the organization
      • Quantifying benefits
      • Controller to Business Enabler
      • Program Managing Security rather than Project Managing
      • Representation in the Senior Management Decision Making Bodies
      6
    • The Major Roadblocks that still CISOs face
      7
    • AGENDA
      The Evolving Role of the CISO
      Selling Security Internally
      8
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • Security could be branded as a member of the organization
      • Creating characters, voices and visuals that represent security in a meaningful way
      • E.g. - Salim from aeCERT
      9
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • Make the CEO sign important Information Security policies
      • Make the CEO speak about security
      • Educate the CEO with important news and reports through periodic meetings
      CEO Involvement
      10
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • Organize quarterly meetings where Business users and InfoSec teams interact
      • Let Business Users express their views
      • Conduct white paper sessions to demonstrate how security issues can lead to loss of customers
      CEO Involvement
      Business Involvement
      11
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • Security should become a habit, not a regulation
      • Celebrate security practices and achievements
      • Place Kiosks, Stalls etc. to create awareness about following security practices
      • Let the CEO inaugurate the proceedings of the Day
      • Involve people from business units
      • Conduct contests
      CEO Involvement
      Business Involvement
      Security Awareness Day
      12
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • Form Information Security sub committees in organization such as KITS (if not already in place)
      • Influence regulatory bodies and excellence centers such as CAIT and Central Banks
      • e.g., SAMA regulation for Multi Factor Authentication
      • ADSIC – Information Security Program
      CEO Involvement
      Business Involvement
      Security Awareness Day
      ‘External Agencies’
      13
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • Publishing annual reports on IS activities and developments for the year
      • Creating a web portal for users to view various reports on the metrics based on which their contribution to IS initiatives are rated
      CEO Involvement
      Business Involvement
      Security Awareness Day
      External Agencies
      Annual ISMS Reporting
      14
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • External consultancies are SMEs
      • Their experience is wide and deep in an area
      • Utilizing consultancies for specific programs might be easier to get a management buy-in
      • Organizational hierarchy could be a bottleneck to express views and concerns regarding security issues
      • Look upon consultancies as partners or change agents, not as vendors or spenders
      CEO Involvement
      Business Involvement
      Security Awareness Day
      External Agencies
      Annual ISMS Reporting
      External Consultancies
      15
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • Inviting CISOs from other companies helps in knowledge exchange and gains on both sides
      • Forums such as LinkedIn and Facebook have been instrumental in generating “Networking”
      • Involvement in joint research initiatives through organizations such as CAIT (The Central Agency for Information technology) , KITS (Kuwait Information Technology Society), aeCERT, OCERT etc.
      CEO Involvement
      Business Involvement
      Security Awareness Day
      External Agencies
      Annual ISMS Reporting
      External Consultants
      Other CISO Involvement
      16
    • Tips for Enhancing CISO Value and Reach
      Branding Security
      • Incentives for your IS team members to contribute and attend various eventssuch as conferences, trainings, seminars etc.
      • Encourage publishing of white papers on popular websites and journals, on behalf of the organization
      CEO Involvement
      Business Involvement
      Security Awareness Day
      External Agencies
      Annual ISMS Reporting
      External Consultants
      Other CISO Involvement
      External Involvement
      17
    • Thank You
      Pradeep Menon
      Executive Vice President and Director
      Quadrant Risk Management
      pradeep.menon@qrmi-me.com
      Tel: +971-4-6091970
      Mob: +971-50-4815260