SlideShare a Scribd company logo

Template to Pitch Security Programs to CxO MGT

P
pangel4

A template to use for Presenting ('selling') a Security Program (strategy) to CxO Management. Ref - Security Program to CxO MGT_2013_July30v2

Technology
1 of 8
Download to read offline
Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
 What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
 What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
 What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
 Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
 Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐

Recommended

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr Mgt
Patrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboard
steve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Proposition
nycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business Value
CA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales Playbook
Peter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECC
SECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical Debt
CAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guide
Tony Hague
 

Recommended

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr Mgt
Patrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboard
steve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Proposition
nycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business Value
CA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales Playbook
Peter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECC
SECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical Debt
CAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guide
Tony Hague
 
CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architecture
Corporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv ps
Tristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software Sales
John Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email Processing
Autotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organization
Ramkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PM
Product School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to Execution
Alithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.
SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Sys
pangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
Gramener
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015
Alessandro Braga
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015
Alessandro Braga
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdf
Scryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01
laboratoridalbasso
 
6 Sigma
6 Sigma6 Sigma
6 Sigma
alexjoseph813
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business Architecture
Enterprise Architects
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&A
SecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
gregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
gregoryg
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
CzechDreamin
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
FIDO Alliance
 

More Related Content

Similar to Template to Pitch Security Programs to CxO MGT

Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv ps
Tristan Senycia
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organization
Ramkumar Ravichandran
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.
SL Corporation
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
Gramener
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdf
Scryla
 

Similar to Template to Pitch Security Programs to CxO MGT (20)

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architecture
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv ps
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software Sales
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email Processing
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organization
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PM
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to Execution
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Sys
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdf
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01
 
6 Sigma
6 Sigma6 Sigma
6 Sigma
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business Architecture
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&A
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 

Recently uploaded

ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 

Template to Pitch Security Programs to CxO MGT

  • 1. Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
  • 2.  What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
  • 3.  What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
  • 4.  What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
  • 5.  Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
  • 6.  Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
  • 7. Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
  • 8. About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐