Class 1: Motivation to StudyInformation Security Management
Why study info sec management?1. If you’re good, you can make a difference in peoples lives2. There is money to be made3. Congress and the country looks to InfoSec leaders to write policy
If you’re good, you can make a difference in peoples lives• Rick Rescorla – Chief Security Officer for Morgan Stanley – Evacuated 2,700 people from 22 floors of WTC• His ability to see risk and create plans to mitigate that risk is the essential skill needed to excel in this profession • Piss Poor Planning Promotes Piss Poor Performance
There is money to be made• Highest Paid Professions in computer security industry: – Chief Information Officer – Chief Technology Officer• What’s the difference?
CIO Duties CIO’s role mandated by legislation CIO’s must be held accountable for these business operationshttp://www.govloop.com/profiles/blogs/the-roles-of-cios-and-ctos
CTO DutiesCTO role is still evolvingand therefore adaptable tochanging technologiesIf you want a executiveofficer aiding yourcompany, employ a CTO,not a CIOhttp://www.govloop.com/profiles/blogs/the-roles-of-cios-and-ctos
CIO & CTO often work togetherhttp://www.govloop.com/profiles/blogs/the-roles-of-cios-and-ctos
How much do they make? Who are they?• Pay attention to the next 7 slides• Note similarities, differences, and things you find interesting
Although these executives undoubtedly understand technologies surrounding computer security…… they have mastered management and division operations with corporations.Point: to reach their level, you need infosec management.
Congress looks to InfoSec leaders to help write federal policy• Energy & Commerce Committee – Communications & Technology Subcommittee • Jurisdiction: Interstate and foreign telecommunications and information transmission by broadcast, radio, wire, microwave, satellite and, Homeland security-related aspects of the foregoing, including cybersecurity.
InfoSec professionals advise Congressional members• Feb. 8: Cybersecurity: Threats to Communications Networks and Private-Sector Responses – http://democrats.energycommerce.house.gov/index.php?q=hearing/c ommunications-technology-subcommittee-hearing-on-cybersecurity- threats-to-communications-ne• March 7: Cybersecurity: The Pivotal Role of Communications Networks – http://democrats.energycommerce.house.gov/index.php?q=hearing/c ommunications-and-technology-subcommittee-hearing-on- cybersecurity-communications-networks• March 28: Cybersecurity: Threats to Communications Networks and Public-Sector Responses – http://democrats.energycommerce.house.gov/index.php?q=hearing/c ommunications-technology-subcommittee-hearing-on-cybersecurity- threats-to-communications--0
Assignment: due next class• Watch the rest of the posted Congressional Hearing – If you prefer text over video, look through the transcripts of the videos found in links posted on previous slide• Come to class ready to discuss – Bring facts, ideas, you found interesting – Try to answer the question: how are these particular speakers chosen to testify? – Bring questions you have• Read through chapter 1