SlideShare a Scribd company logo

Compliance challenges in Information Security

Download as PPTX, PDF
Manas Deep
Manas Deep

Compliance challenges in Information Security

Technology
1 of 15
Compliance Challenges in Information Security Addressing the pain points… Manasdeep (manasdeeps@gmail.com)
#whoami • Information Security Consultant • Interested in Compliance and Penetration Testing • Have a flair in writing for Information Security • Like to learn and demonstrate latest security attack vectors and technologies • Active participant and volunteer in various information security communities
Agenda • Why an organization need to comply? • Compliance challenges in IT based Organizations – Overview • Infrastructure Challenges and Solutions • Process challenges and Solutions • People challenges and Solutions • How does it help me? • Takeaways
Why does an organization needs to comply? • Helps it to remain compliant with federal and state laws for its proper smooth functioning as legal entity • When employees are trained in compliance, they are more likely to recognize and report illegal or unethical activity. • Help organization to avoid waste, fraud, abuse, discrimination, and other practices that disrupt operations and put company at risk. • Can help prevent major disasters and failures.
How to determine organization compliance scope? Geographical presence of Organization • Country specific regulations • Central laws • State laws Operating Industry sector of Organization • Sector specific regulations • Sector specific Standards Manpower Size of Organization • Central labor laws • State Labor laws • Safety Regulations Legal entity of Organization • Public listed • Privately owned • Trusts / NGO / Community based
Demystifying the compliance jargon
Understanding the connections
Organization’s Lines of Defense
Addressing Compliance Challenges To make the organization imbibe the change by aligning with security standard, regulation or a internal security policy change is by means no small feat. The following areas need special focus to make sure the organization is ready for change as per the compliance requirement. These areas are the most stick ones which have tendency to resist change from an established running norm in company. These are as follows: • Overhaul of Infrastructure • Overhaul of Process • Overhaul of People However, once these are well in place, the transition is much smoother and better from existing norms running in company Our Aim is here to make these moving parts of organization to take in the view that changes in Security Compliance are for the better and it acts as a catalyst in organization growth as a whole. It doesn’t stifle its growth as it is commonly perceived. Bottom Line Objective:
Compliance Challenges - Infrastructure Lack of Senior management buy-in, commitment and support • Create cost /benefit analysis charts which show investment and ROI • Jointly define and agree on value of IT infrastructure investment and its ROI. • Make proper business case to justify purchase and its benefit post deployment • Keep simple language free from jargon words Difficulty in getting required business participation • Highlight pain points and how they can be overcome by active involvement • Create forums for business participations Lack of insight with IT management • Put a robust procurement process in place with proper approvals • Establish Links with Finance and procurement process • Appoint relationship managers for better insight in IT management
Compliance Challenges - Process High level of complexity hinderance to bring a change • Break down a complex task into simple modular bits • Do a phase-wise implementation of improved process • Remove duplicate processes and enable stepwise milestone completion Inability to gain support for improvements • Brainstorming sessions with stakeholders to get 360 degree process flow view • Use jargon free language and present in simple step-wise manner • Establish proper change enablement strategy and communication plan Cost of improvements outweighing perceived benefits • Bring in standardized processes for easier rollout • Establish frameworks for long term gain for process efficiency • Prioritize processes based on ready benefits and ease of implementation for quick wins
Compliance Challenges - People Lack of required skill set and competencies • Develop, train, coach the champions first • Use champions as agents of change nurturing them as mentors • Cross train in various departments each other Overcoming the barrier for Resistance to change • Awareness trainings with proper rewards mechanisms • Selecting champions as agents of change to bring gradual change in system • Follow-up on pre-decided milestones • Focused awareness trainings on addressing pain points Lack of trust and good relationship with management • Identify risks and benefits to be gained w.r.t. proposed improvements • Establish formal process for accountability in decision making • Focus on business interfaces and service mentality • Foster open and transparent communication about performance • Formalize roles and responsibilities among business units with clear segregation of duties
DEMO Chinese Whispers
Case Study: When client asks you for PT 
THANK YOU !! - Manasdeephttp://reflect-infosec.blogspot.in/ https://twitter.com/manasdeep https://in.linkedin.com/in/manasdeep

Recommended

Improving Change Impact Analysis
Improving Change Impact AnalysisImproving Change Impact Analysis
Improving Change Impact AnalysisITinvolve, Inc.
 
Adrian Ryan, Head of Finance Transformation at Imperial Tobacco - Transformat...
Adrian Ryan, Head of Finance Transformation at Imperial Tobacco - Transformat...Adrian Ryan, Head of Finance Transformation at Imperial Tobacco - Transformat...
Adrian Ryan, Head of Finance Transformation at Imperial Tobacco - Transformat...Global Business Events
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?EDR
 
Niharika srivastava uh13027
Niharika srivastava uh13027Niharika srivastava uh13027
Niharika srivastava uh13027Guneet Singh
 
It goverence
It goverenceIt goverence
It goverenceKiran_Kendre
 
Outsourcing- MBA/ MBS- Masters level
Outsourcing- MBA/ MBS- Masters levelOutsourcing- MBA/ MBS- Masters level
Outsourcing- MBA/ MBS- Masters levelAdvance Saraswati Prakashan Pvt Ltd
 
Killing Bureacracy
Killing Bureacracy Killing Bureacracy
Killing Bureacracy LucieColt
 
Vendor Management: How Well Are You Managing Your Consultants and Appraisers?
Vendor Management: How Well Are You Managing Your Consultants and Appraisers?Vendor Management: How Well Are You Managing Your Consultants and Appraisers?
Vendor Management: How Well Are You Managing Your Consultants and Appraisers?EDR
 

Recommended

Improving Change Impact Analysis
Improving Change Impact AnalysisImproving Change Impact Analysis
Improving Change Impact AnalysisITinvolve, Inc.
 
Adrian Ryan, Head of Finance Transformation at Imperial Tobacco - Transformat...
Adrian Ryan, Head of Finance Transformation at Imperial Tobacco - Transformat...Adrian Ryan, Head of Finance Transformation at Imperial Tobacco - Transformat...
Adrian Ryan, Head of Finance Transformation at Imperial Tobacco - Transformat...Global Business Events
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?EDR
 
Niharika srivastava uh13027
Niharika srivastava uh13027Niharika srivastava uh13027
Niharika srivastava uh13027Guneet Singh
 
It goverence
It goverenceIt goverence
It goverenceKiran_Kendre
 
Outsourcing- MBA/ MBS- Masters level
Outsourcing- MBA/ MBS- Masters levelOutsourcing- MBA/ MBS- Masters level
Outsourcing- MBA/ MBS- Masters levelAdvance Saraswati Prakashan Pvt Ltd
 
Killing Bureacracy
Killing Bureacracy Killing Bureacracy
Killing Bureacracy LucieColt
 
Vendor Management: How Well Are You Managing Your Consultants and Appraisers?
Vendor Management: How Well Are You Managing Your Consultants and Appraisers?Vendor Management: How Well Are You Managing Your Consultants and Appraisers?
Vendor Management: How Well Are You Managing Your Consultants and Appraisers?EDR
 
Comparing In-House vs Outsourced IT Services
Comparing In-House vs Outsourced IT ServicesComparing In-House vs Outsourced IT Services
Comparing In-House vs Outsourced IT ServicesSolution Systems, Inc.
 
Best Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionBest Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionAdvantiv Solutions, LLC
 
The Service Management Office - Driving it performance in the face of rising ...
The Service Management Office - Driving it performance in the face of rising ...The Service Management Office - Driving it performance in the face of rising ...
The Service Management Office - Driving it performance in the face of rising ...3gamma
 
IT Metrics Presentation
IT Metrics PresentationIT Metrics Presentation
IT Metrics Presentationjmcarden
 
Improving IT Service Delivery
Improving IT Service DeliveryImproving IT Service Delivery
Improving IT Service DeliveryFormicio
 
Vendor Selection Best Practices - Crowe Mead
Vendor Selection Best Practices - Crowe MeadVendor Selection Best Practices - Crowe Mead
Vendor Selection Best Practices - Crowe MeadBetterLeadershipBlog
 
Insourcing vs outsourcing ppt by iccs bpo
Insourcing vs outsourcing ppt by iccs bpoInsourcing vs outsourcing ppt by iccs bpo
Insourcing vs outsourcing ppt by iccs bpoICCS BPO
 
Sinoptix faster business through application management outsourcing
Sinoptix faster business through application management outsourcingSinoptix faster business through application management outsourcing
Sinoptix faster business through application management outsourcingPaul Costea
 
HRM Outsourcing - Make or Buy Decision
HRM Outsourcing - Make or Buy DecisionHRM Outsourcing - Make or Buy Decision
HRM Outsourcing - Make or Buy Decisionlia borsha
 
The Importance of Change Within Business
The Importance of Change Within BusinessThe Importance of Change Within Business
The Importance of Change Within BusinessTommy Grice
 
Call Center Work System
Call Center Work SystemCall Center Work System
Call Center Work SystemChris Serio
 
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...browzcompliance
 
Benefits of insourcing it services
Benefits of insourcing it servicesBenefits of insourcing it services
Benefits of insourcing it servicesmasonlord
 
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...TheBCI
 
Outsourcing
OutsourcingOutsourcing
OutsourcingJigar mehta
 
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sd
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sdBci NeBe conf 2017 keynote - making sense of resilience - james crask - sd
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sdTheBCI
 
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...TheBCI
 
Service Management Office Outcomes
Service Management Office OutcomesService Management Office Outcomes
Service Management Office OutcomesBeyond20
 
Intelligent BI
Intelligent BIIntelligent BI
Intelligent BIFreeform Dynamics
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas HealthThe Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas HealthHealthcare Network marcus evans
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]Barun Kumar
 

More Related Content

What's hot

Comparing In-House vs Outsourced IT Services
Comparing In-House vs Outsourced IT ServicesComparing In-House vs Outsourced IT Services
Comparing In-House vs Outsourced IT ServicesSolution Systems, Inc.
 
Best Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionBest Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionAdvantiv Solutions, LLC
 
The Service Management Office - Driving it performance in the face of rising ...
The Service Management Office - Driving it performance in the face of rising ...The Service Management Office - Driving it performance in the face of rising ...
The Service Management Office - Driving it performance in the face of rising ...3gamma
 
IT Metrics Presentation
IT Metrics PresentationIT Metrics Presentation
IT Metrics Presentationjmcarden
 
Improving IT Service Delivery
Improving IT Service DeliveryImproving IT Service Delivery
Improving IT Service DeliveryFormicio
 
Vendor Selection Best Practices - Crowe Mead
Vendor Selection Best Practices - Crowe MeadVendor Selection Best Practices - Crowe Mead
Vendor Selection Best Practices - Crowe MeadBetterLeadershipBlog
 
Insourcing vs outsourcing ppt by iccs bpo
Insourcing vs outsourcing ppt by iccs bpoInsourcing vs outsourcing ppt by iccs bpo
Insourcing vs outsourcing ppt by iccs bpoICCS BPO
 
Sinoptix faster business through application management outsourcing
Sinoptix faster business through application management outsourcingSinoptix faster business through application management outsourcing
Sinoptix faster business through application management outsourcingPaul Costea
 
HRM Outsourcing - Make or Buy Decision
HRM Outsourcing - Make or Buy DecisionHRM Outsourcing - Make or Buy Decision
HRM Outsourcing - Make or Buy Decisionlia borsha
 
The Importance of Change Within Business
The Importance of Change Within BusinessThe Importance of Change Within Business
The Importance of Change Within BusinessTommy Grice
 
Call Center Work System
Call Center Work SystemCall Center Work System
Call Center Work SystemChris Serio
 
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...browzcompliance
 
Benefits of insourcing it services
Benefits of insourcing it servicesBenefits of insourcing it services
Benefits of insourcing it servicesmasonlord
 
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...TheBCI
 
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sd
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sdBci NeBe conf 2017 keynote - making sense of resilience - james crask - sd
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sdTheBCI
 
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...TheBCI
 
Service Management Office Outcomes
Service Management Office OutcomesService Management Office Outcomes
Service Management Office OutcomesBeyond20
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 

What's hot (20)

Comparing In-House vs Outsourced IT Services
Comparing In-House vs Outsourced IT ServicesComparing In-House vs Outsourced IT Services
Comparing In-House vs Outsourced IT Services
 
Best Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionBest Practices in Software Vendor Selection
Best Practices in Software Vendor Selection
 
The Service Management Office - Driving it performance in the face of rising ...
The Service Management Office - Driving it performance in the face of rising ...The Service Management Office - Driving it performance in the face of rising ...
The Service Management Office - Driving it performance in the face of rising ...
 
IT Metrics Presentation
IT Metrics PresentationIT Metrics Presentation
IT Metrics Presentation
 
Improving IT Service Delivery
Improving IT Service DeliveryImproving IT Service Delivery
Improving IT Service Delivery
 
Vendor Selection Best Practices - Crowe Mead
Vendor Selection Best Practices - Crowe MeadVendor Selection Best Practices - Crowe Mead
Vendor Selection Best Practices - Crowe Mead
 
Insourcing vs outsourcing ppt by iccs bpo
Insourcing vs outsourcing ppt by iccs bpoInsourcing vs outsourcing ppt by iccs bpo
Insourcing vs outsourcing ppt by iccs bpo
 
Sinoptix faster business through application management outsourcing
Sinoptix faster business through application management outsourcingSinoptix faster business through application management outsourcing
Sinoptix faster business through application management outsourcing
 
HRM Outsourcing - Make or Buy Decision
HRM Outsourcing - Make or Buy DecisionHRM Outsourcing - Make or Buy Decision
HRM Outsourcing - Make or Buy Decision
 
The Importance of Change Within Business
The Importance of Change Within BusinessThe Importance of Change Within Business
The Importance of Change Within Business
 
Call Center Work System
Call Center Work SystemCall Center Work System
Call Center Work System
 
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...
Pay Now or Pay Later: The Case for Investing in Contractor Qualification & Ma...
 
Benefits of insourcing it services
Benefits of insourcing it servicesBenefits of insourcing it services
Benefits of insourcing it services
 
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...
Bci NeBe conf 2017 thought provoking - you cant manage crisis on your own v...
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sd
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sdBci NeBe conf 2017 keynote - making sense of resilience - james crask - sd
Bci NeBe conf 2017 keynote - making sense of resilience - james crask - sd
 
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...
Bci NeBe conf 2017 thought provoking - challenging the maturity of bcm v2 -...
 
Service Management Office Outcomes
Service Management Office OutcomesService Management Office Outcomes
Service Management Office Outcomes
 
Intelligent BI
Intelligent BIIntelligent BI
Intelligent BI
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysis
 

Similar to Compliance challenges in Information Security

The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas HealthThe Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas HealthHealthcare Network marcus evans
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]Barun Kumar
 
TechClimb_Webinar_PPT_working_1014
TechClimb_Webinar_PPT_working_1014TechClimb_Webinar_PPT_working_1014
TechClimb_Webinar_PPT_working_1014Laura J. Wilcox
 
Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Community IT Innovators
 
Business Change and Transformation Services V4
Business Change and Transformation Services V4Business Change and Transformation Services V4
Business Change and Transformation Services V4Robert Topley
 
SQL Saturday STL 2016 Presentation
SQL Saturday STL 2016 PresentationSQL Saturday STL 2016 Presentation
SQL Saturday STL 2016 PresentationMatthew W. Bowers
 
Marketing Automation Center of Excellence (CoE): Governance Structure for Con...
Marketing Automation Center of Excellence (CoE): Governance Structure for Con...Marketing Automation Center of Excellence (CoE): Governance Structure for Con...
Marketing Automation Center of Excellence (CoE): Governance Structure for Con...Guilda
 
Enterprise Europe Network | Introduction to the Innovation Health Check Tool ...
Enterprise Europe Network | Introduction to the Innovation Health Check Tool ...Enterprise Europe Network | Introduction to the Innovation Health Check Tool ...
Enterprise Europe Network | Introduction to the Innovation Health Check Tool ...Invest Northern Ireland
 
ITM business barriers.pptx
ITM business barriers.pptxITM business barriers.pptx
ITM business barriers.pptxrajalakshmi5921
 
IllustroTech Introduction to IT Governance Principles
IllustroTech Introduction to IT Governance PrinciplesIllustroTech Introduction to IT Governance Principles
IllustroTech Introduction to IT Governance PrinciplesCraig Miller
 
Descaling Organizational Complexity to Expedite Product Delivery
Descaling Organizational Complexity to Expedite Product DeliveryDescaling Organizational Complexity to Expedite Product Delivery
Descaling Organizational Complexity to Expedite Product DeliveryChandan Patary
 
Strategies for Large Scale Agile Transformation
Strategies for Large Scale Agile TransformationStrategies for Large Scale Agile Transformation
Strategies for Large Scale Agile TransformationNishanth K Hydru
 
Policyadvocacyregionalprojectkathmandu
PolicyadvocacyregionalprojectkathmanduPolicyadvocacyregionalprojectkathmandu
PolicyadvocacyregionalprojectkathmanduHammad Siddiqui
 
An overview - Enterprise
An overview - EnterpriseAn overview - Enterprise
An overview - EnterpriseUsman Tariq
 
TSI - 2015 service offering emphasizing TECHNOLOGY EXPERTISE
TSI - 2015 service offering emphasizing TECHNOLOGY EXPERTISETSI - 2015 service offering emphasizing TECHNOLOGY EXPERTISE
TSI - 2015 service offering emphasizing TECHNOLOGY EXPERTISEDan Feely
 
Leadership and Management(pdf)
Leadership and Management(pdf)Leadership and Management(pdf)
Leadership and Management(pdf)upindera. K Kaul
 

Similar to Compliance challenges in Information Security (20)

The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas HealthThe Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
 
CSI principles
CSI principlesCSI principles
CSI principles
 
TechClimb_Webinar_PPT_working_1014
TechClimb_Webinar_PPT_working_1014TechClimb_Webinar_PPT_working_1014
TechClimb_Webinar_PPT_working_1014
 
Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?
 
Business Change and Transformation Services V4
Business Change and Transformation Services V4Business Change and Transformation Services V4
Business Change and Transformation Services V4
 
SQL Saturday STL 2016 Presentation
SQL Saturday STL 2016 PresentationSQL Saturday STL 2016 Presentation
SQL Saturday STL 2016 Presentation
 
Marketing Automation Center of Excellence (CoE): Governance Structure for Con...
Marketing Automation Center of Excellence (CoE): Governance Structure for Con...Marketing Automation Center of Excellence (CoE): Governance Structure for Con...
Marketing Automation Center of Excellence (CoE): Governance Structure for Con...
 
Chapter 11 developiong business&it strategies
Chapter 11 developiong business&it strategiesChapter 11 developiong business&it strategies
Chapter 11 developiong business&it strategies
 
Enterprise Europe Network | Introduction to the Innovation Health Check Tool ...
Enterprise Europe Network | Introduction to the Innovation Health Check Tool ...Enterprise Europe Network | Introduction to the Innovation Health Check Tool ...
Enterprise Europe Network | Introduction to the Innovation Health Check Tool ...
 
Change The Change
Change The ChangeChange The Change
Change The Change
 
ITM business barriers.pptx
ITM business barriers.pptxITM business barriers.pptx
ITM business barriers.pptx
 
IllustroTech Introduction to IT Governance Principles
IllustroTech Introduction to IT Governance PrinciplesIllustroTech Introduction to IT Governance Principles
IllustroTech Introduction to IT Governance Principles
 
Supply Chain Governance
Supply Chain GovernanceSupply Chain Governance
Supply Chain Governance
 
Descaling Organizational Complexity to Expedite Product Delivery
Descaling Organizational Complexity to Expedite Product DeliveryDescaling Organizational Complexity to Expedite Product Delivery
Descaling Organizational Complexity to Expedite Product Delivery
 
Strategies for Large Scale Agile Transformation
Strategies for Large Scale Agile TransformationStrategies for Large Scale Agile Transformation
Strategies for Large Scale Agile Transformation
 
Policyadvocacyregionalprojectkathmandu
PolicyadvocacyregionalprojectkathmanduPolicyadvocacyregionalprojectkathmandu
Policyadvocacyregionalprojectkathmandu
 
An overview - Enterprise
An overview - EnterpriseAn overview - Enterprise
An overview - Enterprise
 
TSI - 2015 service offering emphasizing TECHNOLOGY EXPERTISE
TSI - 2015 service offering emphasizing TECHNOLOGY EXPERTISETSI - 2015 service offering emphasizing TECHNOLOGY EXPERTISE
TSI - 2015 service offering emphasizing TECHNOLOGY EXPERTISE
 
Leadership and Management(pdf)
Leadership and Management(pdf)Leadership and Management(pdf)
Leadership and Management(pdf)
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Compliance challenges in Information Security

  • 1. Compliance Challenges in Information Security Addressing the pain points… Manasdeep (manasdeeps@gmail.com)
  • 2. #whoami • Information Security Consultant • Interested in Compliance and Penetration Testing • Have a flair in writing for Information Security • Like to learn and demonstrate latest security attack vectors and technologies • Active participant and volunteer in various information security communities
  • 3. Agenda • Why an organization need to comply? • Compliance challenges in IT based Organizations – Overview • Infrastructure Challenges and Solutions • Process challenges and Solutions • People challenges and Solutions • How does it help me? • Takeaways
  • 4. Why does an organization needs to comply? • Helps it to remain compliant with federal and state laws for its proper smooth functioning as legal entity • When employees are trained in compliance, they are more likely to recognize and report illegal or unethical activity. • Help organization to avoid waste, fraud, abuse, discrimination, and other practices that disrupt operations and put company at risk. • Can help prevent major disasters and failures.
  • 5. How to determine organization compliance scope? Geographical presence of Organization • Country specific regulations • Central laws • State laws Operating Industry sector of Organization • Sector specific regulations • Sector specific Standards Manpower Size of Organization • Central labor laws • State Labor laws • Safety Regulations Legal entity of Organization • Public listed • Privately owned • Trusts / NGO / Community based
  • 9. Addressing Compliance Challenges To make the organization imbibe the change by aligning with security standard, regulation or a internal security policy change is by means no small feat. The following areas need special focus to make sure the organization is ready for change as per the compliance requirement. These areas are the most stick ones which have tendency to resist change from an established running norm in company. These are as follows: • Overhaul of Infrastructure • Overhaul of Process • Overhaul of People However, once these are well in place, the transition is much smoother and better from existing norms running in company Our Aim is here to make these moving parts of organization to take in the view that changes in Security Compliance are for the better and it acts as a catalyst in organization growth as a whole. It doesn’t stifle its growth as it is commonly perceived. Bottom Line Objective:
  • 10. Compliance Challenges - Infrastructure Lack of Senior management buy-in, commitment and support • Create cost /benefit analysis charts which show investment and ROI • Jointly define and agree on value of IT infrastructure investment and its ROI. • Make proper business case to justify purchase and its benefit post deployment • Keep simple language free from jargon words Difficulty in getting required business participation • Highlight pain points and how they can be overcome by active involvement • Create forums for business participations Lack of insight with IT management • Put a robust procurement process in place with proper approvals • Establish Links with Finance and procurement process • Appoint relationship managers for better insight in IT management
  • 11. Compliance Challenges - Process High level of complexity hinderance to bring a change • Break down a complex task into simple modular bits • Do a phase-wise implementation of improved process • Remove duplicate processes and enable stepwise milestone completion Inability to gain support for improvements • Brainstorming sessions with stakeholders to get 360 degree process flow view • Use jargon free language and present in simple step-wise manner • Establish proper change enablement strategy and communication plan Cost of improvements outweighing perceived benefits • Bring in standardized processes for easier rollout • Establish frameworks for long term gain for process efficiency • Prioritize processes based on ready benefits and ease of implementation for quick wins
  • 12. Compliance Challenges - People Lack of required skill set and competencies • Develop, train, coach the champions first • Use champions as agents of change nurturing them as mentors • Cross train in various departments each other Overcoming the barrier for Resistance to change • Awareness trainings with proper rewards mechanisms • Selecting champions as agents of change to bring gradual change in system • Follow-up on pre-decided milestones • Focused awareness trainings on addressing pain points Lack of trust and good relationship with management • Identify risks and benefits to be gained w.r.t. proposed improvements • Establish formal process for accountability in decision making • Focus on business interfaces and service mentality • Foster open and transparent communication about performance • Formalize roles and responsibilities among business units with clear segregation of duties
  • 14. Case Study: When client asks you for PT 
  • 15. THANK YOU !! - Manasdeephttp://reflect-infosec.blogspot.in/ https://twitter.com/manasdeep https://in.linkedin.com/in/manasdeep

Editor's Notes

  1. https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/ https://arstechnica.com/gadgets/2018/01/heres-how-and-why-the-spectre-and-meltdown-patches-will-hurt-performance/
  2. https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168