By Dhananjay Rokde, CISO, Cox & Kings Group
Dhananjay has an enhanced ability at managing global information security programs for large enterprises, with experience of Governance Risk & Compliance (GRC) unification & implementation programmes.
He has received the ‘Top 100 CISO Award’, ‘Future CIO Award’ and the ‘CIO Masters Award for excellence in Information Security’.
He is presently in-charge of the overall information & infrastructure security operations, risk management and compliance of the entire group.
He also has an advanced diploma in IT Cyber Laws & Data Privacy from the Asian School of Cyber Laws.
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Build Business Case for Hotel Digital Security
1. In association with Presented by Supported by
BUILD A BUSINESS CASE –
GET THE MANAGEMENT'S ATTENTION
Dhananjay Rokde, CISO, Cox & Kings Group
SEPT 19, 2014 Hotel Digital Security Seminar
2. Presented by
In association with
Supported by
Dhananjay Rokde
Dhananjay has an enhanced ability at
managing global information security
programs for large enterprises, with
experience of Governance Risk &
Compliance (GRC) unification &
implementation programmes.
He has received the ‘Top 100 CISO
Award’, ‘Future CIO Award’ and the ‘CIO
Masters Award for excellence in
Information Security’.
He is presently in-charge of the overall
information & infrastructure security
operations, risk management and
compliance of the entire group.
He also has an advanced diploma in IT
Cyber Laws & Data Privacy from the
Asian School of Cyber Laws.
By X Events Hospitality (www.x-events.in)
2
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
3. Presented by
In association with
Supported by
Agenda
By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
3
¨ Establishing ‘measurable’ expectations
¨ Always promise value – not ROI
¨ Strategize in advance – don’t wait
¨ Train, educate and continuous awareness
¨ Implement established standards
¨ Reporting
¨ Further reading
4. Establishing ‘measurable’ expectations
Presented by
In association with
Supported by
By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
4
¨ Establish a clear ‘written’ agreement on the organizations ‘acceptable risk
criteria’ (ARC)
¤ Regularly audit, assess, modify and sign-off on this criteria
¨ Define constraints within the ARC for
¤ Confidentiality
¤ Integrity
¤ Availability
¨ Mark boundaries for the asset classification
¤ Data classification
¤ People, Process & Technology
¨ Clearly imply that there will NO ‘negotiations’ on statutory compliance & local
laws
¨ Have clearly defined exceptions and exclusions.
5. Presented by
In association with
Supported by
Always promise value – not ROI
By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
5
¨ It is NOT possible to justify all security
investments!
¤ They are not your average CapEx or OpEx items
¤ ROI is derived over (very) long periods of time
¤ Standard depreciation, asset valuation does not
apply to these investments
¨ REMEMBER – Its always about what we have
to ‘loose’, than gain.
6. Presented by
In association with
Supported by
Strategize in advance – don’t wait
By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
6
¨ Have a long term information security vision and mission
¨ It is good to define at least a 5 year roadmap with distinct milestones
¤ There should be a ‘measurable’ increase in the security posture after every
milestone
¤ This should typically be done along with the understanding and agreement
of the CxO layer
¤ The business strategy and security strategy should go hand-in-hand
¨ Leave room for contingencies. There will be some.
¨ Have a focussed continuous improvement plan
¨ REMEMBER – your security strategy is NOT a project plan
7. Presented by
In association with
Supported by
Implement established standards
By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
7
¨ Agree with the management on
implementing global best practices
¤ ISMS – ISO 27001
¤ Application Security – OWASP & SAMM
¤ Risk Management– ISO 31000
¤ BCP – ISO 25999
8. Presented by
In association with
Supported by
Reporting
By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
8
¨ Basic
¤ Risk reviews
¤ Impact Assessments
¤ Corrective action plans
¨ Advanced
¤ Global risk heat maps
¤ Balanced score cards
9. Presented by
In association with
Supported by
Further reading
By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
9
¨ The 5 R’s of building an Information Security business case
¤ http://www.csoonline.com/article/2124269/metrics-budgets/the-five-
rs--building-a-business-case-for-information-security.html
¨ The business model for information security
¤ http://www.isaca.org/Knowledge-Center/Research/Documents/
Introduction-to-the-Business-Model-for-Information-
Security_res_Eng_0109.pdf
¨ OWASP
¤ www.owasp.org
¨ SAMM
¤ www.samm.org
10. Presented by
In association with
Supported by
By X Events Hospitality 10 Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
11. Presented by
In association with
Supported by
About us
HATT is India's young and premium
community for CXOs from the
Hospitality, Healthcare, Aviation, Travel
and Tourism industries.
o With over 1,000 members across
India, we are now poised to expand
globally with a presence in South East
Asia and the Middle East by 2016.
www.hattforum.com
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
11
X Events manages & supports events
exclusively for the hospitality & travel
industries.
o Our USP is that we are hoteliers
by training. We focus on the two
most important aspects of an
event; content quality and impact.
o We do it because we believe in it.
www.x-events.in
By X Events Hospitality (www.x-events.in)
FB/hattforum
12. Presented by
In association with
Supported by
Our host – Brian Pereira
Brian is a veteran technology
journalist with two decades of
experience. He has served as
editor for two magazines: CHIP
and InformationWeek India.
He is a respected speaker & host
at conferences worldwide.
In his current role at Hannover
Milano Fairs India, Brian serves
as project head for CeBIT
Global Conferences,
the world's largest ICT fair that
will debut in India this November,
in Bangalore.
By X Events Hospitality (www.x-events.in)
12
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
13. Presented by
In association with
Supported by
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
13
Five expert speakers
1. Latest threats in digital security (Worms, attacks, viruses, flaws) - Santosh Satam,
CEO, SecurBay Services.
2. The immediate action needed to tighten up (Priority list, cost, internal policies)
- Ambarish Deshpande, MD - India & SAARC, Blue Coat
3. Information loss prevention (Principles & practices) - Geet Lulla, VP - India & ME,
Seclore
4. How to build a business case & get the management's attention - Dhananjay
Rokde, CISO, Cox & Kings Group.
5. Global cyber security outlook - A. K. Viswanathan, Senior Director - Enterprise Risk
Services, Deloitte India.
By X Events Hospitality (www.x-events.in)
The seminar schedule
14. Presented by
In association with
Supported by
Our sponsors & supporters
By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
14
Thank You
15. In association with Presented by Supported by
HOTEL DIGITAL SECURITY SEMINAR
SEPT 19, 2014 www.x-events.in