Submit Search
Upload
Cyber security framework
•
0 likes
•
483 views
Yann Lecourt
Follow
Building on 3 years of research interviews.
Read less
Read more
Software
Report
Share
Report
Share
1 of 14
Download now
Download to read offline
Recommended
Finding a strategic voice
Finding a strategic voice
IBM India Smarter Computing
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
From checkboxes to frameworks
From checkboxes to frameworks
Andréanne Clarke
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
Priyanka Aash
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
Tripwire
Claranetpresentation
Claranetpresentation
des.ward
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaper
rickkaun
Recommended
Finding a strategic voice
Finding a strategic voice
IBM India Smarter Computing
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
From checkboxes to frameworks
From checkboxes to frameworks
Andréanne Clarke
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
Priyanka Aash
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
Tripwire
Claranetpresentation
Claranetpresentation
des.ward
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaper
rickkaun
StateOfSecOps - Final - Published
StateOfSecOps - Final - Published
James Blake
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
FERMA
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10
David X Martin
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Ben Browning
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
ShareDocView.com
Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)
Maurice Dawson
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
Building an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
EMC
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
Fortifying for the future: Insights from the 2014 IBM Chief Information Secur...
Fortifying for the future: Insights from the 2014 IBM Chief Information Secur...
IBM Center for Applied Insights
Cyber Security Infographic
Cyber Security Infographic
Booz Allen Hamilton
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
The Economist Media Businesses
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
Christine Maligec, CRM-E, CRIS
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
Ciso organizational priorities to build a resilient bimodal it
Ciso organizational priorities to build a resilient bimodal it
Chandra Sekhar Tondepu
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
poore120
The meaning of security in the 21st century
The meaning of security in the 21st century
The Economist Media Businesses
Linked in misti_rs_1.0
Linked in misti_rs_1.0
Vincent Toms
CISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programs
CISOSHARE
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
Cisco Mobility
More Related Content
What's hot
StateOfSecOps - Final - Published
StateOfSecOps - Final - Published
James Blake
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
FERMA
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10
David X Martin
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Ben Browning
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
ShareDocView.com
Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)
Maurice Dawson
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
Building an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
EMC
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
Fortifying for the future: Insights from the 2014 IBM Chief Information Secur...
Fortifying for the future: Insights from the 2014 IBM Chief Information Secur...
IBM Center for Applied Insights
Cyber Security Infographic
Cyber Security Infographic
Booz Allen Hamilton
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
The Economist Media Businesses
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
Christine Maligec, CRM-E, CRIS
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
Ciso organizational priorities to build a resilient bimodal it
Ciso organizational priorities to build a resilient bimodal it
Chandra Sekhar Tondepu
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
poore120
The meaning of security in the 21st century
The meaning of security in the 21st century
The Economist Media Businesses
Linked in misti_rs_1.0
Linked in misti_rs_1.0
Vincent Toms
What's hot
(19)
StateOfSecOps - Final - Published
StateOfSecOps - Final - Published
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
Building an effective Information Security Roadmap
Building an effective Information Security Roadmap
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Fortifying for the future: Insights from the 2014 IBM Chief Information Secur...
Fortifying for the future: Insights from the 2014 IBM Chief Information Secur...
Cyber Security Infographic
Cyber Security Infographic
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Ciso organizational priorities to build a resilient bimodal it
Ciso organizational priorities to build a resilient bimodal it
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
The meaning of security in the 21st century
The meaning of security in the 21st century
Linked in misti_rs_1.0
Linked in misti_rs_1.0
Similar to Cyber security framework
CISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programs
CISOSHARE
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
Cisco Mobility
Deliver the ‘Right’ Customer Experience without Compromising Data Security
Deliver the ‘Right’ Customer Experience without Compromising Data Security
SPLICE Software
Cyber Security Governance
Cyber Security Governance
Priyanka Aash
New technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
savassociates1
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
Sanjay Chadha, CPA, CA
Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2
Security Executive Council
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
Karyl Scott
Strategic Cybersecurity
Strategic Cybersecurity
ScottMadden, Inc.
Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...
Laura Benitez
Does title make a difference?
Does title make a difference?
Pete Nieminen
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
Accounting_Whitepapers
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
Ayham Kochaji
The security risk management guide
The security risk management guide
Sergey Erohin
The security risk management guide
The security risk management guide
Sergey Erohin
Five principles for improving your cyber security
Five principles for improving your cyber security
WGroup
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
Enterprise Management Associates
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Enterprise Management Associates
Similar to Cyber security framework
(20)
CISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programs
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
Deliver the ‘Right’ Customer Experience without Compromising Data Security
Deliver the ‘Right’ Customer Experience without Compromising Data Security
Cyber Security Governance
Cyber Security Governance
New technologies - Amer Haza'a
New technologies - Amer Haza'a
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
Strategic Cybersecurity
Strategic Cybersecurity
Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...
Does title make a difference?
Does title make a difference?
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
The security risk management guide
The security risk management guide
The security risk management guide
The security risk management guide
Five principles for improving your cyber security
Five principles for improving your cyber security
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
More from Yann Lecourt
Blockchain singularities
Blockchain singularities
Yann Lecourt
The cognitive advantage
The cognitive advantage
Yann Lecourt
Ibm watson analytics for social media
Ibm watson analytics for social media
Yann Lecourt
Deliver on your innovation goals with ibm bluemix
Deliver on your innovation goals with ibm bluemix
Yann Lecourt
What's new in ibm notes and ibm domino v1
What's new in ibm notes and ibm domino v1
Yann Lecourt
Cognitive business
Cognitive business
Yann Lecourt
Becoming an insight driven organization
Becoming an insight driven organization
Yann Lecourt
Cmo survey - deloitte
Cmo survey - deloitte
Yann Lecourt
Windows shell integration advanced
Windows shell integration advanced
Yann Lecourt
Analytics trends 2016 the next evolution
Analytics trends 2016 the next evolution
Yann Lecourt
Analytics cybersecurity-predictions-2016
Analytics cybersecurity-predictions-2016
Yann Lecourt
Cognitive computing insurance
Cognitive computing insurance
Yann Lecourt
Data science capabilities
Data science capabilities
Yann Lecourt
Ibm energy
Ibm energy
Yann Lecourt
Capturing hearts mind and markets
Capturing hearts mind and markets
Yann Lecourt
Your cognitive future insurances
Your cognitive future insurances
Yann Lecourt
More from Yann Lecourt
(16)
Blockchain singularities
Blockchain singularities
The cognitive advantage
The cognitive advantage
Ibm watson analytics for social media
Ibm watson analytics for social media
Deliver on your innovation goals with ibm bluemix
Deliver on your innovation goals with ibm bluemix
What's new in ibm notes and ibm domino v1
What's new in ibm notes and ibm domino v1
Cognitive business
Cognitive business
Becoming an insight driven organization
Becoming an insight driven organization
Cmo survey - deloitte
Cmo survey - deloitte
Windows shell integration advanced
Windows shell integration advanced
Analytics trends 2016 the next evolution
Analytics trends 2016 the next evolution
Analytics cybersecurity-predictions-2016
Analytics cybersecurity-predictions-2016
Cognitive computing insurance
Cognitive computing insurance
Data science capabilities
Data science capabilities
Ibm energy
Ibm energy
Capturing hearts mind and markets
Capturing hearts mind and markets
Your cognitive future insurances
Your cognitive future insurances
Recently uploaded
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
nada99848
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
Hanief Utama
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
stazi3110
EY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
Neo4j
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
VICTOR MAESTRE RAMIREZ
Professional Resume Template for Software Developers
Professional Resume Template for Software Developers
Vinodh Ram
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Ahmed Mohamed
MYjobs Presentation Django-based project
MYjobs Presentation Django-based project
AnoyGreter
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
Tier1 app
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
BradBedford3
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
AxelRicardoTrocheRiq
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
VICTOR MAESTRE RAMIREZ
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
MyIntelliSource, Inc.
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
Christina Lin
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
Dinusha Kumarasiri
Asset Management Software - Infographic
Asset Management Software - Infographic
Hr365.us smith
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
StefanoLambiase
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
gurkirankumar98700
Recently uploaded
(20)
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
EY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
Professional Resume Template for Software Developers
Professional Resume Template for Software Developers
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
MYjobs Presentation Django-based project
MYjobs Presentation Django-based project
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
Asset Management Software - Infographic
Asset Management Software - Infographic
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
Cyber security framework
1.
© 2015 IBM
Corporation From checkboxes to frameworks CISO insights on moving from compliance to risk-based cybersecurity programs October 2015
2.
© 2015 IBM
Corporation The CISO Assessments have chronicled critical and emerging issues for security leaders while also identifying leading practices to pursue 2 2012 2013 2014 Finding a strategic voice A new standard for security leaders Fortifying for the future Established three archetypes for security leaders – the Responder, the Protector, and the Influencer – and explored their characteristics. Identified practical steps for security leaders to reach the position of Influencer – through business practices, technology, and measurement. Sought to define the next stage in the evolution of security leadership in order to provide recommendations for the future.
3.
© 2015 IBM
Corporation About this report This IBM Center for Applied Insights report is based on “Identifying How Firms Manage Cybersecurity Investment,” an IBM-sponsored study by the Darwin Deason Institute for Cyber Security, part of the Lyle School of Engineering at Southern Methodist University in Dallas, Texas. In-depth interviews were conducted in a semi-structured approach to explore top cybersecurity risks, how risks are determined, organizational support for cybersecurity initiatives and how investments are prioritized. In 2015, we took a closer look at how CISOs develop cybersecurity strategy and prioritize security investments • Cybersecurity risk is a top C-suite priority with funding for security efforts growing to reflect the gravity of the challenge • Historically, cybersecurity investment decisions were commonly based on the “checkbox” approach to meet compliance requirements • Security leaders are now transforming their programs to be risk-based by using customized frameworks to determine risks and prioritize security investments Security leaders interviewed by industry
4.
© 2015 IBM
Corporation Focusing on the “strategic” How do I transform a compliance-based security program into one focused on risk? Top challenges facing CISOs in transforming to a risk-based program Communicating priorities How can I best communicate risk to top management and manage expectations? Making cybersecurity strategy consumable Do I have the skills, resources and tools to implement the right controls for success?
5.
© 2015 IBM
Corporation CISOs are increasingly turning to frameworks as the strategic tool of choice to assess risk and prioritize threats Key elements of a cybersecurity program: Consider business priorities, assets, processes Document formal cybersecurity strategy, objectives and goals Evaluate and prioritize gaps in current vs desired state across risk management controls Build a plan to address, monitor and reassess the prioritized control gaps Define formal framework of risk management controls
6.
© 2015 IBM
Corporation Frameworks, past attacks on firms, and industry best practices rank as the top cybersecurity prioritization approaches to risk management
7.
© 2015 IBM
Corporation Customized frameworks help to move beyond compliance to risk- based strategy “Security has to have a basis to argue its point of view in a compelling story with some thought behind it, rather than ‘I want to get these things because it’s the next cool security thing that’s out there’.” -‐-‐ CISO, Retail • Traditional focus on security compliance doesn’t ensure organizations are best prepared for potential security breaches • Frameworks provide a better basis for risk assessment to thoroughly and consistently assess security challenges and determine gaps • Companies developing their own cyber-risk frameworks are more likely to have a deeper understanding of the real risks to their organizations
8.
© 2015 IBM
Corporation Frameworks help increase collaboration with the C-suite to communicate priorities • Frameworks are an effective communication tool for CISOs to relay cybersecurity strategy to upper management for buy-in • 85% of CISOs reported that upper-management support for cybersecurity efforts has increased • 88% of CISOs reported that their security budgets have increased • 25% of CISOs surveyed who thought they were spending appropriately also used frameworks as a strategic tool “Senior leadership is looking for me to articulate what the security strategy is in words, in projects, and in dollars that make sense to them.” -‐-‐ CISO, Retail
9.
© 2015 IBM
Corporation Frameworks provide guidance to move from cybersecurity strategy to implementation “The key is the ability to develop a new skill set where people can adapt to changing environments versus teaching state-‐of-‐the-‐ art routines in cybersecurity.” -‐-‐ Associate Professor of Managed Information Security, United States • Perceived “risk reduction” and “compliance” still top the list to ensure that baseline security objectives are met • The talent shortage has led many CISOs to look externally to supplement skills and resources • CISOs rely on peer networks, third-party information and third-party threat intelligence data
10.
© 2015 IBM
Corporation To combat the talent shortage, security leaders and academic institutions can take a collaborative approach to skills development • Train students to be facilitators between technology and business by integrating business components into technical curriculum and vice versa • Create holistic curriculum that mimics real-world conditions and the challenges of security leaders • Produce versatile experts who use predictive and behavioral analytics to understand and stay ahead of attacks “Cybersecurity has evolved, and the education has evolved correspondingly. It’s moved from being primarily technical and hands-‐on to incorporating more management, leadership and policy.” -‐-‐ Director, Managed Security Information Program, United States Source: Shaping security problem solvers: Academic insights to fortify for the future, IBM Center for Applied Insights, 2015
11.
© 2015 IBM
Corporation While compliance continues to be a big focus, frameworks are helping to drive investments in risk reduction
12.
© 2015 IBM
Corporation Key takeaways for developing risk-based cybersecurity programs Move beyond compliance to risk- based strategy Customize frameworks to enable strategic assessment of the real risks to the organization, highlighting cybersecurity priorities. Increase collaboration with the C-Suite Use frameworks as an effective communications tool to relay cybersecurity strategy in a more consumable way to stakeholders for buy-in. Apply framework- driven cybersecurity insights Engage the right skills, third- party intelligence and industry best practices to implement the guidance derived from frameworks.
13.
© 2015 IBM
Corporation
14.
© 2015 IBM
Corporation14 © Copyright IBM Corporation 2015 IBM Corporation New Orchard Road Armonk, NY 10504 Produced in the United States of America December 2014 IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. Other product, company or service names may be trademarks or service marks of others. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The findings described in this report are not to be construed as an endorsement by the Darwin Deason Institute for Cyber Security at SMU. The Darwin Deason Institute for Cyber Security neither agrees nor disagrees with the opinions provided in this report.
Download now