SlideShare a Scribd company logo

Getting down to business with security

Download as PPT, PDF
Gerhard de Klerk
Gerhard de Klerk

Getting down to business with security by Kris Budnik

Software
1 of 18
Getting down to business with security Kris Budnik SLVA Information Security @SLVA_Security
Buy-in …signifiesthecommitmentof interested or affected partiesto adecision (often called stakeholders) to 'buy into' thedecision, that is, to agreeto giveit support, often by having been involved in itsformulation.
Why do you need it? • To get theresourcesyou need • To ensureyour initiatives“stick” • To ensureenterprise-widecooperation • To get thingsdonequickly • To remain relevant
It’s a crowded space… Many arecompeting for attention… • Innovation • Marketing & Digital • Lineof business • Projects • HR & Change • Audit & Risk
Why don’t they pay attention? Trigger Peak of expectations Trough of disillusionment Ravine of demise Valley of oblivion Plateau of productivity
The things we do… • Focuson thesubject abovecontext • Respond to security trendsinstead of fundamentals • Loseperspective • Becomean obstacle • Fulfil thewrong role • Taketoo many shortcuts
We have too many resources at our disposal… • COBIT • ITIL • ISO 2700x • SANSTop 20 • OWASP • CIS/NIST
The trouble is… • Too broad, resourceintensive • Idealistic • Driveacompliancemindset • Makeuslazy • Put together by acommitteewho arepassionate about their subject “You cannot answer aquestion about aproblem outsideof itscontext”
An alternate approach “…get to ashared understanding of aproblem before attempting to solveit” • Corporatestrategy (thefuture) • Businesspriorities(thepresent) • Addressrisks& opportunities • Measure& reassure
Corporate strategy • Gain insight on thefutureof thebusiness • Identify thosewho know • Keep an ear to theground • Review annual reports • Test your assumptions • Structureyour security programmeto support realisation of objectives
Get “on board” “ The bo ard and each individual directo r sho uld have a wo rking understanding o f the effect o f the applicable laws, rules, co des and standards o n the co mpany and its business” Usetraining and awarenessasan excuse to get air time…
Business priorities • Build relationships • Shareobjectives • Seek advice • Understand constraints
Tap into & avoid our biases • Confirmation bias • Neglecting probability • Observational selection • Status-quo bias • Bandwagon effect • Projection bias • Current moment bias
Focus on risks & opportunities • Adopt asolution oriented approach • Practicesaying “Yes!”
Keep it simple • Do alittlewell, rather than alot badly • Accesscontrol • Leak management • Patch & vulnerability state • Malwarecontrol
Measure and provide assurance • Report against drivers - Risk - Compliance - Strategic context Operational status • Avoid statistics • Show trends& improvements
Report what matters • Coverage • Effectiveness • Adherence • Competence • Exposure • Resilience
Thank you Questions?

Recommended

Val Jonas APM RISK MANAGEMENT SIG CONFERENCE
Val Jonas APM RISK MANAGEMENT SIG CONFERENCE Val Jonas APM RISK MANAGEMENT SIG CONFERENCE
Val Jonas APM RISK MANAGEMENT SIG CONFERENCE Association for Project Management
 
Swedish Sources of Financial Capital
Swedish Sources of Financial CapitalSwedish Sources of Financial Capital
Swedish Sources of Financial CapitalClaire Ingram Bogusz
 
Business Oriented risk assessment methodology iag
Business Oriented risk assessment methodology iagBusiness Oriented risk assessment methodology iag
Business Oriented risk assessment methodology iagBrian K. Seitz
 
4x Your Business Presentation
4x Your Business Presentation4x Your Business Presentation
4x Your Business PresentationMolly Grubb
 
GEC 2017: Craig Mullett
GEC 2017: Craig MullettGEC 2017: Craig Mullett
GEC 2017: Craig MullettMark Marich
 
Innovation Quality Part 3 - Management Guidance Required
Innovation Quality Part 3 - Management Guidance RequiredInnovation Quality Part 3 - Management Guidance Required
Innovation Quality Part 3 - Management Guidance RequiredMarkus Henrich
 
Entreprenuerial Business Growth Seminar
Entreprenuerial Business Growth SeminarEntreprenuerial Business Growth Seminar
Entreprenuerial Business Growth SeminarGet2Volume
 
Crowdsourcing a Better Government
Crowdsourcing a Better Government Crowdsourcing a Better Government
Crowdsourcing a Better Government Crowdsourcing Week
 

Recommended

Val Jonas APM RISK MANAGEMENT SIG CONFERENCE
Val Jonas APM RISK MANAGEMENT SIG CONFERENCE Val Jonas APM RISK MANAGEMENT SIG CONFERENCE
Val Jonas APM RISK MANAGEMENT SIG CONFERENCE Association for Project Management
 
Swedish Sources of Financial Capital
Swedish Sources of Financial CapitalSwedish Sources of Financial Capital
Swedish Sources of Financial CapitalClaire Ingram Bogusz
 
Business Oriented risk assessment methodology iag
Business Oriented risk assessment methodology iagBusiness Oriented risk assessment methodology iag
Business Oriented risk assessment methodology iagBrian K. Seitz
 
4x Your Business Presentation
4x Your Business Presentation4x Your Business Presentation
4x Your Business PresentationMolly Grubb
 
GEC 2017: Craig Mullett
GEC 2017: Craig MullettGEC 2017: Craig Mullett
GEC 2017: Craig MullettMark Marich
 
Innovation Quality Part 3 - Management Guidance Required
Innovation Quality Part 3 - Management Guidance RequiredInnovation Quality Part 3 - Management Guidance Required
Innovation Quality Part 3 - Management Guidance RequiredMarkus Henrich
 
Entreprenuerial Business Growth Seminar
Entreprenuerial Business Growth SeminarEntreprenuerial Business Growth Seminar
Entreprenuerial Business Growth SeminarGet2Volume
 
Crowdsourcing a Better Government
Crowdsourcing a Better Government Crowdsourcing a Better Government
Crowdsourcing a Better Government Crowdsourcing Week
 
GEC 2017:
GEC 2017: GEC 2017:
GEC 2017: Mark Marich
 
Crowdsourcing to Counter Violent Extremism and Online Radicalization
Crowdsourcing to Counter Violent Extremism and Online Radicalization Crowdsourcing to Counter Violent Extremism and Online Radicalization
Crowdsourcing to Counter Violent Extremism and Online Radicalization Crowdsourcing Week
 
The future NGO is agile
The future NGO is agileThe future NGO is agile
The future NGO is agileMzN International
 
How to save an NGO
How to save an NGOHow to save an NGO
How to save an NGOMzN International
 
The future of non profit organisations
The future of non profit organisationsThe future of non profit organisations
The future of non profit organisationsMzN International
 
How to Fund my Organisation, Not Projects
How to Fund my Organisation, Not Projects How to Fund my Organisation, Not Projects
How to Fund my Organisation, Not ProjectsMzN International
 
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISIS
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISISBETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISIS
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISISMzN International
 
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATIONMzN International
 
The board’s role in risk: it’s all about minimising, right?
The board’s role in risk: it’s all about minimising, right?The board’s role in risk: it’s all about minimising, right?
The board’s role in risk: it’s all about minimising, right?NCVO - National Council for Voluntary Organisations
 
10 questions every proposal should answer
10 questions every proposal should answer10 questions every proposal should answer
10 questions every proposal should answerMzN International
 
Detecon Trend Radar
Detecon Trend RadarDetecon Trend Radar
Detecon Trend RadarJING LI
 
Digitization acceleration why it matter for institutional funding and grants...
Digitization acceleration why it matter for institutional funding and grants...Digitization acceleration why it matter for institutional funding and grants...
Digitization acceleration why it matter for institutional funding and grants...MzN International
 
10 questions every proposal should answer
10 questions every proposal should answer10 questions every proposal should answer
10 questions every proposal should answerMzN International
 
How to save an NGO
How to save an NGOHow to save an NGO
How to save an NGOMzN International
 
Evolve Law Summit
Evolve Law SummitEvolve Law Summit
Evolve Law SummitEvolve Law
 
Scifinsys Quotient™ Business Value
Scifinsys Quotient™ Business Value Scifinsys Quotient™ Business Value
Scifinsys Quotient™ Business Value Scifinsys
 
TCI 2013 Ten steps to cluster heaven
TCI 2013 Ten steps to cluster heavenTCI 2013 Ten steps to cluster heaven
TCI 2013 Ten steps to cluster heavenTCI Network
 
Non-profit mergers –why, how and what not to do!
Non-profit mergers –why, how and what not to do!Non-profit mergers –why, how and what not to do!
Non-profit mergers –why, how and what not to do!MzN International
 
State farm idea management
State farm idea managementState farm idea management
State farm idea managementSIKM
 
Venture capital & failure presentation by professor eli zelkha
Venture capital & failure presentation by professor eli zelkhaVenture capital & failure presentation by professor eli zelkha
Venture capital & failure presentation by professor eli zelkhaGraduate School of Policy and Management, Middlebury College
 
Oriola KD:n vuosikooste 2015
Oriola KD:n vuosikooste 2015Oriola KD:n vuosikooste 2015
Oriola KD:n vuosikooste 2015Oriola-KD Corporation
 
Oriola-KD:n yritysesite 2016
Oriola-KD:n yritysesite 2016Oriola-KD:n yritysesite 2016
Oriola-KD:n yritysesite 2016Oriola-KD Corporation
 

More Related Content

What's hot

Crowdsourcing to Counter Violent Extremism and Online Radicalization
Crowdsourcing to Counter Violent Extremism and Online Radicalization Crowdsourcing to Counter Violent Extremism and Online Radicalization
Crowdsourcing to Counter Violent Extremism and Online Radicalization Crowdsourcing Week
 
The future of non profit organisations
The future of non profit organisationsThe future of non profit organisations
The future of non profit organisationsMzN International
 
How to Fund my Organisation, Not Projects
How to Fund my Organisation, Not Projects How to Fund my Organisation, Not Projects
How to Fund my Organisation, Not ProjectsMzN International
 
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISIS
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISISBETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISIS
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISISMzN International
 
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATIONMzN International
 
10 questions every proposal should answer
10 questions every proposal should answer10 questions every proposal should answer
10 questions every proposal should answerMzN International
 
Detecon Trend Radar
Detecon Trend RadarDetecon Trend Radar
Detecon Trend RadarJING LI
 
Digitization acceleration why it matter for institutional funding and grants...
Digitization acceleration why it matter for institutional funding and grants...Digitization acceleration why it matter for institutional funding and grants...
Digitization acceleration why it matter for institutional funding and grants...MzN International
 
10 questions every proposal should answer
10 questions every proposal should answer10 questions every proposal should answer
10 questions every proposal should answerMzN International
 
Evolve Law Summit
Evolve Law SummitEvolve Law Summit
Evolve Law SummitEvolve Law
 
Scifinsys Quotient™ Business Value
Scifinsys Quotient™ Business Value Scifinsys Quotient™ Business Value
Scifinsys Quotient™ Business Value Scifinsys
 
TCI 2013 Ten steps to cluster heaven
TCI 2013 Ten steps to cluster heavenTCI 2013 Ten steps to cluster heaven
TCI 2013 Ten steps to cluster heavenTCI Network
 
Non-profit mergers –why, how and what not to do!
Non-profit mergers –why, how and what not to do!Non-profit mergers –why, how and what not to do!
Non-profit mergers –why, how and what not to do!MzN International
 
State farm idea management
State farm idea managementState farm idea management
State farm idea managementSIKM
 

What's hot (20)

GEC 2017:
GEC 2017: GEC 2017:
GEC 2017:
 
Crowdsourcing to Counter Violent Extremism and Online Radicalization
Crowdsourcing to Counter Violent Extremism and Online Radicalization Crowdsourcing to Counter Violent Extremism and Online Radicalization
Crowdsourcing to Counter Violent Extremism and Online Radicalization
 
The future NGO is agile
The future NGO is agileThe future NGO is agile
The future NGO is agile
 
How to save an NGO
How to save an NGOHow to save an NGO
How to save an NGO
 
The future of non profit organisations
The future of non profit organisationsThe future of non profit organisations
The future of non profit organisations
 
How to Fund my Organisation, Not Projects
How to Fund my Organisation, Not Projects How to Fund my Organisation, Not Projects
How to Fund my Organisation, Not Projects
 
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISIS
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISISBETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISIS
BETTER FUNDING MODELS THROUGH & BEYOND THE COVID-19 CRISIS
 
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION
5 PRIORITIES TO BUILD A BETTER POST-PANDEMIC ORGANISATION
 
The board’s role in risk: it’s all about minimising, right?
The board’s role in risk: it’s all about minimising, right?The board’s role in risk: it’s all about minimising, right?
The board’s role in risk: it’s all about minimising, right?
 
10 questions every proposal should answer
10 questions every proposal should answer10 questions every proposal should answer
10 questions every proposal should answer
 
Detecon Trend Radar
Detecon Trend RadarDetecon Trend Radar
Detecon Trend Radar
 
Digitization acceleration why it matter for institutional funding and grants...
Digitization acceleration why it matter for institutional funding and grants...Digitization acceleration why it matter for institutional funding and grants...
Digitization acceleration why it matter for institutional funding and grants...
 
10 questions every proposal should answer
10 questions every proposal should answer10 questions every proposal should answer
10 questions every proposal should answer
 
How to save an NGO
How to save an NGOHow to save an NGO
How to save an NGO
 
Evolve Law Summit
Evolve Law SummitEvolve Law Summit
Evolve Law Summit
 
Scifinsys Quotient™ Business Value
Scifinsys Quotient™ Business Value Scifinsys Quotient™ Business Value
Scifinsys Quotient™ Business Value
 
TCI 2013 Ten steps to cluster heaven
TCI 2013 Ten steps to cluster heavenTCI 2013 Ten steps to cluster heaven
TCI 2013 Ten steps to cluster heaven
 
Non-profit mergers –why, how and what not to do!
Non-profit mergers –why, how and what not to do!Non-profit mergers –why, how and what not to do!
Non-profit mergers –why, how and what not to do!
 
State farm idea management
State farm idea managementState farm idea management
State farm idea management
 
Venture capital & failure presentation by professor eli zelkha
Venture capital & failure presentation by professor eli zelkhaVenture capital & failure presentation by professor eli zelkha
Venture capital & failure presentation by professor eli zelkha
 

Viewers also liked

WISE - Water Information System of Europe - Ground Truth - European Rivers
WISE - Water Information System of Europe - Ground Truth - European RiversWISE - Water Information System of Europe - Ground Truth - European Rivers
WISE - Water Information System of Europe - Ground Truth - European RiversWalter Simonazzi
 
Carnegie Healthcare Seminar 12 March 2015
Carnegie Healthcare Seminar 12 March 2015Carnegie Healthcare Seminar 12 March 2015
Carnegie Healthcare Seminar 12 March 2015Oriola-KD Corporation
 
Presentation: Sale of Oriola-KD Russian operations 8 December 2014
Presentation: Sale of Oriola-KD Russian operations 8 December 2014Presentation: Sale of Oriola-KD Russian operations 8 December 2014
Presentation: Sale of Oriola-KD Russian operations 8 December 2014Oriola-KD Corporation
 
Presentation Oriola-KD’s Financial Statements for 2014
Presentation Oriola-KD’s Financial Statements for 2014Presentation Oriola-KD’s Financial Statements for 2014
Presentation Oriola-KD’s Financial Statements for 2014Oriola-KD Corporation
 
Tokh 13 04-06 chloorkop waste-to-energy presentation v04 final
Tokh 13 04-06 chloorkop waste-to-energy presentation v04 finalTokh 13 04-06 chloorkop waste-to-energy presentation v04 final
Tokh 13 04-06 chloorkop waste-to-energy presentation v04 finalGerhard de Klerk
 
Ozri 2013 Brisbane, Australia - Geodatabase Efficiencies
Ozri 2013 Brisbane, Australia - Geodatabase EfficienciesOzri 2013 Brisbane, Australia - Geodatabase Efficiencies
Ozri 2013 Brisbane, Australia - Geodatabase EfficienciesWalter Simonazzi
 

Viewers also liked (16)

Oriola KD:n vuosikooste 2015
Oriola KD:n vuosikooste 2015Oriola KD:n vuosikooste 2015
Oriola KD:n vuosikooste 2015
 
Oriola-KD:n yritysesite 2016
Oriola-KD:n yritysesite 2016Oriola-KD:n yritysesite 2016
Oriola-KD:n yritysesite 2016
 
WISE - Water Information System of Europe - Ground Truth - European Rivers
WISE - Water Information System of Europe - Ground Truth - European RiversWISE - Water Information System of Europe - Ground Truth - European Rivers
WISE - Water Information System of Europe - Ground Truth - European Rivers
 
Oriola-KD:n vuosikooste 2014
Oriola-KD:n vuosikooste 2014Oriola-KD:n vuosikooste 2014
Oriola-KD:n vuosikooste 2014
 
Resume
ResumeResume
Resume
 
Oriola-KD Annual review 2015
Oriola-KD Annual review 2015Oriola-KD Annual review 2015
Oriola-KD Annual review 2015
 
Carnegie Healthcare Seminar 12 March 2015
Carnegie Healthcare Seminar 12 March 2015Carnegie Healthcare Seminar 12 March 2015
Carnegie Healthcare Seminar 12 March 2015
 
Presentation: Sale of Oriola-KD Russian operations 8 December 2014
Presentation: Sale of Oriola-KD Russian operations 8 December 2014Presentation: Sale of Oriola-KD Russian operations 8 December 2014
Presentation: Sale of Oriola-KD Russian operations 8 December 2014
 
Oriola-KD Company Brochure 2016
Oriola-KD Company Brochure 2016Oriola-KD Company Brochure 2016
Oriola-KD Company Brochure 2016
 
Presentation Oriola-KD’s Financial Statements for 2014
Presentation Oriola-KD’s Financial Statements for 2014Presentation Oriola-KD’s Financial Statements for 2014
Presentation Oriola-KD’s Financial Statements for 2014
 
Oriola-KD Annual Review 2014
Oriola-KD Annual Review 2014Oriola-KD Annual Review 2014
Oriola-KD Annual Review 2014
 
Tokh 13 04-06 chloorkop waste-to-energy presentation v04 final
Tokh 13 04-06 chloorkop waste-to-energy presentation v04 finalTokh 13 04-06 chloorkop waste-to-energy presentation v04 final
Tokh 13 04-06 chloorkop waste-to-energy presentation v04 final
 
Investor presentation Result 2015
Investor presentation Result 2015Investor presentation Result 2015
Investor presentation Result 2015
 
Ozri 2013 Brisbane, Australia - Geodatabase Efficiencies
Ozri 2013 Brisbane, Australia - Geodatabase EfficienciesOzri 2013 Brisbane, Australia - Geodatabase Efficiencies
Ozri 2013 Brisbane, Australia - Geodatabase Efficiencies
 
History of GIS
History of GISHistory of GIS
History of GIS
 
Ju rnal kacang hijau
Ju rnal kacang hijauJu rnal kacang hijau
Ju rnal kacang hijau
 

Similar to Getting down to business with security

Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to GoResolver Inc.
 
Driving investment returns through talent
Driving investment returns through talentDriving investment returns through talent
Driving investment returns through talentjonfweber
 
SagaciousThink Overview
SagaciousThink OverviewSagaciousThink Overview
SagaciousThink OverviewLouAnn Conner
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Mobility Risk, Strategy and Policy
Mobility Risk, Strategy and PolicyMobility Risk, Strategy and Policy
Mobility Risk, Strategy and PolicyH Contrex
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
2010 BDPA Natl Tech Conf Presentation Turning A Business Crisis Into A Reve...
2010 BDPA Natl Tech Conf Presentation Turning A Business Crisis Into A Reve...2010 BDPA Natl Tech Conf Presentation Turning A Business Crisis Into A Reve...
2010 BDPA Natl Tech Conf Presentation Turning A Business Crisis Into A Reve...MJD Management Group
 
5 Steps to Creating an Ethical Work Culture
5 Steps to Creating an Ethical Work Culture5 Steps to Creating an Ethical Work Culture
5 Steps to Creating an Ethical Work CultureCase IQ
 
Risk assessment and compliance 151119
Risk assessment and compliance 151119Risk assessment and compliance 151119
Risk assessment and compliance 151119KAYODE ADEBIYI
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills CocktailDoreen Loeber
 
James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011Source Conference
 
Growing into your business smart company 7 august 2014
Growing into your business smart company 7 august 2014Growing into your business smart company 7 august 2014
Growing into your business smart company 7 august 2014Mike Sewell
 
H&A Company Profile
H&A Company ProfileH&A Company Profile
H&A Company Profileugagan
 
Big Data and Innovation
Big Data and InnovationBig Data and Innovation
Big Data and InnovationTAH Ltd
 
Lean startup 101 - Firmhouse
Lean startup 101 - FirmhouseLean startup 101 - Firmhouse
Lean startup 101 - FirmhouseFirmhouse
 
Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinarFERMA
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 

Similar to Getting down to business with security (20)

Belgina ism-v3 3
Belgina ism-v3 3Belgina ism-v3 3
Belgina ism-v3 3
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to Go
 
Driving investment returns through talent
Driving investment returns through talentDriving investment returns through talent
Driving investment returns through talent
 
SagaciousThink Overview
SagaciousThink OverviewSagaciousThink Overview
SagaciousThink Overview
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
Mobility Risk, Strategy and Policy
Mobility Risk, Strategy and PolicyMobility Risk, Strategy and Policy
Mobility Risk, Strategy and Policy
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
2010 BDPA Natl Tech Conf Presentation Turning A Business Crisis Into A Reve...
2010 BDPA Natl Tech Conf Presentation Turning A Business Crisis Into A Reve...2010 BDPA Natl Tech Conf Presentation Turning A Business Crisis Into A Reve...
2010 BDPA Natl Tech Conf Presentation Turning A Business Crisis Into A Reve...
 
5 Steps to Creating an Ethical Work Culture
5 Steps to Creating an Ethical Work Culture5 Steps to Creating an Ethical Work Culture
5 Steps to Creating an Ethical Work Culture
 
Risk assessment and compliance 151119
Risk assessment and compliance 151119Risk assessment and compliance 151119
Risk assessment and compliance 151119
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills Cocktail
 
CISO's first 100 days
CISO's first 100 daysCISO's first 100 days
CISO's first 100 days
 
James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011
 
Growing into your business smart company 7 august 2014
Growing into your business smart company 7 august 2014Growing into your business smart company 7 august 2014
Growing into your business smart company 7 august 2014
 
H&A Company Profile
H&A Company ProfileH&A Company Profile
H&A Company Profile
 
Big Data and Innovation
Big Data and InnovationBig Data and Innovation
Big Data and Innovation
 
Lean startup 101 - Firmhouse
Lean startup 101 - FirmhouseLean startup 101 - Firmhouse
Lean startup 101 - Firmhouse
 
Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinar
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 

Recently uploaded

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 

Recently uploaded (20)

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 

Getting down to business with security

  • 1. Getting down to business with security Kris Budnik SLVA Information Security @SLVA_Security
  • 2. Buy-in …signifiesthecommitmentof interested or affected partiesto adecision (often called stakeholders) to 'buy into' thedecision, that is, to agreeto giveit support, often by having been involved in itsformulation.
  • 3. Why do you need it? • To get theresourcesyou need • To ensureyour initiatives“stick” • To ensureenterprise-widecooperation • To get thingsdonequickly • To remain relevant
  • 4. It’s a crowded space… Many arecompeting for attention… • Innovation • Marketing & Digital • Lineof business • Projects • HR & Change • Audit & Risk
  • 5. Why don’t they pay attention? Trigger Peak of expectations Trough of disillusionment Ravine of demise Valley of oblivion Plateau of productivity
  • 6. The things we do… • Focuson thesubject abovecontext • Respond to security trendsinstead of fundamentals • Loseperspective • Becomean obstacle • Fulfil thewrong role • Taketoo many shortcuts
  • 7. We have too many resources at our disposal… • COBIT • ITIL • ISO 2700x • SANSTop 20 • OWASP • CIS/NIST
  • 8. The trouble is… • Too broad, resourceintensive • Idealistic • Driveacompliancemindset • Makeuslazy • Put together by acommitteewho arepassionate about their subject “You cannot answer aquestion about aproblem outsideof itscontext”
  • 9. An alternate approach “…get to ashared understanding of aproblem before attempting to solveit” • Corporatestrategy (thefuture) • Businesspriorities(thepresent) • Addressrisks& opportunities • Measure& reassure
  • 10. Corporate strategy • Gain insight on thefutureof thebusiness • Identify thosewho know • Keep an ear to theground • Review annual reports • Test your assumptions • Structureyour security programmeto support realisation of objectives
  • 11. Get “on board” “ The bo ard and each individual directo r sho uld have a wo rking understanding o f the effect o f the applicable laws, rules, co des and standards o n the co mpany and its business” Usetraining and awarenessasan excuse to get air time…
  • 12. Business priorities • Build relationships • Shareobjectives • Seek advice • Understand constraints
  • 13. Tap into & avoid our biases • Confirmation bias • Neglecting probability • Observational selection • Status-quo bias • Bandwagon effect • Projection bias • Current moment bias
  • 14. Focus on risks & opportunities • Adopt asolution oriented approach • Practicesaying “Yes!”
  • 15. Keep it simple • Do alittlewell, rather than alot badly • Accesscontrol • Leak management • Patch & vulnerability state • Malwarecontrol
  • 16. Measure and provide assurance • Report against drivers - Risk - Compliance - Strategic context Operational status • Avoid statistics • Show trends& improvements
  • 17. Report what matters • Coverage • Effectiveness • Adherence • Competence • Exposure • Resilience

Editor's Notes

  1. Those annoying glitches in our thinking that cause us to make questionable decisions and reach erroneous conclusions. Some help us process information more efficiently, especially in dangerous situations but they may also lead us to make grave mistakes. Confirmation bias - We love to agree with people who agree with us while at the same time ignoring or dismissing opinions — no matter how valid — that threaten our world view Neglecting probability - leads us to overstate the risks of relatively harmless activities, while forcing us to overrate more dangerous ones Observational selection - the effect of suddenly noticing things we didn't notice that much before — but we wrongly assume that the frequency has increased. Status-quo bias - which often leads us to make choices that guarantee that things remain the same, or change as little as possible Bandwagon effect - though we're often unconscious of it, we love to go with the flow… Projection bias - we tend to believe that people not only think like us, but that they also agree with us. It's a bias where we overestimate how typical and normal we are, and assume that a consensus exists on matters when there may be none. Current moment bias - most of us would rather experience pleasure in the current moment, while leaving the pain for later…