Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Inclusion & Empowerment:
How Participation and
Awareness Influence
Security


      Daniel J Blander, CISM,CISSP
[ agenda ]
[ challenges ]

[ why ]

[ emerging strategies ]
[ challenges ]

Management buy-in
User Participation
[ challenges ]

How consistent is your security posture?
Is it integrated in to your organization’s
goals?
[ challenges ]
But I have tried!
[ why ]
Company & Stakeholder awareness of risk
  •   “Its never happened to us before”


Stakeholder Focus: Profit, Cost,...
[ why ]
CIO = Chief IT Officer

Security is Only for Computers
[ why ]
Self Inflicted Wounds
    Techno-babble
                                         F.U.D.
•

•   Fear mongering – FU...
[ change ]
Create a shared Governance Function


                    HR
       Finance               Sales


             ...
[ change ]
Security as “Business Risk Management”

•   Security is a process inside The Company
•   People, Processes, Inf...
[ change ]
Use security to enhance business

Give back to the business

Focus on:
• Efficiency & Effectiveness
• Availabil...
[ change ]
   Promote a security as a cultural and
    behavioral change.
   Focus on changing long term patterns and
  ...
[ change ]
How do you lead to achieve this?
•   Have a New Attitude
    •   NO FUD

•   Put your business hat on!
    •   ...
[ change: sources ]
Upcoming SlideShare
Loading in …5
×

Inclusion And Empowerment

303 views

Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

Inclusion And Empowerment

  1. 1. Inclusion & Empowerment: How Participation and Awareness Influence Security Daniel J Blander, CISM,CISSP
  2. 2. [ agenda ] [ challenges ] [ why ] [ emerging strategies ]
  3. 3. [ challenges ] Management buy-in User Participation
  4. 4. [ challenges ] How consistent is your security posture? Is it integrated in to your organization’s goals?
  5. 5. [ challenges ] But I have tried!
  6. 6. [ why ] Company & Stakeholder awareness of risk • “Its never happened to us before” Stakeholder Focus: Profit, Cost, Opportunity
  7. 7. [ why ] CIO = Chief IT Officer Security is Only for Computers
  8. 8. [ why ] Self Inflicted Wounds Techno-babble F.U.D. • • Fear mongering – FUD & Hype Security is a Cost Center • Security does not generate revenue • Security is restrictive
  9. 9. [ change ] Create a shared Governance Function HR Finance Sales Security IT Steering Legal Committee
  10. 10. [ change ] Security as “Business Risk Management” • Security is a process inside The Company • People, Processes, Information • Participate in the Business Chief Risk Officer Physical Information Legal Security & IT Security
  11. 11. [ change ] Use security to enhance business Give back to the business Focus on: • Efficiency & Effectiveness • Availability ITIL: Process Improvement, Predictability
  12. 12. [ change ]  Promote a security as a cultural and behavioral change.  Focus on changing long term patterns and attitudes about security.  Focus on security enabling people, not as restricting rules.  Make security something everyone can understand and act on.  Show how security applies to all parts of life - at work and home.
  13. 13. [ change ] How do you lead to achieve this? • Have a New Attitude • NO FUD • Put your business hat on! • Think of good business practices that reflect security • Think of business opportunities • Be a Team Player - Include everyone on the team
  14. 14. [ change: sources ]

×