CISM IS Leadership Presentation

528 views

Published on

Edited version of internal presentation on security risk management efforts.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
528
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CISM IS Leadership Presentation

  1. 1. Helping Leaders Make Informed Decisions IS LEADERSHIP PRESENTATION
  2. 2. Agenda Review of CISM Background Analysis Lifecycle Current Analysis Products Upcoming Products
  3. 3. CISM Background
  4. 4. Skill Sets Over 50 years of domain expertise CIS/IA PhD, MBA, MSIM 20+ domain certifications Average 30+ hours a month of outside outreach and training
  5. 5. Analysis Lifecycle Acquisition Storage and Processing Analysis Reporting
  6. 6. Acquisition Threat Intelligence ◦ REN-ISAC ◦ NH-ISAC ◦ VCDB ◦ Subscription Services ◦ Private Sources Internal Data Sources ◦ Orchestrate ◦ Security Logs ◦ Nessus ◦ Interviews
  7. 7. Storage and Processing SQL Server NoSQL ◦ MongoDB ◦ Elasticsearch ◦ Apache Pig (Hadoop) PowerShell
  8. 8. Analysis Simulation ◦ Rstats ◦ Python
  9. 9. Reporting Written Reports ◦ Compliance Analysis Visualization ◦ Tableau Example Work Products ◦ Policy ◦ Audits ◦ Security Findings ◦ Data Loss Protection ◦ Network Security Posture Analysis ◦ Security Incident Management
  10. 10. Current Analysis Products
  11. 11. A Tale of Three Demonstrations 1. Vulnerability Performance Management 2. PCI-DSS Compliance Tracking 3. Application Risk Overview
  12. 12. Upcoming Efforts Modelling Application Risk
  13. 13. Application Risk Simulation Which of the various options will provide the highest returns to the safety, stability, and security of my application at the lowest cost?
  14. 14. Project X Application Risk Simulation
  15. 15. Questions? David F. Severski Email Phone

×