Enterprise Information Security: Future-Proofing Processes

1,028 views

Published on

This infographic provides a distallation of the SBIC report, "Enterprise Information Security: Future-Proofing Processes." It summarizes the report's five recommendations, suggested actions, and the results businesses can expect to gain.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,028
On SlideShare
0
From Embeds
0
Number of Embeds
409
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Enterprise Information Security: Future-Proofing Processes

  1. 1. Enterprise Information Security Future-Proofing Processes RECOMMENDATION Shift Focus from Technical Assets to Critical Business Processes ACTIONS RESULTS - Acquire deep understanding of business processes from end-to-end - Discern “normal” from “abnormal” conditions within a business process - Work with the business to document business processes - Ascertain how attackers would undermine processes €£$ - Make security controls more effective to better protect the business - Articulate cybersecurity risks in business terms Institute Business Estimates of CyberSecurity Risks £ € Establish BusinessCentric Risk Assessments Set a Course for EvidenceBased Controls Assurance - Weigh cybersecurity risks vs. business rewards - Define scenarios describing the likelihood of incidents and magnitude of business impact - Prioritize cybersecurity risks against other risks - Hone risk quantification techniques to approximate projected monetary losses - Conduct business risk conversations on materiality of risks and adequacy of mitigation strategies $100,000? $1 Million? $10 Million? $100 Million? - Implement a more automated risk-assessment process - Track risks as they are identified, evaluated, accepted, and remediated - Modify risk-acceptance process to enable increased risk for select projects short-term - Realize a holistic view of cybersecurity risks - Make it workable to hold the business accountable for managing risks - Take advantage of time-sensitive business opportunities - Establish procedures to systematically collect evidence and report on the efficacy of security controls - Optimize security controls - Document and review controls, focusing on the most critical - Improve internal and 3rd-party assessments - Enable efficient audits that are not disruptive to the business - Automate collection and reporting over time Develop Informed Data-Collection Methods - Examine the types of security questions data analytics can answer - Identify relevant sources of data and know how to gain access to this data - Build a set of data-analytics use cases, following an iterative process - Obtain meaningful analysis - Enrich analysis with business process data and external threat intelligence ? TWEET THIS www.emc.com/collateral/white-papers/h12622-rsa-future-proofing-processes.pdf - Make progress towards a dataanalytics capability

×