Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Evolved Role of the Information Securtiy Professional

457 views

Published on

Published in: Career, Technology
  • Be the first to comment

  • Be the first to like this

Evolved Role of the Information Securtiy Professional

  1. 1. The Information Security Profession: Today and Beyond <br />Presented by: Kelly Manthey<br />Partner <br />www.solstice-consulting.com<br />Date: May 18th 2010<br />
  2. 2. Objectives<br />Introduction<br />Review the traditional roles of Information Security and Compliance professions and where they intersect<br />A perspective on the common pitfalls of the Information Security profession and how to evolve<br />
  3. 3. Traditional View of Information Security<br />Aligned with technology<br />Reviews, consults, tests, and monitors the security position of the company’s technology<br />Concerned with the confidentiality, integrity and availability of data<br />Operational focus<br />Focus on audit requirements<br />
  4. 4. What is an InformationSecurity Professional<br />keep the bad guys out<br />let the trusted guys in<br />give trusted guys access to what they are authorized to access<br />In simple terms….<br />Layers of the Profession<br />
  5. 5. The Compliance Professional<br />Concerned with aligning business operations to meet the laws and regulations<br />Critical success factors – trust and ethics<br />
  6. 6.
  7. 7. The Facets of the Compliance Role<br />
  8. 8. Successful Compliance Professionals…..<br />Embed compliance into the day-to-day operation of a company<br />Remove ambiguity<br />Communicate and educate<br />Are seasoned employees with experience in the company<br />Drive executive accountability<br />
  9. 9. Intersection of Roles<br />Both assess risk<br />Concerned with data integrity<br />Carry a compliance message to the organization<br />Create policies and requirements<br />Seeking to align accountability with business process<br />
  10. 10. 4 Common Pitfalls in today’s Information Security Dept.<br />Relying on technology to make you complaint<br />Technology control focus and not enough business focus<br />“Us” and “Them” mentality<br />Getting further upstream <br />
  11. 11. Qualities of the “New” Information Security Leader<br /><ul><li>A keen understanding for how to demonstrate data integrity
  12. 12. See IS function as a differentiator for competitive advantage
  13. 13. Focuses on balancing tactical problem solving with business priorities and company culture
  14. 14. Less checking the box, more business enablement
  15. 15. Less CYA</li></ul>Less focus on the 1’s and 0’s more so on business drivers<br />More business focus<br />Aligns goals with business<br />Asks “Why”<br />Play an active part defining the solution, don’t just implement<br />Speaks in terms the business understands<br />Break down the technical speak; knows how to make capabilities relevant to non-technical people<br />Communication skills<br />
  16. 16. Developing the New Information Security Leader<br />Evangelize within your company<br />Be inclusive & collaborative; get to know your Audit and Compliance peers; consider their input as part of developing solutions<br />Interact with your peers at other companies<br />Seek industry insight and stay current through professional development resources<br />Use your vendors as a resource<br />
  17. 17. Why Evolve?<br />Because it’s a different world today<br />Criminals are smarter (and less assuming)<br />Threats have evolved, are greater, the impact is more severe<br />Customer perception; company reputation<br />
  18. 18. Why Evolve? - Business Realties<br />Enterprise Re-Orgs<br />Security Breaches<br />Mergers and Acquisition<br />Partnership and cross -functional collaboration required to thrive<br />Auditors<br />Regulatory Expectations<br />Economic Realities<br />Technology Evolution<br />
  19. 19. How to Evolve<br />Don’t just implement; Educate!<br />Security , Compliance, and Audit functions working together toward a common goals<br />Communication, Communication, Communication<br />Hire the right talent – capable, adaptable, collaborative, objective thinking<br />Lead by example with passion<br />Be a proactive- seek insight, knowledge, and new perspectives<br />
  20. 20. Follow-ups.. . .<br />Kelly Manthey <br />kmanthey@solstice-consulting.com<br />Blog: http://mantheyblog.solstice-consulting.com/<br />Twitter: @kmanthey<br />Other Thought Leadership: <br /><ul><li>www.solstice-consulting.com
  21. 21. CIO.com Blog: http://advice.cio.com/user/solstice_consulting/track</li></ul>Follow us on Facebook and Twitter:<br /><ul><li>Twitter: http://twitter.com/solsticellc
  22. 22. Facebook:http://www.facebook.com/solsticeconsulting</li>

×