SlideShare a Scribd company logo

2022-security-plan-template.pptx

Download as PPTX, PDF
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

This document provides a template for a 2022 security plan that can be customized and used to communicate an organization's security needs and budget to management. The template includes sections for an overview of 2021 security spending and performance, key considerations from internal incidents and the evolving threat landscape, proposed changes to security resources and budgets for 2022, and an overall budget summary. The template is meant to simplify communicating security needs to management in a clear, cost-focused way.

Technology
1 of 12
2022 Security Plan Template
Template Walkthrough Guide 2 We built this template to empower you – the CIO /CISO/Director of Security, etc. – to effectively communicate your 2022 security plans to management. You have the security knowledge – the type of security events your organization encountered in the recent year, as well as the global shifts in the threat landscape. You also understand the outputs of the security products you have in place. By using this template, you’ll be able to map this knowledge to cost and risk terms that your management can easily consume and understand. The flow of the template is simple – how many resources are we currently putting into cybersecurity, what has proven itself, and what are the gaps that we need to address – based both on the security incidents we have encountered, as well as on general attack trends. This copy of the template comes with mock data - be sure to remove and replace it with data from your own environment. Feel free to modify and adjust the template based on your specific needs. There is no one-size-fits-all in cybersecurity. The template is purpose-built to save you the time of setting up the infrastructure. The internal design is all yours. 2022 Security Plan Template
How We Built This Template 3 This template is the outcome of numerous interactions with both security professionals and management decision-makers across Cynet’s install-base. What guided us through the process of building this template is to simplify, accelerate and optimize the work of security decision makers by providing them with ready-to-use tool that addresses all key reporting and planning aspects, enabling them to focus their efforts on the actual reporting, rather than spend valuable time in setting up a reporting infrastructure from scratch. This is also the goal of the Cynet autonomous breach protection platform (Learn more about Cynet here), which natively integrates monitoring & control, attack prevention & detection and response orchestration, providing security teams all the tools they need to confront and win against the cyber threat landscape in a single, integrated solution. 2022 Security Plan Template
Template Walkthrough Guide 4 Slide 6 2021 Security Overview Summary of all the security spend of 2021, : • planned (personnel, technology and services) • unplanned (security incidents that entailed a clear monetary impact) Slide 7 2021 Security Performance Evaluation - Success Summary of all events in which security investment have proven effective in preventing or containing cyberattacks. • Technologies - This part is materially dependent on the metadata your security products provide you with. This is important to make the case of the actual value delivered by the product. • Services - quantize these by both the volume of security events that was fully or partially handled by the service provider. Slide 8 2021 Security Performance Evaluation - Challenges Summary of all attacks that caused damage despite the security stack in place. • Event • Description • Point of failure 2022 Security Plan Template
Template Walkthrough Guide 5 Slide 9 2022 Security Plan – Key Considerations Summary of all improvement factors: • Internal security events your organization has experienced • Overall threat landscape that applies to your organization in respect to vertical, size, IT infrastructure, etc. Slide 10 2022 Security Plan – Changes in Resource Allocation Required changes in security products, services, personnel and compliance initiatives Slide 11 2022 Security Plan – Overall Summary of 2021-2022 differenced in security budget. 2022 Security Plan Template
2021 Security Overview 6 2021 SECURITY PLANNED SPEND Group Detail Annual Cost Security Team Security Products Security Services Compliance Initiative SECURITY SPEND SUMMARY cost Planned Unplanned Overall 2021 SECURITY UNPLANNED SPEND Incident Detail Overall Cost Ransomware attack Compromised identity to O359 account Direct damage IR provider fee 2022 Security Plan Template
2021 Security Performance Evaluation - Successes 7 SECURITY PRODUCTS Products Data Comments Firewall XXX blocked sessions … NGAV XXX blocked malware attempts XXX blocked ransomware Email Protection XXX phishing emails detected … … … … … … … … SECURITY PRODUCTS Products Data Comments MSP … … MDR XXX critical security events prioritized and reported … … … … … … … … … … 2022 Security Plan Template
2021 Security Performance Evaluation - Challenges 8 SECURITY PRODUCTS Incident Description Points of Failure Ransomware attack Initial infection followed by mass automated propagation locked 67% of the company’s endpoints and servers AV failed to prevent the ransomware execution Theft of customer data Customers PII (names, phone numbers and email addresses) was exfiltrated from company servers • Post compromise activity is a blind spot for the security products in place • FirewallAV failed to prevent the initial compromise • The EDR alerts’ volume surpassed the capacity of the security team. As a result, the relevant EDR alerts were not addressed Compromised identity to O359 account Attackers gained access to an employee O365 account and forwarded his company emails to their premise during several weeks There is no security products that monitors users email behavior 2022 Security Plan Template
2022 Security Plan: Key Considerations 9 Internal security incidents Security incident 1 Security incident 2 Updated threat landscape High profile attack 1 High profile attack 2 The plan for 2022 is meant to raise the cyber resilience level of the organization, in light of prior security events as well as the overall threat landscape ATTACKS TRENDS Description 1 … 2 … 2022 Security Plan Template
2022 Security Plan – Changes in Resource Allocation 2022 SECURITY PLANNED SPEND Group Type Purpose Annual Cost Security Team Add XXX manhours Ensure all critical alerts are handled $XXX Security Products Add CASB solution Get visibility to malicious activity that targets SaaS apps $XXX Security Services Engage MDR to monitor EDR alerts Outsource repetitive alert monitoring and prioritization and have the internal team focused on the actual response $XXX Compliance Engage external auditor for PCI –DSS certification $XXX 2022 Security Plan Template
2022 Security Plan – Overall 2022 SECURITY PLANNED SPEND Group 2021 Annual Budget 2022 Change Security Team $xxx $xxx Security Products $xxx $xxx Security Services $xxx $xxx Compliance $xxx $xxx 2022 Security Plan Template
THANK YOU! www.cynet.com

Recommended

111.pptx
111.pptx111.pptx
111.pptx
JESUNPK
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
YoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
Jose R
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
William McBorrough
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalWilliam McBorrough
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
WSO2
 

Recommended

111.pptx
111.pptx111.pptx
111.pptx
JESUNPK
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
YoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
Jose R
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
William McBorrough
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalWilliam McBorrough
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
WSO2
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
SolarWinds
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
Arun Prabhakar
 
Intel 2021 Product Security Report
Intel 2021 Product Security ReportIntel 2021 Product Security Report
Intel 2021 Product Security Report
DESMOND YUEN
 
Secure Soft Development Life Cycle .pptx
Secure Soft Development Life Cycle .pptxSecure Soft Development Life Cycle .pptx
Secure Soft Development Life Cycle .pptx
Orlando Trajano
 
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Derk Yntema
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
ControlCase
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
Michael Davis
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
simplyme12345
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
Ishrath Sultana
 
Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal template
Moti Sagey מוטי שגיא
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
IT Governance Ltd
 
Power Of SIEM Solutions With CloudIBN
Power Of SIEM Solutions With CloudIBNPower Of SIEM Solutions With CloudIBN
Power Of SIEM Solutions With CloudIBN
CloudIBN Technology
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Integrating of security activates in agile process
Integrating of security activates in agile processIntegrating of security activates in agile process
Integrating of security activates in agile process
Zubair Rahim
 
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
IJCI JOURNAL
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprise
ssuserd58af7
 
Business Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxBusiness Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptx
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
slide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdfslide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdf
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 

More Related Content

Similar to 2022-security-plan-template.pptx

Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
SolarWinds
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
Arun Prabhakar
 
Intel 2021 Product Security Report
Intel 2021 Product Security ReportIntel 2021 Product Security Report
Intel 2021 Product Security Report
DESMOND YUEN
 
Secure Soft Development Life Cycle .pptx
Secure Soft Development Life Cycle .pptxSecure Soft Development Life Cycle .pptx
Secure Soft Development Life Cycle .pptx
Orlando Trajano
 
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Derk Yntema
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
ControlCase
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
Michael Davis
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
simplyme12345
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
Ishrath Sultana
 
Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal template
Moti Sagey מוטי שגיא
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
IT Governance Ltd
 
Power Of SIEM Solutions With CloudIBN
Power Of SIEM Solutions With CloudIBNPower Of SIEM Solutions With CloudIBN
Power Of SIEM Solutions With CloudIBN
CloudIBN Technology
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Integrating of security activates in agile process
Integrating of security activates in agile processIntegrating of security activates in agile process
Integrating of security activates in agile process
Zubair Rahim
 
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
IJCI JOURNAL
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprise
ssuserd58af7
 

Similar to 2022-security-plan-template.pptx (20)

Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
 
Intel 2021 Product Security Report
Intel 2021 Product Security ReportIntel 2021 Product Security Report
Intel 2021 Product Security Report
 
Secure Soft Development Life Cycle .pptx
Secure Soft Development Life Cycle .pptxSecure Soft Development Life Cycle .pptx
Secure Soft Development Life Cycle .pptx
 
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
 
Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal template
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
Power Of SIEM Solutions With CloudIBN
Power Of SIEM Solutions With CloudIBNPower Of SIEM Solutions With CloudIBN
Power Of SIEM Solutions With CloudIBN
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
 
Integrating of security activates in agile process
Integrating of security activates in agile processIntegrating of security activates in agile process
Integrating of security activates in agile process
 
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprise
 

More from Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

Business Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxBusiness Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptx
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 

More from Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP (10)

Business Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxBusiness Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptx
 
slide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdfslide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdf
 
7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf
 
Privacy Risk Study 2023 – Executive Summary.pdf
Privacy Risk Study 2023 – Executive Summary.pdfPrivacy Risk Study 2023 – Executive Summary.pdf
Privacy Risk Study 2023 – Executive Summary.pdf
 
لعرض تقديمي متميز.pdf
لعرض تقديمي متميز.pdfلعرض تقديمي متميز.pdf
لعرض تقديمي متميز.pdf
 
Endpoint Protection Comparison.pdf
Endpoint Protection Comparison.pdfEndpoint Protection Comparison.pdf
Endpoint Protection Comparison.pdf
 
Ali Ababneh-CV.pdf
Ali Ababneh-CV.pdfAli Ababneh-CV.pdf
Ali Ababneh-CV.pdf
 
اداره 3.ppt
اداره 3.pptاداره 3.ppt
اداره 3.ppt
 
Privacy (1).pptx
Privacy (1).pptxPrivacy (1).pptx
Privacy (1).pptx
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen
 

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 

2022-security-plan-template.pptx

  • 2. Template Walkthrough Guide 2 We built this template to empower you – the CIO /CISO/Director of Security, etc. – to effectively communicate your 2022 security plans to management. You have the security knowledge – the type of security events your organization encountered in the recent year, as well as the global shifts in the threat landscape. You also understand the outputs of the security products you have in place. By using this template, you’ll be able to map this knowledge to cost and risk terms that your management can easily consume and understand. The flow of the template is simple – how many resources are we currently putting into cybersecurity, what has proven itself, and what are the gaps that we need to address – based both on the security incidents we have encountered, as well as on general attack trends. This copy of the template comes with mock data - be sure to remove and replace it with data from your own environment. Feel free to modify and adjust the template based on your specific needs. There is no one-size-fits-all in cybersecurity. The template is purpose-built to save you the time of setting up the infrastructure. The internal design is all yours. 2022 Security Plan Template
  • 3. How We Built This Template 3 This template is the outcome of numerous interactions with both security professionals and management decision-makers across Cynet’s install-base. What guided us through the process of building this template is to simplify, accelerate and optimize the work of security decision makers by providing them with ready-to-use tool that addresses all key reporting and planning aspects, enabling them to focus their efforts on the actual reporting, rather than spend valuable time in setting up a reporting infrastructure from scratch. This is also the goal of the Cynet autonomous breach protection platform (Learn more about Cynet here), which natively integrates monitoring & control, attack prevention & detection and response orchestration, providing security teams all the tools they need to confront and win against the cyber threat landscape in a single, integrated solution. 2022 Security Plan Template
  • 4. Template Walkthrough Guide 4 Slide 6 2021 Security Overview Summary of all the security spend of 2021, : • planned (personnel, technology and services) • unplanned (security incidents that entailed a clear monetary impact) Slide 7 2021 Security Performance Evaluation - Success Summary of all events in which security investment have proven effective in preventing or containing cyberattacks. • Technologies - This part is materially dependent on the metadata your security products provide you with. This is important to make the case of the actual value delivered by the product. • Services - quantize these by both the volume of security events that was fully or partially handled by the service provider. Slide 8 2021 Security Performance Evaluation - Challenges Summary of all attacks that caused damage despite the security stack in place. • Event • Description • Point of failure 2022 Security Plan Template
  • 5. Template Walkthrough Guide 5 Slide 9 2022 Security Plan – Key Considerations Summary of all improvement factors: • Internal security events your organization has experienced • Overall threat landscape that applies to your organization in respect to vertical, size, IT infrastructure, etc. Slide 10 2022 Security Plan – Changes in Resource Allocation Required changes in security products, services, personnel and compliance initiatives Slide 11 2022 Security Plan – Overall Summary of 2021-2022 differenced in security budget. 2022 Security Plan Template
  • 6. 2021 Security Overview 6 2021 SECURITY PLANNED SPEND Group Detail Annual Cost Security Team Security Products Security Services Compliance Initiative SECURITY SPEND SUMMARY cost Planned Unplanned Overall 2021 SECURITY UNPLANNED SPEND Incident Detail Overall Cost Ransomware attack Compromised identity to O359 account Direct damage IR provider fee 2022 Security Plan Template
  • 7. 2021 Security Performance Evaluation - Successes 7 SECURITY PRODUCTS Products Data Comments Firewall XXX blocked sessions … NGAV XXX blocked malware attempts XXX blocked ransomware Email Protection XXX phishing emails detected … … … … … … … … SECURITY PRODUCTS Products Data Comments MSP … … MDR XXX critical security events prioritized and reported … … … … … … … … … … 2022 Security Plan Template
  • 8. 2021 Security Performance Evaluation - Challenges 8 SECURITY PRODUCTS Incident Description Points of Failure Ransomware attack Initial infection followed by mass automated propagation locked 67% of the company’s endpoints and servers AV failed to prevent the ransomware execution Theft of customer data Customers PII (names, phone numbers and email addresses) was exfiltrated from company servers • Post compromise activity is a blind spot for the security products in place • FirewallAV failed to prevent the initial compromise • The EDR alerts’ volume surpassed the capacity of the security team. As a result, the relevant EDR alerts were not addressed Compromised identity to O359 account Attackers gained access to an employee O365 account and forwarded his company emails to their premise during several weeks There is no security products that monitors users email behavior 2022 Security Plan Template
  • 9. 2022 Security Plan: Key Considerations 9 Internal security incidents Security incident 1 Security incident 2 Updated threat landscape High profile attack 1 High profile attack 2 The plan for 2022 is meant to raise the cyber resilience level of the organization, in light of prior security events as well as the overall threat landscape ATTACKS TRENDS Description 1 … 2 … 2022 Security Plan Template
  • 10. 2022 Security Plan – Changes in Resource Allocation 2022 SECURITY PLANNED SPEND Group Type Purpose Annual Cost Security Team Add XXX manhours Ensure all critical alerts are handled $XXX Security Products Add CASB solution Get visibility to malicious activity that targets SaaS apps $XXX Security Services Engage MDR to monitor EDR alerts Outsource repetitive alert monitoring and prioritization and have the internal team focused on the actual response $XXX Compliance Engage external auditor for PCI –DSS certification $XXX 2022 Security Plan Template
  • 11. 2022 Security Plan – Overall 2022 SECURITY PLANNED SPEND Group 2021 Annual Budget 2022 Change Security Team $xxx $xxx Security Products $xxx $xxx Security Services $xxx $xxx Compliance $xxx $xxx 2022 Security Plan Template