SlideShare a Scribd company logo

3 tips to funding your security program

Download as PPTX, PDF
CloudBees
CloudBees

How do you fund your security program? Here are simple ways to get management buy-in How do you enable the business? Speak in terms of risk. Show small wins

Technology
1 of 20
Fund Your Security Initiatives By Leveraging Business Objectives © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Funding Your Security © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Initiatives By Leveraging Business Objectives
Security is not just an IT problem It’s affecting the business CISO Cyber threat 56% of organizations have Reputation damage 30% market cap reduction due © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 3 to change without notice. been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $8.6M average cost associated with data breach to recent events Cost of protection 11% of total IT budget spent on security Reactive vs. proactive 97% of data breaches could have been avoided
Problem: Barriers between Business & Security Business Initiatives Security Initiatives © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 4 to change without notice. Don’t Get Hacked!!! Grow Revenues at 30% Become more Agile Improve Profitability Improve Efficiency 99.999% Availability
Security breaches are a business issue © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 5 to change without notice. HP | Ponemon Study 2013 $11.6 million 2013 $8.9 millio n
Security needs to look at how they enable business? How do we add value? How does the company make $? How do we save $? Securit Competitive Advantage y © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 6 to change without notice.
Our new style of working is exposing risk to the business Social media Audio Cloud © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 7 to change without notice. CRM Data Word, Excel Images Email Financials Legal documents Call center Cloud Archive Laptop Mobile phone Partner Data center Remote office Agreements Got Risk?
Create a burning need to do something • Industry Regulations • PCI • HIPPAA • SOX • Use Audits to compel Action Document Risk in language the business can understand © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 8 to change without notice.
Getting Buy-in from Management Situation: Detail Current Situation Complication: Explain Risk Implication: Discuss results if Risk is not Addressed Position: Your advice Action: Next Steps Benefits: How you make your boss look good? © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 9 to change without notice.
The goal • Clear investment strategy • Understanding of Risk • Plans to mitigate • Show how Risk trends down © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 10 to change without notice.
The solution seems obvious Bring all the data together and create a context, in near real time Business Operations Security © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 11 to change without notice.
TIP #1- Speak the Language of the Business • Always tie the security issue. Be it real time threat, potential risk, lack of compliance etc. to a language the business can understand. • Identify the “crown jewels” in your infrastructure. Don’t try and identify everything at first (see Tip # 3 ) • Connect those assets to the applications they support, and in turn the business services, and then up to the lines of business / structure of your organization. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 12 to change without notice.
TIP #2- Leverage what you have • A lot of the data you need exists. • If you can, gather in your assets from a “source of truth” like your CMDB. • Alternatively, if that isn’t feasible, leverage a monitoring tool alike ArcSight ESM • Pull in data from your vulnerability scanners • Automation will save you © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 13 to change without notice.
TIP #3: Start small • Start small, work incrementally, don’t try and boil the ocean. Some visibility is much better than zero visibility. • Pick a subset of Compliance, Regulatory or Compliance controls that are important and the value is understood. Model, implement and monitor those. • Identify and monitor key Risk factors. Set a goal and track that progress as an easy to understand KPI • Don’t model your whole business. Start with the key business services. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 14 to change without notice.
Create a business centric view • Assets from uCMDB • Assets from HP ArcSight ESM/Express • Model the business © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 15 to change without notice.
Automate Compliance where possible Numerous data sources • uCMDB • HP ArcSight ESM/Express/Logger • Server Automation • Third Party © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 16 to change without notice.
Manage vulnerabilities • Vulnerability Scanners • Configurations Scanners • Server Automation • uCMDB © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 17 to change without notice.
Bring it all together • Create “risk factors”, set goals/KPIs • Trend your progress • Focus on “upper right”/red zone © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 18 to change without notice.
How do we protect our assets? Intrusion prevention Security research and threat intelligence Secure design and implementation © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 19 to change without notice. Quarantine Threat Intelligence Our enterprise Their ecosystem Intrusion Prevention Secure Software DLP
Thank you © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Recommended

Online Fraud Detection Using Big Data Analytics Webinar
Online Fraud Detection Using Big Data Analytics WebinarOnline Fraud Detection Using Big Data Analytics Webinar
Online Fraud Detection Using Big Data Analytics Webinar
Datameer
 
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Capgemini
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Trish McGinity, CCSK
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Jimmy Blake
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Sirius
 
Six Things About "The Cloud"
Six Things About "The Cloud"Six Things About "The Cloud"
Six Things About "The Cloud"
Peter Coffee
 
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
SAS Institute India Pvt. Ltd
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Cloudera, Inc.
 

Recommended

Online Fraud Detection Using Big Data Analytics Webinar
Online Fraud Detection Using Big Data Analytics WebinarOnline Fraud Detection Using Big Data Analytics Webinar
Online Fraud Detection Using Big Data Analytics Webinar
Datameer
 
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Capgemini
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Trish McGinity, CCSK
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Jimmy Blake
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Sirius
 
Six Things About "The Cloud"
Six Things About "The Cloud"Six Things About "The Cloud"
Six Things About "The Cloud"
Peter Coffee
 
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
SAS Institute India Pvt. Ltd
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Cloudera, Inc.
 
Data driven-business
Data driven-businessData driven-business
Data driven-business
SAS Institute India Pvt. Ltd
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016
Accenture Operations
 
Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015
Gemma Wilson
 
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALUnrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
Wayne Anderson
 
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Cloudera, Inc.
 
TechMD - Backup vs Business Continuity
TechMD - Backup vs Business ContinuityTechMD - Backup vs Business Continuity
TechMD - Backup vs Business Continuity
TechMD
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit Europe
Splunk
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Accenture Technology
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Accenture Technology
 
Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]
Integrated Enterprise Solutions Inc
 
FusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security TeamFusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security Team
accenture
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Fujitsu Middle East
 
The cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderThe cyber security leap: From laggard to leader
The cyber security leap: From laggard to leader
Accenture Australia
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Enterprise Italia
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Technology
 
Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure
Accenture Operations
 
Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database Instance
Ram Kedem
 
The 30-Second Security Pitch
The 30-Second Security PitchThe 30-Second Security Pitch
The 30-Second Security Pitch
digitallibrary
 
Less
LessLess
Less
Yoangelle
 
Com zule
Com zuleCom zule
Com zule
Zulema Jamileth Vasques Paredes
 
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Stéphane M. Grueso
 
Dari
DariDari
Dari
Argelis Corrales
 

More Related Content

What's hot

Data driven-business
Data driven-businessData driven-business
Data driven-business
SAS Institute India Pvt. Ltd
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016
Accenture Operations
 
Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015
Gemma Wilson
 
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALUnrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
Wayne Anderson
 
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Cloudera, Inc.
 
TechMD - Backup vs Business Continuity
TechMD - Backup vs Business ContinuityTechMD - Backup vs Business Continuity
TechMD - Backup vs Business Continuity
TechMD
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit Europe
Splunk
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Accenture Technology
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Accenture Technology
 
Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]
Integrated Enterprise Solutions Inc
 
FusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security TeamFusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security Team
accenture
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Fujitsu Middle East
 
The cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderThe cyber security leap: From laggard to leader
The cyber security leap: From laggard to leader
Accenture Australia
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Enterprise Italia
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Technology
 
Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure
Accenture Operations
 

What's hot (16)

Data driven-business
Data driven-businessData driven-business
Data driven-business
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016
 
Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015
 
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALUnrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
 
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
 
TechMD - Backup vs Business Continuity
TechMD - Backup vs Business ContinuityTechMD - Backup vs Business Continuity
TechMD - Backup vs Business Continuity
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit Europe
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
 
Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]
 
FusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security TeamFusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security Team
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
 
The cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderThe cyber security leap: From laggard to leader
The cyber security leap: From laggard to leader
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure
 

Viewers also liked

Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database Instance
Ram Kedem
 
The 30-Second Security Pitch
The 30-Second Security PitchThe 30-Second Security Pitch
The 30-Second Security Pitch
digitallibrary
 
Less
LessLess
Less
Yoangelle
 
Com zule
Com zuleCom zule
Com zule
Zulema Jamileth Vasques Paredes
 
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Stéphane M. Grueso
 
Dari
DariDari
Dari
Argelis Corrales
 
El Individuo Presen.
El Individuo Presen.El Individuo Presen.
El Individuo Presen.
desarrolloorg
 
Dirigentes
DirigentesDirigentes
Dirigentes
Ninguna
 
Conectivismo
ConectivismoConectivismo
Conectivismo
tataPALACIOS123
 
Propuesta
PropuestaPropuesta
Propuesta
Ana Cecilia Escribano
 
Formatos digitales
Formatos digitalesFormatos digitales
Formatos digitales
netroncoy
 

Viewers also liked (11)

Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database Instance
 
The 30-Second Security Pitch
The 30-Second Security PitchThe 30-Second Security Pitch
The 30-Second Security Pitch
 
Less
LessLess
Less
 
Com zule
Com zuleCom zule
Com zule
 
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
 
Dari
DariDari
Dari
 
El Individuo Presen.
El Individuo Presen.El Individuo Presen.
El Individuo Presen.
 
Dirigentes
DirigentesDirigentes
Dirigentes
 
Conectivismo
ConectivismoConectivismo
Conectivismo
 
Propuesta
PropuestaPropuesta
Propuesta
 
Formatos digitales
Formatos digitalesFormatos digitales
Formatos digitales
 

Similar to 3 tips to funding your security program

Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
Sridhar Karnam
 
Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2
Christian Verstraete
 
The new dominant companies are running on data
The new dominant companies are running on data The new dominant companies are running on data
The new dominant companies are running on data
SnapLogic
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)
Copaco Nederland
 
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014
 
Dark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File AnalysisDark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File Analysis
Craig Adams
 
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataBig Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Matt Stubbs
 
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataBig Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Matt Stubbs
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
Sridhar Karnam
 
Making Big Data a First Class citizen in the enterprise
Making Big Data a First Class citizen in the enterpriseMaking Big Data a First Class citizen in the enterprise
Making Big Data a First Class citizen in the enterprise
Tony Baer
 
01 big dataoverview
01 big dataoverview01 big dataoverview
01 big dataoverview
IBM_cloud_ecosystem_development_france
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Rafal Los
 
The Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdfThe Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdf
aNumak & Company
 
Digital government presentation final
Digital government presentation finalDigital government presentation final
Digital government presentation final
Shirlie23
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene
 
Protect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in TaxProtect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in Tax
Capgemini
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
Sridhar Karnam
 
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
pietvz
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
IBM Security
 
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini
 

Similar to 3 tips to funding your security program (20)

Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2
 
The new dominant companies are running on data
The new dominant companies are running on data The new dominant companies are running on data
The new dominant companies are running on data
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)
 
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
 
Dark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File AnalysisDark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File Analysis
 
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataBig Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on Data
 
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataBig Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on Data
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
 
Making Big Data a First Class citizen in the enterprise
Making Big Data a First Class citizen in the enterpriseMaking Big Data a First Class citizen in the enterprise
Making Big Data a First Class citizen in the enterprise
 
01 big dataoverview
01 big dataoverview01 big dataoverview
01 big dataoverview
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
 
The Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdfThe Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdf
 
Digital government presentation final
Digital government presentation finalDigital government presentation final
Digital government presentation final
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
 
Protect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in TaxProtect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in Tax
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
 
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
 

Recently uploaded

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 

Recently uploaded (20)

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 

3 tips to funding your security program

  • 1. Fund Your Security Initiatives By Leveraging Business Objectives © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. Funding Your Security © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Initiatives By Leveraging Business Objectives
  • 3. Security is not just an IT problem It’s affecting the business CISO Cyber threat 56% of organizations have Reputation damage 30% market cap reduction due © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 3 to change without notice. been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $8.6M average cost associated with data breach to recent events Cost of protection 11% of total IT budget spent on security Reactive vs. proactive 97% of data breaches could have been avoided
  • 4. Problem: Barriers between Business & Security Business Initiatives Security Initiatives © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 4 to change without notice. Don’t Get Hacked!!! Grow Revenues at 30% Become more Agile Improve Profitability Improve Efficiency 99.999% Availability
  • 5. Security breaches are a business issue © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 5 to change without notice. HP | Ponemon Study 2013 $11.6 million 2013 $8.9 millio n
  • 6. Security needs to look at how they enable business? How do we add value? How does the company make $? How do we save $? Securit Competitive Advantage y © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 6 to change without notice.
  • 7. Our new style of working is exposing risk to the business Social media Audio Cloud © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 7 to change without notice. CRM Data Word, Excel Images Email Financials Legal documents Call center Cloud Archive Laptop Mobile phone Partner Data center Remote office Agreements Got Risk?
  • 8. Create a burning need to do something • Industry Regulations • PCI • HIPPAA • SOX • Use Audits to compel Action Document Risk in language the business can understand © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 8 to change without notice.
  • 9. Getting Buy-in from Management Situation: Detail Current Situation Complication: Explain Risk Implication: Discuss results if Risk is not Addressed Position: Your advice Action: Next Steps Benefits: How you make your boss look good? © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 9 to change without notice.
  • 10. The goal • Clear investment strategy • Understanding of Risk • Plans to mitigate • Show how Risk trends down © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 10 to change without notice.
  • 11. The solution seems obvious Bring all the data together and create a context, in near real time Business Operations Security © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 11 to change without notice.
  • 12. TIP #1- Speak the Language of the Business • Always tie the security issue. Be it real time threat, potential risk, lack of compliance etc. to a language the business can understand. • Identify the “crown jewels” in your infrastructure. Don’t try and identify everything at first (see Tip # 3 ) • Connect those assets to the applications they support, and in turn the business services, and then up to the lines of business / structure of your organization. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 12 to change without notice.
  • 13. TIP #2- Leverage what you have • A lot of the data you need exists. • If you can, gather in your assets from a “source of truth” like your CMDB. • Alternatively, if that isn’t feasible, leverage a monitoring tool alike ArcSight ESM • Pull in data from your vulnerability scanners • Automation will save you © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 13 to change without notice.
  • 14. TIP #3: Start small • Start small, work incrementally, don’t try and boil the ocean. Some visibility is much better than zero visibility. • Pick a subset of Compliance, Regulatory or Compliance controls that are important and the value is understood. Model, implement and monitor those. • Identify and monitor key Risk factors. Set a goal and track that progress as an easy to understand KPI • Don’t model your whole business. Start with the key business services. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 14 to change without notice.
  • 15. Create a business centric view • Assets from uCMDB • Assets from HP ArcSight ESM/Express • Model the business © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 15 to change without notice.
  • 16. Automate Compliance where possible Numerous data sources • uCMDB • HP ArcSight ESM/Express/Logger • Server Automation • Third Party © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 16 to change without notice.
  • 17. Manage vulnerabilities • Vulnerability Scanners • Configurations Scanners • Server Automation • uCMDB © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 17 to change without notice.
  • 18. Bring it all together • Create “risk factors”, set goals/KPIs • Trend your progress • Focus on “upper right”/red zone © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 18 to change without notice.
  • 19. How do we protect our assets? Intrusion prevention Security research and threat intelligence Secure design and implementation © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 19 to change without notice. Quarantine Threat Intelligence Our enterprise Their ecosystem Intrusion Prevention Secure Software DLP
  • 20. Thank you © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Editor's Notes

  1. Yes, you are under attack now, your organization is under attack, your personal computer and mobile devices are under attack now. Your data is no longer secure. Your privacy may be breached. Security is a board level discussion now. The Chief Information Security Officer sits at the heart of the response to the growing threat. They have increased budgets now to address the growing threat and to keep the IT organizations safe. 56% ORGANIZATIONS HAVE BEEN THE TARGET OF NATION-STATE CYBER ATTACK – so there is a 50% chance that your organization may be attacked CLICK Also, Gartner survey of Enterprise CIO’s the 5 biggest challenges that enterprise faced in Security and risk were: Managing Risk Reduce CAPEX Fill Security Gaps Optimize security gaps Adapt to changing regulations
  2. Key Points Why is Processing Human Information Different? Human Information is made up of ideas, is diverse, and has context. Ideas don’t exactly match like data does; they have distance. Human Information is not static – it’s dynamic and lives everywhere. Legacy / Past techniques have all fallen short.
  3. Average annual cost of cyber crime in 2012 to individual businesses in the U.S. The Open Source Vulnerability Database reported 7,477 vulnerabilities in 2011, and reported 7,998 before the end of November, 2012. More than 20 per day Point in time review is essential, but that is today. What about tomorrow?
  4. Key Points Lots of data, lots of opportunity Data lives within and outside your company in various places and formats Opportunity has to overcome the challenge Using ‘systems thinking’ to convince mgmt they need to do something