SlideShare a Scribd company logo

Improving Your Information Security Program

Seccuris Inc.
Seccuris Inc.

Michael walks the audience through the key focus areas in the creation of information security dashboards and discuss topics such as: What about our Information Security Program is important? How can I represent my Information Security Program in a dashboard? What elements of my program should I measure and report on? What must happen with the output?

TechnologyNews & Politics
1 of 59
Improving your Information Security Program Building your Security Dashboard
Our on-going challenge Identifying success and measuring performance is difficult within the information security program • Security Managers lack an effective way to monitor current state and track improvement within their programs • Security staff lack guidance on program priorities • Management and executive need awareness of how the program supports the organization • Business units do not understand their role in information security Copyright 2007 – Seccuris Inc.
Our on-going challenge How do we align, manage and communicate our program in an effective manner? By creating an Information Security Program Dashboard Copyright 2007 – Seccuris Inc.
Agenda • Introduction to dashboards • The role of the dashboard • Building a dashboard for your security program • Using your Dashboard Copyright 2007 – Seccuris Inc.
Introduction to Dashboards What is a dashboard? • A summary view of relevant performance information • Visualization of up-to-date Key Performance Indicators (KPIs) • KPIs are displayed though a collection of Performance Maps • Can be manual, automated or “digital” Copyright 2007 – Seccuris Inc.
Introduction to Dashboards What isn’t a dashboard? • Driving your car • Security Information Management (SIM) Copyright 2007 – Seccuris Inc.
Poor Example of Dashboard Copyright 2007 – Seccuris Inc.
Better example of Dashboard Copyright 2007 – Seccuris Inc.
Good Example of Dashboard Security Management Dashboard* High-Level Direction Malicious Attack Special Topics Security Organization Security Committee E-mail Privacy Serer Virus Infections Approvals for Security Incidents Initiatives Identified Contained Cleaned SubmittedReviewed Approved Identified Contained Investigated Closed 36 30 33 16 12 9 45 30 544 311 Monthly Annual Monthly R e mo t e O f f i c e P o l i c y V i o l a t i o n s Information Security Intrusion Prevention Remote Office Security Department Policies Signature Updates Policy Violations Initiatives Created Revised Approved Low Med High Low Identified Tested Approved Implemented Defined Scheduled Active Completed 8 3 11 M ed 89 69 54 34 6 5 44 177 67 Hi h g 774 122 Annual Annual Annual Monthly S t a f f A g r e e me n t s Se c u r i t y A u d i t s Incident Response Security Awareness Staff Agreements Security Audits Engagements Initiatives 1 N/A Current Expired N/ A Compl t ed e Identified In-progress Re-Opened Closed 0 . 5Defined Scheduled Active Defined Scheduled Active Completed Completed 2 Cur r en t Act ve i 699 455 4 1 4 4 1 0 4 43 12 2 30 12 Expi ed r Schedul d e 0 Compl t ed e Def n ed i Annual Annual Annual Annual Copyright 2007 – Seccuris Inc.
Malicious Attack Serer Virus Infections Identified Contained Cleaned 36 30 33 Monthly Intrusion Prevention Signature Updates Identified Tested Approved Implemented 89 69 54 177 Monthly Incident Response Engagements Identified In-progress Re-Opened Closed 43 12 2 30 Annual Copyright 2007 – Seccuris Inc.
Introduction to Dashboards What are the benefits of a dashboard? • Demonstration of compliance • Elimination of duplicate data entry / gathering • Identify poor performance within the program • Allows for measurement of current action plans and implementations • Allows for immediate awareness and alerting • Provides supporting information for the IT Security Scorecard Copyright 2007 – Seccuris Inc.
The role of the dashboard? Where does the dashboard fit in organizational management? Security Information Management Copyright 2007 – Seccuris Inc.
The role of the dashboard? Information Security Policy Information Security Balanced Scorecard Security Management Dashboard* Critical System Business Development Applications High-Level Security Security Secure Direction Organization Requirements Environment Security Management Management Malicious Risk Special Topics Review Attack Acceptances Computer Networks Installations *Includes KPIs from each aspect of Security Management Copyright 2007 – Seccuris Inc.
The role of the dashboard? What is the intended audience for an Information Security dashboard? • Primary • CISO • Information Security Manager • Information Security Staff • Secondary • Accountable Business Unit Management • Business Executive • Audit Copyright 2007 – Seccuris Inc.
The role of the dashboard? The dashboard allows us to: • Visualize the focus areas for our program • Facilitate awareness of organizations accountability within the security program • Create distinction between failure of the program and failure of the security department Copyright 2007 – Seccuris Inc.
Building a security dashboard What are the components of a dashboard? • Performance Maps • Business Logic • Visualization Rules • Data Sources • Critical Success Factors (CSF) • Key Performance Indicators (KPI) Copyright 2007 – Seccuris Inc.
Building a security dashboard What are the components of a dashboard? Security Management Dashboard* High-Level Security Security Secure Direction Organization Requirements Environment Management Malicious Risk Special Topics Review Attack Acceptances *Includes KPIs from each aspect of Security Management High-Level Direction Security Organization Security Committee Board Level Approvals Approvals for Security for Security Initiatives Initiatives SubmittedReviewed Approved SubmittedReviewed Approved 12 4 1 16 12 9 Annual Annual Information Security Security Department Policies Initiatives Created Revised Approved Defined Scheduled Active Completed 8 3 11 34 6 5 44 Annual Annual Security Awareness Staff Agreements Initiatives N/A Current Expired Defined Scheduled Active Completed 2 699 455 4 1 0 4 Annual Annual Copyright 2007 – Seccuris Inc.
Building a security dashboard The inputs & data sources of a dashboard Information Security Gap Analysis Information Security Policy Information Security Balanced Scorecard Security Management Dashboard* Critical System Business Development Applications High-Level Security Security Secure Direction Organization Requirements Environment Security Management Management Malicious Risk Special Topics Review Attack Acceptances Computer Networks Installations *Includes KPIs from each aspect of Security Management Information Security Action Plan Information Security Action Plan Status Report Copyright 2007 – Seccuris Inc.
Building a security dashboard The inputs & data sources of a dashboard Information Security Balanced Scorecard •Defines the goals of the program Critical System Business Development •Challenging to start due to limited Applications access to true corporate business drivers Security Management •Often difficult to separate into manageable, visual pieces Computer Networks Installations •How do we define CSFs for our program? Copyright 2007 – Seccuris Inc.
Building a security dashboard The inputs & data sources of a dashboard Information Security Balanced Scorecard Information Security Forum Critical System Business Development Applications Security Management •16+ years in the making •Industry Recognized Computer Networks Installations •Management Focused •Primary source for CSFs Copyright 2007 – Seccuris Inc.
Building a security dashboard The inputs & data sources of a dashboard Information Security Policy •Mapped to Business Drivers •Influenced by compliance & legislation •Based on Best Practices •Primary source of relevant KPIs Example Policy: All security incidents relating to critical business functions must be investigated and documented. Example KPI: Number of Identified, In-Progress, Re-opened and Closed Incident Response Engagements. Copyright 2007 – Seccuris Inc.
Building a security dashboard The inputs & data sources of a dashboard Information Security Gap Analysis SABSA •Business driven approach •True architecture focus •Aligns with any best practice •Good source of relevant KPIs Copyright 2007 – Seccuris Inc.
Building a security dashboard The inputs & data sources of a dashboard Information Security Action Plan •Details security program improvements •Highlights what KPIs should be monitored •Specifies CSF and KPI target goals •Good source of relevant KPIs Copyright 2007 – Seccuris Inc.
Building a security dashboard The inputs & data sources of a dashboard Information Security Gap Analysis Information Security Policy Information Security Balanced Scorecard Security Management Dashboard* Critical System Business Development Applications High-Level Security Security Secure Direction Organization Requirements Environment Security Management Management Malicious Risk Special Topics Review Attack Acceptances Computer Networks Installations *Includes KPIs from each aspect of Security Management Information Security Action Plan Information Security Action Plan Status Report Copyright 2007 – Seccuris Inc.
Building a security dashboard Steps to define the dashboard • Perform an Information Security Program Gap analysis • Confirm the CSFs for the security program • Choose and align relevant KPIs for the dashboard • Define business logic & visualization rules Copyright 2007 – Seccuris Inc.
Building a security dashboard Performing the information Security Gap analysis Copyright 2007 – Seccuris Inc.
Building a security dashboard Performing the information Security Gap analysis Maturity Goals Legend 0 – Non-Existent Architecture Area 1 – Initial Current State Required Goal 2 – Repeatable 0 3 – Defined 4 – Managed 5 - Optimized 0 Good Practice Copyright 2007 – Seccuris Inc.
Building a security dashboard Information Security Program Gap Analysis Assets Motivation Process People Location Time (What) (Why) (How) (Who) (Where) (When) Business Process Business Organization and Business Geography Business Risk Business Time The Business Model Relationships Model Dependencies Contextual 4 5 5 5 5 5 Control Security Strategies and Security Entity Model and Security Domain Security-Related Business Objectives Architectural Layering Trust Framework Model Lifetimes and Deadlines Attributes Profile Conceptual 4 4 4 4 4 4 Security Processing Cycle Entity Schema and Privilege Security Domain Definitions Business Information Model Security Policies Security Services Profiles and Associations Logical 4 4 4 4 4 4 Users, Applications and Platform and Network Business Data Model Security Mechanisms Control Structure Execution Security Rules, Practices and the User Interface Infrastructure Procedures Physical 3 3 3 3 3 3 Processes, Modes, Security Standards Security Products and Tools Identities, Functions, Actions Security Step Timing and Detailed Data Structures Addresses and Protocols and ACLs Sequencing Component 2 3 3 3 3 3 3 Application and User Security of Sites, Networks Assurance of Operational Operational Risk Security Service Management Security Operations Management Support and Platforms Continuity Management and Support Schedule Operational 3 3 3 3 3 3 Copyright 2007 – Seccuris Inc.
Building a security dashboard Information Security Program Gap Analysis Assets Motivation Process People Location Time (What) (Why) (How) (Who) (Where) (When) Business Process Business Organization and Business Geography Business Risk Business Time The Business Model Relationships Model Dependencies 4 4 4 4 4 4 Contextual 4 5 5 5 5 5 Control Security Strategies and Security Entity Model and Security Domain Security-Related Business Objectives Architectural Layering Trust Framework Model Lifetimes and Deadlines Attributes Profile 4 4 4 4 4 4 Conceptual 4 4 4 4 4 4 Security Processing Cycle Entity Schema and Privilege Security Domain Definitions Business Information Model Security Policies Security Services Profiles and Associations 3 3 3 3 3 3 Logical 4 4 4 4 4 4 Users, Applications and Platform and Network Business Data Model Security Mechanisms Control Structure Execution Security Rules, Practices and the User Interface Infrastructure Procedures 3 3 3 3 3 3 Physical 3 3 3 3 3 3 Processes, Modes, Security Standards Security Products and Tools Identities, Functions, Actions Security Step Timing and Detailed Data Structures Addresses and Protocols and ACLs Sequencing 4 4 4 4 4 3 Component 3 3 3 3 3 3 Application and User Security of Sites, Networks Assurance of Operational Operational Risk Security Service Management Security Operations Management Support and Platforms Continuity Management and Support Schedule 3 3 3 3 3 3 Operational 3 3 3 3 3 3 Copyright 2007 – Seccuris Inc.
Building a security dashboard Performing the information Security Gap analysis Maturity Goals Legend Above Requirement 0 – Non-Existent Architecture Area 1 – Initial Meets Requirement Current State Required Goal 2 – Repeatable 0 3 – Defined Below Requirement 0 4 – Managed Critically Below Requirement 5 - Optimized 0 Good Practice Copyright 2007 – Seccuris Inc.
Building a security dashboard Information Security Program Gap Analysis Assets Motivation Process People Location Time (What) (Why) (How) (Who) (Where) (When) Business Process Business Organization and Business Geography Business Risk Business Time The Business Model Relationships Model Dependencies 4 4 4 4 4 4 Contextual 3 2 4 4 5 2 4 5 5 5 5 5 Control Security Strategies and Security Entity Model and Security Domain Security-Related Business Objectives Architectural Layering Trust Framework Model Lifetimes and Deadlines Attributes Profile 4 4 4 4 4 4 Conceptual 3 4 4 3 4 2 4 4 4 4 4 4 Security Processing Cycle Entity Schema and Privilege Security Domain Definitions Business Information Model Security Policies Security Services Profiles and Associations 3 3 3 3 3 3 Logical 2 3 3 1 2 3 4 4 4 4 4 4 Users, Applications and Platform and Network Business Data Model Security Mechanisms Control Structure Execution Security Rules, Practices and the User Interface Infrastructure Procedures 3 3 3 3 3 3 Physical 1 4 2 3 1 1 3 3 3 3 3 3 Processes, Modes, Security Standards Security Products and Tools Identities, Functions, Actions Security Step Timing and Detailed Data Structures Addresses and Protocols and ACLs Sequencing 4 4 4 4 4 3 Component 0 2 1 2 1 3 2 3 3 3 3 3 3 Application and User Security of Sites, Networks Assurance of Operational Operational Risk Security Service Management Security Operations Management Support and Platforms Continuity Management and Support Schedule 3 3 3 3 3 3 Operational 0 1 2 1 1 2 3 3 3 3 3 3 Copyright 2007 – Seccuris Inc.
Building a security dashboard Performing an Information Security Program Gap analysis • Completion will highlight areas of your overall security that are: • Non-existent • Weak / Requiring Improvement • Over invested • Meeting the target Copyright 2007 – Seccuris Inc.
Building a security dashboard Performing an Information Security Program Gap analysis • Use this information to: • Identify gaps in your information security policy • Create action plans and improvement projects • Confirm goals & CSFs by ensuring areas that need investment have been appropriately defined at the strategic level • Select KPIs that will allow you to monitor focus areas of your program Copyright 2007 – Seccuris Inc.
Building a security dashboard Steps to define the dashboard • Perform an Information Security Program Gap analysis • Confirm the Goals & CSFs for the security program • Use the Gap Analysis to identify potential CSF misalignment • Review Information Security Program Components • Choose and align relevant KPIs for the dashboard • Define business logic & visualization rules Copyright 2007 – Seccuris Inc.
Building a security dashboard Where does the dashboard fit in organizational management? Copyright 2007 – Seccuris Inc.
Building a security dashboard Information Security Program Gap Analysis Assets Motivation Process People Location Time (What) (Why) (How) (Who) (Where) (When) Business Geography Business Risk Business Time Model Dependencies 4 4 4 Contextual 2 5 2 5 5 5 Security-Related Lifetimes and Deadlines 4 Conceptual 2 4 Security Processing Cycle 3 Logical 1 4 Users, Applications and Business Data Model Control Structure Execution Security Rules, Practices and the User Interface Procedures 3 3 3 3 Physical 1 4 1 1 3 3 3 3 Processes, Modes, Security Standards Security Products and Tools Security Step Timing and Detailed Data Structures Addresses and Protocols Sequencing 4 4 4 4 4 Component 0 2 1 2 1 2 3 3 3 3 3 Security of Sites, Networks Assurance of Operational Operational Risk Security Operations and Platforms Continuity Management Schedule 3 3 3 3 Operational 0 1 1 1 3 3 3 3 Copyright 2007 – Seccuris Inc.
Building a security dashboard Steps to define the dashboard • Perform an Information Security Program Gap analysis • Confirm the Goals & CSFs for the security program • Use the Gap Analysis to identify potential CSF misalignment • Review Information Security Program Components • Choose and align relevant KPIs for the dashboard • Define business logic & visualization rules Copyright 2007 – Seccuris Inc.
Building a security dashboard Confirm the Goals & CSFs for the security program • Review current security plan documentation • Does Gap analysis output align with the Security Program Scorecard? • Are there weaknesses that must be improved on? • Change Security Program documentation to include new goals and CSFs Copyright 2007 – Seccuris Inc.
Building a security dashboard Steps to define the dashboard • Perform an Information Security Program Gap analysis • Confirm the Goals & CSFs for the security program • Choose and align relevant KPIs for the dashboard • Define business logic & visualization rules Copyright 2007 – Seccuris Inc.
Building a security dashboard Choose and align relevant KPIs for the dashboard • Brainstorm using current security program as a starting point • Review Gap Analysis for potential new KPIs • Review “good practices” for relevant indicators • Choose KPIs that help influence your goals and visualize your CSFs Copyright 2007 – Seccuris Inc.
Using Standards to pick KPIs Critical System Business Development Applications Security Management Computer Networks Installations Copyright 2007 – Seccuris Inc.
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program
Improving Your Information Security Program

Recommended

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Agama Profile
Agama ProfileAgama Profile
Agama ProfileAgama Consulting
 
Agam Profile
Agam ProfileAgam Profile
Agam ProfileAgama Consulting
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
113505 6969-ijecs-ijens
113505 6969-ijecs-ijens113505 6969-ijecs-ijens
113505 6969-ijecs-ijensgeekmodeboy
 

Recommended

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Agama Profile
Agama ProfileAgama Profile
Agama ProfileAgama Consulting
 
Agam Profile
Agam ProfileAgam Profile
Agam ProfileAgama Consulting
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
113505 6969-ijecs-ijens
113505 6969-ijecs-ijens113505 6969-ijecs-ijens
113505 6969-ijecs-ijensgeekmodeboy
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCxmeteorite
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTripwire
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 

More Related Content

What's hot

FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCxmeteorite
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 

What's hot (20)

FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & Cost
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Security
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
 

Viewers also liked

Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTripwire
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a serviceDell World
 
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...North Texas Chapter of the ISSA
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIsH Contrex
 
Integrating Customized Reports, Dashboards & Analysis into Your Application
Integrating Customized Reports, Dashboards & Analysis into Your ApplicationIntegrating Customized Reports, Dashboards & Analysis into Your Application
Integrating Customized Reports, Dashboards & Analysis into Your ApplicationMia Yuan Cao
 
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS ComplianceSergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS Complianceqqlan
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 
Micro strategy Reporting Suite
Micro strategy Reporting SuiteMicro strategy Reporting Suite
Micro strategy Reporting SuiteClassic Polo
 
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroDon't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroPriyanka Aash
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResiliencePriyanka Aash
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
MicroStrategy - Effective Business Dashboards
MicroStrategy - Effective Business DashboardsMicroStrategy - Effective Business Dashboards
MicroStrategy - Effective Business DashboardsMicroStrategy Nederland
 
Nabil Malik - Security performance metrics
Nabil Malik - Security performance metricsNabil Malik - Security performance metrics
Nabil Malik - Security performance metricsnooralmousa
 
Metrics & Analytics That Matter - Steve Krull, CEO, Be Found Online
Metrics & Analytics That Matter - Steve Krull, CEO, Be Found OnlineMetrics & Analytics That Matter - Steve Krull, CEO, Be Found Online
Metrics & Analytics That Matter - Steve Krull, CEO, Be Found OnlineBrightEdge Technologies
 

Viewers also liked (20)

Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security Dashboard
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a service
 
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIs
 
Integrating Customized Reports, Dashboards & Analysis into Your Application
Integrating Customized Reports, Dashboards & Analysis into Your ApplicationIntegrating Customized Reports, Dashboards & Analysis into Your Application
Integrating Customized Reports, Dashboards & Analysis into Your Application
 
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS ComplianceSergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
 
Micro strategy Reporting Suite
Micro strategy Reporting SuiteMicro strategy Reporting Suite
Micro strategy Reporting Suite
 
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroDon't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
MicroStrategy - Effective Business Dashboards
MicroStrategy - Effective Business DashboardsMicroStrategy - Effective Business Dashboards
MicroStrategy - Effective Business Dashboards
 
Helpdesk
HelpdeskHelpdesk
Helpdesk
 
Nabil Malik - Security performance metrics
Nabil Malik - Security performance metricsNabil Malik - Security performance metrics
Nabil Malik - Security performance metrics
 
Metrics & Analytics That Matter - Steve Krull, CEO, Be Found Online
Metrics & Analytics That Matter - Steve Krull, CEO, Be Found OnlineMetrics & Analytics That Matter - Steve Krull, CEO, Be Found Online
Metrics & Analytics That Matter - Steve Krull, CEO, Be Found Online
 
Measuring Effectiveness
Measuring EffectivenessMeasuring Effectiveness
Measuring Effectiveness
 

Similar to Improving Your Information Security Program

ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
ITS 1 Page Overview
ITS 1 Page OverviewITS 1 Page Overview
ITS 1 Page OverviewITS Partners
 
Ta Security
Ta SecurityTa Security
Ta Securityjothsna
 
TA security
TA securityTA security
TA securitykesavars
 
Securing your info
Securing your infoSecuring your info
Securing your infoIain Young
 
OUTSOURCING ASSURANCE
OUTSOURCING ASSURANCEOUTSOURCING ASSURANCE
OUTSOURCING ASSURANCEArul Nambi
 
Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Seema Sheth-Voss
 
Software Compliance Management Overview
Software Compliance Management OverviewSoftware Compliance Management Overview
Software Compliance Management Overviewkevino80
 
Software Compliance 062409
Software Compliance 062409Software Compliance 062409
Software Compliance 062409mohara7750
 
Building a database security program
Building a database security programBuilding a database security program
Building a database security programmatt_presson
 
Corporate Presentation
Corporate PresentationCorporate Presentation
Corporate PresentationArul Nambi
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Briefmageeb
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Carl Booth
 
Improve Governance with Autoclassification
Improve Governance with AutoclassificationImprove Governance with Autoclassification
Improve Governance with AutoclassificationAIIM International
 

Similar to Improving Your Information Security Program (20)

ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
Privacy Impact Assessment Final
Privacy Impact Assessment FinalPrivacy Impact Assessment Final
Privacy Impact Assessment Final
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
ITS 1 Page Overview
ITS 1 Page OverviewITS 1 Page Overview
ITS 1 Page Overview
 
Ta Security
Ta SecurityTa Security
Ta Security
 
TA security
TA securityTA security
TA security
 
Securing your info
Securing your infoSecuring your info
Securing your info
 
Isms v kumar
Isms v kumarIsms v kumar
Isms v kumar
 
OUTSOURCING ASSURANCE
OUTSOURCING ASSURANCEOUTSOURCING ASSURANCE
OUTSOURCING ASSURANCE
 
Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012
 
Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)
 
Software Compliance Management Overview
Software Compliance Management OverviewSoftware Compliance Management Overview
Software Compliance Management Overview
 
Software Compliance 062409
Software Compliance 062409Software Compliance 062409
Software Compliance 062409
 
Building a database security program
Building a database security programBuilding a database security program
Building a database security program
 
Corporate Presentation
Corporate PresentationCorporate Presentation
Corporate Presentation
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Brief
 
MitKat Ad
MitKat AdMitKat Ad
MitKat Ad
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscovery
 
Improve Governance with Autoclassification
Improve Governance with AutoclassificationImprove Governance with Autoclassification
Improve Governance with Autoclassification
 

More from Seccuris Inc.

Building an enterprise forensics response service
Building an enterprise forensics response serviceBuilding an enterprise forensics response service
Building an enterprise forensics response serviceSeccuris Inc.
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesSeccuris Inc.
 
Compliance in Virtualized Environments
Compliance in Virtualized EnvironmentsCompliance in Virtualized Environments
Compliance in Virtualized EnvironmentsSeccuris Inc.
 
Outsourcing: A Security Perspective
Outsourcing: A Security PerspectiveOutsourcing: A Security Perspective
Outsourcing: A Security PerspectiveSeccuris Inc.
 
Security Information Management: An introduction
Security Information Management: An introductionSecurity Information Management: An introduction
Security Information Management: An introductionSeccuris Inc.
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesSeccuris Inc.
 
Building Critical Infrastructure For Business Recovery
Building Critical Infrastructure For Business RecoveryBuilding Critical Infrastructure For Business Recovery
Building Critical Infrastructure For Business RecoverySeccuris Inc.
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
 

More from Seccuris Inc. (10)

Building an enterprise forensics response service
Building an enterprise forensics response serviceBuilding an enterprise forensics response service
Building an enterprise forensics response service
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniques
 
Compliance in Virtualized Environments
Compliance in Virtualized EnvironmentsCompliance in Virtualized Environments
Compliance in Virtualized Environments
 
Outsourcing: A Security Perspective
Outsourcing: A Security PerspectiveOutsourcing: A Security Perspective
Outsourcing: A Security Perspective
 
Security Information Management: An introduction
Security Information Management: An introductionSecurity Information Management: An introduction
Security Information Management: An introduction
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and prevention
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
Building Critical Infrastructure For Business Recovery
Building Critical Infrastructure For Business RecoveryBuilding Critical Infrastructure For Business Recovery
Building Critical Infrastructure For Business Recovery
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualization
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 

Improving Your Information Security Program

  • 1. Improving your Information Security Program Building your Security Dashboard
  • 2. Our on-going challenge Identifying success and measuring performance is difficult within the information security program • Security Managers lack an effective way to monitor current state and track improvement within their programs • Security staff lack guidance on program priorities • Management and executive need awareness of how the program supports the organization • Business units do not understand their role in information security Copyright 2007 – Seccuris Inc.
  • 3. Our on-going challenge How do we align, manage and communicate our program in an effective manner? By creating an Information Security Program Dashboard Copyright 2007 – Seccuris Inc.
  • 4. Agenda • Introduction to dashboards • The role of the dashboard • Building a dashboard for your security program • Using your Dashboard Copyright 2007 – Seccuris Inc.
  • 5. Introduction to Dashboards What is a dashboard? • A summary view of relevant performance information • Visualization of up-to-date Key Performance Indicators (KPIs) • KPIs are displayed though a collection of Performance Maps • Can be manual, automated or “digital” Copyright 2007 – Seccuris Inc.
  • 6. Introduction to Dashboards What isn’t a dashboard? • Driving your car • Security Information Management (SIM) Copyright 2007 – Seccuris Inc.
  • 7. Poor Example of Dashboard Copyright 2007 – Seccuris Inc.
  • 8. Better example of Dashboard Copyright 2007 – Seccuris Inc.
  • 9. Good Example of Dashboard Security Management Dashboard* High-Level Direction Malicious Attack Special Topics Security Organization Security Committee E-mail Privacy Serer Virus Infections Approvals for Security Incidents Initiatives Identified Contained Cleaned SubmittedReviewed Approved Identified Contained Investigated Closed 36 30 33 16 12 9 45 30 544 311 Monthly Annual Monthly R e mo t e O f f i c e P o l i c y V i o l a t i o n s Information Security Intrusion Prevention Remote Office Security Department Policies Signature Updates Policy Violations Initiatives Created Revised Approved Low Med High Low Identified Tested Approved Implemented Defined Scheduled Active Completed 8 3 11 M ed 89 69 54 34 6 5 44 177 67 Hi h g 774 122 Annual Annual Annual Monthly S t a f f A g r e e me n t s Se c u r i t y A u d i t s Incident Response Security Awareness Staff Agreements Security Audits Engagements Initiatives 1 N/A Current Expired N/ A Compl t ed e Identified In-progress Re-Opened Closed 0 . 5Defined Scheduled Active Defined Scheduled Active Completed Completed 2 Cur r en t Act ve i 699 455 4 1 4 4 1 0 4 43 12 2 30 12 Expi ed r Schedul d e 0 Compl t ed e Def n ed i Annual Annual Annual Annual Copyright 2007 – Seccuris Inc.
  • 10. Malicious Attack Serer Virus Infections Identified Contained Cleaned 36 30 33 Monthly Intrusion Prevention Signature Updates Identified Tested Approved Implemented 89 69 54 177 Monthly Incident Response Engagements Identified In-progress Re-Opened Closed 43 12 2 30 Annual Copyright 2007 – Seccuris Inc.
  • 11. Introduction to Dashboards What are the benefits of a dashboard? • Demonstration of compliance • Elimination of duplicate data entry / gathering • Identify poor performance within the program • Allows for measurement of current action plans and implementations • Allows for immediate awareness and alerting • Provides supporting information for the IT Security Scorecard Copyright 2007 – Seccuris Inc.
  • 12. The role of the dashboard? Where does the dashboard fit in organizational management? Security Information Management Copyright 2007 – Seccuris Inc.
  • 13. The role of the dashboard? Information Security Policy Information Security Balanced Scorecard Security Management Dashboard* Critical System Business Development Applications High-Level Security Security Secure Direction Organization Requirements Environment Security Management Management Malicious Risk Special Topics Review Attack Acceptances Computer Networks Installations *Includes KPIs from each aspect of Security Management Copyright 2007 – Seccuris Inc.
  • 14. The role of the dashboard? What is the intended audience for an Information Security dashboard? • Primary • CISO • Information Security Manager • Information Security Staff • Secondary • Accountable Business Unit Management • Business Executive • Audit Copyright 2007 – Seccuris Inc.
  • 15. The role of the dashboard? The dashboard allows us to: • Visualize the focus areas for our program • Facilitate awareness of organizations accountability within the security program • Create distinction between failure of the program and failure of the security department Copyright 2007 – Seccuris Inc.
  • 16. Building a security dashboard What are the components of a dashboard? • Performance Maps • Business Logic • Visualization Rules • Data Sources • Critical Success Factors (CSF) • Key Performance Indicators (KPI) Copyright 2007 – Seccuris Inc.
  • 17. Building a security dashboard What are the components of a dashboard? Security Management Dashboard* High-Level Security Security Secure Direction Organization Requirements Environment Management Malicious Risk Special Topics Review Attack Acceptances *Includes KPIs from each aspect of Security Management High-Level Direction Security Organization Security Committee Board Level Approvals Approvals for Security for Security Initiatives Initiatives SubmittedReviewed Approved SubmittedReviewed Approved 12 4 1 16 12 9 Annual Annual Information Security Security Department Policies Initiatives Created Revised Approved Defined Scheduled Active Completed 8 3 11 34 6 5 44 Annual Annual Security Awareness Staff Agreements Initiatives N/A Current Expired Defined Scheduled Active Completed 2 699 455 4 1 0 4 Annual Annual Copyright 2007 – Seccuris Inc.
  • 18. Building a security dashboard The inputs & data sources of a dashboard Information Security Gap Analysis Information Security Policy Information Security Balanced Scorecard Security Management Dashboard* Critical System Business Development Applications High-Level Security Security Secure Direction Organization Requirements Environment Security Management Management Malicious Risk Special Topics Review Attack Acceptances Computer Networks Installations *Includes KPIs from each aspect of Security Management Information Security Action Plan Information Security Action Plan Status Report Copyright 2007 – Seccuris Inc.
  • 19. Building a security dashboard The inputs & data sources of a dashboard Information Security Balanced Scorecard •Defines the goals of the program Critical System Business Development •Challenging to start due to limited Applications access to true corporate business drivers Security Management •Often difficult to separate into manageable, visual pieces Computer Networks Installations •How do we define CSFs for our program? Copyright 2007 – Seccuris Inc.
  • 20. Building a security dashboard The inputs & data sources of a dashboard Information Security Balanced Scorecard Information Security Forum Critical System Business Development Applications Security Management •16+ years in the making •Industry Recognized Computer Networks Installations •Management Focused •Primary source for CSFs Copyright 2007 – Seccuris Inc.
  • 21. Building a security dashboard The inputs & data sources of a dashboard Information Security Policy •Mapped to Business Drivers •Influenced by compliance & legislation •Based on Best Practices •Primary source of relevant KPIs Example Policy: All security incidents relating to critical business functions must be investigated and documented. Example KPI: Number of Identified, In-Progress, Re-opened and Closed Incident Response Engagements. Copyright 2007 – Seccuris Inc.
  • 22. Building a security dashboard The inputs & data sources of a dashboard Information Security Gap Analysis SABSA •Business driven approach •True architecture focus •Aligns with any best practice •Good source of relevant KPIs Copyright 2007 – Seccuris Inc.
  • 23. Building a security dashboard The inputs & data sources of a dashboard Information Security Action Plan •Details security program improvements •Highlights what KPIs should be monitored •Specifies CSF and KPI target goals •Good source of relevant KPIs Copyright 2007 – Seccuris Inc.
  • 24. Building a security dashboard The inputs & data sources of a dashboard Information Security Gap Analysis Information Security Policy Information Security Balanced Scorecard Security Management Dashboard* Critical System Business Development Applications High-Level Security Security Secure Direction Organization Requirements Environment Security Management Management Malicious Risk Special Topics Review Attack Acceptances Computer Networks Installations *Includes KPIs from each aspect of Security Management Information Security Action Plan Information Security Action Plan Status Report Copyright 2007 – Seccuris Inc.
  • 25. Building a security dashboard Steps to define the dashboard • Perform an Information Security Program Gap analysis • Confirm the CSFs for the security program • Choose and align relevant KPIs for the dashboard • Define business logic & visualization rules Copyright 2007 – Seccuris Inc.
  • 26. Building a security dashboard Performing the information Security Gap analysis Copyright 2007 – Seccuris Inc.
  • 27. Building a security dashboard Performing the information Security Gap analysis Maturity Goals Legend 0 – Non-Existent Architecture Area 1 – Initial Current State Required Goal 2 – Repeatable 0 3 – Defined 4 – Managed 5 - Optimized 0 Good Practice Copyright 2007 – Seccuris Inc.
  • 28. Building a security dashboard Information Security Program Gap Analysis Assets Motivation Process People Location Time (What) (Why) (How) (Who) (Where) (When) Business Process Business Organization and Business Geography Business Risk Business Time The Business Model Relationships Model Dependencies Contextual 4 5 5 5 5 5 Control Security Strategies and Security Entity Model and Security Domain Security-Related Business Objectives Architectural Layering Trust Framework Model Lifetimes and Deadlines Attributes Profile Conceptual 4 4 4 4 4 4 Security Processing Cycle Entity Schema and Privilege Security Domain Definitions Business Information Model Security Policies Security Services Profiles and Associations Logical 4 4 4 4 4 4 Users, Applications and Platform and Network Business Data Model Security Mechanisms Control Structure Execution Security Rules, Practices and the User Interface Infrastructure Procedures Physical 3 3 3 3 3 3 Processes, Modes, Security Standards Security Products and Tools Identities, Functions, Actions Security Step Timing and Detailed Data Structures Addresses and Protocols and ACLs Sequencing Component 2 3 3 3 3 3 3 Application and User Security of Sites, Networks Assurance of Operational Operational Risk Security Service Management Security Operations Management Support and Platforms Continuity Management and Support Schedule Operational 3 3 3 3 3 3 Copyright 2007 – Seccuris Inc.
  • 29. Building a security dashboard Information Security Program Gap Analysis Assets Motivation Process People Location Time (What) (Why) (How) (Who) (Where) (When) Business Process Business Organization and Business Geography Business Risk Business Time The Business Model Relationships Model Dependencies 4 4 4 4 4 4 Contextual 4 5 5 5 5 5 Control Security Strategies and Security Entity Model and Security Domain Security-Related Business Objectives Architectural Layering Trust Framework Model Lifetimes and Deadlines Attributes Profile 4 4 4 4 4 4 Conceptual 4 4 4 4 4 4 Security Processing Cycle Entity Schema and Privilege Security Domain Definitions Business Information Model Security Policies Security Services Profiles and Associations 3 3 3 3 3 3 Logical 4 4 4 4 4 4 Users, Applications and Platform and Network Business Data Model Security Mechanisms Control Structure Execution Security Rules, Practices and the User Interface Infrastructure Procedures 3 3 3 3 3 3 Physical 3 3 3 3 3 3 Processes, Modes, Security Standards Security Products and Tools Identities, Functions, Actions Security Step Timing and Detailed Data Structures Addresses and Protocols and ACLs Sequencing 4 4 4 4 4 3 Component 3 3 3 3 3 3 Application and User Security of Sites, Networks Assurance of Operational Operational Risk Security Service Management Security Operations Management Support and Platforms Continuity Management and Support Schedule 3 3 3 3 3 3 Operational 3 3 3 3 3 3 Copyright 2007 – Seccuris Inc.
  • 30. Building a security dashboard Performing the information Security Gap analysis Maturity Goals Legend Above Requirement 0 – Non-Existent Architecture Area 1 – Initial Meets Requirement Current State Required Goal 2 – Repeatable 0 3 – Defined Below Requirement 0 4 – Managed Critically Below Requirement 5 - Optimized 0 Good Practice Copyright 2007 – Seccuris Inc.
  • 31. Building a security dashboard Information Security Program Gap Analysis Assets Motivation Process People Location Time (What) (Why) (How) (Who) (Where) (When) Business Process Business Organization and Business Geography Business Risk Business Time The Business Model Relationships Model Dependencies 4 4 4 4 4 4 Contextual 3 2 4 4 5 2 4 5 5 5 5 5 Control Security Strategies and Security Entity Model and Security Domain Security-Related Business Objectives Architectural Layering Trust Framework Model Lifetimes and Deadlines Attributes Profile 4 4 4 4 4 4 Conceptual 3 4 4 3 4 2 4 4 4 4 4 4 Security Processing Cycle Entity Schema and Privilege Security Domain Definitions Business Information Model Security Policies Security Services Profiles and Associations 3 3 3 3 3 3 Logical 2 3 3 1 2 3 4 4 4 4 4 4 Users, Applications and Platform and Network Business Data Model Security Mechanisms Control Structure Execution Security Rules, Practices and the User Interface Infrastructure Procedures 3 3 3 3 3 3 Physical 1 4 2 3 1 1 3 3 3 3 3 3 Processes, Modes, Security Standards Security Products and Tools Identities, Functions, Actions Security Step Timing and Detailed Data Structures Addresses and Protocols and ACLs Sequencing 4 4 4 4 4 3 Component 0 2 1 2 1 3 2 3 3 3 3 3 3 Application and User Security of Sites, Networks Assurance of Operational Operational Risk Security Service Management Security Operations Management Support and Platforms Continuity Management and Support Schedule 3 3 3 3 3 3 Operational 0 1 2 1 1 2 3 3 3 3 3 3 Copyright 2007 – Seccuris Inc.
  • 32. Building a security dashboard Performing an Information Security Program Gap analysis • Completion will highlight areas of your overall security that are: • Non-existent • Weak / Requiring Improvement • Over invested • Meeting the target Copyright 2007 – Seccuris Inc.
  • 33. Building a security dashboard Performing an Information Security Program Gap analysis • Use this information to: • Identify gaps in your information security policy • Create action plans and improvement projects • Confirm goals & CSFs by ensuring areas that need investment have been appropriately defined at the strategic level • Select KPIs that will allow you to monitor focus areas of your program Copyright 2007 – Seccuris Inc.
  • 34. Building a security dashboard Steps to define the dashboard • Perform an Information Security Program Gap analysis • Confirm the Goals & CSFs for the security program • Use the Gap Analysis to identify potential CSF misalignment • Review Information Security Program Components • Choose and align relevant KPIs for the dashboard • Define business logic & visualization rules Copyright 2007 – Seccuris Inc.
  • 35. Building a security dashboard Where does the dashboard fit in organizational management? Copyright 2007 – Seccuris Inc.
  • 36. Building a security dashboard Information Security Program Gap Analysis Assets Motivation Process People Location Time (What) (Why) (How) (Who) (Where) (When) Business Geography Business Risk Business Time Model Dependencies 4 4 4 Contextual 2 5 2 5 5 5 Security-Related Lifetimes and Deadlines 4 Conceptual 2 4 Security Processing Cycle 3 Logical 1 4 Users, Applications and Business Data Model Control Structure Execution Security Rules, Practices and the User Interface Procedures 3 3 3 3 Physical 1 4 1 1 3 3 3 3 Processes, Modes, Security Standards Security Products and Tools Security Step Timing and Detailed Data Structures Addresses and Protocols Sequencing 4 4 4 4 4 Component 0 2 1 2 1 2 3 3 3 3 3 Security of Sites, Networks Assurance of Operational Operational Risk Security Operations and Platforms Continuity Management Schedule 3 3 3 3 Operational 0 1 1 1 3 3 3 3 Copyright 2007 – Seccuris Inc.
  • 37. Building a security dashboard Steps to define the dashboard • Perform an Information Security Program Gap analysis • Confirm the Goals & CSFs for the security program • Use the Gap Analysis to identify potential CSF misalignment • Review Information Security Program Components • Choose and align relevant KPIs for the dashboard • Define business logic & visualization rules Copyright 2007 – Seccuris Inc.
  • 38. Building a security dashboard Confirm the Goals & CSFs for the security program • Review current security plan documentation • Does Gap analysis output align with the Security Program Scorecard? • Are there weaknesses that must be improved on? • Change Security Program documentation to include new goals and CSFs Copyright 2007 – Seccuris Inc.
  • 39. Building a security dashboard Steps to define the dashboard • Perform an Information Security Program Gap analysis • Confirm the Goals & CSFs for the security program • Choose and align relevant KPIs for the dashboard • Define business logic & visualization rules Copyright 2007 – Seccuris Inc.
  • 40. Building a security dashboard Choose and align relevant KPIs for the dashboard • Brainstorm using current security program as a starting point • Review Gap Analysis for potential new KPIs • Review “good practices” for relevant indicators • Choose KPIs that help influence your goals and visualize your CSFs Copyright 2007 – Seccuris Inc.
  • 41. Using Standards to pick KPIs Critical System Business Development Applications Security Management Computer Networks Installations Copyright 2007 – Seccuris Inc.