Download to read offline
More Related Content
Similar to Information Security Project Management
Information Security Project Management
- 1. INFORMATION SECURITY PROJECT MANAGEMENT Ig o r P e r t s o v s k y , M B A , P M P, C S M , S A F e , I T I L S t a r g a t e I T S o l u t i o n s L L C P M O M a n a g e r a t C o l u m n 5 C o n s u l t i n g L L C i g o r @ s t a r g a t e i t . n e t
- 2. • B or n i n B e l a r u s • G r a d u a t e d l o c a l U n i v e r s i t y • I m m i g r a t e d t o I s r a e l • B A i n I n d u s t r i a l E n g . • W o r k e d f o r H i - T e c h s t a r t u p s • C o m p l e t e d M B A i n M I S i n U K • B a c k g r o u n d i n S y s t e m A d m i n i s t r a t i o n a n d I T M a n a g e m e n t • R e l o c a t e d t o S c o t t s d a l e i n 2 0 0 6 b y D H L E x p r e s s • P M P s i n c e 2 0 0 9 • C o n s u l t a n t s i n c e 2 0 1 0 f o r l a r g e s i z e p r o j e c t s • H o b b y - C h e s s 2 ABOUT ME
- 3. WHY INFOSEC PM? 3 •T h e m o s t i m p o r t a n t a s s e t i s D A T A • B r e a c h e s h a p p e n a l m o s t d a i l y a n d w e r e a d a b o u t t h e m i n t h e n e w s • T h e r e i s a 3 m i l l i o n d e m a n d o f I n f o S e c p r o f e s s i o n a l s u n t i l 2 0 2 1 w h a t m a k e s i f r e c e s s i o n p r o o f i n d u s t r y • P r o j e c t M a n a g e m e n t c a n h e l p I n f o S e c p e o p l e t o i m p l e m e n t t h e r i g h t s o l u t i o n s , m a k e t h e r i g h t b a l a n c e d b u s i n e s s d e c i s i o n s , m i t i g a t e r i s k s
- 4. INFOSEC TYPICAL AREASOF RESPONSIBILITY • G o v e r n a n c e , R i s k , C o m p l i a n c e - G R C • A u d i t i n g a n d C o m p l i a n c e • P o l i c i e s a n d s t a n d a r d s • A p p l i c a t i o n s e c u r i t y - D e v O P S • A w a r e n e s s a n d e d u c a t i o n p r o g r a m s • P h i s h i n g c a m p a i g n s • P e n e t r a t i o n t e s t i n g • D L P, A n t i v i r u s • B u s i n e s s c o n t i n u i t y , • P A M , S S O , I A M • I n c i d e n t M a n a g e m e n t P l a n 4
- 5. MY INFOSEC PROJECTS 5 •Arizona Public Services: • Managed design of InfoSec Policies and rollout of New Browser to 10k End Users • Next Generation Firewall Vendor Selection Process and implementation projects • Hard Drive Encryption for 4k laptops • Department of Education: was responsible to Information Security Policies and Procedures, Managed DR and Business Continuity Projects • American Express GBT: PCI Compliance Program • ALSAC/St. Jude Children's Hospital: PCI Compliance and InfoSec Programs • SIEM Implementation • MDR (Managed Detection Response) Project • GRC Implementation
- 6. STAKEHOLDERS AND TEAMMEMBERS • C I S O , V P o f I n f o r m a t i o n S e c u r i t y • D i r e c t o r s • A n a l y s t s , A r c h i t e c t s , S e c u r i t y E n g i n e e r , I T O p e r a t i o n s • C h a n g e M a n a g e m e n t , P r o d u c t O w n e r s • C o m p l i a n c e t e a m s , I n t e r n a l A u d i t s • P h y s i c a l S e c u r i t y , A p p l i c a t i o n T e a m s • K n o w Y o u r P r o j e c t T e a m , V e n d o r s , A n d S u b c o n t r a c t o r s 6
- 7. PMO AND METHODOLOGY •G l o b a l P M O • I n f o S e c P M O • N o P M O - a l i g n e d w i t h I T • A g i l e v s . W a t e r f a l l • S A F e 7
- 8. • E st a b l i s h A C o m m o n R i s k M a n a g e m e n t A p p r o a c h • S e c u r i t y p r a c t i t i o n e r s t e n d t o t h i n k i n t e r m s o f t h r e a t s a n d t h e p o s s i b i l i t y o f t h e s e b e i n g e x p l o i t e d t o e x p o s e p a r t i c u l a r v u l n e r a b i l i t i e s • A s s e t s n e e d t o b e a s s i g n e d a v a l u e s o t h e t h r e a t s o r v u l n e r a b i l i t y c a n b e q u a n t i f i e d 8 RISK MANAGEMENT
- 9. KNOW YOUR SECURITYSOLUTION(S)-VENDORS 9
- 10.
- 11. CERTIFICATIONS CISSP, CISM, CCSK,SECURITY+, CISA, CPA AGILE CERTIFICATION – SCRUM MASTER, PRODUCT OWNER
- 12.