In this Security technology workshop designed specially for senior IT and business line executives, we will show you how to navigate the “valley of death” of the complex sale of enterprise information protection and make or break the business justification with your management board. Through specific Business Threat Modeling(TM) tactical methods we will show you how to discover current data loss violations, quantify threats and valuate your risk in order to select the most cost-effective security technologies to protect your enterprise information.
Harry Regan - It's Never So Bad That It Can't Get Worsecentralohioissa
Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray.
This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.
Incident Response in the age of Nation State Cyber AttacksResilient Systems
One of the most important and yet least discussed aspects of any corporate structure is the incident response framework. As recent events have highlighted, the risk of intellectual property and critical infrastructure being the target of a cyber-attack is quite real. More than ever before, corporate preparation and response plans are necessary for any entity operating in the digital age.
This webinar will examine how an organization's incident response framework can help limit the exposure of intellectual property and critical infrastructure to outside, malicious parties. Our presenters will review how to construct corporate response plans that yield best-of-breed preparedness.
Our featured speakers for this timely webinar are:
-Mike Gibbons, Managing Director, Alvarez and Marsal, former FBI Special Agent as Unit Chief, overseeing all cyber crime investigations
-Art Ehuan, Managing Director, Alvarez and Marsal, former FBI Supervisory Special Agent assigned to the Computer Crimes Investigations Program
-Gant Redmon, Esq. CIPP/US General Counsel and Vice President of Business Development at Co3
Harry Regan - It's Never So Bad That It Can't Get Worsecentralohioissa
Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray.
This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.
Incident Response in the age of Nation State Cyber AttacksResilient Systems
One of the most important and yet least discussed aspects of any corporate structure is the incident response framework. As recent events have highlighted, the risk of intellectual property and critical infrastructure being the target of a cyber-attack is quite real. More than ever before, corporate preparation and response plans are necessary for any entity operating in the digital age.
This webinar will examine how an organization's incident response framework can help limit the exposure of intellectual property and critical infrastructure to outside, malicious parties. Our presenters will review how to construct corporate response plans that yield best-of-breed preparedness.
Our featured speakers for this timely webinar are:
-Mike Gibbons, Managing Director, Alvarez and Marsal, former FBI Special Agent as Unit Chief, overseeing all cyber crime investigations
-Art Ehuan, Managing Director, Alvarez and Marsal, former FBI Supervisory Special Agent assigned to the Computer Crimes Investigations Program
-Gant Redmon, Esq. CIPP/US General Counsel and Vice President of Business Development at Co3
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
Despite changing threats and the near certainty of compromise, most
IT security programs are much the same as they were a decade ago. How
have attacker motivations and tactics changed, and why? What does
this mean for IT security departments, and how must they adapt?
This webinar will detail the security challenges organizations face
today, the implications of changes in attacker tactics and
motivations, and what firms can do to better align their security
program with today's reality.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Colby Clark, Director of Incident Management, Fishnet Security
On Common Ground: The Overlap of PCI DSS and Data ProtectionTripwire
The landscape today's CISO must work in presents tremendous challenges, from fewer resources to do their work, the need to meet compliance with multiple standards and regulations, to having little executive level support for their work. But the fear of brand damage, fines and other negative impacts of a security breach and audit findings have many organisations actually increasing budgets for compliance initiatives. Given that security and compliance have the same basic goal-namely, to safeguard sensitive data-the strategic CISO will try to see how IT security can benefit from this increased focus on compliance.
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...BIOVIA
Healthcare/Pharmaceutical -IT departments, under constant pressure to do more with less, face an ever increasing volume of regulatory requirements, infrastructure challenges, and demands from clinical end-users to support applications anytime, anywhere, on any device. Healthcare/Pharma CIOs have a hard enough time “keeping the lights on” and find it difficult to drive strategic initiatives that improve patient care or support growth.
Cloud computing can improve the efficiency of IT, increase organizational agility, and control costs, but how do organizations adopt interoperable, scalable solutions while minimizing industry concerns such as vendor lock-in and data breach?
In this session, attendees will learn about the key trends that are driving healthcare organizations toward cloud solutions that “balance” compute, network and storage concerns based on open, scalable infrastructure. We will look at real-world examples of how healthcare organizations are using the cloud today. Finally, we will discuss how healthcare cloud solutions can be improved with Intel platform capabilities.
Managed IT services provider company in India offers IT consultation and support for ... managed web services , cloud based & infrastructure services globally. ... large corporate in USA to provide Remote Infrastructure Support on 24X 7 X 365
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...Karen Graham
These are the presentation slides from a breakout session at the 2013 Nonprofit Technology Conference. Audience was small-medium nonprofit organizations. Learning Goals:
1. Gain a clearer understanding of the breadth of IT support options that are out there.
2. Understand the pros, cons, and cost ranges of different IT support options, with guidance on what type of support tends to work best depending on the culture, size and budget of your organization.
3. Take note of must-ask questions that will help you get the information you need to sort out the best fit, and most reliable IT support.
Your organization will be breached. It's a matter of when, not if. How you respond may be the difference between recovering and closing your doors.
This talk is designed to help small businesses or businesses with small IT organizations to develop a viable incident response program.
I recently gave a presentation on selling value. This is it, minus anything that was proprietary.
It was well received by the team and I believe that the images and limited text speak for themselves. If you'd like the speaker points, drop me a line.
How To Get Clients & Sell Without Selling (Social Selling)Jane Frankland
http://jane-frankland.com Let's look at how to sell! If you're interested in how to get more clients, sell without selling and social media marketing, then this is for you.
If you want to change the feast and famine lifecycle you regularly experience; modernize the way you sell and create just ONE system for client generation that you can use over and over again, instead of having to 'reinvent the wheel' each time you go to market then watch the presentation.
In it I'll be sharing how you can:
1. CREATE: How to create a personalized Client and Lead Generation Plan that focuses on attracting your ideal clients, growing your email list and gearing you up to sell more. This will revolutionize your lead generation process and enable you to obtain security with your income.
2. ATTRACT: I'll share with you how you can free yourself from cold calling and endless networking events, and enable sales with speed, plus I'll give you a brand new "Social Media Quick Tip" that I've never shared on a free webinar yet. This one tip recently landed me a 7-figure client and is guaranteed to help you attract your ideal clients on any social media platform.
3. PROMOTE: Learn how to create a quick and easy "Social Media List Building Funnel" to grow your email list and in turn your sales.
4. SELL: Find out how to create posts, status updates and tweets to sell your programs, products and services via all the social channels. These are what I call your social media daily wins and you can be certain that you'll not feel in the slightest bit salezey whenever you use them.
Thanks for watching!
How do you capture the attention of potential clients during a pitch? In this presentation Crimson Hexagon provides tips and strategy for incorporating social media analytics into your pitch in order to win more business and bigger accounts.
Airbnb, the online marketplace for short-term renters and hosts around the world, has placed its global creative advertising business in review. Incumbent TBWA\Chiat\Day will not participate.
“As a global hospitality company at a pivotal moment in our trajectory, we are seeking a partner agency that takes us closer to unlocking the creativity of our community, in which content and product are inextricably linked. We are engaged in a global pitch, inviting the participation of a handful of diverse agencies to identify this new partner that will help us achieve our next phase of phenomenal growth.”
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
Despite changing threats and the near certainty of compromise, most
IT security programs are much the same as they were a decade ago. How
have attacker motivations and tactics changed, and why? What does
this mean for IT security departments, and how must they adapt?
This webinar will detail the security challenges organizations face
today, the implications of changes in attacker tactics and
motivations, and what firms can do to better align their security
program with today's reality.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Colby Clark, Director of Incident Management, Fishnet Security
On Common Ground: The Overlap of PCI DSS and Data ProtectionTripwire
The landscape today's CISO must work in presents tremendous challenges, from fewer resources to do their work, the need to meet compliance with multiple standards and regulations, to having little executive level support for their work. But the fear of brand damage, fines and other negative impacts of a security breach and audit findings have many organisations actually increasing budgets for compliance initiatives. Given that security and compliance have the same basic goal-namely, to safeguard sensitive data-the strategic CISO will try to see how IT security can benefit from this increased focus on compliance.
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...BIOVIA
Healthcare/Pharmaceutical -IT departments, under constant pressure to do more with less, face an ever increasing volume of regulatory requirements, infrastructure challenges, and demands from clinical end-users to support applications anytime, anywhere, on any device. Healthcare/Pharma CIOs have a hard enough time “keeping the lights on” and find it difficult to drive strategic initiatives that improve patient care or support growth.
Cloud computing can improve the efficiency of IT, increase organizational agility, and control costs, but how do organizations adopt interoperable, scalable solutions while minimizing industry concerns such as vendor lock-in and data breach?
In this session, attendees will learn about the key trends that are driving healthcare organizations toward cloud solutions that “balance” compute, network and storage concerns based on open, scalable infrastructure. We will look at real-world examples of how healthcare organizations are using the cloud today. Finally, we will discuss how healthcare cloud solutions can be improved with Intel platform capabilities.
Managed IT services provider company in India offers IT consultation and support for ... managed web services , cloud based & infrastructure services globally. ... large corporate in USA to provide Remote Infrastructure Support on 24X 7 X 365
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...Karen Graham
These are the presentation slides from a breakout session at the 2013 Nonprofit Technology Conference. Audience was small-medium nonprofit organizations. Learning Goals:
1. Gain a clearer understanding of the breadth of IT support options that are out there.
2. Understand the pros, cons, and cost ranges of different IT support options, with guidance on what type of support tends to work best depending on the culture, size and budget of your organization.
3. Take note of must-ask questions that will help you get the information you need to sort out the best fit, and most reliable IT support.
Your organization will be breached. It's a matter of when, not if. How you respond may be the difference between recovering and closing your doors.
This talk is designed to help small businesses or businesses with small IT organizations to develop a viable incident response program.
I recently gave a presentation on selling value. This is it, minus anything that was proprietary.
It was well received by the team and I believe that the images and limited text speak for themselves. If you'd like the speaker points, drop me a line.
How To Get Clients & Sell Without Selling (Social Selling)Jane Frankland
http://jane-frankland.com Let's look at how to sell! If you're interested in how to get more clients, sell without selling and social media marketing, then this is for you.
If you want to change the feast and famine lifecycle you regularly experience; modernize the way you sell and create just ONE system for client generation that you can use over and over again, instead of having to 'reinvent the wheel' each time you go to market then watch the presentation.
In it I'll be sharing how you can:
1. CREATE: How to create a personalized Client and Lead Generation Plan that focuses on attracting your ideal clients, growing your email list and gearing you up to sell more. This will revolutionize your lead generation process and enable you to obtain security with your income.
2. ATTRACT: I'll share with you how you can free yourself from cold calling and endless networking events, and enable sales with speed, plus I'll give you a brand new "Social Media Quick Tip" that I've never shared on a free webinar yet. This one tip recently landed me a 7-figure client and is guaranteed to help you attract your ideal clients on any social media platform.
3. PROMOTE: Learn how to create a quick and easy "Social Media List Building Funnel" to grow your email list and in turn your sales.
4. SELL: Find out how to create posts, status updates and tweets to sell your programs, products and services via all the social channels. These are what I call your social media daily wins and you can be certain that you'll not feel in the slightest bit salezey whenever you use them.
Thanks for watching!
How do you capture the attention of potential clients during a pitch? In this presentation Crimson Hexagon provides tips and strategy for incorporating social media analytics into your pitch in order to win more business and bigger accounts.
Airbnb, the online marketplace for short-term renters and hosts around the world, has placed its global creative advertising business in review. Incumbent TBWA\Chiat\Day will not participate.
“As a global hospitality company at a pivotal moment in our trajectory, we are seeking a partner agency that takes us closer to unlocking the creativity of our community, in which content and product are inextricably linked. We are engaged in a global pitch, inviting the participation of a handful of diverse agencies to identify this new partner that will help us achieve our next phase of phenomenal growth.”
Selling Agency Ideas to Clients (Or Account Executives)Second Wind
This course presents the steps agencies should follow to ensure clients understand, accept and support creative concepts.
Includes tying creative to strategic plan objectives; the creative brief; writing a creative defense document; presenting creative in-person; the point-by-point strategic review; and “closing the sale.”
The Pitch Process: Turning client briefs into great ideas, then selling themBeyond
As clients have more customers, stakeholders and channels than ever, briefs are getting more confusing; lacking focus, strategy and asking for the "moon on a stick". As the agency, it's getting harder to know where to focus with our ideas and strategy, then sell it effectively. This presentation was originally delivered at Miami Ad School's New York campus as part of the "Industry Heroes" lecture series.
Business Development Frameworks & Tips for AgenciesLeslie Bradshaw
Seasoned agency leaders Barbara Yolles and Leslie Bradshaw share a few of their successful frameworks to grow an agency through strategic business development. Originally taught as a two-day course at the Society of Digital Agencies "Academy" in October 2015. Some slides redacted.
Most companies only consider their customers rational behavior, however, the key to successful value-based selling is understanding the difference between what people say they want – their explicit wants, such as lower prices - and what they are implicitly asking for, which could be recognition that they’re important, want genuine dialogue and feel the need to be taken seriously. Emotional understanding goes beyond the obvious explicit requests.
The value that customers perceive they are getting from your company therefore depends not only on their rational analysis of the product or service but also on their emotional response (“How will this make me feel?”) and their social response (“How will it make me look?” - “What will others think of me?”).
An effective pitch presentation can be the difference between securing investment and/or support for your startup. Download our slide presentation, "Build a Better Pitch Deck," and gain insight on what content to include in your slides and how to design them for the most impact. This information is aggregated from leading entrepreneurship and investor sources both in Arizona and throughout the nation.
Data Security Metricsa Value Based ApproachFlaskdata.io
In this Security management workshop, we introduce finance and business unit managers to a value-based approach for reducing security costs and minimizing Value at Risk
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
Throughout history we've seen opposing forces skillfully pit strengths against weaknesses until, ultimately, one side succumbs. Holding a position takes considerably more effort than does a single, offensive surge, and attackers are counting on it. The very nature of the cybersecurity attacks we face today are in direct response to the shortcomings of the available tools, knowledge and approaches. The only problem is that we must evolve our defenses as fast as (or faster) than their offenses, and the odds are greatly in their favor. Imagine a football game – with no time limits – determined by your opponent’s first undefended scoring play. Game over. Hmmm…I wonder how that one ends?
Facing next-generation challenges requires a next-generation approach – preferably one that requires no change to your current production environment, never tires, continually evolves, doesn't rely on humans and is 99%+ accurate regardless of Internet connectivity. We'll discuss a solution that shifts the balance in your favor by leveraging artificial intelligence to predict and prevent against malware-born threats so you don't have to.
Join us on our upcoming BYOP (Bring Your Own Pizza) "Application Security Meetup" to hear about the latest cyber security breaches, trends and technologies in modern application development.
Agenda:
17:00 - 17:10 - Opening words - by Lior Mazor (Organizer)
17:10 - 17:35 - 'Recent cyber security attacks in Israel' - by Lior Mazor (Organizer)
17:35 - 18:00 - ‘How to deliver a secure product’ - by Michael Furman (Tufin)
18:00 - 18:30 - 'Hacking serverless - Introduction to Serverless Application Security' - by Yossi Shenhav (Komodo)
18:30-19:00 - ‘Post Apocalypse: Exploiting web messaging implementations’ - by Chen Gour-Arie (enso security)
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Data Security For SMB - Fly first class on a budgetFlaskdata.io
In the Data security for an SMB workshop we will show business and IT managers how to deal with threats of porn, blogging, music/video downloads and data leakage. We will demonstrate how firewalls and anti-virus don’t prevent data leakage and present practical ways of preventing data loss.
Protecting endpoints from targeted attacksAppSense
On this AppSense webinar, guest speaker Chris Sherman, Forrester Research analyst, shared five principles for an effective endpoint security strategy. Anti-virus software isn't enough anymore.
Dan O'Farrell, Sr. Director of Product Marketing for Cloud Computing at Dell, shared how highly-regulated industries have embraced VDI to increase security and reduce costs.
And Bassam Khan discussed how AppSense offers privilege management with just-in-time self-elevation and application control through trusted ownership. This allows you to manage and secure your endpoints while providing a great user experience. And our latest product, AppSense Insight, offers endpoint analytics. Contact us to request a demo at iwanttoknowmore@appsense.com.
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
3 Things to Learn About:
* 1. Ransomware is a particular problem and currently the highest priority for healthcare organizations. Machine learning can use the structure of a malicious email to detect an attack even before the email is opened.
* 2. Big data architectures provide the machine-learning models with the volume and variety of data required to achieve complete visibility across the spectrum of IT activity—from packets to logs to alerts.
* 3. Intel and industry partners are currently running one-hour, complimentary, confidential benchmark engagements for HLS organizations that want to see how their security compares with the industry .
Too Small to Get Hacked? Think Again (Webinar)OnRamp
SMBs are a major target in today’s threat landscape since larger organizations have invested in security measures in the last couple of years. Find out how much your data is worth and the best way to safeguard those assets from our experts.
According to StaySafeOnline.org, attacks on SMBs account for over 70% of data breaches, a figure that is on the rise. Sophisticated digital criminals easily exploit businesses with limited security budgets, outdated security controls, and untrained employees. Not to mention, insider threats are becoming more prevalent. Each security incident costs SMBs a loss of $120k, on average. So what can you do about it?
Data security requires implementing the right technology, people, and processes. Like many SMBs, you may see the value in security, but may not be sure where to start. Join our panel of experts in this educational webinar to find out what steps you can take to protect your business today and its valuable assets. We’ll review current trends in attack methods, how to determine what to protect, and what methods are best suited for your objectives.
Takeaways and Learning Objectives
Find out what threats are most common today and how to prevent them.
Get actionable tips on how to protect your business in the short-term and long-term, despite budget and resource constraints.
Get clarity on data security best practices, including tools, policies, processes and developing a culture of security.
Helicopter Assessments - Improve your Customer Data Security!Dahamoo GmbH
Without academic procedures and lengthy preparation you to will get a grip on the customer data risks relevant to YOUR business.
For optimal security of your customer data you will benefit from special modules which we have developed over time.
In practice we found that results can be produced most effectively, when working in three phases.. These phases of a “Helicopter Assessment" for customer data security are:
Understand, Rate, Protect.
The Future of Software Security AssuranceRafal Los
This talk is from ISSA International 2011, reflecting a look out over the horizon of Software Security Assurance for the next 20 years. Fundamentally, we must be able to start with 1 question - "Can you trust your software?" ...and if you can't say "Yes!" for certain, it's time to start somewhere.
Flaskdata - Observability for clinical dataFlaskdata.io
There is an observability gap - literally a black hole in our ability to see, understand and monitor our clinical data. In clinical R&D, the observability gap is responsible for delays in clinical trials of 6-18 months.
A trillion $/year life science industry still relies on manual data processing for R&D. This manual work delays cures for patients, revenue for companies and competitive advantage.
10 days in Corona time is 20,000 lives.
Every day counts.
The travel industry does real-time. Why doesn't clinical research?Flaskdata.io
The travel industry was doing online transaction processing with the IBM iPARS system over 40 years ago. Why does the $60BN clinical research industry insist on retaining a paper paradigm and inventing technology to tell people which piece of paper to review?
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io
In the race to deliver a COVID-19 vaccine, technology can be used to automate patient safety monitoring and assure that patients and physicians have valid data in order to make good decisions regarding risks and benefits.
Practical security - access control, least privilege, cryptography at work, security attacks and pen testing your system with MetaSploit. The enemy knows the system. Not security by obscurity
The insights that will help your medtech clinical trial succeedFlaskdata.io
Clinical trial monitoring uses a model that was set in the early 50s of the previous century. It is still highly oriented to pharma studies where patients visit sites. But for mobile medical apps and connected mobile devices - patients use the device at home and on-the-go. How do you succeed in monitoring a medtech clinical trial where the patients are in a near-real-life scenario?
Quick user guide to the Clear Clinica Cloud EDC systemFlaskdata.io
This is a short presentation that describes how to use the ClinCapture EDC system running in the Clear Clinica cloud. It assumes a general familiarity with electronic data capture in clinical trials. You will need access to a training instance in the Clear Clinica cloud
Cyber security is not safety.
I've updated a talk I gave in 2010 to include the latest FDA guidance on mobile devices and cyber security. But really nothing has changed since then. Medical device vendors are still grappling with the notion that cyber security involves a complex, interconnected, rapidly changing landscape of vulnerabilities, threats, zero-day exploits, software security issues that does not fit the slow-moving pre-market approval and static risk analysis that FDA uses for safety.
In this presentation we show how to use a practical threat analysis methodology and present real-life examples of how to build a prioritized, cost-effective security countermeasure plan.
So - guess what? Safety is not cyber security!
Managing cyber security for medical devices is a challenge for medical device vendors and regulatory consultants who are accustomed to estimating patient safety risk without having to explain and understand a complex, rapidly changing and interconnected environment of vulnerabilities, attackers, attacker entry points and zero-day threats.
In this updated version of a talk I gave 5 years ago - I show how to use threat modeling in order to provide a prioritized security countermeasure plan that will cost the medical device vendor the least amount of money and save him the grief of trying to deal with cyber threats in his safety risk analysis.
Pathcare is a private social network for a doctor and his patients. It provides 10x efficiency of social software versus email, provides the doctor with emotional/vital sign state of patients
Summary
The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance such as PCI DSS 1.2 and growing numbers of data security breaches and Internet acceptable usage violations in the workplace. $14BN a year is spent in the US alone on corporate-governance-related IT spending1.
Are large internally-focused GRC systems the solution for improving risk and compliance? Or should we go outside the organization to look for risks we’ve never thought about and discover new links and interdependencies2.
This article introduces a practical approach that will help the CISOs/CSOs in any sized business unit successfully improve compliance and reduce information value at risk. We call this approach “The Tao of GRC” and base it on 3 principles.
1. Adopt a standard language of threats
2. Learn to speak the language fluently
3. Go green – recycle your risk and compliance
Will Web 2.0 applications break the cloud?Flaskdata.io
Computing in the cloud is fashionable and in many cases extremely cost-effective. But - considering a flawed execution model of rich Web 2.0 applications - will Web applications in the cloud fail to live up to the promise due to performance and security issues?
In this presentation - I discuss security and performance issues of Web 2.0 apps in the cloud and talk about the kind of mistakes people make.
I wrap up with some thoughts on the game changers
Killed by code - mobile medical devicesFlaskdata.io
There is a perfect storm of consumer electronics, mobile communications and customer need - the need to help people manage chronic disease like Parkinson, diabetes and MSA and sustain life with pacemakers and ICDs
Homeland Security - strengthening the weakest linkFlaskdata.io
In the Data security at home workshop we will discuss what happens when files come home and when removable devices and notebooks owned by your employees go to work. We will help clarify the threats and understand the issues of home (land) security and how to get your employees to practice what your preach
Writing An Effective Security Procedure in 2 pages or less and make it stickFlaskdata.io
In this Security management workshop we will discuss the Oral Law and the Written Law: The good, bad and ugly of procedures. We will show you how to write an effective data security procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stick
Selling Data Security Technology
1. Selling Data security
to the CEO
Licensed under the Creative Commons Attribution License
Danny Lieberman
dannyl@controlpolicy.com http://www.controlpolicy.com/
2. Sell high
“it's a lot easier to manage a
big project than a small one”
Boaz Dotan – Founder of Amdocs (NYSE:DOX), $5.3BN Cap.
3. Agenda
• Introduction and welcome
• What is data security?
• Defining the problem
• After Enron
• Weak sales strategy
• The valley of death
• Strong sales strategy
• Execution
5. What the heck is data security?
• Security
– Ensure we can survive & add value
• Physical, information, systems, people
• Data security
– Protect data directly in all realms
6. Defining the problem
• You can't sell to a need that's never been
observed(*)
– Little or no monitoring of data
theft/abuse
• Perimeter protection, access control
– Firewall/IPS/AV/Content/AD
Lord Kelvin
(*) Paraphrase of
7. What happened since Enron
• Threat scenario circa 1999
– Bad guys outside
– Lots of proprietary protocols
– IT decides
• Threat scenario circa 2009
– Bad guys inside
– Everything on HTTP
– Vendors decide
10. The valley of death
Logical &rational
Emotional & Political
IT Requirements
Compliance
requirements Meet Close
vendors Evaluate
alternatives
Capabilities Project
Presentation
Talk to
analysts
Losing control
Month 1 Month 5 Month 1218
11. Why you lose control
• Issues shift
– Several vendors have technology
• Non-product differentiation
• Divided camps
– Nobody answers all requirements
• Need a political sponsor
• Loss of momentum
– No business pain
– No power sponsors
12. Strong sales strategy
• Build business pain
– Focus on biggest threat to the firm
– Rational
• Get a power sponsor
– CEO,COO, CFO,CIO
– Personal
14. Execution – building business pain
• Prove 2 hypotheses:
– Data loss is happening now.
– A cost effective solution exists that
reduces risk to acceptable levels.
15. H1: Data loss is happening
• What keeps you awake at night?
• What data types and volumes of data leave the network?
• Who is sending sensitive information out of the company?
• Where is the data going?
• What network protocols have the most events?
• What are the current violations of company AUP?
16. H2: A cost effective solution exists
• Value of information assets on PCs, servers & mobile devices?
• What is the Value at Risk?
• Are security controls supporting the information behavior you want
(sensitive assets stay inside, public assets flow freely, controlled
assets flow quickly)
• How much do your current security controls cost?
• How do you compare with other companies in your industry?
• How would risk change if you added, modified or dropped security
controls?
17. What keeps you awake at night
Asset has value, fixed over time or variable
Plans to privatize, sell 50% of equity
Threat exploits vulnerabilities & damages assets.
IT staff read emails and files of management board
Employee leaks plans to press
Buyer sues for breach of contract.
Vulnerability is a state of Countermeasure has a cost
weakness mitigated by a fixed over time or recurring.
countermeasure. Monitor abuse of privilege &
IT staff Prevent leakage of
have access management board documents
to mail/file servers on all channels.
18. Calculating Value at Risk
Value at Risk
Metrics =Threat Damage to
Asset value, Asset x Asset Value x
Threat damage to asset, Threat Probability
Threat probability
(*)PTA Practical threat analysis risk model
19. Coming attractions
• Sep 17: Selling data security technology
• Sep 24: Write a 2 page procedure
• Oct 1: Home(land) security
• Oct 8: SME data security
http://www.controlpolicy.com/workshops
20. Learn more
• Presentation materials and resources
http://www.controlpolicy.com/workshops/data-security-workshops/
• Software to calculate Value at Risk
PTA Professional
http://www.software.co.il/pta