Flaskdata.io, profile picture
Uploaded byFlaskdata.io
PDF, PPTX664 views

Selling Data Security Technology

The document discusses strategies for selling data security solutions to CEOs, highlighting the importance of understanding data security, the evolution of threats, and the need for a strong sales strategy. It emphasizes building business pain and securing sponsorship from top executives to drive the adoption of data security measures. The content also suggests ways to calculate the value at risk and address vulnerabilities within organizations.

Embed presentation

Download as PDF, PPTX
Selling Data security to the CEO Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com http://www.controlpolicy.com/     
Sell high “it's a lot easier to manage a  big project than a small one” Boaz Dotan – Founder of Amdocs (NYSE:DOX), $5.3BN Cap.    
Agenda • Introduction and welcome • What is data security? • Defining the problem • After Enron • Weak sales strategy • The valley of death • Strong sales strategy • Execution    
Introduction • Our mission today – How to sell data security to the CEO    
What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms    
Defining the problem • You can't sell to a need that's never been  observed(*) – Little or no monitoring of data theft/abuse • Perimeter protection, access control – Firewall/IPS/AV/Content/AD     Lord Kelvin (*) Paraphrase of 
What happened since Enron • Threat scenario circa 1999 – Bad guys outside – Lots of proprietary protocols – IT decides • Threat scenario circa 2009 – Bad guys inside – Everything on HTTP – Vendors decide    
Weak sales strategy IT –  data security is  “very important” ...Forrester Management board –  fraud/data theft can maim or  destroy the company ...Sarbanes­Oxley    
Mind the gap IT –  We can get DLP  technology for 100K  and the first 6  months are free. ...Websense Management board – We  have Euro 100M VaR ...PwC    
The valley of death Logical &rational Emotional & Political IT Requirements  Compliance  requirements Meet Close vendors Evaluate alternatives Capabilities Project Presentation Talk to analysts Losing control Month 1 Month 5 Month 12­18    
Why you lose control • Issues shift – Several vendors have technology • Non-product differentiation • Divided camps – Nobody answers all requirements • Need a political sponsor • Loss of momentum – No business pain – No power sponsors    
Strong sales strategy • Build business pain – Focus on biggest threat to the firm – Rational • Get a power sponsor – CEO,COO, CFO,CIO – Personal    
Close the gap Toxic customer data  ­ VaR: 100M ­ VaR reducation: 20M ­ Cost: 1M over 3 years ...Security & Risk Management board – We  have 100M VaR ...PwC    
Execution – building business pain • Prove 2 hypotheses: – Data loss is happening now. – A cost effective solution exists that reduces risk to acceptable levels.    
H1: Data loss is happening • What keeps you awake at night? • What data types and volumes of data leave the network? • Who is sending sensitive information out of the company? • Where is the data going? • What network protocols have the most events? • What are the current violations of company AUP?    
H2: A cost effective solution exists • Value of information assets on PCs, servers & mobile devices? • What is the Value at Risk? • Are security controls supporting the information behavior you want  (sensitive assets stay inside, public assets flow freely, controlled  assets flow quickly) • How much do your current security controls cost? • How do you compare with other companies in your industry? • How would risk change if you added, modified or dropped security  controls?    
What keeps you awake at night Asset has value, fixed over time or variable Plans to privatize, sell 50% of equity Threat exploits vulnerabilities & damages assets.  IT staff read emails and files of management board Employee leaks plans to press Buyer  sues for breach of contract. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & IT staff  Prevent leakage of have access management board documents to mail/file servers on all channels.    
Calculating Value at Risk Value at Risk Metrics =Threat Damage to  Asset value,  Asset x Asset Value x  Threat damage to asset, Threat Probability Threat probability      (*)PTA ­Practical threat analysis risk model
Coming attractions • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops     
Learn more • Presentation materials and resources http://www.controlpolicy.com/workshops/data-security-workshops/ • Software to calculate Value at Risk PTA Professional http://www.software.co.il/pta    

More Related Content

PDF
Fns Incident Management Powered By En Case
bytbeckwith
 
PPTX
People are the biggest risk
byEvan Francen
 
PPTX
Business Intelligence In Cloud Computing A Tokenization Approach Final
byHossam Hassanien
 
PPTX
Harry Regan - It's Never So Bad That It Can't Get Worse
bycentralohioissa
 
PPTX
What if
bysc00777
 
PPTX
BSIDES DETROIT 2015: Data breaches cost of doing business
byJoel Cardella
 
PPT
ZENDAL BACKUP
byNéstor Alemán Esteban
 
PPTX
Incident Response in the age of Nation State Cyber Attacks
byResilient Systems
 
Fns Incident Management Powered By En Case
bytbeckwith
 
People are the biggest risk
byEvan Francen
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
byHossam Hassanien
 
Harry Regan - It's Never So Bad That It Can't Get Worse
bycentralohioissa
 
What if
bysc00777
 
BSIDES DETROIT 2015: Data breaches cost of doing business
byJoel Cardella
 
ZENDAL BACKUP
byNéstor Alemán Esteban
 
Incident Response in the age of Nation State Cyber Attacks
byResilient Systems
 

What's hot

PDF
Today's Breach Reality, The IR Imperative, And What You Can Do About It
byResilient Systems
 
PPTX
Cloud Computing Legal for Pennsylvania Bar Association
byAmy Larrimore
 
PDF
Yakhouba
byyakhouba sall
 
PPTX
Hp Fortify Pillar
byEd Wong
 
PPTX
On Common Ground: The Overlap of PCI DSS and Data Protection
byTripwire
 
PDF
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
byBIOVIA
 
PDF
Responding to and recovering from sophisticated security attacks
byIBM
 
PDF
Robert beggs incident response teams - atlseccon2011
byAtlantic Security Conference
 
PPTX
Zenith Infotech Mirror Cloud Presentation. 112211
byhdmchughgmailcom
 
PDF
Gateway RIMS (Remote Infrastructure Management Services)
bysonnysonare
 
PPT
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
byKaren Graham
 
PDF
Managing Risk in IT
byNTEN
 
PPTX
You Will Be Breached
byMike Saunders
 
PPT
College Presentation
byscottfrost
 
PDF
Afac device-security-july-7-2014v7-2
byKBIZEAU
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
byResilient Systems
 
Cloud Computing Legal for Pennsylvania Bar Association
byAmy Larrimore
 
Yakhouba
byyakhouba sall
 
Hp Fortify Pillar
byEd Wong
 
On Common Ground: The Overlap of PCI DSS and Data Protection
byTripwire
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
byBIOVIA
 
Responding to and recovering from sophisticated security attacks
byIBM
 
Robert beggs incident response teams - atlseccon2011
byAtlantic Security Conference
 
Zenith Infotech Mirror Cloud Presentation. 112211
byhdmchughgmailcom
 
Gateway RIMS (Remote Infrastructure Management Services)
bysonnysonare
 
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
byKaren Graham
 
Managing Risk in IT
byNTEN
 
You Will Be Breached
byMike Saunders
 
College Presentation
byscottfrost
 
Afac device-security-july-7-2014v7-2
byKBIZEAU
 

Viewers also liked

PPTX
Campbell’s Pitch presentation
byLexyKhoo
 
PDF
Win more ad agency new business pitches. It’s easier than you think.
byFuel Lines Business Development
 
PPTX
Pitch Perfect: Agency Secrets to Winning More Business
byWP Engine
 
PPT
Selling Value
by★ Scott Schnaars ★
 
PDF
How To Get Clients & Sell Without Selling (Social Selling)
byJane Frankland
 
PPTX
Arming Agencies for the Pitch
byCrimson Hexagon
 
PDF
Airbnb pitch brief
byCubeyou Inc
 
PDF
Via NYC Agency Brand pitch
byMathias Jakobsen
 
PPTX
Chesamel Communications Creds
byjncofie
 
PPTX
Cadbury campaign pitch presentation (naked idea agency)
byyanahada
 
PDF
Star Group - Digital Agency Of Record Pitch
byLyndon Hale
 
PPTX
Selling Agency Ideas to Clients (Or Account Executives)
bySecond Wind
 
PDF
From Selling Technology to Selling Value (2008)
byMarc Jadoul
 
PDF
The Pitch Process: Turning client briefs into great ideas, then selling them
byBeyond
 
PDF
Business Development Frameworks & Tips for Agencies
byLeslie Bradshaw
 
PDF
The art of selling value
byThorleif Astrup Hallund
 
PDF
Build a Better Entrepreneur Pitch Deck
byCenter For Entrepreneurial Innovation
 
Campbell’s Pitch presentation
byLexyKhoo
 
Win more ad agency new business pitches. It’s easier than you think.
byFuel Lines Business Development
 
Pitch Perfect: Agency Secrets to Winning More Business
byWP Engine
 
Selling Value
by★ Scott Schnaars ★
 
How To Get Clients & Sell Without Selling (Social Selling)
byJane Frankland
 
Arming Agencies for the Pitch
byCrimson Hexagon
 
Airbnb pitch brief
byCubeyou Inc
 
Via NYC Agency Brand pitch
byMathias Jakobsen
 
Chesamel Communications Creds
byjncofie
 
Cadbury campaign pitch presentation (naked idea agency)
byyanahada
 
Star Group - Digital Agency Of Record Pitch
byLyndon Hale
 
Selling Agency Ideas to Clients (Or Account Executives)
bySecond Wind
 
From Selling Technology to Selling Value (2008)
byMarc Jadoul
 
The Pitch Process: Turning client briefs into great ideas, then selling them
byBeyond
 
Business Development Frameworks & Tips for Agencies
byLeslie Bradshaw
 
The art of selling value
byThorleif Astrup Hallund
 
Build a Better Entrepreneur Pitch Deck
byCenter For Entrepreneurial Innovation
 

Similar to Selling Data Security Technology

PDF
Data Security Metricsa Value Based Approach
byFlaskdata.io
 
PPTX
Gainful Information Security 2012 services
byCade Zvavanjanja
 
PPTX
Secure Iowa Oct 2016
byLarry Slobodzian
 
PDF
Sexy defense
byIftach Ian Amit
 
PDF
Managed Security For A Not So Secure World Wp090991
byErik Ginalick
 
PPTX
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
PPTX
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
byDamir Delija
 
PPTX
Oracle security-formula
byOracleIDM
 
PPTX
MIS: Information Security Management
byJonathan Coleman
 
PDF
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
bySilverStormSolutions
 
PDF
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
byRaleigh ISSA
 
PDF
Why Have A Digital Investigative Infrastructure
byKevin Wharram
 
PPTX
The Perils that PCI brings to Security
byTripwire
 
PPTX
Top 12 Threats to Enterprise
byArgyle Executive Forum
 
PDF
Presentation crafting your active security management strategy 3 keys and 4...
byxKinAnx
 
PDF
James Beeson SOURCE Boston 2011
bySource Conference
 
PPTX
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
byDataExchangeAgency
 
PPTX
Information security for business majors
byPaul Melson
 
PDF
InformationSecurity_11141
bysraina2
 
Data Security Metricsa Value Based Approach
byFlaskdata.io
 
Gainful Information Security 2012 services
byCade Zvavanjanja
 
Secure Iowa Oct 2016
byLarry Slobodzian
 
Sexy defense
byIftach Ian Amit
 
Managed Security For A Not So Secure World Wp090991
byErik Ginalick
 
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
byDamir Delija
 
Oracle security-formula
byOracleIDM
 
MIS: Information Security Management
byJonathan Coleman
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
bySilverStormSolutions
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
byRaleigh ISSA
 
Why Have A Digital Investigative Infrastructure
byKevin Wharram
 
The Perils that PCI brings to Security
byTripwire
 
Top 12 Threats to Enterprise
byArgyle Executive Forum
 
Presentation crafting your active security management strategy 3 keys and 4...
byxKinAnx
 
James Beeson SOURCE Boston 2011
bySource Conference
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
byDataExchangeAgency
 
Information security for business majors
byPaul Melson
 
InformationSecurity_11141
bysraina2
 

More from Flaskdata.io

PDF
Flaskdata - Observability for clinical data
byFlaskdata.io
 
PDF
The travel industry does real-time. Why doesn't clinical research?
byFlaskdata.io
 
PDF
Flaskdata.io automated monitoring for clinical trials
byFlaskdata.io
 
PPTX
How to write secure code
byFlaskdata.io
 
PDF
The insights that will help your medtech clinical trial succeed
byFlaskdata.io
 
PDF
2017 02-05 en-eu-data-security_v2
byFlaskdata.io
 
PPTX
Quick user guide to the Clear Clinica Cloud EDC system
byFlaskdata.io
 
PPTX
Killed by code 2015
byFlaskdata.io
 
PPTX
Killed by code 2015
byFlaskdata.io
 
PPTX
Pathcare: Patient-issue oriented healthcare
byFlaskdata.io
 
PPTX
The Tao of GRC
byFlaskdata.io
 
PDF
Will Web 2.0 applications break the cloud?
byFlaskdata.io
 
PPTX
Killed by code - mobile medical devices
byFlaskdata.io
 
PPTX
Grc tao.4
byFlaskdata.io
 
PPT
Data Security For Compliance 2
byFlaskdata.io
 
PDF
Data Security For SMB - Fly first class on a budget
byFlaskdata.io
 
PDF
Homeland Security - strengthening the weakest link
byFlaskdata.io
 
PDF
Writing An Effective Security Procedure in 2 pages or less and make it stick
byFlaskdata.io
 
Flaskdata - Observability for clinical data
byFlaskdata.io
 
The travel industry does real-time. Why doesn't clinical research?
byFlaskdata.io
 
Flaskdata.io automated monitoring for clinical trials
byFlaskdata.io
 
How to write secure code
byFlaskdata.io
 
The insights that will help your medtech clinical trial succeed
byFlaskdata.io
 
2017 02-05 en-eu-data-security_v2
byFlaskdata.io
 
Quick user guide to the Clear Clinica Cloud EDC system
byFlaskdata.io
 
Killed by code 2015
byFlaskdata.io
 
Killed by code 2015
byFlaskdata.io
 
Pathcare: Patient-issue oriented healthcare
byFlaskdata.io
 
The Tao of GRC
byFlaskdata.io
 
Will Web 2.0 applications break the cloud?
byFlaskdata.io
 
Killed by code - mobile medical devices
byFlaskdata.io
 
Grc tao.4
byFlaskdata.io
 
Data Security For Compliance 2
byFlaskdata.io
 
Data Security For SMB - Fly first class on a budget
byFlaskdata.io
 
Homeland Security - strengthening the weakest link
byFlaskdata.io
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
byFlaskdata.io
 

Selling Data Security Technology

  • 1.
    Selling Data security to the CEO Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com http://www.controlpolicy.com/     
  • 2.
    Sell high “it's a lot easier to manage a  big project than a small one” Boaz Dotan – Founder of Amdocs (NYSE:DOX), $5.3BN Cap.    
  • 3.
    Agenda • Introduction and welcome • What is data security? • Defining the problem • After Enron • Weak sales strategy • The valley of death • Strong sales strategy • Execution    
  • 4.
    Introduction • Our missiontoday – How to sell data security to the CEO    
  • 5.
    What the heckis data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms    
  • 6.
    Defining the problem • You can't sell to a need that's never been  observed(*) – Little or no monitoring of data theft/abuse • Perimeter protection, access control – Firewall/IPS/AV/Content/AD     Lord Kelvin (*) Paraphrase of 
  • 7.
    What happened sinceEnron • Threat scenario circa 1999 – Bad guys outside – Lots of proprietary protocols – IT decides • Threat scenario circa 2009 – Bad guys inside – Everything on HTTP – Vendors decide    
  • 8.
    Weak sales strategy IT –  data security is  “very important” ...Forrester Management board –  fraud/data theft can maim or  destroy the company ...Sarbanes­Oxley    
  • 9.
  • 10.
    The valley ofdeath Logical &rational Emotional & Political IT Requirements  Compliance  requirements Meet Close vendors Evaluate alternatives Capabilities Project Presentation Talk to analysts Losing control Month 1 Month 5 Month 12­18    
  • 11.
    Why you losecontrol • Issues shift – Several vendors have technology • Non-product differentiation • Divided camps – Nobody answers all requirements • Need a political sponsor • Loss of momentum – No business pain – No power sponsors    
  • 12.
    Strong sales strategy • Build business pain – Focus on biggest threat to the firm – Rational • Get a power sponsor – CEO,COO, CFO,CIO – Personal    
  • 13.
  • 14.
    Execution – buildingbusiness pain • Prove 2 hypotheses: – Data loss is happening now. – A cost effective solution exists that reduces risk to acceptable levels.    
  • 15.
    H1: Data lossis happening • What keeps you awake at night? • What data types and volumes of data leave the network? • Who is sending sensitive information out of the company? • Where is the data going? • What network protocols have the most events? • What are the current violations of company AUP?    
  • 16.
    H2: A costeffective solution exists • Value of information assets on PCs, servers & mobile devices? • What is the Value at Risk? • Are security controls supporting the information behavior you want  (sensitive assets stay inside, public assets flow freely, controlled  assets flow quickly) • How much do your current security controls cost? • How do you compare with other companies in your industry? • How would risk change if you added, modified or dropped security  controls?    
  • 17.
    What keeps youawake at night Asset has value, fixed over time or variable Plans to privatize, sell 50% of equity Threat exploits vulnerabilities & damages assets.  IT staff read emails and files of management board Employee leaks plans to press Buyer  sues for breach of contract. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & IT staff  Prevent leakage of have access management board documents to mail/file servers on all channels.    
  • 18.
    Calculating Value atRisk Value at Risk Metrics =Threat Damage to  Asset value,  Asset x Asset Value x  Threat damage to asset, Threat Probability Threat probability      (*)PTA ­Practical threat analysis risk model
  • 19.
    Coming attractions • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops     
  • 20.
    Learn more • Presentation materials and resources http://www.controlpolicy.com/workshops/data-security-workshops/ • Software to calculate Value at Risk PTA Professional http://www.software.co.il/pta