This document discusses moving information security practices away from checklists and towards a more disruptive and business-aligned approach. It argues that checklists do not properly account for business dynamics like disruption and innovation. The presenter advocates using frameworks like NIST and mental models to understand an organization's context and design security solutions that protect real threats while enabling the business. The goal is to structure security rationalization around business needs and harness disruption rather than try to control it.
A talk about how we learn and think, how we teach, and how our approach to thinking has remained largely unchanged in the West for over 2000 years.
First presented at the Better Software Conference in Las Vegas, June 2009.
Improving innovative success for large enterprisesJaap Linssen
Most enterprises view innovation as searching for golden eggs and 'failing fast'. It's the wrong frame of mind. It's all about creating a learning culture.
Why we keep old systems
People
Political
Technical
Financial
Data issues
The technology adoption life cycle
Legacy systems
Ignorance is bliss
johncachat@hotmail.com
www.peproso.com
The Lost World of Problem Management (2009)Karen Ferris
Despite best practice guidance such as ITIL being around since the late 1980's, Problem Management is still a process that is eluding many organisations. This presentation explores why and how to overcome the challenge being faced by so many.
A talk about how we learn and think, how we teach, and how our approach to thinking has remained largely unchanged in the West for over 2000 years.
First presented at the Better Software Conference in Las Vegas, June 2009.
Improving innovative success for large enterprisesJaap Linssen
Most enterprises view innovation as searching for golden eggs and 'failing fast'. It's the wrong frame of mind. It's all about creating a learning culture.
Why we keep old systems
People
Political
Technical
Financial
Data issues
The technology adoption life cycle
Legacy systems
Ignorance is bliss
johncachat@hotmail.com
www.peproso.com
The Lost World of Problem Management (2009)Karen Ferris
Despite best practice guidance such as ITIL being around since the late 1980's, Problem Management is still a process that is eluding many organisations. This presentation explores why and how to overcome the challenge being faced by so many.
This is a follow-on from my 2008 article in the July Issue of Information Security Magazine discussing the concepts of Macro-Information Security and Micro-Information Security.
ISSA DLP Presentation - Oxford Consulting Groupaengelbert
For many organizations, there is an unsettling reality that they do not have the adequate visibility over critical data assets within their environment. This is one of many factors that are driving companies to consider Data Loss Prevention (DLP) technologies. In this session, we’ll remove the typical fear, uncertainty and doubt spin surrounding this technology and focus on a holistic solution that leverages this technology to enable your business.
Shared at "Data-Driven Design for User Experience" with Le Wagon Tokyo, 25 Aug
https://www.meetup.com/ja-JP/Le-Wagon-Tokyo-Coding-Station/events/280067831/
In UX design, data means the voice of users (customers) and actionable insights that are beyond just numbers. Hearing these voices through user research and usage analytics is a critical process of building a human-centric design. Based on data-driven design, UX designers, product managers, and even senior management can listen to the inner voice of users and extrapolate those to discover a user journey for clear call-to-action and unwavering customer loyalty.
At this webinar, our guest speaker Emi Kwon, UX Design Director at Metlife, will walk you through the basics of data-driven design as well as share some tips and tricks for making data-driven design your value proposition as a product manager/ UX specialist.
Agenda:
✔️ Data ecosystem — Data lake, data warehouse…what does it mean for UX?
✔️ Small data and big data — the opportunities and pitfalls
✔️ Research method basics — qualitative, quantitative or triangulated
✔️ Usage analytics and A/B testing
✔️ What about COVID-19 and remote usability testing?
Action TI : Big Data at Microsoft and Dynamics 365 introductionNicolas Georgeault
Slides used to introduce Corporate BigData and #EnterpriseBrain with Microsoft technologies. Examples with PGA Tour cause the Action TI Event was a Golf tournament and Dynamics 365 to present Data connectivity.
Disrupting technologies like Data Science and Knowledge Automation are projected to have an economic impact of trillions of dollars in the next decade.
This presentation was given at the Dallas Tableau User Group on Oct 29, 2103 and
Including the User: How insights drive business #pswud2017Jeremy Johnson
Design is inclusive by nature. The ability to understand people, their needs, and emotions throughout a journey is what User Experience Designers excel at! That said, many organizations still need that nudge to really get out build true empathy for the people they’re building tools, systems, and apps for. This talk will help you ramp up with modern best practices in insights gathering, while helping you build the case to invest in user understanding through showcasing the value to both your business and your brand.
Copy of presentation delivered at the CHASS 2015 National Forum in Melbourne (October 2015), The Council for Humanities, Arts and Social Sciences in Australia is the peak body supporting more than 75 member organisations in their relationships with Federal and State Government policy makers, Academia and the broader community within Australia.
That soft, messy people factor in technology projectsrodmclaren
From a July 2007 talk/workshop on the soft, squishy, messy world of humans meeting process and technology: human challenges, behavioural patterns and success factors (from pdf)
This presentation, given at Refresh Boston, provides a short introduction to the Agile development process and reviews current design and UX practices. It examines whether Agile can work without hindering the creative process, highlighting the reasons why developers like Agile, the problems Agile poses for designers, and the ways teams can mitigate some of these issues. Lastly, the presentation reviews techniques integrated Agile development and design teams use, and evaluates which methods have worked and where they can be refined.
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
This is a follow-on from my 2008 article in the July Issue of Information Security Magazine discussing the concepts of Macro-Information Security and Micro-Information Security.
ISSA DLP Presentation - Oxford Consulting Groupaengelbert
For many organizations, there is an unsettling reality that they do not have the adequate visibility over critical data assets within their environment. This is one of many factors that are driving companies to consider Data Loss Prevention (DLP) technologies. In this session, we’ll remove the typical fear, uncertainty and doubt spin surrounding this technology and focus on a holistic solution that leverages this technology to enable your business.
Shared at "Data-Driven Design for User Experience" with Le Wagon Tokyo, 25 Aug
https://www.meetup.com/ja-JP/Le-Wagon-Tokyo-Coding-Station/events/280067831/
In UX design, data means the voice of users (customers) and actionable insights that are beyond just numbers. Hearing these voices through user research and usage analytics is a critical process of building a human-centric design. Based on data-driven design, UX designers, product managers, and even senior management can listen to the inner voice of users and extrapolate those to discover a user journey for clear call-to-action and unwavering customer loyalty.
At this webinar, our guest speaker Emi Kwon, UX Design Director at Metlife, will walk you through the basics of data-driven design as well as share some tips and tricks for making data-driven design your value proposition as a product manager/ UX specialist.
Agenda:
✔️ Data ecosystem — Data lake, data warehouse…what does it mean for UX?
✔️ Small data and big data — the opportunities and pitfalls
✔️ Research method basics — qualitative, quantitative or triangulated
✔️ Usage analytics and A/B testing
✔️ What about COVID-19 and remote usability testing?
Action TI : Big Data at Microsoft and Dynamics 365 introductionNicolas Georgeault
Slides used to introduce Corporate BigData and #EnterpriseBrain with Microsoft technologies. Examples with PGA Tour cause the Action TI Event was a Golf tournament and Dynamics 365 to present Data connectivity.
Disrupting technologies like Data Science and Knowledge Automation are projected to have an economic impact of trillions of dollars in the next decade.
This presentation was given at the Dallas Tableau User Group on Oct 29, 2103 and
Including the User: How insights drive business #pswud2017Jeremy Johnson
Design is inclusive by nature. The ability to understand people, their needs, and emotions throughout a journey is what User Experience Designers excel at! That said, many organizations still need that nudge to really get out build true empathy for the people they’re building tools, systems, and apps for. This talk will help you ramp up with modern best practices in insights gathering, while helping you build the case to invest in user understanding through showcasing the value to both your business and your brand.
Copy of presentation delivered at the CHASS 2015 National Forum in Melbourne (October 2015), The Council for Humanities, Arts and Social Sciences in Australia is the peak body supporting more than 75 member organisations in their relationships with Federal and State Government policy makers, Academia and the broader community within Australia.
That soft, messy people factor in technology projectsrodmclaren
From a July 2007 talk/workshop on the soft, squishy, messy world of humans meeting process and technology: human challenges, behavioural patterns and success factors (from pdf)
This presentation, given at Refresh Boston, provides a short introduction to the Agile development process and reviews current design and UX practices. It examines whether Agile can work without hindering the creative process, highlighting the reasons why developers like Agile, the problems Agile poses for designers, and the ways teams can mitigate some of these issues. Lastly, the presentation reviews techniques integrated Agile development and design teams use, and evaluates which methods have worked and where they can be refined.
Similar to The Rational Approach to Disruptive Information Security (20)
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
The Rational Approach to Disruptive Information Security
1. Information Security
Science
The Rational Approach to Disruptive Information Security
By Ravila White, CISSP, CISM, CISA, CIPP, GCIH, ITIL v.3
Making it better without making it complex
2. Disclaimer
This presentation and the concepts herein are
my opinions through private research, practice
and chatting with other professionals.
It is not the opinion of past, present or future
employers.
3. Agenda
Checklist(s) – What is wrong about them…
Understanding Disruption– It’s the driver
behind technology we must secure…
How to be disruptive – NIST can help you
but…
5. Find a standard
Find a best practice
Perform a gap analysis
Train our users
All the boxes for the auditors are
checked
Going down the wrong path…
6. Why?
The solution must meet the use case
The solution must protect against real
threats
Solutions must align to business
operations
8. The reality is…
Business is not linear
Business is driven by innovation
Business is driven by disruption
Knowing is not understanding. There is a great difference
between knowing and understanding: you can know a lot about
something and not really understand it.
[Charles Kettering]
9. How we got here..
Not understand the mental model of our
organization
Not adjusting our mental model
Implementing mental models based on
checklists
11. Disruptive Technology and/or
Innovation
Creating a new market or value network
Improve a product or service
Designing for a different set of consumers
“It represents a mindset—a rebellious instinct to discard old
business clichés and remake the market landscape. An
eagerness to deliberately target situations where the competition
is complacent and the customer has been consistently
overlooked or under-served.” [Luke Wilson]
12. “The potential for reinvention is all around us, and it’s an exciting time
to be thinking about how to structure (or restructure) your business,
your community, or your life in ways that create new value. Enjoy the
possibilities.” [Richard Branson - 1998]
Innovation Disrupted Market
USB Flash drives
Downloadable digital media
Minicomputers
Digital photography
Steamboats
Automobiles
LCD
GPS Navigation
Floppy Disk drives
CDs, DVDs
Mainframes
Chemical photography
Sailing ships
Rail transport
CRT
Navigational map (paper)
15. How Mental Models Influence
Business Process Modeling –
communicates intent and value to the
organization
Enterprise Architecture – sets the context of
information security within the business
Information Design – helps non-infosec
partners quickly orient themselves in a
complex environment
Software Engineering– provides synthesis
of complex information into a whole
19. Reversal through ISO7498
Authoritative
◦ sets the direction
◦ the business validates its decisions
◦ the business executes against
◦ the business captures resource
requirements
◦ the business verifies the activities
necessary to support a solution
Historical
◦ Project plans
◦ RFIs and/or RFPs
23. Credits & References
General Professional Influencers
Disrupt: Think the Unthinkable to
Spark Transformation in Your
Business
Google: www.Google.com
The Visual Miscellaneum
Change by Design
Thinking Page: www.thinking.net
Wikipedia: www.wikipedia.com
Colleen F. Ponto, Ed.D
24. Copyright Information
Some works in this presentation have been
licensed under the Creative Common license
(CC). Please respect the license when using
the concepts or adapting them.
For more information please go here:
www.creativecommons.org
Presented at SecureWorld Expo Seattle by Ravila White
Let’s discuss the current state of affairs facing information security architects. A point to note is use of the word enterprise has been mostly removed in their presentation. If you are an architect, you are more than likely in an environment that requires and currently utilized enterprise solutions.
If you can’t find define the role, how can the business understand what services the architect will provide and how to engage them. When the business can not determine the need then the value is not assessed or appreciated as well.
One of the biggest issues facing not just information security architecture but many information technology disciplines is a lack of common language and standards. This may seem a minor issue. However, it can cause confusion when a group of subject matter experts must reach a goal but they cannot because each person has their own idea of simple terms.
As an exercise, ask people in your organization what a guideline or a framework is. Then ask them what a policy is. If you cannot agree on terminology, don’t expect to agree on what the role of the security architect is or how it should integrate in the business. Developing a common language from which everyone is working will go a long way toward moving architecture initiatives along.
To set the floor of your taxonomy, use terms that are industry standard that easily integrated into the culture of your organization. This becomes especially important if your organization is global or international or has out-sourced some activities.
We know we need to change. Lets discuss how can we do that without impacting the organizations we support and take the knowledge we have and channel it to greater success.
This means that instead of isolating smaller and smaller parts of the system being studied, systems thinking works by expanding its view to take into account larger and larger numbers of interactions as an issue is being studied. This results in sometimes strikingly different conclusions than those generated by traditional forms of analysis, especially when what is being studied is dynamically complex or has a great deal of feedback from other sources, internal or external.
Enterprise architecture and its sub architectures of which information security is a part must look at the big picture to provide successful solutions. Becoming myopic or blind to any part of the enterprise results in lose of functionality, protection and most importantly, user satisfaction.
Information security architects must have systems thinking because information security and EA operate in a dichotomy. EA drives the business forward while information security may seemingly quash innovation as it must protect the business and provide assurance in a transparent manner. Transparency of information security cannot exist if the security architect does not understand the partner disciplines it supports or must integrate with. Additionally, information security must look to the business and EA to determine protections. If a protection is not required, then it should not be suggested.
Information security architecture must be truly visionary. When it is visionary, it becomes a compliment of the system is protects. It is not complimentary when over engineered to complexity for those who must support it and those who use the resulting system.
We can achieve systems thinking for the information security architect through diversification. Understand how to protect the flow of data is great. However, is applied differently depending on the type of information data and where it is flowing. For instance the solution for protecting the flow of electronic mail is different than the solution that protects the flow of transactional messages into and out of a data warehouse. A lack of understanding around data warehousing and information architecture could greatly impact usability if a one size fits all solution were approached. Diversification of knowledge is what makes a successful information security architect.
In software development, middleware is used to support interoperability between disparate systems. For information security architecture innovation, non-infosec disciplines and practice can serve as the middleware to achieving success by supporting the business in a manner that is accepted. By learning at least two non-infosec practices in your organization, you are enabled to respond in a fashion that will allow you to easily communication with your business partners.
This is how you move past being a analytical thinker to a systems thinker. Remember, analytics is more about focusing on points and is individualist in nature. Systems thinking is the aggregation of analytics around internal and external behaviors and interactions in a system.
Of the recommended knowledge to gain, reverse engineering is perhaps the most valuable as it will enable you to gain a systems view of the information and guide your recommendations more accurately.
Reverse engineering can tell you much about an environment. First and foremost it is an indicator of organizational maturity. Where standards are present, order is evident; where standards are absent, systemic chaos exists.
Reverse engineering documentation is helpful as it can expose the lack of authoritative artifacts, the lack of supporting documentation and processes. Typically, if you lack documentation which means the organization may lack the maturity necessary to recover and continue operations in the aftermath of a disaster.
Reverse engineering of a system is a learning tool as it will provide an understanding of how the technology is designed and how it operates. It can also help identify gaps in documentation or implementation.
Reverse engineering from an architectural point of view is important as you must understand where you’ve been if you are to more accurately define where you should be.
In software development, middleware is used to support interoperability between disparate systems. For information security architecture innovation, non-infosec disciplines and practice can serve as the middleware to achieving success by supporting the business in a manner that is accepted. By learning at least two non-infosec practices in your organization, you are enabled to respond in a fashion that will allow you to easily communication with your business partners.
This is how you move past being a analytical thinker to a systems thinker. Remember, analytics is more about focusing on points and is individualist in nature. Systems thinking is the aggregation of analytics around internal and external behaviors and interactions in a system.
Of the recommended knowledge to gain, reverse engineering is perhaps the most valuable as it will enable you to gain a systems view of the information and guide your recommendations more accurately.
Reverse engineering can tell you much about an environment. First and foremost it is an indicator of organizational maturity. Where standards are present, order is evident; where standards are absent, systemic chaos exists.
Reverse engineering documentation is helpful as it can expose the lack of authoritative artifacts, the lack of supporting documentation and processes. Typically, if you lack documentation which means the organization may lack the maturity necessary to recover and continue operations in the aftermath of a disaster.
Reverse engineering of a system is a learning tool as it will provide an understanding of how the technology is designed and how it operates. It can also help identify gaps in documentation or implementation.
Reverse engineering from an architectural point of view is important as you must understand where you’ve been if you are to more accurately define where you should be.
Information security architecture benefits from systems thinking when the input of non-infosec disciplines results in the output clear communication, definition of scope, mapping of disparate entities to a whole entity that can respond to the complex demands of technology in the enterprise.
Systems thinking also enables the security architect to make long-term recommendations and decisions that are sustainable as opposed to short-term fixes.
Information Design is a crucial missing piece in the arsenal of many security professionals. It will help you present narratives or designs in a manner that is driven toward audience. The drawing you might provide to a director or above is much different than that drawing you’ll provide to an engineer or admin.
Software engineering provides the synthesis around what we’ve discussed in the form of applying the concept of AGILE development to accelerate the top heavy and disparate approach of security architecture today.
Thus far we’ve discussed the AS IS or current state of information security architecture. Critical gaps in the current approach and how they undermine the discipline has been examined.
Thought share around remedies to the current state has been introduced in the Getting There section of the presentation.
Now we are ready to synthesize the AS IS and the Getting there elements to put business in information security architecture and make it agile.
Agile methods generally promote a disciplined project management process that encourages frequent inspection and adaptation, a leadership philosophy that encourages teamwork, self-organization and accountability, a set of engineering best practices that allow for rapid delivery of high-quality software, and a business approach that aligns development with customer needs and company goals.
Business modeling like any process can be come arduous and waste time without its own set of controls. By containing it within a logic model, built-in controls are developed that drives the process to produce meaningful results.
I have provided a link at the end of the presentation that can guide you through developing your own logic models. It can be quite useful in communicating complex data.
One of the most important outputs of architecture are artifacts. According to TOGAF, artifact represents an individual model of a system or solution, which could potentially be re-used in a variety of contexts. An artifact is distinct from a deliverable, which is a contracted output from a project. In general cases, deliverables will contain artifacts and each artifact may exist in many deliverables.
Drive the definement of artifacts to streamline solultion delivery.
Here we’ve defined two types of artifacts. Authoritative and Historical. They have very different uses and the audiences differ as well.
Considering the importance of artifacts, IT should agree upon the type of artifacts they will develop and their location. This is crucial if the security architect is to use the AS IS/TO BE methodology. If they cannot reference the past fairly accurately, visioning the future can become more time consuming.
Artifacts are the ‘guts’ of the business and as such should be stored in a secure manner to only those that require access.
Evangelize for your IT department where to store artifacts. Such a decision can make all the difference later on down the road when audits occurs or information management is addressed.
Setting context defines the conceptual layer that will drive the parent-child relationship of taxonomy-based architectural program. Without establishing the parent-child relationship of your program, you will likely offer services that do not align with the business.
At the end the of the day, you are already an expert with information security. Now its time to expand your horizons and add capabilities that will communicate simply what your mission, goals and activities are to non-information security professionals. Diversify your skill set to accomplish more.
Something I’d like to encourage all of you do to…when presenting in the future, list not only your online and book references, but also your people credits. We all meet people who are pivotal in growing or knowledge or professionalism. Don’t forget to mention them.