SlideShare a Scribd company logo

Transform The Security Conversation

Download as PPTX, PDF
SABSAcourses
SABSAcourses

Transform the Security Conversation using SABSA & Enterprise Security Architetcure

Technology
1 of 31
 David Lynas Consulting Limited 2017 Transform the Security Conversation Enablement : Excellence : Value eCrime Singapore, 4 May 2017 David Lynas CEO David Lynas Consulting Ltd CEO The SABSA Institute CIC COSAC Chairman
 David Lynas Consulting Limited 2017 1 Your Presenter – David Lynas  36th year in Information Security  Co-author of SABSA  CEO SABSA Institute  SABSA Accredited Education Provider  Co-author “Enterprise Security Architecture”  ISBN 1-57820-318-X  Architecture & strategy clients on every continent  Fellow BCS & CSI Lifetime Achievement Award  Founder and chair of COSAC
Agenda – Use SABSA to Transform the Security Conversation  David Lynas Consulting Limited 2017 2
 David Lynas Consulting Limited 2017 3 The World’s Leading ESA Method & Framework  Free-use Methodology & Framework  Certified Architects in 60+ Countries  Formal regulated Professional Institute  Official & de facto Standard  Government, Finance & Industry Change the Landscape of Security & Risk Management, Enable Business and Bring Demonstrable Value to Your Security Program
4 SABSA Top Ten Applications  Security Architecture  Enterprise Architecture  Traceability & Alignment of Solutions to Business Requirements  Enterprise Risk & Opportunity Management  Assurance, Compliance & Audit  Governance & Policy Architecture  Technical Solutions Design  Integration & Alignment of approaches, framework & standards  Security Service Management Framework  Critical National Infrastructure Strategy  David Lynas Consulting Limited 2017 4
The Security Language Barrier  David Lynas Consulting Limited 2017 5
The Security Language Barrier  David Lynas Consulting Limited 2017 6 What are your security requirements? I don’t know – that’s what I pay you for!
The Security Language Barrier  David Lynas Consulting Limited 2017 7 I can give you Confidentiality! But I didn’t go into Business to achieve confidentiality
The Security Language Barrier  David Lynas Consulting Limited 2017 8 Do you lose sleep worrying about scary threats? I lose sleep worrying about opportunities I can’t grasp!
The Security Language Barrier  David Lynas Consulting Limited 2017 9 What about DDOS, ZeroDay, Bots, Phishing, Malware and RootKits? ¿Qué? Huh? Say what?
The Security Language Barrier  Requirements are lost in translation  We ask the wrong question  We offer a non-business solution to a business problem  We talk the wrong language  We sell negatives to stakeholders who desire……  David Lynas Consulting Limited 2017 10 enablement, excellence & value
What Really Matters  David Lynas Consulting Limited 2017 11 Seraph to Neo – The Matrix Reloaded “I protect that which matters most”
Transform Language of Requirements  David Lynas Consulting Limited 2017 12 SABSAAttributes Profiling Technique  Engineering technique for modelling Business Requirements into normalised, measureable, demonstrable, re-usable, reportable form  The “Things that matter most”  Instinctive to stakeholders at all levels  Measureable to define performance targets and risk appetite  Populates the missing link between Business and Security  Delegates Risk Appetite & Performance Targets
Example: Values of an NHS Trust  David Lynas Consulting Limited 2017 13 Patient Focussed Respectful Trusted Clear
Example: Values of an NHS Trust  David Lynas Consulting Limited 2017 14 Prioritised Responsible Professional Communicative Innovative
Example: NHS Trust Strategic Plan  David Lynas Consulting Limited 2017 15 Quality Effective Error-Free Financially Sustainable Available Accessible Mobile Scaleable Timely Safe Reliable
A Hierarchy of Systemic Understanding  David Lynas Consulting Limited 2017 16  Systemic Interactions  Vertically  Peer-to-peer  Delegation of risk appetite  Governance, Ownership & delegation of responsibility  Every subdomain contributes performance to superdomain  Subdomains exist to serve the risk & performance appetite of the superdomain
Transform the Language of Security  David Lynas Consulting Limited 2017 17 Patient Focussed Prioritised Financially Sustainable Trusted Responsible Error Free Culture Sensitive Available Cost Effective Accountable Compliant Protected Identified Authenticated Authorised Access Controlled Reliable Resilient Recoverable Standards Compliant Integrity Assured Educated & Aware Confidential Auditable Re-usable Monitored Affordable Accessible Attributes for Two-Way Traceability
The Language of Horseshoe Nails  David Lynas Consulting Limited 2017 18 Risk Appetite Distribution, Policy Delegation & Systemic Risk  But HOW does the King check the horseshoe nails? “For want of a nail the shoe was lost. For want of a shoe the horse was lost. For want of a horse the rider was lost. For want of a rider the message was lost. For want of a message the battle was lost. For want of a battle the kingdom was lost. And all for the want of a nail.” — George Herbert, Jacula Prudentum, 1651
Transform the Language of Governance  David Lynas Consulting Limited 2017 19 Accountable Responsible Performance Target / Risk Appetite Distributed Downwards Contributing Risk Performance Aggregated Upwards The Secret to Measures & Metrics: “What Have you Done for me Lately?”
Transform the Language of Governance  David Lynas Consulting Limited 2017 20 Customer Focussed User Centric Profitable Reputable Trusted Crime Free Culture Sensitive Available Cost Effective Accountable Compliant Protected Identified Authenticated Authorised Access Controlled Reliable Resilient Recoverable Standards Compliant Integrity Assured Educated & Aware Confidential Auditable Re-usable Monitored Affordable Accessible Attributes for Reporting: Governance & Compliance
Balanced Risk Theory  David Lynas Consulting Limited 2017 21 Two Sides of the Same (Attribute) Coin  Measurable  Performance target  Risk Appetite  Risk v Reward
The Language of Risk Balance  David Lynas Consulting Limited 2017 22 Protect Enhance Control Enablement Maintain Prevent Damage Stop Etc Increase Enable Go Etc
The Language of Risk Balance  David Lynas Consulting Limited 2017 23 Protect life Prevent Crash Go Faster Increase Trust Control Objective Enablement Objective Control Enabler
SABSA Risk Balance Model  David Lynas Consulting Limited 2017 24
Transform the Language of Risk  David Lynas Consulting Limited 2017 25 Patient Focussed Prioritised Financially Sustainable Trusted Responsible Error Free Culture Sensitive Available Cost Effective Accountable Compliant Protected Identified Authenticated Authorised Access Controlled Reliable Resilient Recoverable Standards Compliant Integrity Assured Educated & Aware Confidential Auditable Re-usable Monitored Affordable Accessible Attributes for Risk & Opportunity Management
The Language of “The Boss”  David Lynas Consulting Limited 2017 26 “Either you demonstrate support for my business objectives or you are a business prevention department getting in my way!”
Transform the Language of Strategy  David Lynas Consulting Limited 2017 27 Patient Focussed Prioritised Financially Sustainable Trusted Responsible Error Free Culture Sensitive Available Cost Effective Accountable Compliant Protected Identified Authenticated Authorised Access Controlled Reliable Resilient Recoverable Standards Compliant Integrity Assured Educated & Aware Confidential Auditable Re-usable Monitored Affordable Accessible Attribute for Strategic Road Mapping Current-state Target-state
More Information  David Lynas Consulting Limited 2017 28  The World’s most experienced SABSA Delivery Team  Contact info@davidlynas.com
More Information Visit David Lynas Consulting / SABSAcourses in the Exhibition Hall and enter draw for a free place on our next Singapore course  David Lynas Consulting Limited 2017 29  Singapore Official Training  12 – 16 June 2017  Sabsacourses.com
 David Lynas Consulting Limited 2017 30 THANK YOU David Lynas David@davidlynas.com www.sabsacourses.com

Recommended

Compliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRCompliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRSABSAcourses
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Insight FR
 
Cyber Eleven flyer
Cyber Eleven flyerCyber Eleven flyer
Cyber Eleven flyerTimmy Chou
 
Board secretaries and general counsels
Board secretaries and general counsels Board secretaries and general counsels
Board secretaries and general counsels Maganathin Veeraragaloo
 
Fix nix GRC DEMO FOR RISK TEAM MPHASIS
Fix nix GRC DEMO FOR RISK TEAM MPHASISFix nix GRC DEMO FOR RISK TEAM MPHASIS
Fix nix GRC DEMO FOR RISK TEAM MPHASISFixNix Inc.,
 

Recommended

Compliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRCompliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRSABSAcourses
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Insight FR
 
Cyber Eleven flyer
Cyber Eleven flyerCyber Eleven flyer
Cyber Eleven flyerTimmy Chou
 
Board secretaries and general counsels
Board secretaries and general counsels Board secretaries and general counsels
Board secretaries and general counsels Maganathin Veeraragaloo
 
Fix nix GRC DEMO FOR RISK TEAM MPHASIS
Fix nix GRC DEMO FOR RISK TEAM MPHASISFix nix GRC DEMO FOR RISK TEAM MPHASIS
Fix nix GRC DEMO FOR RISK TEAM MPHASISFixNix Inc.,
 
Axis Technology Consulting Overview
Axis Technology Consulting OverviewAxis Technology Consulting Overview
Axis Technology Consulting OverviewAxis Technology
 
Managed IT Services: Overview, Importance, Business Benefits
Managed IT Services: Overview, Importance, Business BenefitsManaged IT Services: Overview, Importance, Business Benefits
Managed IT Services: Overview, Importance, Business BenefitsVeritis Group, Inc
 
webbased contract management tool
webbased contract management toolwebbased contract management tool
webbased contract management tooldauwie
 
Scalar - a brief introduction
Scalar - a brief introductionScalar - a brief introduction
Scalar - a brief introductionScalar Decisions
 
1 b trevor skingle
1 b trevor skingle1 b trevor skingle
1 b trevor skingleCFG
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Healthcare Transformation Framework Solves Coding Compliance Needs
Healthcare Transformation Framework Solves Coding Compliance NeedsHealthcare Transformation Framework Solves Coding Compliance Needs
Healthcare Transformation Framework Solves Coding Compliance Needsa2c
 
Introduction to Diverse Lynx
Introduction to Diverse LynxIntroduction to Diverse Lynx
Introduction to Diverse LynxDiverse Lynx
 
SAMA BCM Framework
SAMA BCM Framework SAMA BCM Framework
SAMA BCM Framework Continuity and Resilience
 
IT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingIT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingYASH Technologies
 
3B Business transformation from the inside: how & why the NSPCC moved from Ch...
3B Business transformation from the inside: how & why the NSPCC moved from Ch...3B Business transformation from the inside: how & why the NSPCC moved from Ch...
3B Business transformation from the inside: how & why the NSPCC moved from Ch...CFG
 
Buyers_Guide_eBook
Buyers_Guide_eBookBuyers_Guide_eBook
Buyers_Guide_eBookAbbey Peckis
 
Diverse Lynx Intro
Diverse Lynx IntroDiverse Lynx Intro
Diverse Lynx IntroDiverse Lynx
 
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist, LLC
 
Axis Technology - Consulting Overview
Axis Technology - Consulting OverviewAxis Technology - Consulting Overview
Axis Technology - Consulting OverviewAxis Technology, LLC
 
Legal Resource Group Presentation
Legal Resource Group PresentationLegal Resource Group Presentation
Legal Resource Group Presentationlawfirminsuranceguru
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 
Finding the right legal process management tools
Finding the right legal process management toolsFinding the right legal process management tools
Finding the right legal process management toolssarahbrown1
 
Why Peak 10_Info
Why Peak 10_InfoWhy Peak 10_Info
Why Peak 10_Infocoughlin70
 
AdvisorAssist Compliance ROI
AdvisorAssist Compliance ROIAdvisorAssist Compliance ROI
AdvisorAssist Compliance ROIAdvisorAssist, LLC
 
WiselyWise for Marketers 2017
WiselyWise for Marketers 2017WiselyWise for Marketers 2017
WiselyWise for Marketers 2017Chandrakumar Natarajan
 
KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptx
KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptxKiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptx
KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptxMeseAK
 

More Related Content

What's hot

Axis Technology Consulting Overview
Axis Technology Consulting OverviewAxis Technology Consulting Overview
Axis Technology Consulting OverviewAxis Technology
 
Managed IT Services: Overview, Importance, Business Benefits
Managed IT Services: Overview, Importance, Business BenefitsManaged IT Services: Overview, Importance, Business Benefits
Managed IT Services: Overview, Importance, Business BenefitsVeritis Group, Inc
 
webbased contract management tool
webbased contract management toolwebbased contract management tool
webbased contract management tooldauwie
 
Scalar - a brief introduction
Scalar - a brief introductionScalar - a brief introduction
Scalar - a brief introductionScalar Decisions
 
1 b trevor skingle
1 b trevor skingle1 b trevor skingle
1 b trevor skingleCFG
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Healthcare Transformation Framework Solves Coding Compliance Needs
Healthcare Transformation Framework Solves Coding Compliance NeedsHealthcare Transformation Framework Solves Coding Compliance Needs
Healthcare Transformation Framework Solves Coding Compliance Needsa2c
 
Introduction to Diverse Lynx
Introduction to Diverse LynxIntroduction to Diverse Lynx
Introduction to Diverse LynxDiverse Lynx
 
IT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingIT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingYASH Technologies
 
3B Business transformation from the inside: how & why the NSPCC moved from Ch...
3B Business transformation from the inside: how & why the NSPCC moved from Ch...3B Business transformation from the inside: how & why the NSPCC moved from Ch...
3B Business transformation from the inside: how & why the NSPCC moved from Ch...CFG
 
Buyers_Guide_eBook
Buyers_Guide_eBookBuyers_Guide_eBook
Buyers_Guide_eBookAbbey Peckis
 
Diverse Lynx Intro
Diverse Lynx IntroDiverse Lynx Intro
Diverse Lynx IntroDiverse Lynx
 
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist, LLC
 
Axis Technology - Consulting Overview
Axis Technology - Consulting OverviewAxis Technology - Consulting Overview
Axis Technology - Consulting OverviewAxis Technology, LLC
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 
Finding the right legal process management tools
Finding the right legal process management toolsFinding the right legal process management tools
Finding the right legal process management toolssarahbrown1
 
Why Peak 10_Info
Why Peak 10_InfoWhy Peak 10_Info
Why Peak 10_Infocoughlin70
 

What's hot (20)

Axis Technology Consulting Overview
Axis Technology Consulting OverviewAxis Technology Consulting Overview
Axis Technology Consulting Overview
 
Managed IT Services: Overview, Importance, Business Benefits
Managed IT Services: Overview, Importance, Business BenefitsManaged IT Services: Overview, Importance, Business Benefits
Managed IT Services: Overview, Importance, Business Benefits
 
webbased contract management tool
webbased contract management toolwebbased contract management tool
webbased contract management tool
 
Scalar - a brief introduction
Scalar - a brief introductionScalar - a brief introduction
Scalar - a brief introduction
 
1 b trevor skingle
1 b trevor skingle1 b trevor skingle
1 b trevor skingle
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
 
Healthcare Transformation Framework Solves Coding Compliance Needs
Healthcare Transformation Framework Solves Coding Compliance NeedsHealthcare Transformation Framework Solves Coding Compliance Needs
Healthcare Transformation Framework Solves Coding Compliance Needs
 
Introduction to Diverse Lynx
Introduction to Diverse LynxIntroduction to Diverse Lynx
Introduction to Diverse Lynx
 
SAMA BCM Framework
SAMA BCM Framework SAMA BCM Framework
SAMA BCM Framework
 
IT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingIT Infrastructure Management and Outsourcing
IT Infrastructure Management and Outsourcing
 
3B Business transformation from the inside: how & why the NSPCC moved from Ch...
3B Business transformation from the inside: how & why the NSPCC moved from Ch...3B Business transformation from the inside: how & why the NSPCC moved from Ch...
3B Business transformation from the inside: how & why the NSPCC moved from Ch...
 
Buyers_Guide_eBook
Buyers_Guide_eBookBuyers_Guide_eBook
Buyers_Guide_eBook
 
Diverse Lynx Intro
Diverse Lynx IntroDiverse Lynx Intro
Diverse Lynx Intro
 
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
 
Axis Technology - Consulting Overview
Axis Technology - Consulting OverviewAxis Technology - Consulting Overview
Axis Technology - Consulting Overview
 
Legal Resource Group Presentation
Legal Resource Group PresentationLegal Resource Group Presentation
Legal Resource Group Presentation
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
 
Finding the right legal process management tools
Finding the right legal process management toolsFinding the right legal process management tools
Finding the right legal process management tools
 
Why Peak 10_Info
Why Peak 10_InfoWhy Peak 10_Info
Why Peak 10_Info
 
AdvisorAssist Compliance ROI
AdvisorAssist Compliance ROIAdvisorAssist Compliance ROI
AdvisorAssist Compliance ROI
 

Similar to Transform The Security Conversation

KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptx
KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptxKiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptx
KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptxMeseAK
 
Business Solutions International Inc Presentation Final
Business Solutions International Inc Presentation FinalBusiness Solutions International Inc Presentation Final
Business Solutions International Inc Presentation FinalSonia_R
 
Business Solutions International Inc Presentation Final
Business Solutions International Inc Presentation FinalBusiness Solutions International Inc Presentation Final
Business Solutions International Inc Presentation FinalSonia_R
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
M&A integration governance
M&A integration governanceM&A integration governance
M&A integration governanceDanny A Davis
 
Risk Americas17 BrochureFINAL
Risk Americas17 BrochureFINALRisk Americas17 BrochureFINAL
Risk Americas17 BrochureFINALAlice Kelly
 
Best Practices And Next Gen Formats: Supercharging Web Content Performance
Best Practices And Next Gen Formats: Supercharging Web Content PerformanceBest Practices And Next Gen Formats: Supercharging Web Content Performance
Best Practices And Next Gen Formats: Supercharging Web Content PerformanceG3 Communications
 
Protune Consulting - Company Profile
Protune Consulting - Company ProfileProtune Consulting - Company Profile
Protune Consulting - Company ProfileSatej Salvi
 
Making It Happen: A Simple Framework to Drive Sales Results
Making It Happen: A Simple Framework to Drive Sales ResultsMaking It Happen: A Simple Framework to Drive Sales Results
Making It Happen: A Simple Framework to Drive Sales ResultsValueSelling Associates, Inc.
 
M&A Integration Efficiencies
M&A Integration EfficienciesM&A Integration Efficiencies
M&A Integration EfficienciesDanny A Davis
 
M&A integration synergy
M&A integration synergyM&A integration synergy
M&A integration synergyDanny A Davis
 
RSolutions Complete Catalogue 2020
RSolutions Complete Catalogue 2020RSolutions Complete Catalogue 2020
RSolutions Complete Catalogue 2020RSolutions
 
Lewis Davey Brochure (1)
Lewis Davey Brochure (1)Lewis Davey Brochure (1)
Lewis Davey Brochure (1)Robert Hanks
 
Manassure- Presentation
Manassure- PresentationManassure- Presentation
Manassure- PresentationManas Sahu
 
Archis Business Solutions Pvt Ltd
Archis Business Solutions Pvt LtdArchis Business Solutions Pvt Ltd
Archis Business Solutions Pvt LtdSanjay Dhavalikar
 

Similar to Transform The Security Conversation (20)

WiselyWise for Marketers 2017
WiselyWise for Marketers 2017WiselyWise for Marketers 2017
WiselyWise for Marketers 2017
 
KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptx
KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptxKiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptx
KiwiQA-Corporate-Presefvdvdxvxcvxcntation (2).pptx
 
DISYS, Inc. Information
DISYS, Inc. InformationDISYS, Inc. Information
DISYS, Inc. Information
 
Business Solutions International Inc Presentation Final
Business Solutions International Inc Presentation FinalBusiness Solutions International Inc Presentation Final
Business Solutions International Inc Presentation Final
 
Business Solutions International Inc Presentation Final
Business Solutions International Inc Presentation FinalBusiness Solutions International Inc Presentation Final
Business Solutions International Inc Presentation Final
 
6 Ways to Increase Prospecting Effectiveness
6 Ways to Increase Prospecting Effectiveness6 Ways to Increase Prospecting Effectiveness
6 Ways to Increase Prospecting Effectiveness
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
M&A integration governance
M&A integration governanceM&A integration governance
M&A integration governance
 
Risk Americas17 BrochureFINAL
Risk Americas17 BrochureFINALRisk Americas17 BrochureFINAL
Risk Americas17 BrochureFINAL
 
Best Practices And Next Gen Formats: Supercharging Web Content Performance
Best Practices And Next Gen Formats: Supercharging Web Content PerformanceBest Practices And Next Gen Formats: Supercharging Web Content Performance
Best Practices And Next Gen Formats: Supercharging Web Content Performance
 
Insights success the 10 most admired consulting companies in 2017
Insights success the 10 most admired consulting companies in 2017Insights success the 10 most admired consulting companies in 2017
Insights success the 10 most admired consulting companies in 2017
 
Protune Consulting - Company Profile
Protune Consulting - Company ProfileProtune Consulting - Company Profile
Protune Consulting - Company Profile
 
MARSH INDIA
MARSH INDIAMARSH INDIA
MARSH INDIA
 
Making It Happen: A Simple Framework to Drive Sales Results
Making It Happen: A Simple Framework to Drive Sales ResultsMaking It Happen: A Simple Framework to Drive Sales Results
Making It Happen: A Simple Framework to Drive Sales Results
 
M&A Integration Efficiencies
M&A Integration EfficienciesM&A Integration Efficiencies
M&A Integration Efficiencies
 
M&A integration synergy
M&A integration synergyM&A integration synergy
M&A integration synergy
 
RSolutions Complete Catalogue 2020
RSolutions Complete Catalogue 2020RSolutions Complete Catalogue 2020
RSolutions Complete Catalogue 2020
 
Lewis Davey Brochure (1)
Lewis Davey Brochure (1)Lewis Davey Brochure (1)
Lewis Davey Brochure (1)
 
Manassure- Presentation
Manassure- PresentationManassure- Presentation
Manassure- Presentation
 
Archis Business Solutions Pvt Ltd
Archis Business Solutions Pvt LtdArchis Business Solutions Pvt Ltd
Archis Business Solutions Pvt Ltd
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Transform The Security Conversation

  • 1.  David Lynas Consulting Limited 2017 Transform the Security Conversation Enablement : Excellence : Value eCrime Singapore, 4 May 2017 David Lynas CEO David Lynas Consulting Ltd CEO The SABSA Institute CIC COSAC Chairman
  • 2.  David Lynas Consulting Limited 2017 1 Your Presenter – David Lynas  36th year in Information Security  Co-author of SABSA  CEO SABSA Institute  SABSA Accredited Education Provider  Co-author “Enterprise Security Architecture”  ISBN 1-57820-318-X  Architecture & strategy clients on every continent  Fellow BCS & CSI Lifetime Achievement Award  Founder and chair of COSAC
  • 3. Agenda – Use SABSA to Transform the Security Conversation  David Lynas Consulting Limited 2017 2
  • 4.  David Lynas Consulting Limited 2017 3 The World’s Leading ESA Method & Framework  Free-use Methodology & Framework  Certified Architects in 60+ Countries  Formal regulated Professional Institute  Official & de facto Standard  Government, Finance & Industry Change the Landscape of Security & Risk Management, Enable Business and Bring Demonstrable Value to Your Security Program
  • 5. 4 SABSA Top Ten Applications  Security Architecture  Enterprise Architecture  Traceability & Alignment of Solutions to Business Requirements  Enterprise Risk & Opportunity Management  Assurance, Compliance & Audit  Governance & Policy Architecture  Technical Solutions Design  Integration & Alignment of approaches, framework & standards  Security Service Management Framework  Critical National Infrastructure Strategy  David Lynas Consulting Limited 2017 4
  • 6. The Security Language Barrier  David Lynas Consulting Limited 2017 5
  • 7. The Security Language Barrier  David Lynas Consulting Limited 2017 6 What are your security requirements? I don’t know – that’s what I pay you for!
  • 8. The Security Language Barrier  David Lynas Consulting Limited 2017 7 I can give you Confidentiality! But I didn’t go into Business to achieve confidentiality
  • 9. The Security Language Barrier  David Lynas Consulting Limited 2017 8 Do you lose sleep worrying about scary threats? I lose sleep worrying about opportunities I can’t grasp!
  • 10. The Security Language Barrier  David Lynas Consulting Limited 2017 9 What about DDOS, ZeroDay, Bots, Phishing, Malware and RootKits? ¿Qué? Huh? Say what?
  • 11. The Security Language Barrier  Requirements are lost in translation  We ask the wrong question  We offer a non-business solution to a business problem  We talk the wrong language  We sell negatives to stakeholders who desire……  David Lynas Consulting Limited 2017 10 enablement, excellence & value
  • 12. What Really Matters  David Lynas Consulting Limited 2017 11 Seraph to Neo – The Matrix Reloaded “I protect that which matters most”
  • 13. Transform Language of Requirements  David Lynas Consulting Limited 2017 12 SABSAAttributes Profiling Technique  Engineering technique for modelling Business Requirements into normalised, measureable, demonstrable, re-usable, reportable form  The “Things that matter most”  Instinctive to stakeholders at all levels  Measureable to define performance targets and risk appetite  Populates the missing link between Business and Security  Delegates Risk Appetite & Performance Targets
  • 14. Example: Values of an NHS Trust  David Lynas Consulting Limited 2017 13 Patient Focussed Respectful Trusted Clear
  • 15. Example: Values of an NHS Trust  David Lynas Consulting Limited 2017 14 Prioritised Responsible Professional Communicative Innovative
  • 16. Example: NHS Trust Strategic Plan  David Lynas Consulting Limited 2017 15 Quality Effective Error-Free Financially Sustainable Available Accessible Mobile Scaleable Timely Safe Reliable
  • 17. A Hierarchy of Systemic Understanding  David Lynas Consulting Limited 2017 16  Systemic Interactions  Vertically  Peer-to-peer  Delegation of risk appetite  Governance, Ownership & delegation of responsibility  Every subdomain contributes performance to superdomain  Subdomains exist to serve the risk & performance appetite of the superdomain
  • 18. Transform the Language of Security  David Lynas Consulting Limited 2017 17 Patient Focussed Prioritised Financially Sustainable Trusted Responsible Error Free Culture Sensitive Available Cost Effective Accountable Compliant Protected Identified Authenticated Authorised Access Controlled Reliable Resilient Recoverable Standards Compliant Integrity Assured Educated & Aware Confidential Auditable Re-usable Monitored Affordable Accessible Attributes for Two-Way Traceability
  • 19. The Language of Horseshoe Nails  David Lynas Consulting Limited 2017 18 Risk Appetite Distribution, Policy Delegation & Systemic Risk  But HOW does the King check the horseshoe nails? “For want of a nail the shoe was lost. For want of a shoe the horse was lost. For want of a horse the rider was lost. For want of a rider the message was lost. For want of a message the battle was lost. For want of a battle the kingdom was lost. And all for the want of a nail.” — George Herbert, Jacula Prudentum, 1651
  • 20. Transform the Language of Governance  David Lynas Consulting Limited 2017 19 Accountable Responsible Performance Target / Risk Appetite Distributed Downwards Contributing Risk Performance Aggregated Upwards The Secret to Measures & Metrics: “What Have you Done for me Lately?”
  • 21. Transform the Language of Governance  David Lynas Consulting Limited 2017 20 Customer Focussed User Centric Profitable Reputable Trusted Crime Free Culture Sensitive Available Cost Effective Accountable Compliant Protected Identified Authenticated Authorised Access Controlled Reliable Resilient Recoverable Standards Compliant Integrity Assured Educated & Aware Confidential Auditable Re-usable Monitored Affordable Accessible Attributes for Reporting: Governance & Compliance
  • 22. Balanced Risk Theory  David Lynas Consulting Limited 2017 21 Two Sides of the Same (Attribute) Coin  Measurable  Performance target  Risk Appetite  Risk v Reward
  • 23. The Language of Risk Balance  David Lynas Consulting Limited 2017 22 Protect Enhance Control Enablement Maintain Prevent Damage Stop Etc Increase Enable Go Etc
  • 24. The Language of Risk Balance  David Lynas Consulting Limited 2017 23 Protect life Prevent Crash Go Faster Increase Trust Control Objective Enablement Objective Control Enabler
  • 25. SABSA Risk Balance Model  David Lynas Consulting Limited 2017 24
  • 26. Transform the Language of Risk  David Lynas Consulting Limited 2017 25 Patient Focussed Prioritised Financially Sustainable Trusted Responsible Error Free Culture Sensitive Available Cost Effective Accountable Compliant Protected Identified Authenticated Authorised Access Controlled Reliable Resilient Recoverable Standards Compliant Integrity Assured Educated & Aware Confidential Auditable Re-usable Monitored Affordable Accessible Attributes for Risk & Opportunity Management
  • 27. The Language of “The Boss”  David Lynas Consulting Limited 2017 26 “Either you demonstrate support for my business objectives or you are a business prevention department getting in my way!”
  • 28. Transform the Language of Strategy  David Lynas Consulting Limited 2017 27 Patient Focussed Prioritised Financially Sustainable Trusted Responsible Error Free Culture Sensitive Available Cost Effective Accountable Compliant Protected Identified Authenticated Authorised Access Controlled Reliable Resilient Recoverable Standards Compliant Integrity Assured Educated & Aware Confidential Auditable Re-usable Monitored Affordable Accessible Attribute for Strategic Road Mapping Current-state Target-state
  • 29. More Information  David Lynas Consulting Limited 2017 28  The World’s most experienced SABSA Delivery Team  Contact info@davidlynas.com
  • 30. More Information Visit David Lynas Consulting / SABSAcourses in the Exhibition Hall and enter draw for a free place on our next Singapore course  David Lynas Consulting Limited 2017 29  Singapore Official Training  12 – 16 June 2017  Sabsacourses.com
  • 31.  David Lynas Consulting Limited 2017 30 THANK YOU David Lynas David@davidlynas.com www.sabsacourses.com