AO
Uploaded byArt Ocain
PPTX, PDF189 views

vCIO vCISO - Information Technology and Security Strategy.pptx

The document outlines a comprehensive IT and security strategy framework led by Art Ocain, detailing the processes for assessing and updating information security programs and disaster recovery plans. It emphasizes the importance of cross-functional collaboration, alignment with business objectives, and the establishment of strategic goals over immediate, 1-year, 3-year, and 5-year timelines. Key components include risk management, compliance with security frameworks, and the implementation of various cybersecurity controls and policies.

Embed presentation

Downloaded 24 times
vCIO/vCISO IT and Security Strategy Monthly Strategy Meetings by Art Ocain, vCIO/vCISO at Airiam
Understand the business and current IT strategy and cyber strategy Assess & update current IT and security strategy Create & update Information Security Program Create & update Disaster Recovery Plan and Incident Response Plan Develop Technology Roadmap Develop Technology Budget Business Alignment Improve Business Outcomes IT & Security Architectural Design IT Risk Management IT Change Management Ongoing Oversight of IT Initiatives Technical Alignment vCIO Processes vCIO Responsibilities
Strategic Planning IT Strategy
IT Strategic Plan Think: • Immediate Needs • 1 Year Plan • 3 Year Plan • 5 Year Plan 1 Assemble a cross- functional team (IT + Business Leaders) 2 Understand business strategy and objectives 3 Assess current state of IT 4 Identify desired future state 5 Conduct a gap analysis 6 Analyze scenarios and strategic options 7 Define strategic objectives 8 Create roadmap 9 Identify success metrics Success Metrics Roadmap Strategic IT Objectives Desired Future State Current State of IT Business Goals
Strategic Planning Information Security Strategy
Information Security Strategic Plan Think: • Immediate Needs • 1 Year Plan • 3 Year Plan • 5 Year Plan Assemble a cross- functional team (IT + Business Leaders) Understand business strategy and objectives Conduct a risk assessment Identify compliance constraints Select a security framework (NIST CSF, ISO 27001, etc.) Select a security architectural model (zero trust, castle- and-moat, defense- in-depth, etc.) Identify desired future state Conduct a gap analysis Analyze scenarios and strategic options Define strategic objectives Create roadmap Identify success metrics Success Metrics Roadmap Strategic Objectives Desired Future State Framework & Strategy Compliance Req’s Current State of Infosec Business Goals
Cybersecurity Information Security Program
Risk & Vulnerability Management Controls Policies & Plans • Asset Inventory • Risk Assessment • Vulnerability Management • Penetration Testing • User Access/Rights Review • Remediation • Multifactor Authentication • Security Awareness Training • Phishing Simulations • Endpoint Detection & Response • Microsegmentation • Encryption • Access Control • Vendor Due Diligence • Continuous Monitoring • Acceptable Use Policy • Clean Desk & Screen Lock Policy • Data Retention & Destruction Policy • Encryption Policy • Credentials/Password Policy • IT Change Management Policy • Incident Response Plan • Disaster Recovery Plan Information Security Program Governance Strategy & Plan

More Related Content

PPTX
Role of the virtual ciso
byMichael Ball
 
PDF
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
byParishSummer
 
PPTX
How to implement NIST cybersecurity standards in my organization
byExigent Technologies LLC
 
PPTX
Cybersecurity Priorities and Roadmap: Recommendations to DHS
byJohn Gilligan
 
PDF
ePlus Virtual Chief Information Security Officer (vCISO)
byePlus
 
PPTX
Security models for security architecture
byVladimir Jirasek
 
PDF
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
PDF
Security operations center 5 security controls
byAlienVault
 
Role of the virtual ciso
byMichael Ball
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
byParishSummer
 
How to implement NIST cybersecurity standards in my organization
byExigent Technologies LLC
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
byJohn Gilligan
 
ePlus Virtual Chief Information Security Officer (vCISO)
byePlus
 
Security models for security architecture
byVladimir Jirasek
 
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
Security operations center 5 security controls
byAlienVault
 

What's hot

PDF
Cyber Security Governance
byPriyanka Aash
 
PDF
Governance of security operation centers
byBrencil Kaimba
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
PDF
VIRTUAL CISO AND OTHER KEY CYBER ROLES
bySylvain Martinez
 
PPTX
Enterprise Security Architecture Design
byPriyanka Aash
 
PDF
Governance Risk Management and Compliance (GRC)
bySeta Wicaksana
 
PPT
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
PPTX
SOC and SIEM.pptx
bySandeshUprety4
 
PDF
Building the Security Operations and SIEM Use CAse
byDon Murdoch GSE CyberGuardian CISSP
 
PPTX
cyberedu_module_4_cybersecurite_organisation_02_2017.pptx
byJean-Michel Razafindrabe
 
PDF
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
Cyber security maturity model- IT/ITES
byPriyanka Aash
 
PDF
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
byBCM Institute
 
PDF
CISA Summary V1.0
bychristianreina
 
PPTX
Information risk management
byAkash Saraswat
 
PPTX
Modelling Security Architecture
bynarenvivek
 
PPTX
Lec 1- Intro to cyber security and recommendations
byBilalMehmood44
 
PPTX
Security Information and Event Management (SIEM)
byk33a
 
PDF
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
PPTX
ISO_ 27001:2022 Controls & Clauses.pptx
byforam74
 
Cyber Security Governance
byPriyanka Aash
 
Governance of security operation centers
byBrencil Kaimba
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
bySylvain Martinez
 
Enterprise Security Architecture Design
byPriyanka Aash
 
Governance Risk Management and Compliance (GRC)
bySeta Wicaksana
 
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
SOC and SIEM.pptx
bySandeshUprety4
 
Building the Security Operations and SIEM Use CAse
byDon Murdoch GSE CyberGuardian CISSP
 
cyberedu_module_4_cybersecurite_organisation_02_2017.pptx
byJean-Michel Razafindrabe
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cyber security maturity model- IT/ITES
byPriyanka Aash
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
byBCM Institute
 
CISA Summary V1.0
bychristianreina
 
Information risk management
byAkash Saraswat
 
Modelling Security Architecture
bynarenvivek
 
Lec 1- Intro to cyber security and recommendations
byBilalMehmood44
 
Security Information and Event Management (SIEM)
byk33a
 
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
ISO_ 27001:2022 Controls & Clauses.pptx
byforam74
 

Similar to vCIO vCISO - Information Technology and Security Strategy.pptx

DOCX
C09 07222011 101525 Page 88IT leader who had just been.docx
byclairbycraft
 
PPTX
Crafting a winning ICT Strategy .pptx
byPeterOwenje1
 
PDF
Building an effective Information Security Roadmap
byElliott Franklin
 
PDF
Is a Virtual CIO Right for Your Business.pdf
byDelvalTechnologySolu
 
PDF
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
byTaiye Lambo
 
PPTX
Is a Virtual CIO Right for Your Business.pptx
byDelvalTechnologySolu
 
PDF
Does title make a difference?
byPete Nieminen
 
PDF
Enterprise Cybersecurity: From Strategy to Operating Model
byEryk Budi Pratama
 
PDF
VCIO - VOL
bycio tech
 
PDF
Andy Blumenthal Presents The CIO Support Services Framework (CSSF)
byAndy (Avraham) Blumenthal
 
PPT
Strategic IT Planning - S42IL 110714
bystrategicforty2
 
PPTX
Developing IT strategy
byAnurag Purohit
 
PDF
Strategyand_Memo-to-the-CEO
byJohn R Joel Gray
 
PDF
build your IT infrastructure with VCIO .pdf
byITconsultingfirmnj
 
PDF
Developing Information Security Strategy CISM Framework
bypriyanshamadhwal2
 
PDF
Developing Information Security Strategy.pdf
byinfosec train
 
PDF
Developing Information Security Strategy(Using CISM Framework)
byInfosecTrain
 
PPT
CIO Strategies - A Fresh Perspective
byAndy Savvides
 
PPTX
unit 3.pptx
byManushiKhatri
 
PPTX
IT Strategic Planning Guide
byMary Patry
 
C09 07222011 101525 Page 88IT leader who had just been.docx
byclairbycraft
 
Crafting a winning ICT Strategy .pptx
byPeterOwenje1
 
Building an effective Information Security Roadmap
byElliott Franklin
 
Is a Virtual CIO Right for Your Business.pdf
byDelvalTechnologySolu
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
byTaiye Lambo
 
Is a Virtual CIO Right for Your Business.pptx
byDelvalTechnologySolu
 
Does title make a difference?
byPete Nieminen
 
Enterprise Cybersecurity: From Strategy to Operating Model
byEryk Budi Pratama
 
VCIO - VOL
bycio tech
 
Andy Blumenthal Presents The CIO Support Services Framework (CSSF)
byAndy (Avraham) Blumenthal
 
Strategic IT Planning - S42IL 110714
bystrategicforty2
 
Developing IT strategy
byAnurag Purohit
 
Strategyand_Memo-to-the-CEO
byJohn R Joel Gray
 
build your IT infrastructure with VCIO .pdf
byITconsultingfirmnj
 
Developing Information Security Strategy CISM Framework
bypriyanshamadhwal2
 
Developing Information Security Strategy.pdf
byinfosec train
 
Developing Information Security Strategy(Using CISM Framework)
byInfosecTrain
 
CIO Strategies - A Fresh Perspective
byAndy Savvides
 
unit 3.pptx
byManushiKhatri
 
IT Strategic Planning Guide
byMary Patry
 

More from Art Ocain

PPTX
Applying the MITRE CREF.pptx
byArt Ocain
 
PPTX
Accidental Resiliency - MITRE ResilienCyCon 2022-draft-PRE-MARKETING -grey.pptx
byArt Ocain
 
PPTX
Accidental Resiliency - Global Resilience Federation (GRF) Business Resilienc...
byArt Ocain
 
PPTX
Cybersecurity for Small Business - Incident Response.pptx
byArt Ocain
 
PPTX
MePush Leadership Fundamentals - Week 5
byArt Ocain
 
PPTX
MePush Leadership Fundamentals - Week 4
byArt Ocain
 
PPTX
MePush Leadership Fundamentals - Week 3
byArt Ocain
 
PPTX
MePush Leadership Fundamentals - Week 2
byArt Ocain
 
PPTX
Anatomy of a Ransomware Event
byArt Ocain
 
PPTX
MePush Leadership Fundamentals - Week 1
byArt Ocain
 
PPTX
Control Your Data: 3 Steps for Data Governance for Work from Home Staff
byArt Ocain
 
PPTX
Be More Secure than your Competition: MePush Cyber Security for Small Business
byArt Ocain
 
PPTX
Internet safety and you
byArt Ocain
 
Applying the MITRE CREF.pptx
byArt Ocain
 
Accidental Resiliency - MITRE ResilienCyCon 2022-draft-PRE-MARKETING -grey.pptx
byArt Ocain
 
Accidental Resiliency - Global Resilience Federation (GRF) Business Resilienc...
byArt Ocain
 
Cybersecurity for Small Business - Incident Response.pptx
byArt Ocain
 
MePush Leadership Fundamentals - Week 5
byArt Ocain
 
MePush Leadership Fundamentals - Week 4
byArt Ocain
 
MePush Leadership Fundamentals - Week 3
byArt Ocain
 
MePush Leadership Fundamentals - Week 2
byArt Ocain
 
Anatomy of a Ransomware Event
byArt Ocain
 
MePush Leadership Fundamentals - Week 1
byArt Ocain
 
Control Your Data: 3 Steps for Data Governance for Work from Home Staff
byArt Ocain
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
byArt Ocain
 
Internet safety and you
byArt Ocain
 

Recently uploaded

PDF
Mesh WiFi for Mine: Reliable and Secure Wireless Connectivity for Mining Oper...
byAeroMesh Systems
 
PDF
DaVinci Commerce January New Year Edition: Our Big Resolution
byCorina Manea
 
DOCX
Buy Old Gmail Accounts – Academic & Professional Guide 2026.docx
byBuy iCloud Email Accounts
 
PDF
Equinox Gold - February Investor Presentation.pdf
byEquinox Gold Corp.
 
PDF
Carol Gauvreau - Focus Is On Wellness And Spending Time With Her Sons
byCarol Gauvreau
 
PDF
ISACA CISM and CISA - Case Study for BCP
byJS
 
PDF
Professional Profile of Micky Ahuja | CEO of MA Services Group Australia
byMicky Ahuja
 
PDF
Your presence tells your story in real time
byPatrice Bisiot
 
PDF
What Is Setup for Decoration | Machine Reality Explained
byInkdnylon
 
PDF
A Brief Introduction About Zaid Alsikafi
byZaid Alsikafi
 
PDF
J Hamilton M&G - 4 Feb 2026 FINAL (1).pdf
byHenry Tapper
 
PDF
Exhibitor Manual (IAIIExpo'26 V1 FW).pdf
bykumaraditya210
 
PDF
Books on display in our Library January-February 2026
byNZSG
 
PPTX
PRELIMS for PES on world businesses.pptx
bySureshGKPESUniversit
 
PDF
Laura Sergio - Specializing In Helping Small Businesses
byLaura Sergio
 
PDF
Equinox Gold - February Investor Presentation.pdf
byEquinox Gold Corp.
 
PDF
Hryhorii Butovych: Talent Management у PMO: як бути лідером для лідерів (UA)
byLviv Startup Club
 
PDF
Daily-Ads Review: Top Affiliates Are SCARED to Tell You This.pdf
bysimplefreedomwarrior
 
PDF
Havenwatch Foundation for Child Protection Data Handling & Privacy Policy
byhavenwatchfoundation
 
DOCX
Why Should I Buy Old Gmail Accounts_losangeless _______________.docx
byjoshuabellc7
 
Mesh WiFi for Mine: Reliable and Secure Wireless Connectivity for Mining Oper...
byAeroMesh Systems
 
DaVinci Commerce January New Year Edition: Our Big Resolution
byCorina Manea
 
Buy Old Gmail Accounts – Academic & Professional Guide 2026.docx
byBuy iCloud Email Accounts
 
Equinox Gold - February Investor Presentation.pdf
byEquinox Gold Corp.
 
Carol Gauvreau - Focus Is On Wellness And Spending Time With Her Sons
byCarol Gauvreau
 
ISACA CISM and CISA - Case Study for BCP
byJS
 
Professional Profile of Micky Ahuja | CEO of MA Services Group Australia
byMicky Ahuja
 
Your presence tells your story in real time
byPatrice Bisiot
 
What Is Setup for Decoration | Machine Reality Explained
byInkdnylon
 
A Brief Introduction About Zaid Alsikafi
byZaid Alsikafi
 
J Hamilton M&G - 4 Feb 2026 FINAL (1).pdf
byHenry Tapper
 
Exhibitor Manual (IAIIExpo'26 V1 FW).pdf
bykumaraditya210
 
Books on display in our Library January-February 2026
byNZSG
 
PRELIMS for PES on world businesses.pptx
bySureshGKPESUniversit
 
Laura Sergio - Specializing In Helping Small Businesses
byLaura Sergio
 
Equinox Gold - February Investor Presentation.pdf
byEquinox Gold Corp.
 
Hryhorii Butovych: Talent Management у PMO: як бути лідером для лідерів (UA)
byLviv Startup Club
 
Daily-Ads Review: Top Affiliates Are SCARED to Tell You This.pdf
bysimplefreedomwarrior
 
Havenwatch Foundation for Child Protection Data Handling & Privacy Policy
byhavenwatchfoundation
 
Why Should I Buy Old Gmail Accounts_losangeless _______________.docx
byjoshuabellc7
 

vCIO vCISO - Information Technology and Security Strategy.pptx

  • 1.
    vCIO/vCISO IT andSecurity Strategy Monthly Strategy Meetings by Art Ocain, vCIO/vCISO at Airiam
  • 2.
    Understand the business and currentIT strategy and cyber strategy Assess & update current IT and security strategy Create & update Information Security Program Create & update Disaster Recovery Plan and Incident Response Plan Develop Technology Roadmap Develop Technology Budget Business Alignment Improve Business Outcomes IT & Security Architectural Design IT Risk Management IT Change Management Ongoing Oversight of IT Initiatives Technical Alignment vCIO Processes vCIO Responsibilities
  • 3.
  • 4.
    IT Strategic Plan Think: •Immediate Needs • 1 Year Plan • 3 Year Plan • 5 Year Plan 1 Assemble a cross- functional team (IT + Business Leaders) 2 Understand business strategy and objectives 3 Assess current state of IT 4 Identify desired future state 5 Conduct a gap analysis 6 Analyze scenarios and strategic options 7 Define strategic objectives 8 Create roadmap 9 Identify success metrics Success Metrics Roadmap Strategic IT Objectives Desired Future State Current State of IT Business Goals
  • 5.
  • 6.
    Information Security StrategicPlan Think: • Immediate Needs • 1 Year Plan • 3 Year Plan • 5 Year Plan Assemble a cross- functional team (IT + Business Leaders) Understand business strategy and objectives Conduct a risk assessment Identify compliance constraints Select a security framework (NIST CSF, ISO 27001, etc.) Select a security architectural model (zero trust, castle- and-moat, defense- in-depth, etc.) Identify desired future state Conduct a gap analysis Analyze scenarios and strategic options Define strategic objectives Create roadmap Identify success metrics Success Metrics Roadmap Strategic Objectives Desired Future State Framework & Strategy Compliance Req’s Current State of Infosec Business Goals
  • 7.
  • 8.
    Risk & VulnerabilityManagement Controls Policies & Plans • Asset Inventory • Risk Assessment • Vulnerability Management • Penetration Testing • User Access/Rights Review • Remediation • Multifactor Authentication • Security Awareness Training • Phishing Simulations • Endpoint Detection & Response • Microsegmentation • Encryption • Access Control • Vendor Due Diligence • Continuous Monitoring • Acceptable Use Policy • Clean Desk & Screen Lock Policy • Data Retention & Destruction Policy • Encryption Policy • Credentials/Password Policy • IT Change Management Policy • Incident Response Plan • Disaster Recovery Plan Information Security Program Governance Strategy & Plan