Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ask smart questions to set security service levels

455 views

Published on

Ask smart questions to set security service levels

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Ask smart questions to set security service levels

  1. 1. Vicente Aceituno @vaceituno (c) 2017 Ask Smart Questions To Set Security Service Levels
  2. 2. Vicente Aceituno vac@zenobia.es - Skype: vaceituno Linkedin - linkedin.com/in/vaceituno Inovement Europe - inovement.es Video Blog - youtube.com/user/vaceituno Blog - ism3.com Twitter - twitter.com/vaceituno Presentations - slideshare.net/vaceituno/presentations Articles - slideshare.net/vaceituno/documents
  3. 3. Agenda  Your Challenges  The root of your Challenges  Solve your Challenges using the Scientific Method  How you can measure Security objectively  How you can agree Service Levels for Security  How you can benefit from using Smart Questions  What you should do next
  4. 4. 4© 2017 REPRODUCTION PROHIBITED. Demonstrating the Board the value of security 2x Investment does not bring 2x Security Risk and Compliance are not enough Your Challenges
  5. 5. 5© 2017 REPRODUCTION PROHIBITED. CISOs need to measure security requirements in a way that is impossible to dispute. Different security requirements lead you to different solutions, investments and decisions. The root of your Challenges
  6. 6. 6© 2017 REPRODUCTION PROHIBITED. Unscientific definitions are like trying to measure length with an highly elastic, randomly marked meter. Using the scientific method the measurement method IS the definition. Solve your Challenges using the Scientific Method
  7. 7. 7© 2017 REPRODUCTION PROHIBITED. Security is an emergent property that arises from customers using information. Ask customers Smart Questions, that render answers that are a measurement of security requirements. How you can measure Security objectively
  8. 8. 8© 2017 REPRODUCTION PROHIBITED. Identify your clients Measure their security requirements Agree the service thresholds for the investment made How you can agree Service Levels for Security
  9. 9. 9© 2017 REPRODUCTION PROHIBITED. Take decisions based of accurate measurements Break down communication barriers Demonstrate value, optimize investment How you can benefit from using Smart Questions
  10. 10. 10© 2017 REPRODUCTION PROHIBITED. What you should do next  Learn how to use Smart Questions that are relevant for you. – There are Smart Questions relevant for different levels of complexity and abstraction.  Use Smart Questions for Service Level Agreements. – Use the connection between information security activity and investment with security requirements to demonstrate the value of past investment or driving new investment, in a cycle of continuous improvement.  Become a leader of this Change of Paradigm. – Using Smart Questions brings benefits at all abstraction levels, from the business level, to technical decisions.
  11. 11.  Follow the Foundations of Information Security Series by joining the Linkedin O-ISM3 Group at: tiny.cc/osim3LG  Learn Advanced Information Security Management, joining us at an O-ISM3 Course: tiny.cc/osim3 What you should do next

×