Академический Документы
Профессиональный Документы
Культура Документы
June1,2011
<PresenterName>
VirtualProblems RealAnswers
Disclaimer
Theviewsandopinionsexpressedduringthisconferencearethoseof thespeakersanddonotnecessarilyreflecttheviewsandopinions heldbytheInformationSystemsSecurityAssociation(ISSA),the SiliconValleyISSA,theSanFranciscoISSAortheSanFranciscoBay AreaInfraGardMembersAlliance(IMA). NeitherISSA,InfraGard,nor anyofitschapterswarrantstheaccuracy,timelinessorcompleteness oftheinformationpresented. Nothinginthisconferenceshouldbe construedasprofessionalorlegaladviceorascreatingaprofessional customerorattorneyclientrelationship. Ifprofessional,legal,or otherexpertassistanceisrequired,theservicesofacompetent professionalshouldbesought. TheseviewsandopinionsarealsodonotreflectthoseofFremont Bancorp.
June1,2011
<PresenterName>
VirtualProblems RealAnswers
Introductions
JustinDrain,CISM,CRISC,CISSP DataSecurityManager FremontBank Securityexperience:banking,aerospace,federal government,medical JaredPfost CEO ThirdDefense Securityexperience:banking,technology,consulting
June1,2011
<PresenterName>
VirtualProblems RealAnswers
SecurityProjects SecuringExecutiveApproval
Agenda
PresentState HowItWorksNow WhyIsItso? MySolution InTheory InMoreDetail BasicPointsToRemember LetsGo!
June1,2011
<PresenterName>
VirtualProblems RealAnswers
HowItWorks
Infrastructurevs.Security ProjectMgmt vs.SecurityPractitioner MatureOrganizationvs.JustGettingHeard
June1,2011
<PresenterName>
VirtualProblems RealAnswers
PresentState HowItWorksNow
WithAnyInfrastructureProject: ANeedIsIdentified BusinessCaseForAddressingTheNeedIsBuilt SimultaneouslyASearchForASolutionIs Underway Acceptance!
<PresenterName>
June1,2011
VirtualProblems RealAnswers
PresentState HowItWorksNowcontd
TheCriteriaForAcceptanceIsRelatively Straightforward: ItMakesUsMoney ItMakesUsLookGood ItKeepsUsFromLookingBad (compliance)
June1,2011
<PresenterName>
VirtualProblems RealAnswers
SecurityProjects
<PresenterName>
VirtualProblems RealAnswers
WhyIsItSo? ItsPsychological
WhyTheresaDifference WhyAreInsuranceSalesmenSoUnpopular? Reality/Perception&Profit/Risk SoundBite WhatDoYouWant? MatureCompaniesBuildProductsW/Infosec BakedIn Catchphrase,"WeTakeCareOfSecurity
June1,2011
<PresenterName>
VirtualProblems RealAnswers
WhatHaveWeDoneinResponse?
<PresenterName>
10
VirtualProblems RealAnswers
WhatHaveWeDoneinResponse? contd
<PresenterName>
11
VirtualProblems RealAnswers
WhatHaveWeDoneinResponse? contd
June1,2011
<PresenterName>
12
VirtualProblems RealAnswers
June1,2011
<PresenterName>
13
VirtualProblems RealAnswers
Definition Of Insanity
June1,2011
14
VirtualProblems RealAnswers
SoNowWhat?MySolution
June1,2011
<PresenterName>
15
VirtualProblems RealAnswers
Strategy,Strategy,Strategy
NoSingleSwitch IntegratedStrategy FocusedMethodology Groundwork BuildingACaseForSecurityBeforeYou
BuildTheBusinessCase
June1,2011
<PresenterName>
16
VirtualProblems RealAnswers
Don'tFighttheFeeling
June1,2011
17
VirtualProblems RealAnswers
NotOver
June1,2011
18
VirtualProblems RealAnswers
HowDoesItGoAgain?MoreDetail
HowDoesItAllComeTogether?
June1,2011
<PresenterName>
19
VirtualProblems RealAnswers
InitialSteps
June1,2011
<PresenterName>
20
Formalizemandatoryvs.discretionarycategories.
Workwecould do
Business Drivers
Workweshould do
Workwemustdo
ManageCompliant ReadyServices
<PresenterName>
21
VirtualProblems RealAnswers
CommunicateTopRisks
ConstructaTopDownStory EvidenceDriven RisksPlacedinActionCategories Act,Evaluate,Accept ImpactRanges CalibrateMonetary&Risk ExposuresacrossScale LikelihoodRanges UseEvidenceforOccurance
June1,2011
<PresenterName>
22
BusinessDrivenInvestments
PrioritizebyBusiness
Value
RiskPriority ITCapability BusinessSupport PoliticalReality Cost
DocumentDecisionand
JustificationforPosterity
<PresenterName>
23
VirtualProblems RealAnswers
CommunicateTopRisks&Investments
EvidenceDriven QuantifyWhenDefensible
June1,2011
PrioritizebyRisk,Capability,
Cost,&Politics
24
<PresenterName>
VirtualProblems RealAnswers
InitialSteps contd
GainWideAcceptanceAtInception
<PresenterName>
25
VirtualProblems RealAnswers
Next ClearthePath
CustomerExperienceValueAdd PeopleAreSTILLthePerimeter
June1,2011
<PresenterName>
26
VirtualProblems RealAnswers
MetricsDemonstrateProgress&Needs
DefineTargetstoDriveAcceptableRisk
June1,2011
<PresenterName>
27
VirtualProblems RealAnswers
ClearthePath contd
June1,2011
<PresenterName>
28
VirtualProblems RealAnswers
VirtualProblems RealAnswers
<PresenterName>
30
VirtualProblems RealAnswers
Engage contd
SecurityNeedsIt'sOwnROI ManyAreWilling/AbleToRationalize
June1,2011
<PresenterName>
31
VirtualProblems RealAnswers
Engage contd
wereMetricsCanHelpHereToo
June1,2011
<PresenterName>
32
VirtualProblems RealAnswers
ClosetheDeal/FollowUp
YouSetThemUpNowIt'sTimeTo
June1,2011
<PresenterName>
33
VirtualProblems RealAnswers
ClosetheDeal/FollowUp contd.
Securityisnotintuitive:continue
June1,2011
<PresenterName>
34
VirtualProblems RealAnswers
SoInClosing
PointsToRemember
BeInTheRoom. DontBetheNail FearISanOptionSometimes IfYouDontWriteitDown.Metrics NOW! SecurityROIisdifferent.
<PresenterName>
June1,2011
35
VirtualProblems RealAnswers
FinalThought
The state of mind which enables a man to
do work of this kind is akin to that of the religious worshiper or the lover; the daily effort comes from no deliberate intention or program, but straight from the heart.
-Albert Einstein
Physical Society address, 1918
<PresenterName>
June1,2011
36
VirtualProblems RealAnswers
June1,2011
<PresenterName>
37