Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Selling Security v4

    Загружено:

    jdbear23
    21 просмотров37 страниц
    Virtual Problems - Real Answers is a virtual conference hosted by the Information Systems Security Association (issa), infraGard, and IMA. Nothing in this conference should be construed as professional or legal advice or as creating a professional-customer or attorney-client relationship. If professional, legal, or other expert assistance is required, the services of a competent professional should be sought.

    Исходное описание:

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Virtual Problems - Real Answers is a virtual conference hosted by the Information Systems Security Association (issa), infraGard, and IMA. Nothing in this conference should be construed as professional or legal advice or as creating a professional-customer or attorney-client relationship. If professional, legal, or other expert assistance is required, the services of a competent professional should be sought.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    21 просмотров37 страниц

    Selling Security v4

    Загружено:

    jdbear23
    Virtual Problems - Real Answers is a virtual conference hosted by the Information Systems Security Association (issa), infraGard, and IMA. Nothing in this conference should be construed as professional or legal advice or as creating a professional-customer or attorney-client relationship. If professional, legal, or other expert assistance is required, the services of a competent professional should be sought.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 37

    VirtualProblems RealAnswers

    JustinDrain jdrain@computer.org justin.drain@fremontbank.com JaredPfost jared@thirddefense.com

    June1,2011

    <PresenterName>

    VirtualProblems RealAnswers

    Disclaimer
    Theviewsandopinionsexpressedduringthisconferencearethoseof thespeakersanddonotnecessarilyreflecttheviewsandopinions heldbytheInformationSystemsSecurityAssociation(ISSA),the SiliconValleyISSA,theSanFranciscoISSAortheSanFranciscoBay AreaInfraGardMembersAlliance(IMA). NeitherISSA,InfraGard,nor anyofitschapterswarrantstheaccuracy,timelinessorcompleteness oftheinformationpresented. Nothinginthisconferenceshouldbe construedasprofessionalorlegaladviceorascreatingaprofessional customerorattorneyclientrelationship. Ifprofessional,legal,or otherexpertassistanceisrequired,theservicesofacompetent professionalshouldbesought. TheseviewsandopinionsarealsodonotreflectthoseofFremont Bancorp.
    June1,2011

    <PresenterName>

    VirtualProblems RealAnswers

    Introductions
    JustinDrain,CISM,CRISC,CISSP DataSecurityManager FremontBank Securityexperience:banking,aerospace,federal government,medical JaredPfost CEO ThirdDefense Securityexperience:banking,technology,consulting
    June1,2011

    <PresenterName>

    VirtualProblems RealAnswers

    SecurityProjects SecuringExecutiveApproval

    Agenda
    PresentState HowItWorksNow WhyIsItso? MySolution InTheory InMoreDetail BasicPointsToRemember LetsGo!
    June1,2011

    <PresenterName>

    VirtualProblems RealAnswers

    HowItWorks
    Infrastructurevs.Security ProjectMgmt vs.SecurityPractitioner MatureOrganizationvs.JustGettingHeard

    June1,2011

    <PresenterName>

    VirtualProblems RealAnswers

    PresentState HowItWorksNow
    WithAnyInfrastructureProject: ANeedIsIdentified BusinessCaseForAddressingTheNeedIsBuilt SimultaneouslyASearchForASolutionIs Underway Acceptance!
    <PresenterName>

    June1,2011

    VirtualProblems RealAnswers

    PresentState HowItWorksNowcontd
    TheCriteriaForAcceptanceIsRelatively Straightforward: ItMakesUsMoney ItMakesUsLookGood ItKeepsUsFromLookingBad (compliance)
    June1,2011

    <PresenterName>

    VirtualProblems RealAnswers

    SecurityProjects

    ThingsAreDifferentwithSecurity Atfirst StruggleswithBuyinonNeed Resistance:ImpacttoBusinessProcess PushbackOnCost


    June1,2011

    <PresenterName>

    VirtualProblems RealAnswers

    WhyIsItSo? ItsPsychological
    WhyTheresaDifference WhyAreInsuranceSalesmenSoUnpopular? Reality/Perception&Profit/Risk SoundBite WhatDoYouWant? MatureCompaniesBuildProductsW/Infosec BakedIn Catchphrase,"WeTakeCareOfSecurity
    June1,2011

    <PresenterName>

    VirtualProblems RealAnswers

    WhatHaveWeDoneinResponse?

    StandardApproach FearAndLoathing ComplianceCard ADifficultDefinition


    June1,2011

    <PresenterName>

    10

    VirtualProblems RealAnswers

    WhatHaveWeDoneinResponse? contd

    Fearisnotanoption, unlessitisapplied appropriately


    June1,2011

    <PresenterName>

    11

    VirtualProblems RealAnswers

    WhatHaveWeDoneinResponse? contd

    ComplianceCard ComplianceIsNotSecurity ThisOnlyGoesSoFar

    June1,2011

    <PresenterName>

    12

    VirtualProblems RealAnswers

    WhyIsItSo? ItsPsychological contd

    TheProspectTheory InTheory BusinessModels ApplyingToSecurity

    June1,2011

    <PresenterName>

    13

    VirtualProblems RealAnswers

    WhatHave WeDonein Response?

    Definition Of Insanity

    June1,2011

    14

    VirtualProblems RealAnswers

    SoNowWhat?MySolution

    FromaHighLevel ButfirstwheredoIgetoff? WorksForMe ImmaturetoMature

    June1,2011

    <PresenterName>

    15

    VirtualProblems RealAnswers

    Strategy,Strategy,Strategy
    NoSingleSwitch IntegratedStrategy FocusedMethodology Groundwork BuildingACaseForSecurityBeforeYou

    BuildTheBusinessCase
    June1,2011

    <PresenterName>

    16

    VirtualProblems RealAnswers

    Don'tFighttheFeeling

    MakeHumanNatureYourAlly FrameSecurityInPositiveLight UsetheShakyPerceptions SecurityBrakes AgainWithTheFear


    <PresenterName>

    June1,2011

    17

    VirtualProblems RealAnswers

    NotOver

    PlayingThe FearCard BurglarAlarm 9/11 SkyISFalling

    June1,2011

    18

    VirtualProblems RealAnswers

    HowDoesItGoAgain?MoreDetail

    HowDoesItAllComeTogether?

    June1,2011

    <PresenterName>

    19

    VirtualProblems RealAnswers

    InitialSteps

    BeInTheRoom SecureAnAlly CreateAnAdvocate.

    EvenIfItMeansGivingUpCredit PlantTheSeeds(Awareness,Metrics) BuildAwarenessOfSecurityStrategy

    June1,2011

    <PresenterName>

    20

    Formalizemandatoryvs.discretionarycategories.
    Workwecould do

    Business Drivers

    EmbedRiskBased DecisionstoAchieve BusinessGoals ReachaLegally DefensibleLevelof Security

    Workweshould do

    Improve Security Services Regulatory Requirements

    Workwemustdo

    ManageCompliant ReadyServices

    <PresenterName>

    21

    VirtualProblems RealAnswers

    CommunicateTopRisks
    ConstructaTopDownStory EvidenceDriven RisksPlacedinActionCategories Act,Evaluate,Accept ImpactRanges CalibrateMonetary&Risk ExposuresacrossScale LikelihoodRanges UseEvidenceforOccurance

    June1,2011

    <PresenterName>

    22

    BusinessDrivenInvestments
    PrioritizebyBusiness

    Value
    RiskPriority ITCapability BusinessSupport PoliticalReality Cost

    Efficiency Gains.Save $110K

    DocumentDecisionand

    JustificationforPosterity

    <PresenterName>
    23

    VirtualProblems RealAnswers

    CommunicateTopRisks&Investments

    EvidenceDriven QuantifyWhenDefensible
    June1,2011

    PrioritizebyRisk,Capability,

    Cost,&Politics
    24

    <PresenterName>

    VirtualProblems RealAnswers

    InitialSteps contd

    GainWideAcceptanceAtInception

    AsPartOfYourStrategy ProveYouCanDoItBeforeYouProve YouCanDoIt (TimeTravel?No.DemonstrateEffectiveness) CarrotAndStick


    June1,2011

    <PresenterName>

    25

    VirtualProblems RealAnswers

    Next ClearthePath

    MoreGroundwork SolutionLookingForAProblem SecuritySolutionsCanImprove

    CustomerExperienceValueAdd PeopleAreSTILLthePerimeter

    June1,2011

    <PresenterName>

    26

    VirtualProblems RealAnswers

    MetricsDemonstrateProgress&Needs

    DefineTargetstoDriveAcceptableRisk
    June1,2011

    <PresenterName>

    27

    VirtualProblems RealAnswers

    ClearthePath contd

    MoretoConsider RevenueNow SecurityLater DontBeTheNail

    June1,2011

    <PresenterName>

    28

    VirtualProblems RealAnswers

    Toahammer, everything lookslikea nail

    DontBe The Nail


    June1,2011 29

    VirtualProblems RealAnswers

    Engage OnTheSurfaceEverythingSeemsNormal BackAttheTable PresentationIsKey,DoYourHomework BePreparedToDefendTheObvious (obvioustous) KnowYourAudienceAndSpeakTheir Language


    June1,2011

    <PresenterName>

    30

    VirtualProblems RealAnswers

    Engage contd

    SecurityNeedsIt'sOwnROI ManyAreWilling/AbleToRationalize

    CertainLosses ConvinceThemYouAreBetterOff W/SecuritySolution

    June1,2011

    <PresenterName>

    31

    VirtualProblems RealAnswers

    Engage contd

    DontForgetTheRankandFile WhatsTheDeductible Areyoubetteroffnow,thanyou

    wereMetricsCanHelpHereToo

    June1,2011

    <PresenterName>

    32

    VirtualProblems RealAnswers

    ClosetheDeal/FollowUp

    YouSetThemUpNowIt'sTimeTo

    KnockThemDown ThereIsNothingMoreExpensive ThanRegret

    June1,2011

    <PresenterName>

    33

    VirtualProblems RealAnswers

    ClosetheDeal/FollowUp contd.

    Securityisnotintuitive:continue

    education Integration,integrationand integration. WherestheBeef?

    June1,2011

    <PresenterName>

    34

    VirtualProblems RealAnswers

    SoInClosing

    PointsToRemember
    BeInTheRoom. DontBetheNail FearISanOptionSometimes IfYouDontWriteitDown.Metrics NOW! SecurityROIisdifferent.
    <PresenterName>

    June1,2011

    35

    VirtualProblems RealAnswers

    FinalThought
    The state of mind which enables a man to

    do work of this kind is akin to that of the religious worshiper or the lover; the daily effort comes from no deliberate intention or program, but straight from the heart.
    -Albert Einstein
    Physical Society address, 1918
    <PresenterName>

    June1,2011

    36

    VirtualProblems RealAnswers

    Thank You! Questions?


    jdrain@computer.org justin.drain@fremontbank.com jared@thirddefense.com
    Disclaimer Theviewsandopinionsexpressedduringthisconferencearethoseofthespeakersanddonotnecessarilyreflecttheviewsand opinionsheldbytheInformationSystemsSecurityAssociation(ISSA),theSiliconValleyISSA,theSanFranciscoISSAortheSan FranciscoBayAreaInfraGardMembersAlliance(IMA). NeitherISSA,InfraGard,noranyofitschapterswarrantstheaccuracy, timelinessorcompletenessoftheinformationpresented. Nothinginthisconferenceshouldbeconstruedasprofessionalorlegal adviceorascreatingaprofessionalcustomerorattorneyclientrelationship. Ifprofessional,legal,orotherexpertassistanceis required,theservicesofacompetentprofessionalshouldbesought.

    June1,2011

    <PresenterName>

    37

    Вам также может понравиться