Information Security for Business Leaders Presentation
Transcript of Information Security for Business Leaders Presentation
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 1/27
© 2011 JurInnov, Ltd. All Rights Reserved
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 2/27
© 2011 JurInnov, Ltd. All Rights Reserved
JurInnov helps organizations…
Apply technology to optimize electronicdiscovery
Collect and uncover evidence
Better protect, manage and track
electronic information
…and relax a little
Who Are We?
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 3/27
© 2011 JurInnov, Ltd. All Rights Reserved
Respond to a breach
Computer Forensics
Prevent the breach
Information Security
Who Wants a Crisis Anyway?
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 4/27
© 2011 JurInnov, Ltd. All Rights Reserved
Threats to our businesses
Approach to Information Security
Business integration Creating the culture
Making it happen
Trade-offs
Take-Aways
Today’s Discussion
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 5/27
© 2011 JurInnov, Ltd. All Rights Reserved
April 2011 – Sony Corp. data breach, 100 million
PlayStation network accounts
Wall Street Journal, May 18, 2011 – “Sony Corp
Chief Executive Howard Stringer said he can't guarantee the security of the company's videogame
network or any other Web system in the "bad new
world" of cybercrime.”
“… maintaining security is a „never -ending process‟and he doesn't know if anyone is 100%.”
In the News
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 6/27
© 2011 JurInnov, Ltd. All Rights Reserved
Third Parties
April 4, 2011 – Over 2500 companies who
used Epsilon‟s marketing services had to
inform customers that their data system was
exposed to unauthorized entry.
In the News
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 7/27
© 2011 JurInnov, Ltd. All Rights Reserved
Average breach costs $214 per record
Average organizational cost $7.2 million per incident
The Ponemon Institute Study, March 18, 2011
Risk and compliance budgets expected toincrease by 21% in 2011
McAfee 2011 Risk and Compliance Report
Facts and Figures
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 8/27
© 2011 JurInnov, Ltd. All Rights Reserved
$548 million
The US governmentis increasing cyber
security R&D by 35%
to $548 million nextyear
More organizedoutside attacks
More pervasive
inside misuse
Facts and Figures
Fierce CIO, January 16, 2011
Computerworld, February 15, 2011
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 9/27
© 2011 JurInnov, Ltd. All Rights Reserved
Information
Security
Confidentiality
Integrity
Availability
The Security Triad
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 10/27
© 2011 JurInnov, Ltd. All Rights Reserved
Threats
Impacts
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 11/27
© 2011 JurInnov, Ltd. All Rights Reserved
• Priorities• Roles and
responsibilities• Targeted capabilities• Specific goals
(timeframe)
InfoSec
Strategy
Business
Strategy
• Core values• Purpose• Capabilities• Client promise• Business targets• Specific goals• Initiatives• Action items• Assignments and
accountabilities
Business Integration
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 12/27
© 2011 JurInnov, Ltd. All Rights Reserved
Monitoring, measuring and reporting
Integrating with business metrics
Weekly management meetings Monthly dashboard review with
employees
Quarterly goals met
Team rewards
Creating the Culture
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 13/27
© 2011 JurInnov, Ltd. All Rights Reserved
Incenting the behavior
Assignments and accountabilities
Personal contribution reports Performance reviews
Daily interactions with team members
New system and process deployment
Creating the Culture
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 14/27
© 2011 JurInnov, Ltd. All Rights Reserved
Ask where are we today?
High level survey – taking the pulse
Assessment Define and communicate expectations
Company policies
Employee training
Third party contract requirements
(what about the Cloud?)
Making it Happen
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 15/27
© 2011 JurInnov, Ltd. All Rights Reserved
Implement changes
Workflow (make it easy)
Technology Physical
Ask how are we doing?
Checkpoints
Audits
Making it Happen
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 16/27
© 2011 JurInnov, Ltd. All Rights Reserved
Productive
Responsive
Agile Cost-effective
Reasonable to use (vs. annoying)
Trade-offs
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 17/27
© 2011 JurInnov, Ltd. All Rights Reserved
• Client data
• Trade secrets
• Product details
• Competitive advantages
• Employee information
• Websites
• Blogs
• Social networking
• Employee “break time”
Trade-offs
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 18/27
© 2011 JurInnov, Ltd. All Rights Reserved
Impact(Probability * Loss)
Cost to Secure
ACCEPT
MITIGATE
TRANSFER AVOID
DEPENDS
Trade-offs
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 19/27
© 2011 JurInnov, Ltd. All Rights Reserved
Integrate with business strategic planning
Confirm workflows make good practiceseasy
Know the impact of new systems/processes
Know the impact of system/process
maintenance Confirm mobile computing addresses risks
Take-Aways: Build in Security
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 20/27
© 2011 JurInnov, Ltd. All Rights Reserved
Demonstrate that security is critical
Challenge assumptions of security
Ask about the risks Monitor, measure, report
Hold everyone accountable
Reward behaviors
Take-Aways: Create the Culture
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 21/27
© 2011 JurInnov, Ltd. All Rights Reserved
Take a quick pulse
Maintain up to date security policies
Keep security “top of mind” Debrief projects including security focus
Maintain good asset management
Plan Do Check Act
Take-Aways: Make it Happen
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 22/27
© 2011 JurInnov, Ltd. All Rights Reserved
Access
Server audit logs are turned on andretained
Firewall firmware is up to date
Mobile devices are properly encrypted
Take-Aways: Some Specifics
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 23/27
© 2011 JurInnov, Ltd. All Rights Reserved
Business continuity
Key systems have uninterruptable powersupplies
Backups tested regularly
Disaster recovery plans in place
Business continuity testing for key systems
System maintenance as scheduled
Take-Aways: Some Specifics
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 24/27
© 2011 JurInnov, Ltd. All Rights Reserved
Application security
Security patches up to date
No unauthorized programs installed Corporate applications have up to date
security reviews
Antivirus software installed
Virus definitions up to date
Take-Aways: Some Specifics
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 25/27
© 2011 JurInnov, Ltd. All Rights Reserved
Security governance
Configuration changes approved prior toimplementation
Incidents handled by incident responseplans
Media sanitized before being reused ordisposed
Systems have documented securitycontrols
Take-Aways: Some Specifics
8/6/2019 Information Security for Business Leaders Presentation
http://slidepdf.com/reader/full/information-security-for-business-leaders-presentation 26/27
© 2011 JurInnov, Ltd. All Rights Reserved
Security awareness
Password procedures
Data storage procedures Mobile computing
Software security practices
Email security practices
Take-Aways: Some Specifics