Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer...
-
date post
21-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer...
Rethinking Security to Enable Business
LJ JohnsonNike’s Global Information Security Officer
August 16, 2005
Agenda
Today’s Security Realities Perception of Security Showing the business value of
Security The 3 R’s Seeing Security Differently Retooling to leverage the Value
Today’s security realities…
Threats are on the rise Time to respond has decreased Regulatory pressures are on
the rise Business integration has
eroded the network perimeter Spending more on security
doesn’t equate to better protection
When we think of Security
Guns - Guards - Geeks Keeping bad guys out Cost center focused Poorly defined metrics Lost in translation Out of alignment with
business drivers Unable to show business
value
Traditional Security Approaches
Infrastructure security point solutions Firewalls VPN Antivirus Software
Security operations Account creation Passwords
Application Security Authorization policies
What’s the impact?
Technology focus Higher TCO
Long and costly cycles System access Application development Provisioning
Inconsistent policies Focused on threat Avoidance vs. Risk
Management Perceived as inflexible Not seen as a ‘value add’
Showing the value of Security
Instead of Threats – focus on the 3 R’s Revenue
How can security increase revenue opportunities?
Can security help to reduce or avoid costs? What are your key information assets?
Reputation What is the your brand worth? What are your relationships worth?
Regulations What are you required to do?
Revenue Opportunities
Efficiency Gains and Reduced Costs Centralized identity controls Self Registration Automated password resets Spam filtering Outsourcing Early Risk Assessments Lower TCO
New market opportunities Could security be a market
differentiator? Secure ebiz strategy
Barriers to entry Patents
Speed to Market initiatives Business process improvements Shortened development cycles Automated provisioning
Revenue Opportunities
Information Asset Protection Protect what matters most Apply the same principles as
insuring your physical assets Could you lower your insurance
premiums by implementing stronger security?
“Intangible assets such as intellectual property represent approximately 60% to 80% of a company’s assets.”
– Accenture Survey 2004
Revenue Opportunities
Security as a Differentiator
Reputation
What’s your Brand Equity value?
What do you spend on demand creation to grow your market?
What would be the impact to your stock price if your customer database were hacked?
Examples of reputation damage
Regulations
SOX, GLBA, HIPAA, EU Privacy…. What regulations are relevant to
your industry? What are your local and overseas
requirements? Are your service providers also in
compliance? Are there competitive advantages to
anticipating the next set of regulations?
Retooling your organization Gain Business Ownership
Move security to an advisory role & let the business decide
Seek new Funding Models Tie key security operational costs to
IT but push more security costs out to business units
Restructure to deliver the right services
Develop an IP Protection Strategy Define what’s most important to
protect
Retooling your organization
Improve Communications Focus on Risk Management rather than threats
and vulnerabilities Measure and communicate biz value
Expand Team Skills ALL personnel should be security literate Require security personnel to understand the
business Improve processes
Tie security & risk to procurement, SDLC, operational processes
Focus more on Value Proposition and less on ROI Establish Accountability
Tie performance reviews and merit increases to compliance and awareness levels
Questions / Comments?
Changing the Paradigm
Stop seeing Security as only technology
Require your security teams to talk “Business”
Determine the right level of risk Focus on process improvements Communicate the value security
brings to the business – the 3 R’s Faster to market Improved productivity New revenue streams Stronger brand
“It’s not the strongest species that survives, nor the most intelligent, but the ones most responsive to change…”
Charles Darwin