Information Security Information Security

JuggernautJuggernaut

The Art & Science of Simple Security

By Ravila Helen White, CISSP, CISM, CISA, CIPP, GCIH

ijijMaking it better without making Making it better without making it complexit complex

DisclaimerDisclaimerThis presentation and the concepts herein are my

opinions through private research, practice and chatting with other professionals.

It is not the opinion of past, present or future employers.

OverviewOverview

Information Security is a broad, deep and complex discipline. The success of information security requires succinct artful presentation and agile scientific execution.

This discussion will focus on the aspects of Macro and Micro Information security. What it is, Why you need it, and how to use it.

Information Security is…..Information Security is…..“Knowing computer security and compliancy is like

knowing the law, everyone has their own opinion and each judge interprets it differently.” [Bruce Lobree]

How do you get hurt skiing?How do you get hurt skiing?“Information Security and IT are a lot like

skiing. You only get hurt when you ski beyond your abilities, out of control or out of bounds.” [Ravila H. White]

Learning from economistLearning from economist“We can make information security more

consumable by taking a page from economics history and making it divisible. Divide information security in the same manner as economics.” [Ravila H. White]

Macro-Information Security (the business process and resulting artifacts designed to influence business choices, protect the business, drive technology selection)

Micro-Information Security (the technology, controls, countermeasures and tactical solutions that protect information assets)

Simple Security (information security driven by and from the business)

Art Science

Emotional Right Logical Left

The The AARRTT of Macro- of Macro-Information SecurityInformation Security

Art is the process or product of deliberately arranging

elements in a way to affect the senses or emotions.

What are the elements?What are the elements?

Dollars

Compounding Investments

Business Value & Concerns

Efficiency Gains

Asset Protection

Visualization

“Executives are strategists who should not focus on the minutiae of operations, but rather look outward at the competitive landscape.” [Baldwin & Curley]

How do we arrange the How do we arrange the elements?elements?

Business model analysis and mapping

Organizational dashboards

Authoritative Artifacts

Meaningful Visualizations

“Copy-Exactly accelerates the diffusion process and, at the same time, it simplifies system maintenance and user training.” [Baldwin & Curley]

Linear VisualizationsLinear Visualizations

One Dimensional One Dimensional VisualizationsVisualizations

The The SCIENCESCIENCE of Micro- of Micro-Information SecurityInformation Security

Knowledge of a system or knowledge covering general

truths or the operation of general laws especially as

obtained and tested through scientific method.

What are we protecting?What are we protecting?

How do we protect How do we protect simply?simply?

Our primary protection is…

If the primary fails then…

Our secondary protection is…

If the secondary fails then…

Tertiary protection contains

“Three Rules of Work: Out of clutter find simplicity; From discord find harmony; In the middle of difficulty lies opportunity.” [Einstein]

Where we influence Where we influence protectionprotection

How do we protect?How do we protect?

Protection is simpleProtection is simple

In Scope

Asset core

Enterprise, primary or point

Primary, secondary and tertiary

Credits & ReferencesCredits & References

General Professional Influencers

Business Model Generation www.dictionary.com Google: www.Google.com Oxford Dictionary Wikipedia: www.wikipedia.com Managing IT Innovation for

Business Value

Nick Malick

Copyright InformationCopyright InformationSome works in this presentation have been

licensed under the Creative Common license (CC). Please respect the license when using the concepts or adapting them.

For more information please go here: www.creativecommons.org

Thank you…Thank you…

Questions and Comments

Contact me on LinkedIn