The Art & Science of Simple Information Security
-
Upload
ravila-white -
Category
Business
-
view
2.170 -
download
0
description
Transcript of The Art & Science of Simple Information Security
Information Security Information Security
JuggernautJuggernaut
The Art & Science of Simple Security
By Ravila Helen White, CISSP, CISM, CISA, CIPP, GCIH
ijijMaking it better without making Making it better without making it complexit complex
DisclaimerDisclaimerThis presentation and the concepts herein are my
opinions through private research, practice and chatting with other professionals.
It is not the opinion of past, present or future employers.
OverviewOverview
Information Security is a broad, deep and complex discipline. The success of information security requires succinct artful presentation and agile scientific execution.
This discussion will focus on the aspects of Macro and Micro Information security. What it is, Why you need it, and how to use it.
Information Security is…..Information Security is…..“Knowing computer security and compliancy is like
knowing the law, everyone has their own opinion and each judge interprets it differently.” [Bruce Lobree]
How do you get hurt skiing?How do you get hurt skiing?“Information Security and IT are a lot like
skiing. You only get hurt when you ski beyond your abilities, out of control or out of bounds.” [Ravila H. White]
Learning from economistLearning from economist“We can make information security more
consumable by taking a page from economics history and making it divisible. Divide information security in the same manner as economics.” [Ravila H. White]
Macro-Information Security (the business process and resulting artifacts designed to influence business choices, protect the business, drive technology selection)
Micro-Information Security (the technology, controls, countermeasures and tactical solutions that protect information assets)
Simple Security (information security driven by and from the business)
Art Science
Emotional Right Logical Left
The The AARRTT of Macro- of Macro-Information SecurityInformation Security
Art is the process or product of deliberately arranging
elements in a way to affect the senses or emotions.
What are the elements?What are the elements?
Dollars
Compounding Investments
Business Value & Concerns
Efficiency Gains
Asset Protection
Visualization
“Executives are strategists who should not focus on the minutiae of operations, but rather look outward at the competitive landscape.” [Baldwin & Curley]
How do we arrange the How do we arrange the elements?elements?
Business model analysis and mapping
Organizational dashboards
Authoritative Artifacts
Meaningful Visualizations
“Copy-Exactly accelerates the diffusion process and, at the same time, it simplifies system maintenance and user training.” [Baldwin & Curley]
Linear VisualizationsLinear Visualizations
One Dimensional One Dimensional VisualizationsVisualizations
The The SCIENCESCIENCE of Micro- of Micro-Information SecurityInformation Security
Knowledge of a system or knowledge covering general
truths or the operation of general laws especially as
obtained and tested through scientific method.
What are we protecting?What are we protecting?
How do we protect How do we protect simply?simply?
Our primary protection is…
If the primary fails then…
Our secondary protection is…
If the secondary fails then…
Tertiary protection contains
“Three Rules of Work: Out of clutter find simplicity; From discord find harmony; In the middle of difficulty lies opportunity.” [Einstein]
Where we influence Where we influence protectionprotection
How do we protect?How do we protect?
Protection is simpleProtection is simple
In Scope
Asset core
Enterprise, primary or point
Primary, secondary and tertiary
Credits & ReferencesCredits & References
General Professional Influencers
Business Model Generation www.dictionary.com Google: www.Google.com Oxford Dictionary Wikipedia: www.wikipedia.com Managing IT Innovation for
Business Value
Nick Malick
Copyright InformationCopyright InformationSome works in this presentation have been
licensed under the Creative Common license (CC). Please respect the license when using the concepts or adapting them.
For more information please go here: www.creativecommons.org
Thank you…Thank you…
Questions and Comments
Contact me on LinkedIn