SlideShare ist ein Scribd-Unternehmen logo

James Beeson SOURCE Boston 2011

Source Conference
Source Conference

Bridging the Gaps and Preparing for the Future!

TechnologieBusiness
1 von 12
BRIDGING  THE  GAPS  AND   PREPARING  FOR  THE  FUTURE!   James  Beeson   Chief  Informa0on  Security  Officer   April  20,  2011  
We  Are  Figh0ng  The  Same  BaCle!   Same  Risks   •  Business  Disrup0on   •  Unauthorized  Access   Don’t  Reinvent  the  Wheel   •  Data  Leakage/Loss   Collaborate   Use  Exis0ng  Frameworks   •  Data  Integrity  Issues   ISO  27001   •  Regulatory  Non-­‐Compliance   COBIT   NIST  Standards   Similar  Threats   •  Mistakes/Accidents   •  Organized  Crime  (APT)   •  Vulnerabili0es  (SW/HW/NW)   •  Unauthorized  SoVware   •  Social  Engineering  (Phishing)  
CIO  &  CISO     Roles  Similar   •  Need  to    understand  what  the  business  does   •  How  does  technology  enable  the  business  processes   •  Branding  and  marke0ng  for  the  cause   •  Evangelist  for  the  profession  and  importance   •  Salesperson  to  get  things  accomplished   •  Leader  to  mo0vate  people  to  do  the  right  thing   Aren’t  We  All  Just  Used   Car  Salespeople?  
Mix  of  Technical  Exper0se   and  Leadership   Informa0on  Security  Technical  Exper0se   •  CISSP  (Cer0fied  Informa0on  Systems  Security  Professional)   •  CISA  (Cer0fied  Informa0on  Systems  Auditor)   •  CRISC  (Cer0fied  in  Risk  and  Informa0on  Systems  Control)   •  CISM  (Cer0fied  Informa0on  Security  Manager)   Leadership   •  Team  Building  and  Mo0va0on   •  Effec0ve  Speaking  and  Presenta0on  Skills   •  Hiring  and  Management  Skills   •  Style  Flex  –  Understanding  Mo0va0on   •  CAP  (Change  Accelera0on  Process  Training)   •  ITIL  (Informa0on  Technology  Infrastructure  Library)    Skills   •  Six  Sigma  or  similar  Quality  Training  
Just  Say  “Yes”  Approach   •  Works  BeCer  than  Chicken  LiCle  or  FUD   •  ShiVs  the  Ownership/Burden  of  Risk   •  As  They  Say  “It’s  All  In  The  Spin”   •  Push  for  Data  Driven  Decisions   IT  and  CISO     DO  NOT     Own  the  Risk!  
KNOW  THE  2  MINUTE   ELEVATOR  SPEECH   Key  OperaAng  Elements   Top  Risks      InformaAon  Security  Risk  Management   Data  Leakage/Loss      IdenAty  Management  (Access  Control)   Unauthorized  Access      Monitoring  &  Incident  Response   Business  Disrup0on   Data  Integrity  Issues   Strategic  Approach   Regulatory  Non-­‐Compliance      Strong,  Simple,  Risk  Based  Policies   Top  Threats   Phishing  (Social  Engineering)      Layered,  Measurable  Approach   Unauthorized  SoVware      Ongoing  Risk  Assessment  &  Quick  IR   Organized  Crime  (APT)   SW/HW/NW  Vulnerabili0es      Con0nuous  Educa0on  and  Awareness   Mistakes/Accidents   Tarnished  Brand  Name   DRIVES     Revenue  Loss   Added  Costs  (regulatory  fines)  
Security  is  an  Enabler  to   Compliance  and  Reducing  Risk   •  Leverage  Compliance  and  Legal   •  Take  Advantage  of  Opera0onal  and  Business   Risk  Knowledge   •  Mix  Training,  Educa0on,  and                         Communica0ons   •  Embed  Security  in  Technology                                                   and  Business  Processes   •  ShiV  from  Slowing-­‐Down  to  Enabling  
Measurement  Drives  Behavior   As  Lord  Kelvin  once  said      “If  You  Can’t  Measure  It,  You  Can’t  Improve  It”   Typically  Improvement  is  Measured  by:   <Reduced  Cycle-­‐Time   <Reduced  Cost   <Reduced  Defects   Key  Takeaways   •  Schedule  Recurring  Reviews   •  Know  Your  Audience   •  Tie  Improvement  Metrics  to  Performance   •  Don’t  Reinvent  the  Wheel   •  Automate  and  Define  Clear  Ownership   Threat  x  Opportunity  =  Risk  
Trends   •  I  Don’t  Buy  Your  Shoes,  Why  Would  I  Buy  Your  PC   •  Cloud  is  the  Preferred  Way  to  Manage  Data   •  Conundrum  -­‐  Digital  Na0ves  vs  Baby  Boomers   •  Power  Portability/Mobility  with  No  Perimeter   •  Organized  Crime  (APT)  is  “Big  Business”   •  Focus  on  Compliance  Not  Security  Posture   •  Social  Engineering  Rules  –  An  Educa0on  Issue  
Things  That  Make  You  Go  Hmm   •  2  Billion  People  Internet  Connected   •  YouTube  >2B  Views/Day   •  Over  22  Billion  Tweets  in  2010   •  Facebook  –  Worlds  3rd  Largest  Country   •  Over  100  Million  Users  on  LinkedIn   •  Internet  Background  Check  Common   •  Tex0ng  &  Apps  Overtake  Voice   •  PC’s/Laptop’s  Dropping  in  Sales   •  1/5  Marriages  from  Internet  Da0ng  
Summary   •  Figh0ng  the  Same  BaCle  –  Leverage  Everyone!   –  Risks  are  basically  the  same   •  Know  Your  Business  –  Become  an  Enabler   –  Reduces  the  “Hindrance”  factor   •  CIO  and  CISO  Roles  are  Similar   –  Aren’t  we  all  just  Salespeople   •  Measurement  Drives  Behavior   –  “If  you  can’t  measure  it,  you  can’t  improve  it”   •  Digital  Na0ves  versus  Digital  Immigrant   –     Helping  to  “Bridge  The  Gap”  
QUESTIONS?   Contract  Informa0on:   Email:  James.Beeson@GE.com   Telephone:  01  203  205  5450  

Empfohlen

IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015Robert Baldi
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureSecurity Innovation
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesJeff Miller
 
Matthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxSource Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory
Jeremy Allen - Rajendra Umadas - Network Stream Hacking With MalloryJeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory
Jeremy Allen - Rajendra Umadas - Network Stream Hacking With MallorySource Conference
 

Empfohlen

IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015Robert Baldi
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureSecurity Innovation
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesJeff Miller
 
Matthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxSource Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory
Jeremy Allen - Rajendra Umadas - Network Stream Hacking With MalloryJeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory
Jeremy Allen - Rajendra Umadas - Network Stream Hacking With MallorySource Conference
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
How To Become An IT Security Risk Analyst
How To Become An IT Security Risk AnalystHow To Become An IT Security Risk Analyst
How To Become An IT Security Risk AnalystNiloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling youCore Security
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small BusinessJulius Clark, CISSP, CISA
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small BusinessJulius Clark, CISSP, CISA
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills CocktailDoreen Loeber
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteAntonio Fontes
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance frameworkkaiyun7631
 
Getting down to business with security
Getting down to business with securityGetting down to business with security
Getting down to business with securityGerhard de Klerk
 
PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Ajay p
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016Larry Slobodzian
 
Managing your Data when Mobile
Managing your Data when MobileManaging your Data when Mobile
Managing your Data when MobileInnoTech
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Risky Business
Risky BusinessRisky Business
Risky BusinessMichael Scheidell
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser BotnetSource Conference
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 

Weitere ähnliche Inhalte

Ähnlich wie James Beeson SOURCE Boston 2011

How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling youCore Security
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills CocktailDoreen Loeber
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteAntonio Fontes
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance frameworkkaiyun7631
 
Getting down to business with security
Getting down to business with securityGetting down to business with security
Getting down to business with securityGerhard de Klerk
 
PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Ajay p
 
Managing your Data when Mobile
Managing your Data when MobileManaging your Data when Mobile
Managing your Data when MobileInnoTech
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 

Ähnlich wie James Beeson SOURCE Boston 2011 (20)

How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
How To Become An IT Security Risk Analyst
How To Become An IT Security Risk AnalystHow To Become An IT Security Risk Analyst
How To Become An IT Security Risk Analyst
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling you
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills Cocktail
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynote
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance framework
 
Getting down to business with security
Getting down to business with securityGetting down to business with security
Getting down to business with security
 
PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Managing your Data when Mobile
Managing your Data when MobileManaging your Data when Mobile
Managing your Data when Mobile
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Risky Business
Risky BusinessRisky Business
Risky Business
 

Mehr von Source Conference

iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawSource Conference
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationSource Conference
 

Mehr von Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on Android
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 

Kürzlich hochgeladen

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Kürzlich hochgeladen (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

James Beeson SOURCE Boston 2011

  • 1. BRIDGING  THE  GAPS  AND   PREPARING  FOR  THE  FUTURE!   James  Beeson   Chief  Informa0on  Security  Officer   April  20,  2011  
  • 2. We  Are  Figh0ng  The  Same  BaCle!   Same  Risks   •  Business  Disrup0on   •  Unauthorized  Access   Don’t  Reinvent  the  Wheel   •  Data  Leakage/Loss   Collaborate   Use  Exis0ng  Frameworks   •  Data  Integrity  Issues   ISO  27001   •  Regulatory  Non-­‐Compliance   COBIT   NIST  Standards   Similar  Threats   •  Mistakes/Accidents   •  Organized  Crime  (APT)   •  Vulnerabili0es  (SW/HW/NW)   •  Unauthorized  SoVware   •  Social  Engineering  (Phishing)  
  • 3. CIO  &  CISO     Roles  Similar   •  Need  to    understand  what  the  business  does   •  How  does  technology  enable  the  business  processes   •  Branding  and  marke0ng  for  the  cause   •  Evangelist  for  the  profession  and  importance   •  Salesperson  to  get  things  accomplished   •  Leader  to  mo0vate  people  to  do  the  right  thing   Aren’t  We  All  Just  Used   Car  Salespeople?  
  • 4. Mix  of  Technical  Exper0se   and  Leadership   Informa0on  Security  Technical  Exper0se   •  CISSP  (Cer0fied  Informa0on  Systems  Security  Professional)   •  CISA  (Cer0fied  Informa0on  Systems  Auditor)   •  CRISC  (Cer0fied  in  Risk  and  Informa0on  Systems  Control)   •  CISM  (Cer0fied  Informa0on  Security  Manager)   Leadership   •  Team  Building  and  Mo0va0on   •  Effec0ve  Speaking  and  Presenta0on  Skills   •  Hiring  and  Management  Skills   •  Style  Flex  –  Understanding  Mo0va0on   •  CAP  (Change  Accelera0on  Process  Training)   •  ITIL  (Informa0on  Technology  Infrastructure  Library)    Skills   •  Six  Sigma  or  similar  Quality  Training  
  • 5. Just  Say  “Yes”  Approach   •  Works  BeCer  than  Chicken  LiCle  or  FUD   •  ShiVs  the  Ownership/Burden  of  Risk   •  As  They  Say  “It’s  All  In  The  Spin”   •  Push  for  Data  Driven  Decisions   IT  and  CISO     DO  NOT     Own  the  Risk!  
  • 6. KNOW  THE  2  MINUTE   ELEVATOR  SPEECH   Key  OperaAng  Elements   Top  Risks      InformaAon  Security  Risk  Management   Data  Leakage/Loss      IdenAty  Management  (Access  Control)   Unauthorized  Access      Monitoring  &  Incident  Response   Business  Disrup0on   Data  Integrity  Issues   Strategic  Approach   Regulatory  Non-­‐Compliance      Strong,  Simple,  Risk  Based  Policies   Top  Threats   Phishing  (Social  Engineering)      Layered,  Measurable  Approach   Unauthorized  SoVware      Ongoing  Risk  Assessment  &  Quick  IR   Organized  Crime  (APT)   SW/HW/NW  Vulnerabili0es      Con0nuous  Educa0on  and  Awareness   Mistakes/Accidents   Tarnished  Brand  Name   DRIVES     Revenue  Loss   Added  Costs  (regulatory  fines)  
  • 7. Security  is  an  Enabler  to   Compliance  and  Reducing  Risk   •  Leverage  Compliance  and  Legal   •  Take  Advantage  of  Opera0onal  and  Business   Risk  Knowledge   •  Mix  Training,  Educa0on,  and                         Communica0ons   •  Embed  Security  in  Technology                                                   and  Business  Processes   •  ShiV  from  Slowing-­‐Down  to  Enabling  
  • 8. Measurement  Drives  Behavior   As  Lord  Kelvin  once  said      “If  You  Can’t  Measure  It,  You  Can’t  Improve  It”   Typically  Improvement  is  Measured  by:   <Reduced  Cycle-­‐Time   <Reduced  Cost   <Reduced  Defects   Key  Takeaways   •  Schedule  Recurring  Reviews   •  Know  Your  Audience   •  Tie  Improvement  Metrics  to  Performance   •  Don’t  Reinvent  the  Wheel   •  Automate  and  Define  Clear  Ownership   Threat  x  Opportunity  =  Risk  
  • 9. Trends   •  I  Don’t  Buy  Your  Shoes,  Why  Would  I  Buy  Your  PC   •  Cloud  is  the  Preferred  Way  to  Manage  Data   •  Conundrum  -­‐  Digital  Na0ves  vs  Baby  Boomers   •  Power  Portability/Mobility  with  No  Perimeter   •  Organized  Crime  (APT)  is  “Big  Business”   •  Focus  on  Compliance  Not  Security  Posture   •  Social  Engineering  Rules  –  An  Educa0on  Issue  
  • 10. Things  That  Make  You  Go  Hmm   •  2  Billion  People  Internet  Connected   •  YouTube  >2B  Views/Day   •  Over  22  Billion  Tweets  in  2010   •  Facebook  –  Worlds  3rd  Largest  Country   •  Over  100  Million  Users  on  LinkedIn   •  Internet  Background  Check  Common   •  Tex0ng  &  Apps  Overtake  Voice   •  PC’s/Laptop’s  Dropping  in  Sales   •  1/5  Marriages  from  Internet  Da0ng  
  • 11. Summary   •  Figh0ng  the  Same  BaCle  –  Leverage  Everyone!   –  Risks  are  basically  the  same   •  Know  Your  Business  –  Become  an  Enabler   –  Reduces  the  “Hindrance”  factor   •  CIO  and  CISO  Roles  are  Similar   –  Aren’t  we  all  just  Salespeople   •  Measurement  Drives  Behavior   –  “If  you  can’t  measure  it,  you  can’t  improve  it”   •  Digital  Na0ves  versus  Digital  Immigrant   –     Helping  to  “Bridge  The  Gap”  
  • 12. QUESTIONS?   Contract  Informa0on:   Email:  James.Beeson@GE.com   Telephone:  01  203  205  5450