SlideShare ist ein Scribd-Unternehmen logo

New Standard for Security Leaders

Priyanka Aash
Priyanka Aash

Presented by Om Ahuja, IBM at CISO Platform Annual Summit, 2013.

Technologie
1 von 21
Nov 15th 2013 A new standard for security leaders Insights from the 2013 IBM Chief Information Security Officer Assessment © 2013 IBM Corporation
Introduction There is increasing attention focused on the CISO and calls to transform and broaden the role into something more than simply a protector of the enterprise “Smart CISOs… should major on real security management improvements that deliver true business value.” “Where next for the enterprising CISO?”, David Lacey's IT Security Blog, ComputerWeekly.com, July 13, 2013, LINK “It's hard being a CISO… you have a moment in the sun, however short, to demonstrate the overall business value of security in your company and the competitive advantage that provides.” “A CISO's Guide to Communicating with the Board”, Kyle Flaherty, 21CT, July 1, 2013, LINK “…CISOs are not only reducing risk, they are gaining influence over the entire organization and building their value among management and colleagues, and becoming a trusted source for innovation and best practices” “Being great: Five critical CISO traits”, Joe Gottlieb, SC Magazine, June 13, 2013, LINK “Chief information security officers will have evolve into corporate information risk managers if they are to survive in the future...” “CISOs must shape up or ship out, says Forrester”, Warwick Ashford, ComputerWeekly.com, June 11, 2013, LINK 2 © 2013 IBM Corporation
Introduction This is causing organizations to ask a number of key questions around information security leadership and critical capabilities A CEO might ask:  “Is my security team doing enough to protect the value of the enterprise? Do I have the right team and capabilities?”  “Is security just a cost center, or can it help to achieve business objectives and enable innovation?” A CIO or Chief Information Security Officer might ask:  “How do I compare to other security organizations in my industry?”  “How should I balance my technology investments with policy development and education programs?”  “How do I convince my business leadership that a technology purchase is needed and worthwhile?” 3 © 2013 IBM Corporation
Introduction Different security leader categories and characteristics were defined in the 2012 CISO Assessment – Finding a strategic voice 4 © 2013 IBM Corporation
Approach Extending the prior work in order to identify better practices we performed indepth interviews with organizations’ senior-most security leaders Respondent distribution 20% IT Director 24% IT Manager 39% $100K-$1M Role Security budget 15% EVP/ VP of IT 42% C-level/ CISO 17% Mid-market Countries U.S., UK, Germany, Japan Industries Aerospace and defense, automotive, banking, chemicals, consumer products, financial markets, healthcare, insurance, media and entertainment, manufacturing, pharmaceuticals, retail, travel and transportation, energy and utilities, wholesale 5 34% $1M+ 83% Large enterprise 27% <$100K Organization size © 2013 IBM Corporation
Overview We uncovered a set of key findings and a set of challenges security leaders are struggling with Key findings  More mature security leaders focus on strategy, policies, education, risks, and business relations  Leaders build trust by communicating in a transparent, frequent, credible way  More work needs to be done to improve information sharing outside the organization  Foundational security technologies are still seen as critically important  Mobile security technology has significant attention and investment  Many are using cloud for security services and are planning increased deployment in the near future  In general, technical and business metrics are still focused on operational issues  Metrics are used more for budget and strategy reasons and less for risk  Progress needs to be made translating security metrics into the language of the business 6 Challenge How do I best manage a broad set of concerns from a diverse set of business stakeholders? How do I improve mobile security policy and management – not just deploy the latest technology? How do I translate security metrics into the language of the business to help guide strategy? © 2013 IBM Corporation
BUSINESS PRACTICES “Security is difficult, and security people are unique. They have a different way of looking at things. We try to get away from ‘techno garble,’ which isn’t important to the business. The business needs it in black and white, no theoretical things.” (CTO, Insurance) © 2013 IBM Corporation
Business practices What experienced security leaders say about achieving success in their role Strong strategy and policy Comprehensive risk management “Risk assessment information is used to determine our security policy. It decides what, where, when, and how to protect, and the cost of doing that – the cost to the business.” (Head of IT Group, Manufacturing) Effective business relations “Getting business support is about selling. You need somebody that has business savvy, but also understands the technology – who can speak business value and understand risk.” (Chief Technology Officer, Insurance) Concerted communications efforts 8 “What’s important when making security decisions? A strategic vision, risk assessments and prioritizing around security, understanding the impact of new technology, having the ability to differentiate solutions and pick the winners.” (IT Director, Insurance) “Effective relationships require lots of communication, providing assistance to business leaders and requesting time in their meetings to communicate importance of security, talk about wins and communicate the risks. You open minds when you have that constant background noise.” (Director of Infrastructure, Utility) © 2013 IBM Corporation
Business practices Business practices challenge: Security leaders have a broad set of concerns to manage from a diverse group of stakeholders What are your C-suite’s greatest concerns? 9 Information security leaders have to protect against threats to brand reputation, operational downtime, compliance and regulations and financial loss © 2013 IBM Corporation
TECHNOLOGY “You have to be on the bleeding edge of business technology and consumer technology. BYOD is starting to encompass almost everything. Devices are proliferating. Security leaders have to be smart, be savvy. Think like a user. Think about what users are doing.” (CIO, Finance) © 2013 IBM Corporation
Technology Foundational security technologies are still seen as critically important Most important (select top 3) 51%  Strategic and more advanced 39% technologies have generally not 39% risen to critical importance yet 37%  Security leaders are putting an 32% emphasis on enterprise identity 20% and access management (51%) 20% and network security (39%) 15%  Things like advanced malware 12% detection and security intelligence analytics haven’t 10% 5% risen above foundational 2% technologies in importance 2% 0% 11 © 2013 IBM Corporation
Technology Despite concerns, many are using cloud for security services and are planning increased deployment in the near future  Three-fourths (76%) of the sample use some type of cloud security services  Privacy and security of data in a cloud environment is the number one concern (61%)  Most popular cloud services are data monitoring and audit, federated identity and access management, virtual environment protection and patch management  Planning investment in future capabilities (application threat protection) 12 Cloud security services Data monitoring and audit 39% Federated identity and access management 39% Virtual environment protection and patch management 37% Security information and event management (SIEM) Application threat protection Other Deployed 32% 24% 20% 15% 5% 10% 24% 17% ‘Most likely’ planned © 2013 IBM Corporation
Technology Mobile security technology has significant attention and investment, but the focus is still on deployment Mobile security capabilities  Mobile has significant attention #1 most recently deployed technology (25% deployed in the Management capability 78% Inventory of devices 10% 12% 76% 7% 17% past twelve months)  76% see theft or loss of device or sensitive data on device as a major concern  Mobile capabilities are still evolving and maturing  Many are planning to develop an enterprise strategy for mobile security (39%), thought not many have done so yet (29%) Published set of principles 61% Containerization and encryption 56% Incident response policy Enterprise strategy Location awareness 39% 29% 15% 22% 27% 22% 22% 34% 39% 15% Currently investing 13 17% 32% 71% Planning to develop No plans © 2013 IBM Corporation
Technology Technology challenge: Mobile security technology is top of mind and being deployed, but not everyone is doing all they should with respect to mobile policy and management  Mobile policy and strategy for personal devices is not widely deployed or considered important  Less than 40% have deployed capabilities around specific response policies for personally-owed devices or an enterprise strategy for BYOD,  Very few consider an enterprise strategy for BYOD “most important” (10%) 14 © 2013 IBM Corporation
MEASUREMENT “We use metrics to continually improve our processes and awareness. They help determine what happens next in order to stay ahead of the game.” (Executive VP of IT, Finance) © 2013 IBM Corporation
Measurement Metrics are generally used to guide budgeting and help develop strategy for the organization  In general, technical and business How security and business metrics are used (multiple responses) metrics are still focused on operational issues  Over 90% track the number of incidents, lost or stolen records data or devices and audit and compliance status  Metrics are used more for budget reasons – 32% of respondents use metrics to guide budgeting  Few respondents (12%) are feeding their business and security metrics into the risk process 16 © 2013 IBM Corporation
Measurement Measurement challenge: Progress needs to be made translating security metrics into the language of the business Measure financial impact Integrate IT and business risk Nearly two-thirds do not translate metrics into financial outputs due to no requirement, lack of resources, and/or complexity to calculate More than half don’t combine security metrics with business risk metrics – those that do, it’s typically a line in a broader risk assessment “Measuring financial impact is important when we want to implement technology. What is the ROI, the cost avoidance of an incident? We use it to prove that there is value.” (CTO, Insurance) 17 “Security metrics get combined with customer satisfaction and as part of a broader scope of continuity and business impact analysis. Cybersecurity is integrated into the risk along with other issues.” (Director of IT, Utility) © 2013 IBM Corporation
Conclusions Those that have the right combination of practices and who are addressing the challenges are evolving into a more versatile security leader – creating a new standard Formalize your role as a CISO Establish a security strategy Develop effective business relations Build trust Invest in advanced technology when it meets a business need Fortify your mobile security Share information Focus on the overall economic impact of risk Address concerns around reputational risk and customer satisfaction Translate and integrate metrics “Strategic vision… Global consistency… Lots of communication… speak business value, understand risk… minimize the impact… be on the bleeding edge…” 18 © 2013 IBM Corporation
Conclusions The path to a new security standard – Where are you on your journey? Do you have a CISO, or a similar position – a central security leader with authority? Have you self-assessed your overall security capabilities? Are you actively fostering strong relations and building trust with key business stakeholders? Do you have a security strategy that the Board and C-suite participates in the development of? Do you understand enterprise risk and security’s role in it? Are you linked to risk processes? 19 Do you have a broad set of metrics (technical, business, risk) that are communicated widely? Are you investing in mobile security technology AND policy? Are you continually reassessing your capabilities? Are you exploring advanced technologies? © 2013 IBM Corporation
For more information Visit us @IBM Stall http://www.ibm.com/ibmcai/ciso http://www.ibm.com/security/ciso 20 © 2013 IBM Corporation
© Copyright IBM Corporation 2013 IBM Corporation New Orchard Road Armonk, NY 10504 Produced in the United States of America October 2013 IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. Other product, company or service names may be trademarks or service marks of others. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. GTP11058-USEN-00 21 © 2013 IBM Corporation

Empfohlen

Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
Avg White Paper (4)
Avg White Paper (4)Avg White Paper (4)
Avg White Paper (4)AVG Technologies
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019Insights success media and technology pvt ltd
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 

Empfohlen

Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
Avg White Paper (4)
Avg White Paper (4)Avg White Paper (4)
Avg White Paper (4)AVG Technologies
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019Insights success media and technology pvt ltd
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover StoryTorrid Networks Private Limited
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbookJames Fintain Lawler
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceSrinidhi Aithal
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 
7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)Mighty Guides, Inc.
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookCIO Look Magazine
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsEnterprise Management Associates
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
A Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyA Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyEnterprise Management Associates
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021Merry D'souza
 
Workshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsWorkshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsPriyanka Aash
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 

Weitere ähnliche Inhalte

Was ist angesagt?

Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceSrinidhi Aithal
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 
7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)Mighty Guides, Inc.
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookCIO Look Magazine
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsEnterprise Management Associates
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021Merry D'souza
 

Was ist angesagt? (19)

csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based security
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
 
7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO Look
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
A Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyA Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception Technology
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021
 

Andere mochten auch

Workshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsWorkshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsPriyanka Aash
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisPriyanka Aash
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Priyanka Aash
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityPriyanka Aash
 
Keynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactKeynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactPriyanka Aash
 
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Priyanka Aash
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The PasswordPriyanka Aash
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforcePriyanka Aash
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityPriyanka Aash
 

Andere mochten auch (13)

Workshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsWorkshop on Endpoint Memory Forensics
Workshop on Endpoint Memory Forensics
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of Security
 
Keynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactKeynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security Impact
 
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The Password
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security Taskforce
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring Security
 

Ähnlich wie New Standard for Security Leaders

Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Matthew Rosenquist
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissPreparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissEnterprise Mobile
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trustaccenture
 
Our Previous Edition Post event synopsis
Our Previous Edition Post event synopsisOur Previous Edition Post event synopsis
Our Previous Edition Post event synopsisVasuki Kashyap
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS
 
Finding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyFinding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyIBMGovernmentCA
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdfJose R
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 

Ähnlich wie New Standard for Security Leaders (20)

Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissPreparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
 
Cybersecurity report-vol-8
Cybersecurity report-vol-8Cybersecurity report-vol-8
Cybersecurity report-vol-8
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trust
 
Our Previous Edition Post event synopsis
Our Previous Edition Post event synopsisOur Previous Edition Post event synopsis
Our Previous Edition Post event synopsis
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
 
Finding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyFinding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO Study
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 

Mehr von Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Kürzlich hochgeladen (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

New Standard for Security Leaders

  • 1. Nov 15th 2013 A new standard for security leaders Insights from the 2013 IBM Chief Information Security Officer Assessment © 2013 IBM Corporation
  • 2. Introduction There is increasing attention focused on the CISO and calls to transform and broaden the role into something more than simply a protector of the enterprise “Smart CISOs… should major on real security management improvements that deliver true business value.” “Where next for the enterprising CISO?”, David Lacey's IT Security Blog, ComputerWeekly.com, July 13, 2013, LINK “It's hard being a CISO… you have a moment in the sun, however short, to demonstrate the overall business value of security in your company and the competitive advantage that provides.” “A CISO's Guide to Communicating with the Board”, Kyle Flaherty, 21CT, July 1, 2013, LINK “…CISOs are not only reducing risk, they are gaining influence over the entire organization and building their value among management and colleagues, and becoming a trusted source for innovation and best practices” “Being great: Five critical CISO traits”, Joe Gottlieb, SC Magazine, June 13, 2013, LINK “Chief information security officers will have evolve into corporate information risk managers if they are to survive in the future...” “CISOs must shape up or ship out, says Forrester”, Warwick Ashford, ComputerWeekly.com, June 11, 2013, LINK 2 © 2013 IBM Corporation
  • 3. Introduction This is causing organizations to ask a number of key questions around information security leadership and critical capabilities A CEO might ask:  “Is my security team doing enough to protect the value of the enterprise? Do I have the right team and capabilities?”  “Is security just a cost center, or can it help to achieve business objectives and enable innovation?” A CIO or Chief Information Security Officer might ask:  “How do I compare to other security organizations in my industry?”  “How should I balance my technology investments with policy development and education programs?”  “How do I convince my business leadership that a technology purchase is needed and worthwhile?” 3 © 2013 IBM Corporation
  • 4. Introduction Different security leader categories and characteristics were defined in the 2012 CISO Assessment – Finding a strategic voice 4 © 2013 IBM Corporation
  • 5. Approach Extending the prior work in order to identify better practices we performed indepth interviews with organizations’ senior-most security leaders Respondent distribution 20% IT Director 24% IT Manager 39% $100K-$1M Role Security budget 15% EVP/ VP of IT 42% C-level/ CISO 17% Mid-market Countries U.S., UK, Germany, Japan Industries Aerospace and defense, automotive, banking, chemicals, consumer products, financial markets, healthcare, insurance, media and entertainment, manufacturing, pharmaceuticals, retail, travel and transportation, energy and utilities, wholesale 5 34% $1M+ 83% Large enterprise 27% <$100K Organization size © 2013 IBM Corporation
  • 6. Overview We uncovered a set of key findings and a set of challenges security leaders are struggling with Key findings  More mature security leaders focus on strategy, policies, education, risks, and business relations  Leaders build trust by communicating in a transparent, frequent, credible way  More work needs to be done to improve information sharing outside the organization  Foundational security technologies are still seen as critically important  Mobile security technology has significant attention and investment  Many are using cloud for security services and are planning increased deployment in the near future  In general, technical and business metrics are still focused on operational issues  Metrics are used more for budget and strategy reasons and less for risk  Progress needs to be made translating security metrics into the language of the business 6 Challenge How do I best manage a broad set of concerns from a diverse set of business stakeholders? How do I improve mobile security policy and management – not just deploy the latest technology? How do I translate security metrics into the language of the business to help guide strategy? © 2013 IBM Corporation
  • 7. BUSINESS PRACTICES “Security is difficult, and security people are unique. They have a different way of looking at things. We try to get away from ‘techno garble,’ which isn’t important to the business. The business needs it in black and white, no theoretical things.” (CTO, Insurance) © 2013 IBM Corporation
  • 8. Business practices What experienced security leaders say about achieving success in their role Strong strategy and policy Comprehensive risk management “Risk assessment information is used to determine our security policy. It decides what, where, when, and how to protect, and the cost of doing that – the cost to the business.” (Head of IT Group, Manufacturing) Effective business relations “Getting business support is about selling. You need somebody that has business savvy, but also understands the technology – who can speak business value and understand risk.” (Chief Technology Officer, Insurance) Concerted communications efforts 8 “What’s important when making security decisions? A strategic vision, risk assessments and prioritizing around security, understanding the impact of new technology, having the ability to differentiate solutions and pick the winners.” (IT Director, Insurance) “Effective relationships require lots of communication, providing assistance to business leaders and requesting time in their meetings to communicate importance of security, talk about wins and communicate the risks. You open minds when you have that constant background noise.” (Director of Infrastructure, Utility) © 2013 IBM Corporation
  • 9. Business practices Business practices challenge: Security leaders have a broad set of concerns to manage from a diverse group of stakeholders What are your C-suite’s greatest concerns? 9 Information security leaders have to protect against threats to brand reputation, operational downtime, compliance and regulations and financial loss © 2013 IBM Corporation
  • 10. TECHNOLOGY “You have to be on the bleeding edge of business technology and consumer technology. BYOD is starting to encompass almost everything. Devices are proliferating. Security leaders have to be smart, be savvy. Think like a user. Think about what users are doing.” (CIO, Finance) © 2013 IBM Corporation
  • 11. Technology Foundational security technologies are still seen as critically important Most important (select top 3) 51%  Strategic and more advanced 39% technologies have generally not 39% risen to critical importance yet 37%  Security leaders are putting an 32% emphasis on enterprise identity 20% and access management (51%) 20% and network security (39%) 15%  Things like advanced malware 12% detection and security intelligence analytics haven’t 10% 5% risen above foundational 2% technologies in importance 2% 0% 11 © 2013 IBM Corporation
  • 12. Technology Despite concerns, many are using cloud for security services and are planning increased deployment in the near future  Three-fourths (76%) of the sample use some type of cloud security services  Privacy and security of data in a cloud environment is the number one concern (61%)  Most popular cloud services are data monitoring and audit, federated identity and access management, virtual environment protection and patch management  Planning investment in future capabilities (application threat protection) 12 Cloud security services Data monitoring and audit 39% Federated identity and access management 39% Virtual environment protection and patch management 37% Security information and event management (SIEM) Application threat protection Other Deployed 32% 24% 20% 15% 5% 10% 24% 17% ‘Most likely’ planned © 2013 IBM Corporation
  • 13. Technology Mobile security technology has significant attention and investment, but the focus is still on deployment Mobile security capabilities  Mobile has significant attention #1 most recently deployed technology (25% deployed in the Management capability 78% Inventory of devices 10% 12% 76% 7% 17% past twelve months)  76% see theft or loss of device or sensitive data on device as a major concern  Mobile capabilities are still evolving and maturing  Many are planning to develop an enterprise strategy for mobile security (39%), thought not many have done so yet (29%) Published set of principles 61% Containerization and encryption 56% Incident response policy Enterprise strategy Location awareness 39% 29% 15% 22% 27% 22% 22% 34% 39% 15% Currently investing 13 17% 32% 71% Planning to develop No plans © 2013 IBM Corporation
  • 14. Technology Technology challenge: Mobile security technology is top of mind and being deployed, but not everyone is doing all they should with respect to mobile policy and management  Mobile policy and strategy for personal devices is not widely deployed or considered important  Less than 40% have deployed capabilities around specific response policies for personally-owed devices or an enterprise strategy for BYOD,  Very few consider an enterprise strategy for BYOD “most important” (10%) 14 © 2013 IBM Corporation
  • 15. MEASUREMENT “We use metrics to continually improve our processes and awareness. They help determine what happens next in order to stay ahead of the game.” (Executive VP of IT, Finance) © 2013 IBM Corporation
  • 16. Measurement Metrics are generally used to guide budgeting and help develop strategy for the organization  In general, technical and business How security and business metrics are used (multiple responses) metrics are still focused on operational issues  Over 90% track the number of incidents, lost or stolen records data or devices and audit and compliance status  Metrics are used more for budget reasons – 32% of respondents use metrics to guide budgeting  Few respondents (12%) are feeding their business and security metrics into the risk process 16 © 2013 IBM Corporation
  • 17. Measurement Measurement challenge: Progress needs to be made translating security metrics into the language of the business Measure financial impact Integrate IT and business risk Nearly two-thirds do not translate metrics into financial outputs due to no requirement, lack of resources, and/or complexity to calculate More than half don’t combine security metrics with business risk metrics – those that do, it’s typically a line in a broader risk assessment “Measuring financial impact is important when we want to implement technology. What is the ROI, the cost avoidance of an incident? We use it to prove that there is value.” (CTO, Insurance) 17 “Security metrics get combined with customer satisfaction and as part of a broader scope of continuity and business impact analysis. Cybersecurity is integrated into the risk along with other issues.” (Director of IT, Utility) © 2013 IBM Corporation
  • 18. Conclusions Those that have the right combination of practices and who are addressing the challenges are evolving into a more versatile security leader – creating a new standard Formalize your role as a CISO Establish a security strategy Develop effective business relations Build trust Invest in advanced technology when it meets a business need Fortify your mobile security Share information Focus on the overall economic impact of risk Address concerns around reputational risk and customer satisfaction Translate and integrate metrics “Strategic vision… Global consistency… Lots of communication… speak business value, understand risk… minimize the impact… be on the bleeding edge…” 18 © 2013 IBM Corporation
  • 19. Conclusions The path to a new security standard – Where are you on your journey? Do you have a CISO, or a similar position – a central security leader with authority? Have you self-assessed your overall security capabilities? Are you actively fostering strong relations and building trust with key business stakeholders? Do you have a security strategy that the Board and C-suite participates in the development of? Do you understand enterprise risk and security’s role in it? Are you linked to risk processes? 19 Do you have a broad set of metrics (technical, business, risk) that are communicated widely? Are you investing in mobile security technology AND policy? Are you continually reassessing your capabilities? Are you exploring advanced technologies? © 2013 IBM Corporation
  • 20. For more information Visit us @IBM Stall http://www.ibm.com/ibmcai/ciso http://www.ibm.com/security/ciso 20 © 2013 IBM Corporation
  • 21. © Copyright IBM Corporation 2013 IBM Corporation New Orchard Road Armonk, NY 10504 Produced in the United States of America October 2013 IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. Other product, company or service names may be trademarks or service marks of others. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. GTP11058-USEN-00 21 © 2013 IBM Corporation