Virtual CSO

•Als PPTX, PDF herunterladen•

0 gefällt mir•360 views

S

If you need full-time security management on a part-time salary, check out this presentation.

Virtual CSO

What You Need, When
You Need It
Bryan Miller
Syrinx Technologies
bryan@syrinxtech.com
www.syrinxtech.com
804-539-9154

Virtual CSO

Agenda
 Security Roadblocks
 Business Benefits
 Technical Benefits
 Summary
 Next Steps
 Q&A

2

Virtual CSO

Security Roadblocks
 Cost
 Perception of high cost of security
 Work overload – “I have enough to do already”

 Policy
 Implementation becomes an afterthought
 Lack of support for policy enforcement

3

Virtual CSO

Security Roadblocks

 Risk vs. Reward
 False Sense of Security
 We’ve never been hacked
 Who would want what we have
 We’re too small to be a target

 Security becomes a “nice to have”
 Security often seen as a cost, not a savings
 Security delays implementation

4

Virtual CSO

Business Benefits

 No payroll taxes or benefit costs

 No training costs

 Flexibility - each client chooses a customized
solution to fit their budget

5

Virtual CSO

Technical Benefits

 Initial Policy and Procedure Development/Review
 Annual Updates

 Initial Internal and External Penetration Testing
 Develop a Baseline

 Follow-up Penetration Testing
 Annual External and Internal Testing

6

Virtual CSO

Technical Benefits

 Options
 Monthly Block Time

 Security Awareness Training Program Development

 Incident Response Program Development

 Compliance Program Consulting
 HIPAA, PCI, NCUA

7

Virtual CSO

Technical Benefits

 Options
 Developing/Updating Infrastructure Documentation

 Customized Vulnerability Notifications

 Server Hardening Best Practices

 Disaster Recovery (DR) and Business Continuity Plan
(BCP) Development

8

Virtual CSO

Summary

The CSO position is necessary but often
unfunded.

Outsourcing provides a reasonable return
on investment.

Syrinx Technologies can provide the
required services at reduced costs.
9

Virtual CSO

Next Steps

 Decide if this is right for your organization
 Assess your current security posture
 Compute the ROI

 Develop an action plan
 Work with Syrinx Technologies to choose your
options and develop a roadmap

 Implement the plan
 Yearly program review and tuning

10

Virtual CSO

Q&A

 How is this program priced?
 Once the client chooses their desired options, a yearly proposal
will be provided.

 Are there any minimum or maximum service periods?
 The client may cancel at any time with 30 days written notice.

 How often am I billed?
 Syrinx Technologies will bill the client monthly.

 Are Service Level Agreements (SLA) available?
 Yes, specific SLAs can be written into the service agreement.

11

Weitere ähnliche Inhalte

Was ist angesagt?

Security is an important factor in IT project management. This presentation highlights security implications in delivering IT projects by focusing on project management processes, and Software Development Life Cycle. This also highlights how to implement security in Waterfall and Agile delivery methods. In addition, this presentation details delivering quality software by aligning project level strategies with organization’s security strategy and process. Presented on June 2015 at ISSA, Durham, NC, USA.

Embedding Security in IT Projects

Embedding Security in IT Projects

Embedding Security in IT Projects

Kaali Dass PMP, PhD.

Presented by Patrick Miller, The Anfield Group and Jason Ile, Tripwire Abstract: This presentation emphasis the importance of building an environment where compliance is a natural byproduct of effective security controls. The presenters discuss how to establish info security controls that reinforce a culture of controls, by being plugged into the daily operational processes of IT operations, software and service development, project management and Internal audit. Additional, the presenters explore the various benefits of continuous monitoring and how to achieve it through a step-by-step practice.

Achieving Compliance Through Security

Achieving Compliance Through Security

Achieving Compliance Through Security

Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...

Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...

Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...

Hewlett Packard Enterprise Business Value Exchange

Cyber risk management-white-paper-v8 (2) 2015

Cyber risk management-white-paper-v8 (2) 2015

Cyber risk management-white-paper-v8 (2) 2015

Accounting_Whitepapers

NEMEA Compliance Center - the most powerful survey creation, management, and reporting solution available. It intuitively collects responses, writes, and produces standardized regulatory compliance reports. In fact, it even supports the use of many different standards at once. Our compliance software has a fully featured user-interface that lets you rapidly compare the laws and regulations that govern your industry and business.

NEMEA Compliance center

NEMEA Compliance center

NEMEA Compliance center

NEMEA Security Services

AdvisorAssist Compliance ROI

AdvisorAssist Compliance ROI

AdvisorAssist Compliance ROI

AdvisorAssist, LLC

Presentation1

Enterprise Wide IT Projects are Complex and strategic importance to organizations to sustain competitive advantage in the market place. High percentage of strategic initiatives fail due to poor project performance. This presentation highlights importance of leading Enterprise Wide Projects, instead just focusing on managing projects. The author discusses enterprise wide project relevance to PMI Knowledge Areas and essential leadership skills required to manage enterprise wide projects. The author also presents two project planning models organizations can use to improve enterprise wide project success.

Leading Enterprise Wide Projects

Leading Enterprise Wide Projects

Leading Enterprise Wide Projects

Kaali Dass PMP, PhD.

Achieving PCI compliance can be a complex, time-consuming, and expensive undertaking. However, with the right approach it can be substantially less burdensome. In this webcast, we will provide background and recommendations to help you make the best possible decisions regarding PCI for your PaaS-based application. If you currently accept, or are contemplating accepting a payment card on your web application, this webcast is for you. In this presentation you will learn about: -An overview of PCI -How to scope your environment for PCI compliance -Ways to make compliance more manageable, and -Things to consider when approaching PCI compliance on a PaaS provider. To view the full webcast on-demand: http://pages.engineyard.com/an-introduction-to-pci-compliance-on-a-paas.html

Simplifying PCI on a PaaS Environment

Simplifying PCI on a PaaS Environment

Simplifying PCI on a PaaS Environment

Engaging with a vendor especially one who provides some sort of Information and/or technology based services is necessary for many global organizations. Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP). Cloud based services add to the complexities of managing traditional security & compliance risks. Identifying and addressing risks associated with moving your data, applications and services are not the only thing that an organization has to consider. An organization also needs to think about and plan for vendor related risks, legal, regulatory and contractual risks. This spectrum of risks continues to expand particularly when dealing with customers and vendors who are operating in different geographies governed by different regulations, data protection laws, culture and operating models. For more information, visit - http://www.happiestminds.com/technology-focus/cloud-computing/

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud

Happiest Minds Technologies

Was ist angesagt? (10)

Embedding Security in IT Projects

Embedding Security in IT Projects

Embedding Security in IT Projects

Achieving Compliance Through Security

Achieving Compliance Through Security

Achieving Compliance Through Security

Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...

Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...

Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...

Cyber risk management-white-paper-v8 (2) 2015

Cyber risk management-white-paper-v8 (2) 2015

Cyber risk management-white-paper-v8 (2) 2015

NEMEA Compliance center

NEMEA Compliance center

NEMEA Compliance center

AdvisorAssist Compliance ROI

AdvisorAssist Compliance ROI

AdvisorAssist Compliance ROI

Presentation1

Leading Enterprise Wide Projects

Leading Enterprise Wide Projects

Leading Enterprise Wide Projects

Simplifying PCI on a PaaS Environment

Simplifying PCI on a PaaS Environment

Simplifying PCI on a PaaS Environment

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud

Ähnlich wie Virtual CSO

Rothke secure360 building a security operations center (soc)

Rothke secure360 building a security operations center (soc)

Rothke secure360 building a security operations center (soc)

Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders

Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders

Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders

How to Raise Cyber Risk Awareness and Management to the C-Suite

How to Raise Cyber Risk Awareness and Management to the C-Suite

How to Raise Cyber Risk Awareness and Management to the C-Suite

From our webinar - 14th November 2019 Compliance professionals around the world are eagerly awaiting more information about PCI’s latest release to the Data Security Standards: PCI DSS 4.0. During this 30-minute webinar, we will review the timeline of the 4.0 release. Discuss findings from the 2019 RFC period draft release, highlight key changes that are coming with the revised framework, and discuss how SureCloud will help clients navigate these changes.

Looking Forward: What to Expect With PCI 4.0

Looking Forward: What to Expect With PCI 4.0

Looking Forward: What to Expect With PCI 4.0

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.

Scot Secure 2019 Edinburgh (Day 2)

Scot Secure 2019 Edinburgh (Day 2)

Scot Secure 2019 Edinburgh (Day 2)

Executive Perspective Building an OT Security Program from the Top Down

Executive Perspective Building an OT Security Program from the Top Down

Executive Perspective Building an OT Security Program from the Top Down

Cynergies One Page Overview

Cynergies One Page Overview

Cynergies One Page Overview

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf

With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security. During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach. Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data. Learning Objectives: Upon completion of this seminar, participants will be able to: 1. Understand the history and evolution of Zero Trust and its application to data security. 2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security. 3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security. 4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data. 5. Network with other industry professionals to share insights and best practices.

Zero Trust and Data Security

Zero Trust and Data Security

Zero Trust and Data Security

Career Communications Group

Operation: Next Summit Takeaways

Operation: Next Summit Takeaways

Operation: Next Summit Takeaways

When a security program isn't as good as it should be it can be tempting to conclude that it needs more resources and solutions. Jack Nichelson decided to take a different approach: simplification. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He’ll share a back-to-the-basics case study for removing complexity and running a simple, effective, start-up worthy security program. This Talk is for - Security Managers looking to better focus on the real vulnerabilities and more effectively communicate your progress The Goals of this talk – Find the real problems, create a formal plan, build support for the plan, and report the progress

Information Security - Back to Basics - Own Your Vulnerabilities

Information Security - Back to Basics - Own Your Vulnerabilities

Information Security - Back to Basics - Own Your Vulnerabilities

Security of the future - Adapting Approaches to What We Need

Security of the future - Adapting Approaches to What We Need

Security of the future - Adapting Approaches to What We Need

In order for organizations to stay competitive, they must always be improving. This too is true for their cybersecurity. Being able to properly harvest and digest cybersecurity benchmarking information is critical for today’s CIOs. If you realize that your cybersecurity is not at the level it should be, evaluating it properly can help you raise appropriate resources to fix the issues. Discover how to get the full picture of your organization's security performance compared to your peers. Learn why benchmarking is so critical for today's CIOs and how to clearly communicate benchmarking data to your board.

How to measure your cybersecurity performance

How to measure your cybersecurity performance

How to measure your cybersecurity performance

APM webinar sponsored by the South Wales and West of England Branch on 14 July 2022. Speaker: Sophie Okell Introducing ethical hacking to the Ministry of Defence; the project management behind the innovation. This webinar talked you through the journey of how a groundbreaking cyber testing methodology was applied in the Ministry of Defence. How the project overcame the challenges faced, such as the complex stakeholder landscape, change resistance to such an innovative product and navigating commercial and legal. The methods and factors that made the project successful: Senior leadership support and advocacy. Small, empowered and flexible team. Internal marketing campaign, making use of communications and rewards. A consultative, transformation approach. Stakeholder mapping and engagement. External communications, including a successful press release. Demonstrating success early in the project and building on it. Short delivery timescales Clear methodology for the test, detailed in easily digestible communications Making use of internal champions across the organisation. The benefits achieved: Reduction to the cyber risk. Increased collaborative cyber culture. Upskilling of internal IT and cyber staff. Positioning of the MOD as a cyber leader on the global stage. https://youtu.be/e0FXmRlKT20 https://www.apm.org.uk/news/introducing-ethical-hacking-to-the-ministry-of-defence-webinar/

Introducing Ethical Hacking to the Ministry of Defence.pdf

Introducing Ethical Hacking to the Ministry of Defence.pdf

Introducing Ethical Hacking to the Ministry of Defence.pdf

Association for Project Management

New technologies - Amer Haza'a

New technologies - Amer Haza'a

New technologies - Amer Haza'a

Why physical security just isn’t enough, Sending the heavies into virtualized...

Why physical security just isn’t enough, Sending the heavies into virtualized...

Why physical security just isn’t enough, Sending the heavies into virtualized...

Global Business Events - the Heart of your Network.

What Goes Into Onboarding New Cybersecurity Vendors

What Goes Into Onboarding New Cybersecurity Vendors

What Goes Into Onboarding New Cybersecurity Vendors

Ähnlich wie Virtual CSO (20)

Rothke secure360 building a security operations center (soc)

Rothke secure360 building a security operations center (soc)

Rothke secure360 building a security operations center (soc)

Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders

Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders

Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders

How to Raise Cyber Risk Awareness and Management to the C-Suite

How to Raise Cyber Risk Awareness and Management to the C-Suite

How to Raise Cyber Risk Awareness and Management to the C-Suite

Looking Forward: What to Expect With PCI 4.0

Looking Forward: What to Expect With PCI 4.0

Looking Forward: What to Expect With PCI 4.0

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

Scot Secure 2019 Edinburgh (Day 2)

Scot Secure 2019 Edinburgh (Day 2)

Scot Secure 2019 Edinburgh (Day 2)

Executive Perspective Building an OT Security Program from the Top Down

Executive Perspective Building an OT Security Program from the Top Down

Executive Perspective Building an OT Security Program from the Top Down

Cynergies One Page Overview

Cynergies One Page Overview

Cynergies One Page Overview

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

How to Monitor Digital Dependencies Across Your Modern IT Stack

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf

Zero Trust and Data Security

Zero Trust and Data Security

Zero Trust and Data Security

Operation: Next Summit Takeaways

Operation: Next Summit Takeaways

Operation: Next Summit Takeaways

Information Security - Back to Basics - Own Your Vulnerabilities

Information Security - Back to Basics - Own Your Vulnerabilities

Information Security - Back to Basics - Own Your Vulnerabilities

Security of the future - Adapting Approaches to What We Need

Security of the future - Adapting Approaches to What We Need

Security of the future - Adapting Approaches to What We Need

How to measure your cybersecurity performance

How to measure your cybersecurity performance

How to measure your cybersecurity performance

Introducing Ethical Hacking to the Ministry of Defence.pdf

Introducing Ethical Hacking to the Ministry of Defence.pdf

Introducing Ethical Hacking to the Ministry of Defence.pdf

New technologies - Amer Haza'a

New technologies - Amer Haza'a

New technologies - Amer Haza'a

Why physical security just isn’t enough, Sending the heavies into virtualized...

Why physical security just isn’t enough, Sending the heavies into virtualized...

Why physical security just isn’t enough, Sending the heavies into virtualized...

What Goes Into Onboarding New Cybersecurity Vendors

What Goes Into Onboarding New Cybersecurity Vendors

What Goes Into Onboarding New Cybersecurity Vendors

Mehr von syrinxtech

Security In an IoT World

Security In an IoT World

Security In an IoT World

Low Hanging Fruit from Penetration Testing

Low Hanging Fruit from Penetration Testing

Low Hanging Fruit from Penetration Testing

Infrastructure Auditing

Infrastructure Auditing

Infrastructure Auditing

Remote Access Security

Remote Access Security

Remote Access Security

Cloud Computing Security

Cloud Computing Security

Cloud Computing Security

Virtualization Security

Virtualization Security

Virtualization Security

Focus Your Business

Focus Your Business

Focus Your Business

Penetration Testing as an auditing tool

Penetration Testing as an auditing tool

Penetration Testing as an auditing tool

PCI Compliance - What does it mean to me?

PCI Compliance - What does it mean to me?

PCI Compliance - What does it mean to me?

Web Database Server Best Practices

Web Database Server Best Practices

Web Database Server Best Practices

Mehr von syrinxtech (10)

Security In an IoT World

Security In an IoT World

Security In an IoT World

Low Hanging Fruit from Penetration Testing

Low Hanging Fruit from Penetration Testing

Low Hanging Fruit from Penetration Testing

Infrastructure Auditing

Infrastructure Auditing

Infrastructure Auditing

Remote Access Security

Remote Access Security

Remote Access Security

Cloud Computing Security

Cloud Computing Security

Cloud Computing Security

Virtualization Security

Virtualization Security

Virtualization Security

Focus Your Business

Focus Your Business

Focus Your Business

Penetration Testing as an auditing tool

Penetration Testing as an auditing tool

Penetration Testing as an auditing tool

PCI Compliance - What does it mean to me?

PCI Compliance - What does it mean to me?

PCI Compliance - What does it mean to me?

Web Database Server Best Practices

Web Database Server Best Practices

Web Database Server Best Practices

Virtual CSO

1. Virtual CSO What You Need, When You Need It Bryan Miller Syrinx Technologies bryan@syrinxtech.com www.syrinxtech.com 804-539-9154

2. Virtual CSO Agenda  Security Roadblocks  Business Benefits  Technical Benefits  Summary  Next Steps  Q&A 2

3. Virtual CSO Security Roadblocks  Cost  Perception of high cost of security  Work overload – “I have enough to do already”  Policy  Implementation becomes an afterthought  Lack of support for policy enforcement 3

4. Virtual CSO Security Roadblocks  Risk vs. Reward  False Sense of Security  We’ve never been hacked  Who would want what we have  We’re too small to be a target  Security becomes a “nice to have”  Security often seen as a cost, not a savings  Security delays implementation 4

5. Virtual CSO Business Benefits  No payroll taxes or benefit costs  No training costs  Flexibility - each client chooses a customized solution to fit their budget 5

6. Virtual CSO Technical Benefits  Initial Policy and Procedure Development/Review  Annual Updates  Initial Internal and External Penetration Testing  Develop a Baseline  Follow-up Penetration Testing  Annual External and Internal Testing 6

7. Virtual CSO Technical Benefits  Options  Monthly Block Time  Security Awareness Training Program Development  Incident Response Program Development  Compliance Program Consulting  HIPAA, PCI, NCUA 7

8. Virtual CSO Technical Benefits  Options  Developing/Updating Infrastructure Documentation  Customized Vulnerability Notifications  Server Hardening Best Practices  Disaster Recovery (DR) and Business Continuity Plan (BCP) Development 8

9. Virtual CSO Summary The CSO position is necessary but often unfunded. Outsourcing provides a reasonable return on investment. Syrinx Technologies can provide the required services at reduced costs. 9

10. Virtual CSO Next Steps  Decide if this is right for your organization  Assess your current security posture  Compute the ROI  Develop an action plan  Work with Syrinx Technologies to choose your options and develop a roadmap  Implement the plan  Yearly program review and tuning 10

11. Virtual CSO Q&A  How is this program priced?  Once the client chooses their desired options, a yearly proposal will be provided.  Are there any minimum or maximum service periods?  The client may cancel at any time with 30 days written notice.  How often am I billed?  Syrinx Technologies will bill the client monthly.  Are Service Level Agreements (SLA) available?  Yes, specific SLAs can be written into the service agreement. 11