SlideShare a Scribd company logo

Insight into Security Leader Success Part 2

Download as PPTX, PDF
Security Executive Council
Security Executive Council

This document provides recommendations for security leaders to create a business-focused security department that provides value to the enterprise. It discusses communicating security issues using common business terms, measuring the value of security programs through meaningful metrics, analyzing the total costs of security, developing a shared security strategy with business units, and selecting next generation security leaders with skills in business alignment, risk management, compliance, and performance measurement. The intended audience is security leaders seeking to ensure their department is valued by the business.

Business
1 of 24
How to get the Enterprise to Understand the Value of Security A SEC Research Finding Insight into Security Leader Success PART 2 of 2
Intended Audience This presentation is intended for security leaders who want to create a business-based security department that provides value, and is valued by the enterprise. The following recommendations are based on 10+ years of SEC relevancy-based research. ©2015 The Security Executive Council 2
©2015 The Security Executive Council 3
Old Expectations New Expectations © 2015 The Security Executive Council 4 Expectations Are Changing
What does it take to meet the NEW expectations? © 2015 The Security Executive Council 5
Communicate in Common Terms and Effectively 6 © 2015 The Security Executive Council 6
Telling Security’s Story • History of the program • Milestones • Mission/vision statements • Programs and services • Timeline of program development • Service delivery model • Functional organization chart • Internal SWOT analysis • Current state of the program status heat map • Accomplishments and results • Internal value analysis status • Metrics • Strategic initiatives/strategic plan • Measuring business value roadmap chart • Emerging and futuristic trends that will affect the organization and security Don’t rely on others understanding Security. The following elements should be considered to help delineate Security and its role; for both yourself and your team, as well as those outside of security: © 2015 The Security Executive Council 7
ALL staff on Security should be able to tell the story - not just the security leader. ©2015 The Security Executive Council 8 (See Insight into Security Leader Success part 1 page 7 - using Board-Level Risk terminology).
Measuring Value and Sharing that Knowledge 7 ©2015 The Security Executive Council 9
This is OK… Activity January February March April May June Initial Background Investigations Processed 14 27 32 21 37 46 Periodic Reviews Processed 3 3 13 10 8 17 Orientation & Refresher Briefings 7 10 12 6 15 21 Security Policies Developed 2 2 3 1 Data Spill Mitigation/Incid ents 1 1 3 Secure Area Alarm Responses 3 11 5 22 7 14 Internal Incidents/Invest igations 5 3 2 2 6 1 Foreign Travel Briefings 5 5 3 7 Counting things shows you’re active. Instead create a metric that shows performance, value, improvement, customer confidence, etc. © 2015 The Security Executive Council 10 This is Better…
Metrics Risk Assessments Process & Event Monitoring Audits & Inspections After-Action Reviews Investigations & Post- Mortems Processes, Plans, Objectives & Budgets Incident Reports Communicating The Value Story • Reduced risk & loss attributable to security initiatives / reduced cost of insurance • Reduced cost of security-related processes and incidents • Reduced risk to insiders and within 3rd party relationships • Increased engagement of employees in securing corporate assets • Assurance of Security response effectiveness • Assurance of regulatory compliance • Enhanced ability to satisfy customers with improved methods of protection • Reduced risk of attack through more measurably effective protective measures • Reduced recovery time from incidents • Increased brand protection & market penetration attributable to security measures • Reduced notable audit findings attributable to security defects Actionable Metrics Embedded Data & Measures Focus • Performance • Risk • Value • Influence • Engagement • Bi-Directional • Improvement • Compliance • Service Level • Customer Satisfaction • Business Alignment Find your meaningful value story that is relevant to your company and then tell people about it. © 2015 The Security Executive Council 11
Grasping the Total Cost of Security 8 © 2015 The Security Executive Council 12
© 2015 The Security Executive Council 13 The cost of security, staff and services at all locations that the corporation operates on a worldwide basis. This includes all corporate and IT security elements and the related staff and services, whether proprietary or contractual, managed by the security department or by other corporate staff groups. Total Cost of Security ≠ Security Budget Definition of total cost of security:
© 2015 The Security Executive Council 14 → Aggregated costs can point to gaps in security risk mitigation. → Total security cost analysis detects duplication of effort and cost savings. → Enterprise perspective leads to more effective security program risk mitigation management. → Robust data sets offer improved benchmarking comparisons. → Helps differentiate between mandatory and discretionary costs. Analyzing the Total Cost of Security Can Lead to Valuable Benefits
The issue is not “ownership of security programs.” The opportunity is to examine the cost of security to the entity, prioritize program costs against risk and estimated value. Act as an agent of influence in program improvements and costs reduction. Be a positive partner to other entity units to achieve greater value. Define and agree upon metrics measuring success. Benchmark within your sub-sector and outside your sector to identify opportunities and improve. © 2015 The Security Executive Council 15 Important Factors to Consider:
Define and Execute a Shared Strategy 9 © 2015 The Security Executive Council 16
© 2015 The Security Executive Council 17 ↘ Conduct enterprise/security risk assessment to define risks ↘ Conduct gap analysis ↘ Be able to articulate Security’s value ↘ Define your desired programs and/or develop a service directory ↘ Decide on the service delivery model ↘ Establish policy or governance mechanisms ↘ Determine workload activity ↘ Develop equipment specifications ↘ Recalibrate with management ↘ Create standards for global implementation ↘ Develop metrics to measure activity and KPIs ↘ Strive for business alignment To help ensure success, a plan for developing a Security program should incorporate the following: Planning for Success
Try whiteboard sessions to get everyone thinking and to come to a common ground. Interview internal stakeholder on what they think is important or missing. Create an elevator speech all staff can repeat. © 2015 The Security Executive Council 18 Have a plan Create roadmaps Develop a common language Define standards
Develop the Next Generation 10 © 2015 The Security Executive Council 19
Historical Security Leader Selection: Previous Business Challenges © 2015 The Security Executive Council 20
Previous Generation Skill Requirements are Evolving Business/Organizational Alignment: Budget, conduct, governance, mission, plan, strategy Current/Emerging/Residual/Risk & Compliance: All-hazards and Board-level Risk model IT: Applications, architecture, data, forensics, networks, software, tools Leadership: Business case communication, crisis mitigation and team building Performance Assurance: People-Process- Technology, measures and metrics Organizational: Brand, culture, partner, supply chain, stakeholder issues © 2015 The Security Executive Council 21
• Align Board Level Risk and business mitigation strategy • Influence community preparedness and resilience for emerging global risks • Manage information protection, breaches and situational intelligence • Add business value with mission assurance and P&L performance • Deliver performance measures and metrics • Run security as a business • Define and deliver operational excellence Selected* performance criteria for Next Generation Security Leaders *This is just a subset of the performance criteria we have identified in our research. Contact the Security Executive Council for more information about our Next Generation Security Leader program. © 2015 The Security Executive Council 22
Board-Level Risk Model Enterprise/Security Risk Alignment Model Unified Risk Oversight Model 9 Practice of the Successful Security Leader Research OPaL+ Assessment Research Security Measures and Metrics Program Internal Valuation Assessment Model Next Generation Security Leader Program Running Security as a Business Research Regulation and Compliance Management Database Executive Management Communication Best Practices SEC Technology Roadmap And the collective knowledge of SEC staff and subject matter experts (former security executives and security industry leaders) © 2015 The Security Executive Council 23 This presentation (parts 1 and 2) incorporates aspects of the following SEC developed research and content from the SEC Corporate Security Knowledge Base: This concludes part 2 of Insight into Security Leader Success.
• Aligning security risk mitigation strategies with enterprise risks • Assessing risks, threats and vulnerabilities • Creating your value driven metrics program • Developing and telling Security’s story • Becoming a part of the business-wide risk team • Aligning organizational readiness, program maturity and leadership strategy • Contributing to enterprise driven risk compliance • Running a business-based Security operation • Transforming the Security organization through powerful executive communication Contact us. We’re a security risk mitigation research and advisory firm. We’re made up of former successful security executives. We enjoy exploring how to make Security a valued part of the business. contact@secleader.com +1 202.730.9971 https://www.securityexecutivecouncil.com © 2015 The Security Executive Council 24 We can bring our research and extensive experience to work with you on:

Recommended

Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
Nathaniel Palmer
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
 
Technology Risk Management Simulation - Mahesh
Technology Risk Management Simulation - Mahesh Technology Risk Management Simulation - Mahesh
Technology Risk Management Simulation - Mahesh
Knowledge Group
 
Risk Assessment And Risk Treatment
Risk Assessment And Risk TreatmentRisk Assessment And Risk Treatment
Risk Assessment And Risk Treatment
Ben Omoakin Oguntala, developingafrica(dot)net
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutions
Craig Tappel
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
Andrew Smart
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk Management
Social Tables
 

Recommended

Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
Nathaniel Palmer
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
 
Technology Risk Management Simulation - Mahesh
Technology Risk Management Simulation - Mahesh Technology Risk Management Simulation - Mahesh
Technology Risk Management Simulation - Mahesh
Knowledge Group
 
Risk Assessment And Risk Treatment
Risk Assessment And Risk TreatmentRisk Assessment And Risk Treatment
Risk Assessment And Risk Treatment
Ben Omoakin Oguntala, developingafrica(dot)net
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutions
Craig Tappel
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
Andrew Smart
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk Management
Social Tables
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
 
Five Immutable Principles of Project of Digital Transformation Success
Five Immutable Principles of Project of Digital Transformation SuccessFive Immutable Principles of Project of Digital Transformation Success
Five Immutable Principles of Project of Digital Transformation Success
Glen Alleman
 
Technology Executives Club Roundtable SIG - Nov 6 Session Summary
Technology Executives Club Roundtable SIG - Nov 6 Session SummaryTechnology Executives Club Roundtable SIG - Nov 6 Session Summary
Technology Executives Club Roundtable SIG - Nov 6 Session Summary
WCapra
 
Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015
Association for Project Management
 
Enterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchEnterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branch
Association for Project Management
 
Project office automation whitepaper
Project office automation whitepaperProject office automation whitepaper
Project office automation whitepaper
Computer Aid, Inc
 
Protiviti's Tips - Will you be ready for an IPO when the market is?
Protiviti's Tips - Will you be ready for an IPO when the market is?Protiviti's Tips - Will you be ready for an IPO when the market is?
Protiviti's Tips - Will you be ready for an IPO when the market is?
Ellie Ahmadi
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guide
AstalapulosListestos
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
AstalapulosListestos
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management Program
Info-Tech Research Group
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
Resolver Inc.
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guide
AstalapulosListestos
 
Operational risk management a strategic tool
Operational risk management a strategic toolOperational risk management a strategic tool
Operational risk management a strategic tool
Eneni Oduwole
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate Compliance
Resolver Inc.
 
Risk Management
Risk ManagementRisk Management
Risk Management
Hinal Lunagariya
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
Jack585826
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurance
wisnu wardhana, i nyoman
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Introduction to Val IT
Introduction to Val ITIntroduction to Val IT
Introduction to Val IT
Varuna Harshana
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader
accenture
 
Innovation Management for BU syllabus
Innovation Management for BU syllabusInnovation Management for BU syllabus
Innovation Management for BU syllabus
Chetan T R
 

More Related Content

What's hot

Project office automation whitepaper
Project office automation whitepaperProject office automation whitepaper
Project office automation whitepaper
Computer Aid, Inc
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management Program
Info-Tech Research Group
 

What's hot (15)

Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Five Immutable Principles of Project of Digital Transformation Success
Five Immutable Principles of Project of Digital Transformation SuccessFive Immutable Principles of Project of Digital Transformation Success
Five Immutable Principles of Project of Digital Transformation Success
 
Technology Executives Club Roundtable SIG - Nov 6 Session Summary
Technology Executives Club Roundtable SIG - Nov 6 Session SummaryTechnology Executives Club Roundtable SIG - Nov 6 Session Summary
Technology Executives Club Roundtable SIG - Nov 6 Session Summary
 
Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015
 
Enterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchEnterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branch
 
Project office automation whitepaper
Project office automation whitepaperProject office automation whitepaper
Project office automation whitepaper
 
Protiviti's Tips - Will you be ready for an IPO when the market is?
Protiviti's Tips - Will you be ready for an IPO when the market is?Protiviti's Tips - Will you be ready for an IPO when the market is?
Protiviti's Tips - Will you be ready for an IPO when the market is?
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guide
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management Program
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guide
 
Operational risk management a strategic tool
Operational risk management a strategic toolOperational risk management a strategic tool
Operational risk management a strategic tool
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate Compliance
 
Risk Management
Risk ManagementRisk Management
Risk Management
 

Similar to Insight into Security Leader Success Part 2

2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
Jack585826
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015
Gail Gillis
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
Lennart Bredberg
 

Similar to Insight into Security Leader Success Part 2 (20)

2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurance
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Introduction to Val IT
Introduction to Val ITIntroduction to Val IT
Introduction to Val IT
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader
 
Innovation Management for BU syllabus
Innovation Management for BU syllabusInnovation Management for BU syllabus
Innovation Management for BU syllabus
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit plan
 
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future... Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolio
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Ten Tenets of CISO Success
Ten Tenets of CISO SuccessTen Tenets of CISO Success
Ten Tenets of CISO Success
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
The Cyber Security Leap
The Cyber Security LeapThe Cyber Security Leap
The Cyber Security Leap
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
 

Recently uploaded

Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Dipal Arora
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 

Recently uploaded (20)

B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 

Insight into Security Leader Success Part 2

  • 1. How to get the Enterprise to Understand the Value of Security A SEC Research Finding Insight into Security Leader Success PART 2 of 2
  • 2. Intended Audience This presentation is intended for security leaders who want to create a business-based security department that provides value, and is valued by the enterprise. The following recommendations are based on 10+ years of SEC relevancy-based research. ©2015 The Security Executive Council 2
  • 3. ©2015 The Security Executive Council 3
  • 4. Old Expectations New Expectations © 2015 The Security Executive Council 4 Expectations Are Changing
  • 5. What does it take to meet the NEW expectations? © 2015 The Security Executive Council 5
  • 6. Communicate in Common Terms and Effectively 6 © 2015 The Security Executive Council 6
  • 7. Telling Security’s Story • History of the program • Milestones • Mission/vision statements • Programs and services • Timeline of program development • Service delivery model • Functional organization chart • Internal SWOT analysis • Current state of the program status heat map • Accomplishments and results • Internal value analysis status • Metrics • Strategic initiatives/strategic plan • Measuring business value roadmap chart • Emerging and futuristic trends that will affect the organization and security Don’t rely on others understanding Security. The following elements should be considered to help delineate Security and its role; for both yourself and your team, as well as those outside of security: © 2015 The Security Executive Council 7
  • 8. ALL staff on Security should be able to tell the story - not just the security leader. ©2015 The Security Executive Council 8 (See Insight into Security Leader Success part 1 page 7 - using Board-Level Risk terminology).
  • 9. Measuring Value and Sharing that Knowledge 7 ©2015 The Security Executive Council 9
  • 10. This is OK… Activity January February March April May June Initial Background Investigations Processed 14 27 32 21 37 46 Periodic Reviews Processed 3 3 13 10 8 17 Orientation & Refresher Briefings 7 10 12 6 15 21 Security Policies Developed 2 2 3 1 Data Spill Mitigation/Incid ents 1 1 3 Secure Area Alarm Responses 3 11 5 22 7 14 Internal Incidents/Invest igations 5 3 2 2 6 1 Foreign Travel Briefings 5 5 3 7 Counting things shows you’re active. Instead create a metric that shows performance, value, improvement, customer confidence, etc. © 2015 The Security Executive Council 10 This is Better…
  • 11. Metrics Risk Assessments Process & Event Monitoring Audits & Inspections After-Action Reviews Investigations & Post- Mortems Processes, Plans, Objectives & Budgets Incident Reports Communicating The Value Story • Reduced risk & loss attributable to security initiatives / reduced cost of insurance • Reduced cost of security-related processes and incidents • Reduced risk to insiders and within 3rd party relationships • Increased engagement of employees in securing corporate assets • Assurance of Security response effectiveness • Assurance of regulatory compliance • Enhanced ability to satisfy customers with improved methods of protection • Reduced risk of attack through more measurably effective protective measures • Reduced recovery time from incidents • Increased brand protection & market penetration attributable to security measures • Reduced notable audit findings attributable to security defects Actionable Metrics Embedded Data & Measures Focus • Performance • Risk • Value • Influence • Engagement • Bi-Directional • Improvement • Compliance • Service Level • Customer Satisfaction • Business Alignment Find your meaningful value story that is relevant to your company and then tell people about it. © 2015 The Security Executive Council 11
  • 12. Grasping the Total Cost of Security 8 © 2015 The Security Executive Council 12
  • 13. © 2015 The Security Executive Council 13 The cost of security, staff and services at all locations that the corporation operates on a worldwide basis. This includes all corporate and IT security elements and the related staff and services, whether proprietary or contractual, managed by the security department or by other corporate staff groups. Total Cost of Security ≠ Security Budget Definition of total cost of security:
  • 14. © 2015 The Security Executive Council 14 → Aggregated costs can point to gaps in security risk mitigation. → Total security cost analysis detects duplication of effort and cost savings. → Enterprise perspective leads to more effective security program risk mitigation management. → Robust data sets offer improved benchmarking comparisons. → Helps differentiate between mandatory and discretionary costs. Analyzing the Total Cost of Security Can Lead to Valuable Benefits
  • 15. The issue is not “ownership of security programs.” The opportunity is to examine the cost of security to the entity, prioritize program costs against risk and estimated value. Act as an agent of influence in program improvements and costs reduction. Be a positive partner to other entity units to achieve greater value. Define and agree upon metrics measuring success. Benchmark within your sub-sector and outside your sector to identify opportunities and improve. © 2015 The Security Executive Council 15 Important Factors to Consider:
  • 16. Define and Execute a Shared Strategy 9 © 2015 The Security Executive Council 16
  • 17. © 2015 The Security Executive Council 17 ↘ Conduct enterprise/security risk assessment to define risks ↘ Conduct gap analysis ↘ Be able to articulate Security’s value ↘ Define your desired programs and/or develop a service directory ↘ Decide on the service delivery model ↘ Establish policy or governance mechanisms ↘ Determine workload activity ↘ Develop equipment specifications ↘ Recalibrate with management ↘ Create standards for global implementation ↘ Develop metrics to measure activity and KPIs ↘ Strive for business alignment To help ensure success, a plan for developing a Security program should incorporate the following: Planning for Success
  • 18. Try whiteboard sessions to get everyone thinking and to come to a common ground. Interview internal stakeholder on what they think is important or missing. Create an elevator speech all staff can repeat. © 2015 The Security Executive Council 18 Have a plan Create roadmaps Develop a common language Define standards
  • 19. Develop the Next Generation 10 © 2015 The Security Executive Council 19
  • 20. Historical Security Leader Selection: Previous Business Challenges © 2015 The Security Executive Council 20
  • 21. Previous Generation Skill Requirements are Evolving Business/Organizational Alignment: Budget, conduct, governance, mission, plan, strategy Current/Emerging/Residual/Risk & Compliance: All-hazards and Board-level Risk model IT: Applications, architecture, data, forensics, networks, software, tools Leadership: Business case communication, crisis mitigation and team building Performance Assurance: People-Process- Technology, measures and metrics Organizational: Brand, culture, partner, supply chain, stakeholder issues © 2015 The Security Executive Council 21
  • 22. • Align Board Level Risk and business mitigation strategy • Influence community preparedness and resilience for emerging global risks • Manage information protection, breaches and situational intelligence • Add business value with mission assurance and P&L performance • Deliver performance measures and metrics • Run security as a business • Define and deliver operational excellence Selected* performance criteria for Next Generation Security Leaders *This is just a subset of the performance criteria we have identified in our research. Contact the Security Executive Council for more information about our Next Generation Security Leader program. © 2015 The Security Executive Council 22
  • 23. Board-Level Risk Model Enterprise/Security Risk Alignment Model Unified Risk Oversight Model 9 Practice of the Successful Security Leader Research OPaL+ Assessment Research Security Measures and Metrics Program Internal Valuation Assessment Model Next Generation Security Leader Program Running Security as a Business Research Regulation and Compliance Management Database Executive Management Communication Best Practices SEC Technology Roadmap And the collective knowledge of SEC staff and subject matter experts (former security executives and security industry leaders) © 2015 The Security Executive Council 23 This presentation (parts 1 and 2) incorporates aspects of the following SEC developed research and content from the SEC Corporate Security Knowledge Base: This concludes part 2 of Insight into Security Leader Success.
  • 24. • Aligning security risk mitigation strategies with enterprise risks • Assessing risks, threats and vulnerabilities • Creating your value driven metrics program • Developing and telling Security’s story • Becoming a part of the business-wide risk team • Aligning organizational readiness, program maturity and leadership strategy • Contributing to enterprise driven risk compliance • Running a business-based Security operation • Transforming the Security organization through powerful executive communication Contact us. We’re a security risk mitigation research and advisory firm. We’re made up of former successful security executives. We enjoy exploring how to make Security a valued part of the business. contact@secleader.com +1 202.730.9971 https://www.securityexecutivecouncil.com © 2015 The Security Executive Council 24 We can bring our research and extensive experience to work with you on: