SlideShare ist ein Scribd-Unternehmen logo

Security Lifecycle Management

Als PPT, PDF herunterladen
Barry Caplin
Barry Caplin

Technologie
1 von 40
ISM in the ILM (Information Lifecycle Security Management) Barry Caplin Chief Information Security Officer Minnesota Department of Human Services [email_address] May 18, 2006 10:00-11:00 a.m. Secure360
 
Agenda ,[object Object],[object Object],[object Object],[object Object]
MN DHS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MN DHS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MN DHS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MN DHS ,[object Object],[object Object],[object Object],[object Object],[object Object]
Enterprise Security Strategy
Security Strategy - The 10000 Foot View ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Strategy Governance organization operations architecture awareness people technology IRM Policy ILM Processes
Security Strategy 4 C’s Confidence Credibility Communication Compliance Governance organization operations architecture awareness people technology IRM Policy ILM Processes
Build Security In?
Build Security In ,[object Object],[object Object],[object Object]
Why Build Security In?
Why Build Security In?
[object Object],[object Object],[object Object],Why Build Security In?
SDLC ,[object Object],[object Object],[object Object],[object Object],[object Object]
Information Lifecycle Security Management
Information Lifecycle Security Management
Operate Major Release Software Development Lifecycle (SDLC) Maintenance Lifecycle Dispose Information Lifecycle Security Management Deploy Develop Design Analysis Concept
Operate Major Release Deploy Develop Design Analysis Concept Information Lifecycle Security Management Preliminary Risk Analysis Business Impact Analysis Privacy and Security Requirements BCP/ COOP Privacy and Security Mitigation Plans Incident Response Plans Security Test Plans BCP/COOP Testing & Maintenance IT Audit Business Requirements Security Sign off Security Sign off
Business Requirements ,[object Object],[object Object],[object Object],Concept Business Requirements
Preliminary Risk Analysis ,[object Object],[object Object],[object Object],[object Object],Concept ,[object Object],Preliminary Risk Analysis
Privacy and Security Requirements ,[object Object],[object Object],[object Object],[object Object],[object Object],Analysis Words To Live By: “ Minimum Necessary” Privacy and Security Requirements
Business Impact Analysis ,[object Object],Analysis Business Impact Analysis
Security Sign-Off ,[object Object],[object Object],[object Object],[object Object],Security Sign off
Privacy and Security Requirements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Design Privacy and Security Requirements
[object Object],[object Object],[object Object],[object Object],Design Privacy and Security Mitigation Plans Privacy and Security Mitigation Plans
Business Continuity/Disaster Recovery ,[object Object],[object Object],[object Object],Design BCP/ COOP
Security Test Plans ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Develop Security Test Plans
Incident Response Plans ,[object Object],[object Object],Develop Incident Response Plans
Security Sign-Off ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Security Sign off
Deploy ,[object Object],[object Object],Deploy
IT Audit ,[object Object],Operate IT Audit
BCP/COOP Testing & Maintenance ,[object Object],[object Object],[object Object],Operate BCP/COOP Testing & Maintenance
Major Release ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Major Release
Information Disposal ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Dispose
Operate Major Release Deploy Develop Design Analysis Concept Information Lifecycle Security Management Preliminary Risk Analysis Business Impact Analysis Privacy and Security Requirements BCP/ COOP Privacy and Security Mitigation Plans Incident Response Plans Security Test Plans BCP/COOP Testing & Maintenance IT Audit Business Requirements Security Sign off Security Sign off
Final Thoughts ,[object Object],[object Object],[object Object]
Discussion?

Empfohlen

Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 

Empfohlen

Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementEC-Council
 
Network Security: Physical security
Network Security: Physical security Network Security: Physical security
Network Security: Physical security lalithambiga kamaraj
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management SystemDaniel Suchy, CPP, MSyI
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security BaselineBarry Caplin
 
Proteus OCM Company Profile
Proteus OCM Company ProfileProteus OCM Company Profile
Proteus OCM Company ProfileKGanzy
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementEC-Council
 
Network Security: Physical security
Network Security: Physical security Network Security: Physical security
Network Security: Physical security lalithambiga kamaraj
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 

Was ist angesagt? (20)

Information risk management
Information risk managementInformation risk management
Information risk management
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Network Security: Physical security
Network Security: Physical security Network Security: Physical security
Network Security: Physical security
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 
Information Security
Information SecurityInformation Security
Information Security
 
Incident Response
Incident Response Incident Response
Incident Response
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in Healthcare
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 

Ähnlich wie Security Lifecycle Management

Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security BaselineBarry Caplin
 
Proteus OCM Company Profile
Proteus OCM Company ProfileProteus OCM Company Profile
Proteus OCM Company ProfileKGanzy
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011subramanian K
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2Chris Baldwin
 
IS3 Capabilities Brief
IS3 Capabilities BriefIS3 Capabilities Brief
IS3 Capabilities Briefmrsjennbrown
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Marcos gobernabilidad-sin-mapa-v040811
Marcos gobernabilidad-sin-mapa-v040811Marcos gobernabilidad-sin-mapa-v040811
Marcos gobernabilidad-sin-mapa-v040811faau09
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Assessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and MergersAssessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and MergersMelanie Brandt
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...gueste4e93e3
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017Joseph John
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Information Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docxInformation Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docxcarliotwaycave
 
BCM and IT Security
BCM and IT SecurityBCM and IT Security
BCM and IT Securityleninkster
 

Ähnlich wie Security Lifecycle Management (20)

Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
 
Proteus OCM Company Profile
Proteus OCM Company ProfileProteus OCM Company Profile
Proteus OCM Company Profile
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2
 
IS3 Capabilities Brief
IS3 Capabilities BriefIS3 Capabilities Brief
IS3 Capabilities Brief
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Marcos gobernabilidad-sin-mapa-v040811
Marcos gobernabilidad-sin-mapa-v040811Marcos gobernabilidad-sin-mapa-v040811
Marcos gobernabilidad-sin-mapa-v040811
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Assessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and MergersAssessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and Mergers
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 
Information Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docxInformation Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docx
 
BCM and IT Security
BCM and IT SecurityBCM and IT Security
BCM and IT Security
 

Mehr von Barry Caplin

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare securityBarry Caplin
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503Barry Caplin
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Barry Caplin
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503Barry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Barry Caplin
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusBarry Caplin
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - PasswordsBarry Caplin
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?Barry Caplin
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and CyberbullyingBarry Caplin
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13Barry Caplin
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Barry Caplin
 
Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self DefenseBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso saysBarry Caplin
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11Barry Caplin
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental InsiderBarry Caplin
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksBarry Caplin
 

Mehr von Barry Caplin (20)

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare security
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from Venus
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - Passwords
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and Cyberbullying
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13
 
Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG Security
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self Defense
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso says
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental Insider
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social Networks
 

Kürzlich hochgeladen

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Kürzlich hochgeladen (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Security Lifecycle Management

  • 1. ISM in the ILM (Information Lifecycle Security Management) Barry Caplin Chief Information Security Officer Minnesota Department of Human Services [email_address] May 18, 2006 10:00-11:00 a.m. Secure360
  • 2.  
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 9.
  • 10. Security Strategy Governance organization operations architecture awareness people technology IRM Policy ILM Processes
  • 11. Security Strategy 4 C’s Confidence Credibility Communication Compliance Governance organization operations architecture awareness people technology IRM Policy ILM Processes
  • 13.
  • 16.
  • 17.
  • 18. Information Lifecycle Security Management
  • 20. Operate Major Release Software Development Lifecycle (SDLC) Maintenance Lifecycle Dispose Information Lifecycle Security Management Deploy Develop Design Analysis Concept
  • 21. Operate Major Release Deploy Develop Design Analysis Concept Information Lifecycle Security Management Preliminary Risk Analysis Business Impact Analysis Privacy and Security Requirements BCP/ COOP Privacy and Security Mitigation Plans Incident Response Plans Security Test Plans BCP/COOP Testing & Maintenance IT Audit Business Requirements Security Sign off Security Sign off
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38. Operate Major Release Deploy Develop Design Analysis Concept Information Lifecycle Security Management Preliminary Risk Analysis Business Impact Analysis Privacy and Security Requirements BCP/ COOP Privacy and Security Mitigation Plans Incident Response Plans Security Test Plans BCP/COOP Testing & Maintenance IT Audit Business Requirements Security Sign off Security Sign off
  • 39.