Post on 21-Oct-2014
description
Opening Remarks
The Day Ahead
Ed LapradeADNET Technologies, LLC
2012: Managing IT is Simpler ThanEver!
the Facts
Sophisticated SecurityWealth of Mobile Devices
BYOD is Here!Business Workflow Apps
The Cloud is Changing the World!
Simple DashboardsMore Savvy Users
it’s not that simple . . .
competition
datapeople
threats
riskscompliance
manage
investment
our thoughts are filled with
the world got smaller . . .. . . and more complex
TREND: Consumerization of IT
consumerization of IT
A Gartner report says the bring your own device (BYOD) trend is here to stay, so enterprises need to bolster security policies.
Nathan Eddy – eWeek June 18, 2012
one effect . . .
the trend to BYOD
TREND: move to Cloud
the evolution
when you consider
Cash FlowSecurityComplexitySLAsRegulations
sometimes the decision criteria is
not
BLACK White
TREND: Social Media
need to mitigate risk
guidelines? employees
trained? fit with culture?
Source: Intel Social Media Guidelines
TREND: Productivity Software
improving productivity
Enterprise Content Management (ECM)
Business Intelligence (BI)
Business Analytics Information
Visualization
Improve effectiveness Reduce operational costs Optimize business
processes Achieve regulatory
compliance Attract & retain
customers
Software Goals
today is more complex than yesterday . . .. . . tomorrow will be more complex than
today
SUMMARY
explaining the complex
WorkSmart
THANK YOU to our Partners!
Security is a MYTH
The Impossible Job of the CIO
Christopher LuiseADNET Technologies, LLC
the PREMISE
balance appropriate investment freedom
myth
off-balanceinappropriatemeasurement
securitytruth
IMAGINE you come home to find…
scared
vulnerable
guilt
defenseless
angry
alarmed helpless
alone
BLAME
it’s not just emotional
All the work you do
PlanningDevelopingTestingRolloutsReporting
Your WORK is gone
Your TRUST has disappearedYour CREDIBILITY is lost
FACT
NOTHING is fully secure
nothing.
security is an ILLUSION
what YOU see…
Behavioral Patterns
Puzzles
Holes
what HACKERS see…
2, 3, 6, 7, 14, 15, 30…
15 percent of large organizations detected successful network hacker penetrations.
Source: PwC 2012 Information Security Breaches Survey
finding a way in
What happens if I pull on this string? Today’s strings unravel
People Processes Places Systems Information
It’s not sophistication – it’s merely CURIOSITY
FACT
they are the REAL threats
75 percent of organizations where security policy was poorly understood experienced a staff-related breach.
Source: PwC 2012 Information Security Breaches Survey
Lack of stakeholder buy-in No support for change Allowance of exceptions
The CIO has an IMPOSSIBLE JOB.
when the organization FAILS THE CIO
FEAR may be warranted.
But in measured doses.
What is APPROPRIATE?What is RATIONAL?
CAN I SLEEP AT NIGHT? (What do I NOT Know?)
Mobile devices & BYOD (ITaaH) Social media (gone wild) Cloud Training & policies Assigned rights Awareness – from top to bottom Authentication – Ml!cwsI
your biggest VULNERABILITIES
you cannot IGNORE THIS
“If security is not part of innovation, it’s going to cost you. There are certain things you can neglect, but the majority you cannot ignore. Sooner or later it will hit you. And the later you put security and compliance into projects, the more it will cost, because it just adds complexity.”
Andreas Wuchner, head IT risk management, security & compliance, Novartis
MEASURINGWhat gets measured, gets done.
93 percent of large organisations and 76 percent of small businesses experienced a security breach last year.
Source: PwC 2012 Information Security Breaches Survey
50 percent of large organisations expect to spend more on security next year, yet 67 percent still expect more security breaches
5067
Source: PwC 2012 Information Security Breaches Survey
“Amateurs study cryptography;Professionals study economics”
- Allan Schiffman, July 2004
There’s never enough <X> to go around
To play better, you must keep score Discipline is easier with numbers
Why measure?
So, if you do things right and NOTHING happens…How do you measure what didn’t happen?
Measurement
How much is TOO MUCH security?
Spending more and achieving less (perceived)
Stealing from business initiatives Excess administrative overhead to
manage Overburdened IT staff
Throwing money at the problem is not a strategy.
Measured and appropriate RESPONSE
Balance Knowledge Risk – measured and assumed Not fear
80 percent of large organizations, and 53 percent of small businesses, fail to evaluate the return on investment of security expenditure
8053
Source: PwC 2012 Information Security Breaches Survey
Highest-Level Metrics
How secure am I? Am I better off than this time last year? Am I spending the right amount of $$? How do I compare to my peers? ROSI? It’s a start… What risk transfer options do I have?
Building the STRATEGY
Ask yourself:
“Is our approach RATIONAL?
APPROPRIATE?”
TRADEOFFSCompromise is not optimal.
Security is about tradeoffs; but you know that
It is easier to make tradeoffs when you have a measure to compare them with
Even then, it is not necessarily easy
it’s a BALANCING act
SECURITY FREEDOM
Culture?
building the STRATEGY
1. Understand where your organization is investing (Corporate Strategy).
2. Review and analyze. Collaborate.3. Rank your weakness – Internal & External
(PIE) (Probability x Impact = Exposure)4. Align an approach. Enable.5. Build in awareness (organizational)6. Get or find authority
Chris’ steps to SLEEPING AT NIGHT
Independent review Simplify complex systems Make complex simple authentications Design security approach into projects Malfeasance is the least of your worries –
AWARENESS! Backup/fail-safes Measure security spend.
remain calm – ALL IS WELL!
@ITWithValue @ChristopherLuise
@TechWorx cluise@goADNET.com
Thank you and ENJOY!