New InfoSec Leader The First 90 Days. John Bruce CEO

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "New InfoSec Leader The First 90 Days. John Bruce CEO"

Transcription

1 New InfoSec Leader The First 90 Days John Bruce CEO

2 Agenda Introduction Co3 Systems Role of the CISO Three critical changes Suggestions Page 2 of 39

3 The next challenge in security PRODUCTS PREVENTION DETECTION RESPONSE SERVICES Page 3 of 39

4 SSAE 16 TYPE II CERTIFIED Connecting people, process and technology for times of crisis AUTOMATED ESCALATION WEB FORM TROUBLE TICKETING ENTRY WIZARD SIEM I N C I D E N T R E S P O N S E P L A N INSTANT CREATION & STREAMLINED COLLABORATION HR IT PLAN SYNTHESIS INDUSTRY CONTRACTUAL STANDARD REQUIREMENTS FRAMEWORKS COMMUNITY BEST PRACTICES ORGANIZATIONAL GLOBAL PRIVACY SOPS BREACH REGULATIONS INTEGRATED INTELLIGENCE ARTIFACT CORRELATION DASHBOARDS & REPORTING LEGAL/ COMPLIANCE MARKETING ACCELERATED MITIGATION TROUBLE TICKETING GRC SIEM Page 4 of 39

5 Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors Choice. PC Magazine, Editor s Choice One of the most important startups in security Business Insider One of the hottest products at RSA Network World...an invaluable weapon when responding to security incidents. Government Computer News Co3 has done better than a home-run... it has knocked one out of the park. SC Magazine Platform is comprehensive, user friendly, and very well designed. Ponemon Institute Co3 defines what software packages for privacy look like. Gartner Most Innovative Company 2014 Top 10 RSA Conference Page 5 of 39

6 Today s goal Prescription prior to diagnosis is malpractice. Page 6 of 39

7 What we will cover today Defining Chief Information Security Officer Your New Context: Getting a handle on what s around you, including three major changes you ll see as a new CISO Recommendations: Getting started quickly in your new role Page 7 of 39

8 DEFINING CISO

9 CISOs can come in multiple flavors Traditional Most senior manager specifically dedicated to InfoSec Is no more than two steps away from the CEO Has a staff of SMEs covering each of the areas of responsibility Has dedicated administrative support Other Scope may be limited to a division, business unit or geography May be a collateral duty May be buried deeper in the hierarchy Page 9 of 39

10 What s a Chief Information Security Officer? A Chief Information Security Officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. Scope of Authority Scope of Responsibilities (wikipedia.org) Page 10 of 39

11 CISO, how are you enjoying the job? 33% good job but not the best 32% bad job but not the worst 24% worst job I ever had 11% best job I ever had Page 11 of 39

12 Average tenure of a CISO 2010, Per Gartner 4.1 years 2013, Per Ponemon 2.1 years 2014 per Veracode 18 months Chief Information Scapegoat Officer Career Is Shortly Over Page 12 of 39

13 So, why are you getting the job? 52% ex-post response to a security incident or breach. 21% ex-post response to compliance and regulatory snafus Balance is the natural movement of people, places and prospects Page 13 of 39

14 Ranking of critical success factors Adequate funding Preparedness Support structures Leadership Organizational structure Domain expertise or knowledge Agility Page 14 of 39

15 3 IMPORTANT CHANGES

16 Three important changes (?) Executive Sponsorship Expanded Scope Broader Relationships Page 16 of 39

17 Expanded scope Executive Sponsorship Expanded Scope Broader Relationships Page 17 of 39

18 YOUR path to CISO? Engineering Legal CISO Compliance Other? Page 18 of 39

19 I m FAMILIAR with it, so it must be the RIGHT solution Page 19 of 39

20 Embracing the familiar may/may not be good Replicating your familiar technology kit? Conducting an audit? Reviewing regulatory requirements? Writing new policies? Conducting tests (DR, penetration, etc.)? Rational alternative: examine the unfamiliar aspects of your new role, which may reveal shortfalls in your own abilities, your team s abilities, your management s abilities. Page 20 of 39

21 Internal expansion of responsibilities Disaster Recovery/Business Continuity Awareness and Training Audit and Certification (performing and responding) Engineering/Development Policy Physical Security Sales and Marketing CISO AA?? Page 21 of 39

22 Broader relationships Executive Sponsorship Expanded Scope Broader Relationships Page 22 of 39

23 What s a Relationship? Known personality, agenda Tailored communication, requests You Maximum probability of success Your Counterpart Page 23 of 39

24 Cultivating new relationships Auditors and auditor-like* entities Upper management and the BoD The staff and management of the security department(s) reporting to the CISO Other stakeholders in the business (managers of other groups that provide or receive services from the security group) including Sales and Marketing Vendors Colleagues and Counterparts (in other companies) Law Enforcement * Internal and external auditors, inspectors, examiners, certification authorities, etc. Page 24 of 39

25 Executive sponsorship Executive Sponsorship Expanded Scope Broader Relationships Page 25 of 39

26 Assessing executive Involvement vs. Commitment Two Key Indicators: Deployment and use of appropriate technologies (which is a reflection of substantial and judicious investment) Employee behaviors (which are a reflection of executive willingness to enforce good policies) Involved Committed Page 26 of 39

27 Walk vs. Talk (Magic Quadrant) Underachiever Leaders Walk Incompetent Blowhards Different strategies required for CISO! Talk Page 27 of 39

28 Two options Option 1 Option 2 Page 28 of 39

29 Consciousness & Competence model Conscious Incompetent Conscious Competent Most important step. Your job #1??? Consciousness Unconscious Incompetent Unconscious Competent Everyone starts here. Competence Page 29 of 39

30 Can you communicate with executive management? 'Twas brillig, and the slithy toves Did gyre and gimble in the wabe. Huh? Say Wut? WTF dude Well, thanks for your time. We ll be in touch. Page 30 of 39

31 A RUNNING START

32 360 view of your new role Executives, Board External Entities Your management Relationships Technology Vision, skill CISO Relationships Yourself Stakeholders Leadership Context, strategy Your Team Business Page 32 of 39

33 First 90 days: Executive sponsorship Do a quick determination of commitment: are your executives chickens or pigs? Investment in technologies Willingness to hold people accountable Your direction will be guided by the answer Education Execution Page 33 of 39

34 First 90 Days: internal concerns Develop at least a basic understanding of best practice in each of your institutional areas of responsibility, sufficient to be Your able to expertise communicate effectively with your specialists. Determine the expertise and reliability of subordinate Staff assessment leaders in each of these areas. Assess the current state of each of these areas of specialization, and evaluate whether or not the current capabilities and capacity Gap analysis is sufficient for the business context. Especially first-time managers: your value is in your ability to serve and Leadership empower your staff, not in directing them. Page 34 of 39

35 First 90 Days: external relationships Identify your auditors* right away; schedule meetings as soon as possible Identify problem children : those that have a bad history with InfoSec (which may be justified) Beware the most toxic executives: intimidators Strike a balance between humility and fortitude Precedents are easier to set at the beginning Consider vendors as friends not foes *and auditor-like entities Page 35 of 39

36 First 90 Days: Immediate Priorities (Candidates) Re-balancing prevention, detection, response? Inability to respond may be highest risk for new CISO How s your DevOps: Do you have the maturity in your development and operations processes to support security initiatives? Excessive privilege/cm: Who can change the production environment? With what approval? How s your situational awareness: Are your detection/monitoring processes sufficient to deliver actionable intelligence? What about your IT architecture: Proper segregation? Sufficient test environments? Page 36 of 39

37 Wrapping it up Leadership & Vision Strategic Focus Catalyst for Risk Mgt Effective Relationships Technical Savvy Page 37 of 39

38 Page 38 of 39

39 John Bruce CEO One Alewife Center, Suite 450 Cambridge, MA PHONE

A Blueprint for: Microsoft Dynamics CRM Success

A Blueprint for: Microsoft Dynamics CRM Success A Blueprint for: Microsoft Dynamics CRM Success An I.B.I.S., Inc. Whitepaper by Clinton Weldon VP, Professional Services Kevin Johnson VP, Professional Services I.B.I.S., Inc. 2015 All Rights Reserved.

More information

C21 Introduction to User Access

C21 Introduction to User Access C21 Introduction to User Access Management Introduction to User Access Management What we'll cover today What is it? Why do I care? Current trends in Identity & Access Management How do I audit it? What

More information

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Certified Identity and Access Manager (CIAM) Overview & Curriculum Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management

More information

A Blueprint for Business Software Implementation Success

A Blueprint for Business Software Implementation Success A Blueprint for Business Software Implementation Success An I.B.I.S., Inc. Whitepaper by Kevin Johnson VP, Professional Services Clinton Weldon VP, Professional Services I.B.I.S., Inc. 2015 All Rights

More information

IT Transformation for Health Care

IT Transformation for Health Care Health Care strategy consulting to the country s leading hospitals and health systems. OVERVIEW IT Transformation for Health Care Transform IT develops a new target model to promote operational efficiency,

More information

TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR

TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR (BUY VS BUILD) APRIL 17, 2015 LEVERAGING TECHNOLOGY FOR AUDIT Utilizing Software to Administrate Audit Process 40% 35% 30% 37% Tools Leveraged 32% 36% Yes

More information

Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy. June 23, 2015

Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy. June 23, 2015 Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy June 23, 2015 What is egrc? A management system for compliance requirements, policies, risk

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall

More information

An Oracle White Paper January 2010. Access Certification: Addressing & Building on a Critical Security Control

An Oracle White Paper January 2010. Access Certification: Addressing & Building on a Critical Security Control An Oracle White Paper January 2010 Access Certification: Addressing & Building on a Critical Security Control Disclaimer The following is intended to outline our general product direction. It is intended

More information

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business

More information

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation RSA Via Lifecycle and Governance 101 Getting Started with a Solid Foundation Early Identity and Access Management Early IAM was all about Provisioning IT tools to solve an IT productivity problem Meet

More information

Accelus Audit Manager THOMSON REUTERS ACCELUS

Accelus Audit Manager THOMSON REUTERS ACCELUS THOMSON REUTERS ACCELUS Accelus Audit Manager THOMSON REUTERS ACCELUS Our solutions dynamically connect business transactions, strategy, and operations to the ever-changing regulatory environment, providing

More information

CLOUD 401: NAVIGATING ADVANCED TOPICS IN CLOUD COMPUTING

CLOUD 401: NAVIGATING ADVANCED TOPICS IN CLOUD COMPUTING CLOUD 401: NAVIGATING ADVANCED TOPICS IN CLOUD COMPUTING Introduction The cloud market has matured, and many IT professionals are exploring advanced topics in cloud architecture and deployment, covering

More information

Changing the Enterprise Security Landscape

Changing the Enterprise Security Landscape Changing the Enterprise Security Landscape Petr Hněvkovský Presales Consultant, ArcSight EMEA HP Enterprise Security Products 2012 Hewlett-Packard Development Company, L.P. The information contained herein

More information

IT consulting Advice into action

IT consulting Advice into action www.pwc.lu/it-consulting IT consulting Advice into action Using technology to bring value to your business BEST ICT STRATEGY COMPANY LUXEMBOURG ICT AWARDS 2010 Our services PwC helps private and public

More information

IBM Global Business Services Microsoft Dynamics CRM solutions from IBM

IBM Global Business Services Microsoft Dynamics CRM solutions from IBM IBM Global Business Services Microsoft Dynamics CRM solutions from IBM Power your productivity 2 Microsoft Dynamics CRM solutions from IBM Highlights Win more deals by spending more time on selling and

More information

Agenda Overview for Marketing Management, 2015

Agenda Overview for Marketing Management, 2015 G00270720 Agenda Overview for Marketing Management, 2015 Published: 18 December 2014 Analyst(s): Richard Fouts Increased participation in strategic business decisions and an evolving organization put new

More information

primitive or basic That s how over 50% of global organisations surveyed, described their ability to use their data in executive decisions.

primitive or basic That s how over 50% of global organisations surveyed, described their ability to use their data in executive decisions. primitive or basic That s how over 50% of global organisations surveyed, described their ability to use their data in executive decisions. Source: Economist Intelligence Unit Report: the evolving role

More information

Network Consulting Engineer

Network Consulting Engineer Brochure Network Consulting Engineer February, 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 7 The Cisco Support Center in Krakow To understand

More information

GRC Program Best Practices & Lessons Learned

GRC Program Best Practices & Lessons Learned GRC Program Best Practices & Lessons Learned Steps to Establishing and Maturing a GRC program Carl Sawicki, American Express Kathleen Randall, RSA Archer 1 Abstract In today s world, few organization s

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

7 keys to unlocking a modern Business Continuity Management approach

7 keys to unlocking a modern Business Continuity Management approach 1 / 10 7 keys to unlocking a modern Business Continuity Management approach CONSIDERATIONS CHECKLIST 2 / 10 Executive summary Are you still using home-grown, Microsoft Word or Excel to document and manage

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

CISOs Share Advice on Managing Both Information Security & Risk

CISOs Share Advice on Managing Both Information Security & Risk CISOs Share Advice on Managing Both Information Security & Risk Learn how CISOs from top companies are tackling their new dual role of information security & risk management WISEGATE COMMUNITY VIEWPOINTS

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...

More information

The Art of Architecture Transformation. Copyright 2012, Oracle and/or its affiliates. All rights reserved.

The Art of Architecture Transformation. Copyright 2012, Oracle and/or its affiliates. All rights reserved. The Art of Architecture Transformation Oracle Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

More information

Identifying and Managing Third Party Data Security Risk

Identifying and Managing Third Party Data Security Risk Identifying and Managing Third Party Data Security Risk Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar April 29, 2015 1 Introduction & Overview Today s discussion:

More information

The IBM data governance blueprint: Leveraging best practices and proven technologies

The IBM data governance blueprint: Leveraging best practices and proven technologies May 2007 The IBM data governance blueprint: Leveraging best practices and proven technologies Page 2 Introduction In the past few years, dozens of high-profile incidents involving process failures and

More information

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1 Securing ephi with Effective Database Activity Monitoring HIMSS Webcast 4/26/2011 p. 1 Agenda Agenda Database Security Primer Industry Trends What Works Integrated DB Security Product Demonstration Questions

More information

Deloitte Cyber Risk Services Providing trust in a digital world

Deloitte Cyber Risk Services Providing trust in a digital world Deloitte Cyber Risk Services Providing trust in a digital world June 2015 Deloitte Cyber Risk Services Providing trust in a digital world Our aim Your organization, whether functioning in the public or

More information

ACCELUS RISK MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS ACCELUS RISK MANAGEMENT SOLUTIONS

ACCELUS RISK MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS ACCELUS RISK MANAGEMENT SOLUTIONS ACCELUS RISK MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS ACCELUS RISK MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS Our solutions dynamically connect business transactions, strategy, and operations to

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. OPTIMUS SBR CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. Optimizing Results with Business Intelligence Governance This paper investigates the importance of establishing a robust Business Intelligence (BI)

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

Regulatory Compliance Management for Energy and Utilities

Regulatory Compliance Management for Energy and Utilities Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable

More information

Explore the Possibilities

Explore the Possibilities Explore the Possibilities 2013 HR Service Delivery Forum Best Practices in Data Management: Creating a Sustainable and Robust Repository for Reporting and Insights 2013 Towers Watson. All rights reserved.

More information

Building a Roadmap to Robust Identity and Access Management

Building a Roadmap to Robust Identity and Access Management Building a Roadmap to Robust Identity and Access Management Elevating IAM from Responsive to Proactive From cases involving private retailers to government agencies, instances of organizations failing

More information

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts GOVERNANCE DEFINED Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts Governance over the use of technology assets can be seen

More information

The evolution. of the IT manager

The evolution. of the IT manager The evolution of the IT manager The move to service management Executives are turning more and more to IT to help their business swiftly adapt its processes to accommodate changing market conditions. Within

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Brochure More information from http://www.researchandmarkets.com/reports/585854/ Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Description: In recent years, the

More information

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security 1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

More information

CIOs: How to Become the CEO s Business Partner

CIOs: How to Become the CEO s Business Partner CIOs: How to Become the CEO s Business Partner A Best Practices ebook Nicolas Betbeder-Matibet, Managing Director, MEGA Asia - The Agenda for CIOs in 2012 According to Gartner*: CIO strategies concentrate

More information

Rethinking Your Finance Functions

Rethinking Your Finance Functions Rethinking Your Finance Functions Budgeting, Planning & Technology BDO Canada Daniel Caringi ( dcaringi@bdo.ca ) September 25th, 2014 A journey of a thousand miles must begin with a single step. - Lao

More information

Secure your cloud applications by building solid foundations with enterprise (security ) architecture

Secure your cloud applications by building solid foundations with enterprise (security ) architecture Supporting Business Agility Secure your cloud applications by building solid foundations with enterprise (security ) architecture Vladimir Jirasek, Managing director Jirasek Consulting Services & Research

More information

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS Our solutions dynamically connect business transactions, strategy, and operations to the ever-changing regulatory environment,

More information

State of South Carolina InfoSec and Privacy Career Path Model

State of South Carolina InfoSec and Privacy Career Path Model State of South Carolina InfoSec and Privacy Career Path Model Start Introduction This Career Path Model for the State of South Carolina (State) is designed to help define the various career options available

More information

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user

More information

Designing a Modern, Holistic ECM Strategy for Healthcare. How ECM consulting helps healthcare providers thrive in an atmosphere of change.

Designing a Modern, Holistic ECM Strategy for Healthcare. How ECM consulting helps healthcare providers thrive in an atmosphere of change. Designing a Modern, Holistic ECM Strategy for Healthcare How ECM consulting helps healthcare providers thrive in an atmosphere of change. Executive Summary Today s healthcare industry is undergoing continual

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Identity Management: Securing Information in the HIPAA Environment

Identity Management: Securing Information in the HIPAA Environment Identity Management: Securing Information in the HIPAA Environment Mark Dixon Chief Identity Officer North American Software Line of Business Sun Microsystems 1 Agenda Challenges we Face Identity and Access

More information

Moving Applications To Cloud

Moving Applications To Cloud Whitepaper Jaya Arvind Krishna Mandira Shah Determining and implementing an IT strategy for any enterprise involves deliberating if current or new applications can be offered via the Cloud. The purpose

More information

Priority III: A National Cyberspace Security Awareness and Training Program

Priority III: A National Cyberspace Security Awareness and Training Program Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.

More information

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program

More information

State Governments at Risk: Time to Move Forward

State Governments at Risk: Time to Move Forward State Governments at Risk: Time to Move Forward National Conference of State Legislatures Executive Committee Meeting Minneapolis, Minnesota May 21, 2016 About NASCIO National association representing

More information

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT ABSTRACT Identity and access governance should be deployed across all types of users associated with an organization -- not just regular users

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

Harness Enterprise Risks With Oracle Governance, Risk and Compliance

Harness Enterprise Risks With Oracle Governance, Risk and Compliance Hardware and Software Engineered to Work Together Harness Enterprise Risks With Oracle Governance, Risk and Compliance Is the plethora of financial, operational and regulatory policies and mandates overwhelming

More information

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

Uniting IAM and data protection for greater security

Uniting IAM and data protection for greater security E-Guide Uniting IAM and data protection for greater security There's been a new development in the information security world: content-aware identity and access management, an integration of two established,

More information

A New Security Dimension: Industry Experience Using Open Standards to Accelerate Threat Response

A New Security Dimension: Industry Experience Using Open Standards to Accelerate Threat Response A New Security Dimension: Industry Experience Using Open Standards to Accelerate Threat Response Jason Corbin VP Product Management and Strategy IBM Security Cyber Threat Intelligence Refresher Payload

More information

Pathways to Empowered Security Leadership

Pathways to Empowered Security Leadership Pathways to Empowered Security Leadership Meet BusinessX Major Retailer BusinessX doesn t have a CISO They just experienced a massive breach that cost millions and put the company in the public eye for

More information

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing

More information

IBM 2010 校 园 蓝 色 加 油 站 之. 商 业 流 程 分 析 与 优 化 - Business Process Management and Optimization. Please input BU name. Hua Cheng chenghua@cn.ibm.

IBM 2010 校 园 蓝 色 加 油 站 之. 商 业 流 程 分 析 与 优 化 - Business Process Management and Optimization. Please input BU name. Hua Cheng chenghua@cn.ibm. Please input BU name IBM 2010 校 园 蓝 色 加 油 站 之 商 业 流 程 分 析 与 优 化 - Business Process Management and Optimization Hua Cheng chenghua@cn.ibm.com Agenda Why BPM What is BPM What is BAM How BAM helps optimization

More information

Cisco Cloud Enablement Services for Education

Cisco Cloud Enablement Services for Education Services Overview Cisco Cloud Enablement Services for Education Bringing the Cloud to the Campus In today s higher education environment, IT organizations must keep pace with a long list of competing demands:

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO Information Governance Workshop David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO Recognition of Information Governance in Industry Research firms have begun to recognize the

More information

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,

More information

Realizing business flexibility through integrated SOA policy management.

Realizing business flexibility through integrated SOA policy management. SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Policy-Based Security, Compliance, and Risk Management

Policy-Based Security, Compliance, and Risk Management Policy-Based Security, Compliance, and Risk Management Automated approach boosts agility, reduces risks of security breaches and regulatory non-compliance, and improves operating efficiency VMWARE WHITE

More information

Introduction. Success Tips for GRC Projects

Introduction. Success Tips for GRC Projects Info Security & Compliance Project Success Tips from Veteran Security Execs What Technology Vendors Don t Tell You and Project Pitfalls to Avoid W I S E G AT E C O M M U N I T Y V I E W P O I N T S 300

More information

QRadar SIEM and FireEye MPS Integration

QRadar SIEM and FireEye MPS Integration QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

The Cloud Balancing Act for IT: Between Promise and Peril

The Cloud Balancing Act for IT: Between Promise and Peril The Cloud Balancing Act for IT: Between Promise and Peril Table of Contents EXECUTIVE SUMMARY...2 ONBOARDING CLOUD SERVICES...3 SYSTEMS OF RECORD: THE NEXT WAVE OF CLOUD ADOPTION...6 A CULTURE OF COMPLIANCE

More information

MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations

MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS Nick Harrahill PayPal Global Security Operations AGENDA Inception of an engagement The legal agreement Assessing the risk Customer call

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

TOP 3. Reasons to Give Insiders a Unified Identity

TOP 3. Reasons to Give Insiders a Unified Identity TOP 3 Reasons to Give Insiders a Unified Identity Although much publicity around computer security points to hackers and other outside attacks, insider threats can be particularly insidious and dangerous,

More information

WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk. A Hootsuite & Nexgate White Paper

WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk. A Hootsuite & Nexgate White Paper WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk A Hootsuite & Nexgate White Paper Mapping Organizational Roles & Responsibilities for Social Media Risk Executive Summary

More information

APP DEVELOPMENT REVOLUTION:

APP DEVELOPMENT REVOLUTION: APP DEVELOPMENT REVOLUTION: ELSEVIER TAKES A NEW APPROACH TO SECURING SOFTWARE DEVELOPMENT Contributors: Alexander J. Fry and Meron Samuel Security awareness works but is not typically part of formal app

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Trust. The platform for business innovation.

Trust. The platform for business innovation. ADP Global Security Trust. The platform for business innovation. HR. Payroll. Benefits. The business operations protection you need, from the partner you trust. These days, every business is in either

More information

SIEM Implementation Approach Discussion. April 2012

SIEM Implementation Approach Discussion. April 2012 SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual

More information

Project Management Office Best Practices

Project Management Office Best Practices Project Management Office Best Practices Agenda Maturity Models (Industry & PMO) PMO Areas of Expertise (Scale & Scope) Project Management Office Process Model Project Management Framework PMO Implementation

More information

MISO Change Management and the Journey of Maturity. Tricia Cawthon August 30, 2013

MISO Change Management and the Journey of Maturity. Tricia Cawthon August 30, 2013 MISO Change Management and the Journey of Maturity Tricia Cawthon August 30, 2013 tcawthon.misoenergy.org Tricia Cawthon, Sr. Manager IT Operations Support Employed by MISO for 6.75 years Several other

More information

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget How Companies Can Improve Website & Web Application Security Even with a Tight IT Budget Website and web application security is no longer a luxury it s a necessity. We live in the age of cyber warfare

More information

A Road Map for Advancing Your Career

A Road Map for Advancing Your Career CERTIFIED BUSINESS INTELLIGENCE PROFESSIONAL TDWI CERTIFICATION A Road Map for Advancing Your Career Get recognized as an industry leader. Get ahead of the competition. Advance your career with CBIP. Professionals

More information

Key Challenges in Implementing the Enterprise Asset Management system

Key Challenges in Implementing the Enterprise Asset Management system Key Challenges in Implementing the Enterprise Asset Management system Contents... 1 Summary... 2 Why Implementing the Enterprise Asset Management System is More Difficult than Expected... 2 Specific Challenges

More information

2014 HIMSS Analytics Cloud Survey

2014 HIMSS Analytics Cloud Survey 2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation

More information

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system

More information

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

IBM Global Business Services Microsoft Dynamics AX solutions from IBM IBM Global Business Services Microsoft Dynamics AX solutions from IBM Powerful, agile and simple enterprise resource planning 2 Microsoft Dynamics AX solutions from IBM Highlights Improve productivity

More information

Capgemini BizLender 360 SM An Integrated Straight Through Processing Solution for Business Lending Origination

Capgemini BizLender 360 SM An Integrated Straight Through Processing Solution for Business Lending Origination Capgemini BizLender 360 SM An Integrated Straight Through Processing Solution for Business Lending Origination Using technology and expertise to boost efficiency, enhance decision making, improve compliance,

More information