Cybersecurity: You re Doing IT Wrong



Similar documents
Candidate Tips and Tricks

Don t Get Left in the Dust: How to Evolve from CISO to CIRO

Why You Need to Test All Your Cloud, Mobile and Web Applications

Cyber Security. John Leek Chief Strategist

Cybersecurity. Are you prepared?

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

I D C A N A L Y S T C O N N E C T I O N

Addressing Cyber Risk Building robust cyber governance

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Digital Strategy. How to create a successful business strategy for the digital world.

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

Cybersecurity in the States 2012: Priorities, Issues and Trends

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Assessing the strength of your security operating model

Information Technology Risk Management

CYBER SECURITY, A GROWING CIO PRIORITY

ITIL 2015 and Beyond: Six Trends Driving Transformational Change in IT Best-Practices

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Address C-level Cybersecurity issues to enable and secure Digital transformation

Securing your Mobile Workforce with Okta and Espion

Business Continuity Planning in IT

Applied Security Metrics

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

States at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent

Connected Intelligence and the 21 st Century Digital Enterprise

Shadow IT: data protection and cloud security

Cyber resilience and IT service management (ITSM) working together to secure the information your business relies on. Stuart Rance. AXELOS.

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

Risks and uncertainties

Managing the Unpredictable Human Element of Cybersecurity

Process Intelligence: An Exciting New Frontier for Business Intelligence

Break the network innovation gridlock

SECURITY RISK MANAGEMENT

The Pitfalls of DIY Approaches to Disaster Recovery

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Strategic Plan FY FY July 10, 2014

Click to edit Master title style

Is your business secure in a hosted world?

Managing Mobility in the BYOD Era:

10 Hidden IT Risks That Might Threaten Your Business

How to Justify Your Security Assessment Budget

The economics of IT risk and reputation

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

KEY TRENDS AND DRIVERS OF SECURITY

Cyber Risk Managemet Next? What Board Members, Shareholders, Government, Auditors and Others Will be Asking from the CIO Next:

HIPAA Reality Check: The Gap Between Execs and IT March 1, 2016

Building an effective stay back team to gain maximum value from an outsourcing agreement

KEY SUCCESS FACTORS IMPLEMENTING A CUSTOMER EXPERIENCE STRATEGY. Sara Sillén

Data Security: Fight Insider Threats & Protect Your Sensitive Data

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Level 2 Award in Safe Driving at Work

Customer Experience Audit

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Feature. Developing an Information Security and Risk Management Strategy

How To Manage Risk On A Scada System

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations

10 Hidden IT Risks That Threaten Your Practice

Is it Time to Trust the Cloud? Unpacking the Notorious Nine

DATA BREACH RISK INTELLIGENCE FOR HIGHER ED. Financial prioritization of data breach risk in the language of the C-suite

Cyber Security - What Would a Breach Really Mean for your Business?

Transcription:

SESSION ID: CXO-F01 Cybersecurity: You re Doing IT Wrong Jared Carstensen Chief Information Security Officer (CISO), CRH Plc @jaredcarstensen

Introduction My Journey Every kid has dream jobs growing up Baby Firefighter Policeman Leader / Politician CISO 2

Perceptions vs. Reality Before & After Before Breach 3 During & Post Breach

Why Are We Doing IT Wrong?

Keeping it Simple! All of it everything, make it secure! Applications apps and more apps Awareness constant challenge Audit multiple synergies & often forgotten 5

Keeping it Simple! Business vs. security purpose and function Burning bridges & long term strategy working with people Bring Your Own Device (BYOD) & Bring Your Own Cloud (BYOC) = bring your own problems & increase risks 6

Keeping it Simple! Context all about risk! Communication we stink at it! Consumerization who are the biggest challenges / risks? Cloud Computing what is going on? Compliance we don t engage enough! 7

Keeping it Simple! Data we apply security wrong! boxes vs. assets Disruptive we tend to approach things in the wrong way Dissecting what is needed vs. what matters? Develop cybersecurity aware culture & workforce 8

Keeping it Simple! Endorsement why we do what we do? Engagement who should we be working with? Efficiency duplication everywhere! Environmental / situational awareness knowing the business Evolving from no to let s work together 9

Keeping it Simple! Finding the champions who supports our objectives? Failure to manage expectations security cannot prevent all attacks and breaches! Fetching quick wins not everything needs a major project! Fashion industry rate of change & trends! 10

Applying Effective Security - A to Z

Getting it Right Applying in Reality! Awareness is often the best return on investment Business enablement and engagement will define your success Culture can make or break security efforts find out what has worked vs. has not Do not try do it all! Prioritize, plan & deliver Engage with sponsors & be the solution not the no or barrier! Focus on what really matters people will forget non-essentials Give options & practical solutions Help others achieve their goals & objectives Inform, interact and involve others in the decision process Justify your role and the need for security Know your strengths & weaknesses play to strengths, build around weaknesses 12

Getting it Right Applying in Reality! (cont) Learn from other mistakes & real world events Manage expectations you cannot stop every attack New technologies do not necessarily fix age old problems Outline key objectives, challenges and requirements to stakeholders Provide metrics if it cannot be measured, it cannot be managed Question yourself and how things are currently being done (understand, not challenge) Response capabilities may well save your company and your career response never goes out of style So what? Ask yourself what will happen if we do, and what will happen if we don t Technology is one component, people and processes will always be the front and center for security Validate ideas and approaches internally prior to executing 13

Getting it Right Applying in Reality! (cont 2) What is the worst thing you could say to your stakeholders at 3AM? This will help understand what matters most to them and what you will need to focus on XaaS can you deliver the same value to the business using different models or approaches? Yesterday s threats and attacks are still the big headache Zero in on the things that matter most to your business stakeholders Reality Check: Our mission and objective should be to enable more secure and resilient services, while protecting our organization s brand, it s customers and employees. We will never stop all attacks, but our success should be determined by our ability to respond and stop the bleeding, while continuing to deliver services to customers and users. 14

Sanity Check

In Summary & Final Thoughts! Car Accidents vs. Security Breaches Rules of road to protect drivers and pedestrians Regulations and standards to protect businesses and consumers Speed limits depending on the type of road Regulations depending on the type of industry and sector Wide choice of cars available depending on your needs Wide choice of solutions and providers depending on your requirements By not adhering to rules and laws of the road, you put your own and others lives at risk By not adhering to security rules, standards, frameworks and best practice, thousands of incidents are happening every days putting your organization and its customers at risk Despite all road safety guidelines, laws and awareness there are countless road accidents and fatalities every day Despite all the standards, guidance, frameworks, regulations and more solutions and services than ever before; countless incidents, breaches and non-compliance continue Is your organization driving recklessly, or are they simply asleep at the wheel? 16

Thank You! If you talk to a man in a language he understands, that goes to his head. If you talk to him in his language, that goes to his heart. ~ Nelson Mandela Jared Carstensen Chief Information Security Officer, CRH Plc @jaredcarstensen / LinkedIn / etc. 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information