David C. Brown, CISSP, PMP, CEH IUP Information Assurance Day 2011 November 10, 2011 Four Essential Requirements for Securing Your Enterprise.

Slides:



Advertisements
Similar presentations
A BPM Framework for KPI-Driven Performance Management
Advertisements

Chapter 1 Business Driven Technology
CTS Strategic Roadmap Walkthrough, v1.2 Dan Mercer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Unit Five – Transforming Organizations
Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.
Enterprise Resource Planning ERP Systems
Management is Essential
Recall The Team Skills Analyzing the Problem
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Welcome ISO9001:2000 Foundation Workshop.
What is Business Intelligence? Business intelligence (BI) –Range of applications, practices, and technologies for the extraction, translation, integration,
The Evergreen, Background, Methodology and IT Service Management Model
Entré NetMonitor Proactive IT monitoring, Management and support Think DIFFERENT about IT.
Chapter 3 Internal Controls.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Supporting tools in an IT Project & Portfolio Management environment Ann Van Belle -
THE MANAGEMENT AND CONTROL OF QUALITY, 5e, © 2002 South-Western/Thomson Learning TM 1 Chapter 8 Performance Measurement and Strategic Information Management.
© 2009 Delmar, Cengage Learning Chapter 5 Planning and Organizing an Agribusiness.
Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.
Enterprise Resource Planning ERP Systems
Application of the CMMI SM to Plan and Control Life Cycle Costs Dr. Mary Anne Herndon Science Applications International Corporation (SAIC) November, 2003.
The Value Driven Approach
Concepts in Enterprise Resource Planning Fourth Edition
Business Plans Part 4 Taken from
FINANCE MODULE. The various subsystems Financial Accounting Investment management Controlling Treasury Enterprise controlling.
Operational and Postimplementation
Presented by Tom Erickson & Eric McCracken Benefits of a Paperless Office Workflow and Document Management.
How Good are you at Managing your Processes? Operational Excellence.
Changing IT Managing Networks in a New Reality Alex Bakman Founder and CEO Ecora Software.
BUSINESS INFORMATION SYSTEMS
Information Systems and Organisations
Finance & Accounting FIRM
Safeguarding CDI - compliance with DFARS
Chapter 4 Business Performance Management
Scott Blakeley, Esq. Partner Blakeley, LLP
Cyber Risk Presentation to the Board of Directors
Discovering Computers 2010: Living in a Digital World Chapter 14
Chapter 12 Enterprise Information Systems
Management is Essential
Management is Essential
Internal Control Systems
Attention CFOs How to tighten your belt and still survive May 18, 2017.
Leverage What’s Out There
VP, Institutional Services
Recall The Team Skills Analyzing the Problem
Chapter 5 :The Business Plan (Creating and Starting The) Venture
Implementing Strategy: The Balanced Scorecard and the Value Chain
Speaker’s Name, SAP Month 00, 2017
Business Performance Management works for everyone
Operational and Postimplementation
Strategy and Human Resources Planning
Defining Processes BEFORE ERP
Need for VPN As a business grows, it might expand to multiple shops or offices across the country and around the world. the people working in those locations.
Agenda Workforce Development Coaching Mentoring
Chapter 5 :The Business Plan (Creating and Starting The) Venture
PRIVILEGED ACCOUNT ABUSE
Bank On It.
Why ISO 27001? Subtitle or presenter
Information Social Access Mapping: Who is doing what with data?
Establishing a Strategic Process Roadmap
GRC - A Strategic Approach
Design Secure & Compliant Roles for Oracle ERP & HCM Cloud
Six Sigma and Lean Thinking
What If Process is Your Problem?
Data Security and Privacy Techniques for Modern Databases
Conducting a Business Impact Analysis (BIA)
Presentation transcript:

David C. Brown, CISSP, PMP, CEH IUP Information Assurance Day 2011 November 10, 2011 Four Essential Requirements for Securing Your Enterprise

Slide 2 of 29 Agenda Speaker Real Security Requires Focus How to REALLY Secure Your Enterprise CEO View: Value, Growth, Protection Shared Enterprise Reference Model Discovering the As-Is State Prioritizing: Using Business Goals as Guide Tie it All Together for Security Additional Benefits Action Summary David C. Brown, CISSP, PMP, CEH

Slide 3 of years experience in information technology and manufacturing business processes 20+ years experience addressing CyberSecurity Six Sigma Green Belt ITIL V3 Foundation for Service Management HIPAA, Security Analyst, Computer Forensics, etc… MOST IMPORTANT: Experience as a victim à la Morris Worm, 1988 Speaker David C. Brown, CISSP, PMP, CEH

Slide 4 of 29 Real Security Requires Focus David C. Brown, CISSP, PMP, CEH Business Goals 7 Business Components Business Information Touch Points

Slide 5 of 29 How to REALLY Secure Your Enterprise David C. Brown, CISSP, PMP, CEH 1. CEO View: Value, Growth, Protection 2. Shared Enterprise Reference Model 3. Discovering the As-Is State 4. Prioritizing: Using Business Goals as Guide

Slide 6 of 29 A Perception Problem David C. Brown, CISSP, PMP, CEH Mark & Access Control My department, project, branch, etc is the most important What should be everyone’s viewpoint?

Slide 7 of CEO View: Value, Growth, Protection David C. Brown, CISSP, PMP, CEH CEO COMPETITION CASH FLOW OPERATIONS DEVELOPMENT CUSTOMERS Suppliers GOVERNMENT FINANCE IT SECURITY Opportunities & Threats HR LEGAL All Priority Ones

Slide 8 of 29 How Do You Share CEO’s View? David C. Brown, CISSP, PMP, CEH Models: Chair Table Business?

Slide 9 of CEO’s Reference Model David C. Brown, CISSP, PMP, CEH Business Goals – Value, Growth & Protection

Slide 10 of 29 CEO’s Reference Model David C. Brown, CISSP, PMP, CEH Customer calls with an order. – Information 3. Employee takes order - People 4. Order transmitted over the network to a server - Infrastructure 4

Slide 11 of 29 CEO’s Reference Model David C. Brown, CISSP, PMP, CEH Given to application and entered into database - Technology

Slide 12 of 29 CEO’s Reference Model David C. Brown, CISSP, PMP, CEH Credit limit, shipping restrictions check – Business Rules

Slide 13 of 29 CEO’s Reference Model David C. Brown, CISSP, PMP, CEH Workflow management, sequencing – Business Process

Slide 14 of 29 CEO’s Reference Model David C. Brown, CISSP, PMP, CEH Patient intake/discharge/management Student enrollment/graduation Order processing Manufacturing Bank account creation Employee management Many more… Many processes - All should be focused on Business Goals

Slide 15 of 29 Value of Enterprise Reference Model David C. Brown, CISSP, PMP, CEH Adds common structure to security assessment, risk assessment, BIA, BA, and audit tools Adds common structure to Six Sigma, ITIL, PCI, SOX, Audits, etc… Works for: any industry any process any company All use the same 7 business components

Slide 16 of 29 Business Process Mapping - Critical to understanding your enterprise - Critical to security - Starting point 3. Quick Start: Where to Begin? Discovering the As-Is State David C. Brown, CISSP, PMP, CEH Order Ship About Processes

Slide 17 of 29 Discovering the As-Is State David C. Brown, CISSP, PMP, CEH OrderShip They Multiply

Slide 18 of 29 Everything moving Nothing is removed – might break it & no time to fix Manual process mapping takes months, political, infrequent exceptions forgotten, ties up the everyone’s time – Major effort ABPD software quickly maps business processes & discovers the business component relationships Weeks not months – Enables Quick Start Automated Business Process Discovery (ABPD) Software David C. Brown, CISSP, PMP, CEH

Slide 19 of 29 CEO’s perspective Shared perspective with all stakeholders Found & documented all processes How do you balance all of the requirements? Prioritizing Among Equals Example: 100’ wall vs. Safety Deposit box Cloud vs. private cloud David C. Brown, CISSP, PMP, CEH

Slide 20 of Prioritizing: Keeping Business Goals as Guide David C. Brown, CISSP, PMP, CEH Component Aspects

Slide 21 of 29 Prioritizing: Keeping Business Goals as Guide David C. Brown, CISSP, PMP, CEH Business Goals Confidentiality Competition Partners Budget Etc… Example analysis

Slide 22 of 29 Short Walkthrough David C. Brown, CISSP, PMP, CEH Example – Reduce cost of blue widgets Archive Backup Create Destroy Encrypt Filter Input Monitor Share Store Track Transform Transmit Sequencing Throughput Handoffs Owner Emissions OSHA Health Assessments Training Skill set Order Entry Inventory Paint Booth Size Paint Gun Type

Slide 23 of 29 Not replacement for existing analysis tools Multiplies the power of existing security assessment, risk assessment, BIA, BA, & audit tools Guides prioritization of funding for business efforts Identifies gaps Helps determine business requirements Reveals true scope of required changes – It’s not just one project TruBPI SM Analysis Chart David C. Brown, CISSP, PMP, CEH

Slide 24 of 29 Make the chart as detailed as you want Include SMEs from every part of the organization Don’t expect to do it overnight Mine has taken quite a while to build Here’s some of the sources and areas that I used to build my TruBPI Analysis chart: TruBPI SM Analysis Chart David C. Brown, CISSP, PMP, CEH

Slide 26 of 29 Tie It All Together for Security 1. Focus: On all information touch points, CEO View 2. Share: i360 Business Information Model 3. Quickly capture “As-Is state”: ABPD software tool 4. Prioritize time & resources David C. Brown, CISSP, PMP, CEH

Slide 27 of 29 Responsiveness - new opportunities Reduced cost/time for compliance audits Reduced cost/time litigation costs – eDiscovery Business Intelligence & Balanced Scorecard implementation readiness Extremely FOCUSED on Business Goals Additional Benefits David C. Brown, CISSP, PMP, CEH

Slide 28 of 29 Release Deadline vs. Process – Dave vs. Guard CEOs Hate “No” – You MUST add value You are still going to be held responsible Security & IT – Why You're NOT in the Loop David C. Brown, CISSP, PMP, CEH

Slide 29 of CEO must be directing – Not a handoff 2. Tell your CEO 3. Our thinking must change - CEO View 4. Not a quick fix – No Shortcut 5. Start small 1 process – Pilot project 6. Implement in 3 month steps – Short steps 7. Continuous improvement – Never stops 8. Learn more - signup for our newsletter Action Summary for Security David C. Brown, CISSP, PMP, CEH

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.