How to Create an Effective Long-Term Cybersecurity Strategy

Slides:



Advertisements
Similar presentations
Copyright The Info-Tech Research Group Inc. All Rights Reserved. D1-1 by James M. Dutcher Strategic IT Planning & Governance Creation H I G H.
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Holistic Approach to Security
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Chapter 1 Market-Oriented Perspectives Underlie Successful Corporate, Business, and Marketing Strategies.
JMFIP Financial Management Conference
Law Firm Data Security: What In-house Counsel Need to Know
Information Security Program
An Overview on Risk Management
Improving the effectiveness of cyber security – controlling people, process and technology 10 April 2014.
Cybersecurity - What’s Next? June 2017
Data Minimization Framework
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Planning for Information System
Attention CFOs How to tighten your belt and still survive May 18, 2017.
Introduction to a Security Intelligence Maturity Model
Leverage What’s Out There
IT Professional Perspective IT Strategy, Policy and Governance
Cybersecurity Policies & Procedures ICA
ESSENTIALS OF A PHYSICAL SECURITY SYSTEMS RISK ASSESSMENT
San Francisco IIA Fall Seminar
San Francisco IIA Fall Seminar
Cyber defense management
Information Security: Risk Management or Business Enablement?
I have many checklists: how do I get started with cyber security?
8 Building Blocks of National Cyber Strategies
Making Information Security Manageable with GRC
Managing Change and Other Keys to Successful Implementation
Making Information Security Actionable with GRC
By Jeff Burklo, Director
ITP Maturity Model Survey 2018
Cyber Risk & Cyber Insurance - Overview
Cyber security Policy development and implementation
Cybersecurity ATD technical
IS Risk Management Framework Overview
Employee engagement Delivery guide
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
MAZARS’ CONSULTING PRACTICE
Managing IT Risk in a digital Transformation AGE
Cyber Security in a Risk Management Framework
GRC - A Strategic Approach
DSC Contract Management Committee Meeting
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
KEY INITIATIVE Financial Data and Analytics
KEY INITIATIVE Shared Services Function Management
KEY INITIATIVE Shared Services Optimization
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
KEY INITIATIVE Financial Data and Analytics
KEY INITIATIVE Internal Control and Technical Accounting
Awareness and Auditor training kit
DSC Contract Management Committee Meeting
Presentation transcript:

How to Create an Effective Long-Term Cybersecurity Strategy Webcast Description: Cybersecurity has recently become an increased concern, especially in the legal industry. With more clients approaching you about your security practices and procedures, it has become necessary to implement a cybersecurity plan for your firm. Cybersecurity is not a passing fad, as it's steadily amounting to be more prevalent and crucial as time goes on. The number of threats will continue to increase as the type of threats progressively grow more sophisticated. It's paramount that your firm has a long-term cybersecurity strategy in place for current and future threats that may arise. This webinar will explore the essential components of a practical and comprehensive cybersecurity strategy, one that will ensure your firm maintains a strong and mature cybersecurity position, both now and in the future.

Agenda Meet Paul & TruShield Missing the big picture Think Strategically, Act Tactically How? Suggested problem statements: Navigating the dynamic landscape of cybersecurity can be strenuous, creating a strategy doesn’t have to be Navigating dynamic landscape of cybersecurity can be challenging Not having a strategy mapped out can be a hazard for your business

Meet Paul Caiazzo Connect with me: Co-Founder, CEO, Chief Security Architect CISSP, CISA, CEH M.S. in Information Security and Assurance 15+ years of experience in Information Security Connect with me: @Paul_Caiazzo https://www.linkedin.com/in/pcaiazzo pcaiazzo@trushieldinc.com

About TruShield A global cyber security company based in the Washington D.C. metro area. Provider of the following high-quality, concierge services: Continuous Security Monitoring, Alerting and Incident Response Compromise Assessments Threat Protection Security Consulting Managed Security Services Security Architecture Risk Assessment Services Security Awareness Training Penetration Testing …and much more Vulnerability Assessments

Missing the Big Picture Boards increasingly responsible for cybersecurity Outdated understanding of cyber risk The ‘Technical problem’ misconception The ‘We aren’t a target’ misconception Unpredictability, and potentially high impact of cyber risks Hidden pay-offs to getting it right Therefore, lower priority Suggested problem statements: Navigating the dynamic landscape of cybersecurity can be strenuous, creating a strategy doesn’t have to be Navigating dynamic landscape of cybersecurity can be challenging Not having a strategy mapped out can be a hazard for your business

Missing the Big Picture High volatility in cyberthreat landscape Heavy focus on tactical issues, at the cost of the big picture Maturity in this space requires leadership focus on strategies which protect the firm over the long term Over-investment in preventive controls, lack of focus on detection and response Suggested problem statements: Navigating the dynamic landscape of cybersecurity can be strenuous, creating a strategy doesn’t have to be Navigating dynamic landscape of cybersecurity can be challenging Not having a strategy mapped out can be a hazard for your business

Can’t see the forest from the trees… Roadmap Slide Can’t see the forest from the trees…

Think Strategically What are my firm’s business goals and objectives? What is my firm’s technology strategy? What regulatory requirements do we have? Can we envision any key threats to any of these?

To Reach a Destination, Know Where You’re Starting From Every great journey begins with a single step A thorough current state assessment gives you an understanding of your starting point Prioritize and intelligently allocate resources

Current State Assessment Many frameworks to assess yourself against Select one which aligns with your business objectives We like the SANS 20 CSC for those just starting out Talk about security frameworks SANS 20 CSC is within reach for smaller organizations

Strategic Analysis Compare your current state against your target state Consider: Your firm’s business and IT strategies Regulatory requirements and impacts of non-compliance Areas of strength and weakness Key risks (regulatory, reputation, opportunity, data loss, etc) Key threats you envisioned earlier Resources available to your firm Depends on how far off the organization you are assessing Even if you are trying to achieve ISO or FISMA, you can start with SANS 20 Doesn’t account for massive title shift, mid-stream, game-changing incident (new branch, merger, etc)

Security Program Roadmap Helps leadership: Organize Prioritize Strategize Long-term plan to achieve cyber maturity and sustainability Finish Depends on how far off the organization you are assessing Even if you are trying to achieve ISO or FISMA, you can start with SANS 20 Doesn’t account for massive title shift, mid-stream, game-changing incident (new branch, merger, etc)

Tightly Aligned with Business Strategy/Objectives Executive governance and buy-in Corporate culture of security Relationships between key stakeholders within the firm Communications between IT/Security and other business units Identification of skills gaps and training to close them Technology planning with security in mind

Business Drivers Policy and Standards Framework Strategy Policy and Standards Framework Compliance Architecture Operations Awareness Governance and Organization Services Network security Software Security Host Security Data Protection Identify & Access Mgmt. Asset Mgmt. Third-Party Mgmt. Threat & Vulnerability Mgmt. Security Monitoring Privacy Business Continuity Mgmt. Incident Mgmt. Technology Protection Functional Operations Resiliency Intelligence Data Infrastructure Events Alerts Logs Metrics and Reporting

Identify Protect Optimize Sustain Enable

Identify Protect Optimize Sustain Protect what matters most Develop a security strategy focused on business drivers & protecting high-value data. Assume breaches will occur- improve processes that plan, protect, detect & respond. Balance fundamentals with emerging threat management. Establish & rationalize access control models for applications & info. Identify the real risks Define the org’s overall risk appetite & how information risk fits. Identify most important info & applications, where they reside & who has/needs access. Assess threat landscape & develop predictive models highlighting your real exposures. Identify Protect Optimize Sustain Enable business performance Make security everyone’s responsibility. Don’t restrict newer technologies; use the forces of change to enable them. Broaden the program to adopt enterprise-wide info risk management concepts. Set security program goals & metrics that influence business performance. Sustain an enterprise program Get governance right- make security a board-level priority. Allow good security to drive compliance, not vice versa. Measure leading indicators to catch problems while they are still small. Accept manageable risks that improve performance. Optimize for business performance Align all aspects of security (info, privacy, physical & business continuity) with the business. Spend wisely in controls & technology- invest more in people & processes. Consider selectively outsourcing operational security program areas.

Primary Impact Level of effort 0 months 12 months 18 months 24 months 1. Network monitoring and log management Primary Impact 3. Incident response enhancement Enterprise IT Business operations Level of effort Low 6. Security architecture development Medium High 10. Security tool optimization 12. Security analytics 14. Threat and vulnerability management (TVM)

Primary Impact Level of effort 0 months 12 months 18 months 24 months 1. Network monitoring and log management Primary Impact 2. Security awareness 3. Incident response enhancement Enterprise IT Business operations Level of effort 5. Security function reorganization Low 6. Security architecture development Medium High 8. Policy standards and guidelines 9. Privileged account management 10. Security tool optimization 12. Security analytics 13. Governance, risk and control (GRC) 14. Threat and vulnerability management (TVM) 15. Unmanaged devices

Primary Impact Level of effort 0 months 12 months 18 months 24 months 1. Network monitoring and log management Primary Impact 2. Security awareness 3. Incident response enhancement Enterprise IT Business operations 4. High-value asset inventory Level of effort 5. Security function reorganization Low 6. Security architecture development Medium High 7. Network segmentation 8. Policy standards and guidelines 9. Privileged account management 10. Security tool optimization 11. Acquisition/Integration playbook 12. Security analytics 13. Governance, risk and control (GRC) 14. Threat and vulnerability management (TVM) 15. Unmanaged devices

How can MSSP help?

877-583-2841 TruShieldInc.com info@trushieldinc.com Questions 877-583-2841 TruShieldInc.com info@trushieldinc.com Connect with me: @Paul_Caiazzo https://www.linkedin.com/in/pcaiazzo pcaiazzo@trushieldinc.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.