Strategy: If you don’t know where you’re going, you’ll never get there

Slides:

Advertisements

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

Advertisements

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Cyber Metrics in the DoD or How Do We Know What We Don’t Know? John S. Bay, Ph.D. Executive Director.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart,

Module 2 Segregation of Duties Case Study Individual Assignment

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

By: Ashwin Vignesh Madhu

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

Guideline 2 Identifying Recordkeeping Requirements Funafuti, Tuvalu June 2013.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Network security Product Group 2 McAfee Network Security Platform.

ClearView Value-adding Services for Non-Profit Operations Management Transparency for Understanding, Visibility for Decisions N OT F OR P ROFIT S ERVICES.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.

Security: Emerging Threats & Trends Danielle Alvarez, CISO.

ADMINISTRATIVE AGENCIES Crystal Wahlstrom-Kauffman April 1 st, 2008 MGT 335.

Cyber Risks: Protecting confidential data against unauthorized access Vik Bansal Deloitte & Touche LLP John Reidhead State of Utah March 17, 2016.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Unit 4: Impact of the Use of IT on Business Systems

CS457 Introduction to Information Security Systems

Cyber Security – An Existential Threat? (IIC, Singapore)

Information Security Program

Chapter 3 Internal Controls.

Partnership Working

Defining a World-Class Finance Organization

Today’s cyber security landscape

Cybersecurity - What’s Next? June 2017

Public Facilities and Cyber Security

UNIT I INTRODUCTION Growing IT Security Importance and New Career Opportunities – Becoming an Information Security Specialist – Conceptualizing.

Chapter Three Objectives

Teri Takai EXECUTIVE DIRECTOR, CENTER FOR DIGITAL GOVERNMENT.

World Health Organization

CIMA F3 Financial Strategy

التخطيط الإستراتيجي ببساطة – تحديد اتجاه مؤسسة – حزب – حركة – مجتمع ما في المرحلة المقبلة. سؤال إلى أين تتجه المؤسسة – الحزب – الحركة - المجتمع؟ وكيفية.

THE DENTAL PLAN.

Panel Discussion Can We Handle an Advanced Cyber Threat?

I have many checklists: how do I get started with cyber security?

Working Together to Improve Cyberintelligence in the Big Ten

Self evaluation.

Cyber Security in Ports Business as Usual?

Join In Be Secure Presentation

Statistical Capacity development 4.0

Cyber Defense Matrix Cyber Defense Matrix

The MITRE Corporation Team

Claire NAUWELAERS, independent policy expert

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

Securing the Threats of Tomorrow, Today.

Security Management Platform

GLOBACOM telecommunications company Prototype Alfred Awonuga.

UW System Information Security

What are the Resilience Mechanisms? Hugo Pereira Evoleo Technologies

Cybersecurity ATD technical

How to address security, cost, IT and migration concerns

Neil Kirton and Zoë Newman

Cybersecurity EXERCISE (CE) ATD Scenario questions

Final Conference 18 Set 2018.

M.Eng. Alessandro Mancuso Supervisor: Dr. Piotr Żebrowski

Cyber Security in a Risk Management Framework

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

KEY INITIATIVE Financial Data and Analytics

Working in a digital way

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

What is Cybersecurity Office of Information Technology

Presentation transcript:

Strategy: If you don’t know where you’re going, you’ll never get there Don Welch, Ph.D. CISO

Agenda Introduction Risk Strategy Basics IT and Business Strategy Strategic Analysis Design Framework Communicating the Strategy

Introduction

Why listen to me?

Cyber Security Environment

Foreign Intelligence

Criminals

Hacktivists

C-Level Leaders

Risk

Strategy 101

Strategy: Definition High level plan to achieve one or more goals under conditions of uncertainty WikiPedia

Strategy: Definitions A pattern in a stream of decisions Henry Mintzberg, McGill University

Strategy: Definitions Planning and marshalling resources for their most efficient and effective use Business Dictionary

Strategy: Definitions Plan to achieve long-term goals Guide for decisions at all levels Efficient and effective resource allocation

Asymmetry and Adversaries

Strategic Environment Analysis Threat Asset Impact Attacker Payoff Capability

Constraints Funding Regulations and Laws Staff Time and Talent Business Overhead Political Capital Accountability Calendar Time

Coverage Matrix People Process Technology Identify Protect Detect Respond Recover

Example Nested Matrix Detect/Technology Near Real-Time Post Compromise Network Payload Endpoint

Example Nested Matrix Protect/People Users IT Staff Security Mandatory Optional

Written Plan One Pager < 10 Pages Full Document

Information Security Strategy Identify Low Protect Moderate High Watch High + (Restricted) Recover Respond