Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Slides:



Advertisements
Similar presentations
What is Business Architecture?. Overview Agility matters today more than yesterday Previous methods for managing change were designed for the needs of.
Advertisements

Geert Kruiter VP Continental Europe The role and impact of M&A on innovation.
MASTER OF MANAGEMENT PROGRAM MM46 PPM GRADUATE SCHOOL OF MANAGEMENT January 09, 2010 LECTURER : HENRY CHRISTIANTO., ST., MTI.
Company Analysis.
Strategic case for information & IT Acknowledgements to Euan Wilson (Staffordshire University)
Presented by Supply Management By: Leigh Podolak Presented by Source One Management Services, LLC Lesson 1 Roles.
Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.
Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.
May-15 C ONFIDENTIAL confidential Pete McGarahan Executive Industry Fellow The Outsourcing Debate.
Strategic Charles W. L. Hill Management Gareth R. Jones
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Introduction to sustainability policy and reporting in other sectors Tim Birley Tim Birley Consultancy for CaSPr.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Security Controls – What Works
“The 21st Century CIO” Mark Polansky
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
The State of Security Management By Jim Reavis January 2003.
A Portfolio Approach to Enterprise Risk Management Bruce B. Thomas November 11, 2002.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
Chapter 3 Internal Analysis: Distinctive Competencies, Competitive Advantage, and Profitability.
Performance Measures- Leading Indicators (Activity Drivers) Prepared by Group 4: Andrew Molloy Amy Miller Mike Elicker.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
© IPED, a division of Everything Channel, a United Business Media Company. All rights reserved. IPED materials may not be reproduced or redistributed without.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Privia Users Conference The Leadership Forum for Integrated Capture, Bid and Proposal Management October 27 – 28, 2008 Tim Bauman, Managing Partner, Waypoint,
Introduction Challenges of Managing in a Network Economy.
The global body for professional accountants Brand Insights: Principles of branding and thought leadership in the accountancy profession.
Operational Excellence and Sustainable Performance Improvement Date: 9 June, 2009.
Data On Call: Strategic Plan Deanna Lynch. Introduction  Background  Long Term Objectives  Vision, Mission, and Values  Internal and External Analyses.
Threat Assessment in a Logical Environment U.S. Financial Infrastructure Physical to Logical environment Protection and Threat Assessment Safe School.
Challenges in Infosecurity Practices at IT Organizations
COMPETING WITH INFORMATION TECHNOLOGY
1 The Benefits of an SOA in the Contact Center Brian Garr Program Director, IBM Speech Solutions.
TeamCluster Project Real time project management solutions Harry Hvostov April 27, 2002.
Managing the UW Cycle CARe Hamilton Bermuda June 2005 John Doucette.
Mgt 20600: IT Management & Applications Catalysts for IT Investment Thursday January 26, 2006.
David Wippich, CEO Ensim. What We’ll Talk About Today Crazy Market Dynamics Convergence of Convergence Unifying Unified Communications Benefits of Complexities.
Align Business and Information Technology – with SOA Pradeep Nair Director – Software Group (IBM India/SA)
CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.
Marv Adams Chief Information Officer November 29, 2001.
© 2009 IBM Corporation Smarter Decisions for Optimized Performance IBM Global Executive Forum Panel Discussion Business Analytics and Optimization Fred.
International Consulting Data Sheet. 1 Program Management for International Headquarters (IHQ) Why does a company go International ? Reach new markets/optimize.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Connecting the dots … between Finance and Operations in Telecoms Don van Splunteren VP Sales, NAAP Global Solutions.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Career Opportunities Brian L. Davis. 2 The Premier Place to Start and Build your Career Service Lines Assurance and Business Advisory Services Financial.
Main Function of SCM (Part I)
Michael Saucier - OSIsoft Cliff Reeves - Microsoft Your Portal to Performance An Introduction to the RtPM Platform Copyright c 2004 OSIsoft Inc. All rights.
COMPANY INTERNAL — CONFIDENTIAL Unauthorized Use and Disclosure Prohibited Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. COMPANY INTERNAL.
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.
E-FINANCE CHAPTER 6 RISK AND CHALLENGES Risk and Challenges, V.C joshi (2004), E-finance Log into the future, 2nd Edition, Thousand Oakes, London, E-finance:
Shared Services Initiative Summary of Findings and Next Steps.
References: Supply Chain Saves the World. Boston, MA: AMR Research (2006); Designing and Managing the Supply Chain – Concepts, Strategies and Case Studies;
Information Security What every CFO needs to consider Joe Fracchia, CPA, CISA November 22, 2013.
Information Security Program
Section 1 Delivering Value with IT
Information Security based on International Standard ISO 27001
Business Drivers for Investment
The Circle of Trust Greg Hungerford.
The role and impact of M&A on innovation
Why do Companies Invest in Multilingual Content Initiatives?
Presentation transcript:

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005

Agenda Today’s Security Realities Perception of Security Showing the business value of Security The 3 R’s Seeing Security Differently Retooling to leverage the Value

Today’s security realities… Threats are on the rise Time to respond has decreased Regulatory pressures are on the rise Business integration has eroded the network perimeter Spending more on security doesn’t equate to better protection

When we think of Security Guns - Guards - Geeks Keeping bad guys out Cost center focused Poorly defined metrics Lost in translation Out of alignment with business drivers Unable to show business value

Traditional Security Approaches Infrastructure security point solutions Firewalls VPN Antivirus Software Security operations Account creation Passwords Application Security Authorization policies

What’s the impact? Technology focus Higher TCO Long and costly cycles System access Application development Provisioning Inconsistent policies Focused on threat Avoidance vs. Risk Management Perceived as inflexible Not seen as a ‘value add’

Showing the value of Security Instead of Threats – focus on the 3 R’s Revenue How can security increase revenue opportunities? Can security help to reduce or avoid costs? What are your key information assets? Reputation What is the your brand worth? What are your relationships worth? Regulations What are you required to do?

Revenue Opportunities Efficiency Gains and Reduced Costs Centralized identity controls Self Registration Automated password resets Spam filtering Outsourcing Early Risk Assessments Lower TCO

New market opportunities Could security be a market differentiator? Secure ebiz strategy Barriers to entry Patents Speed to Market initiatives Business process improvements Shortened development cycles Automated provisioning Revenue Opportunities

Information Asset Protection Protect what matters most Apply the same principles as insuring your physical assets Could you lower your insurance premiums by implementing stronger security? “Intangible assets such as intellectual property represent approximately 60% to 80% of a company’s assets.” – Accenture Survey 2004 Revenue Opportunities

Security as a Differentiator

Reputation What’s your Brand Equity value? What do you spend on demand creation to grow your market? What would be the impact to your stock price if your customer database were hacked?

Examples of reputation damage

Regulations SOX, GLBA, HIPAA, EU Privacy…. What regulations are relevant to your industry? What are your local and overseas requirements? Are your service providers also in compliance? Are there competitive advantages to anticipating the next set of regulations?

Retooling your organization Gain Business Ownership Move security to an advisory role & let the business decide Seek new Funding Models Tie key security operational costs to IT but push more security costs out to business units Restructure to deliver the right services Develop an IP Protection Strategy Define what’s most important to protect

Retooling your organization Improve Communications Focus on Risk Management rather than threats and vulnerabilities Measure and communicate biz value Expand Team Skills ALL personnel should be security literate Require security personnel to understand the business Improve processes Tie security & risk to procurement, SDLC, operational processes Focus more on Value Proposition and less on ROI Establish Accountability Tie performance reviews and merit increases to compliance and awareness levels

Questions / Comments?

Changing the Paradigm Stop seeing Security as only technology Require your security teams to talk “Business” Determine the right level of risk Focus on process improvements Communicate the value security brings to the business – the 3 R’s Faster to market Improved productivity New revenue streams Stronger brand

“It’s not the strongest species that survives, nor the most intelligent, but the ones most responsive to change…” Charles Darwin

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.