The Security Dashboard Visualizing IT and Business Risk Information Security Decisions October 6, 2004.

Slides:

Advertisements

Similar presentations

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,

Advertisements

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

Christophe Fiessinger Senior Technical Product Manager Microsoft Corporation.

HP Quality Center Overview.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

1 1 Risk Management: How to Comply with Everything July 11, 2013.

Bill McClanahan – Principal Business Consultant LPS Integration.

Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

All rights reserved © 2005, Alcatel Enhanced Security situational Awareness for (Enterprise) networks  Bertrand Marquet / François Cosquer  Alcatel.

Security Controls – What Works

The State of Security Management By Jim Reavis January 2003.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

IS6112 Application Modelling and Design Introduction.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

TechMIS LLC Proprietary Tracking Requirements And Compliance Engineering (TRACE ) Steve Collier/B. Squires/TechMIS LLC An affordable and user friendly.

Governance and Portfolio Management

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

Remedy, a BMC Software company Change Management Maximize Speed and Minimize Risk in the Change Process.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Governance, Risk, and Compliance Bill Greene Senior Industry Director.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

A Balancing Act Between Risk Appetite and Risk Tolerance Federal Information Systems Security Educators’ Association Conference March 2005 Ezra Cornell.

Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.

SecureAware Building an Information Security Management System.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Acquisitions: Your Latest Zero Day Presented by: Mitch Greenfield, CISA, CEH, Scott MacArthur, CISSP, CISA, CEH, LPT 1.

Security and Privacy Services Cloud computing point of view October 2012.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

»Vulnerability Management for the Real World » Successful Approaches » What is Vulnerability Management? » Challenges to Effective VM » The Problem Contents:

Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.

Identify steps for understanding and solving the

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.

SME Security. Articulate the major security risks and legal compliance issues for an SME.Explain and justify approaches of investment on InfoSec controls,

STORAGE MANAGEMENT/MASTER: The Storage Control Center SRM, Performance Monitoring and Operations Jenney Fields Senior Consultant GlassHouse Technologies,

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.

1HP PPM Center Overview Business Relationships (Dependencies for processes, infrastructure and other apps) Data Collection - Survey IT Processes HP Application.

TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC

Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?

Copyright © EWA IIT, Inc. June 17, 2002 © 2002  IIT, Inc. EWA Information & Infrastructure Technologies, Inc. 3 FOR OFFICIAL USE ONLY June 17, 2002 ©

CYBER SECURITY PRACTICES: AN EXPERT PANEL DISCUSSION February 12, 2015 Harvard Business School Association of Boston.

Networks ∙ Services ∙ People Mark Johnston SIG ISM - Copenhagen Changing GÉANT’s Security Future GÉANT Feb 22, 2016 CNOO – Head of IIS Fotis.

GRC: Aligning Policy, Risk and Compliance

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

1© Copyright 2016 EMC Corporation. All rights reserved. VIEWTRUST SOFTWARE OVERVIEW RISK MANAGEMENT AND COMPLIANCE MONITORING.

InfoSecurity Compliance Are you ready to be regulated? Presented by: Umesh Verma CEO, BLUE LANCE

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)

Vulnerability Management Programs & The Lessons Learned

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

Governance, Risk, and Compliance Bill Greene Senior Industry Director

Reduce Security Risks to Protect Your Network

Assessing the Security of the Cloud

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Risk Analysis and HIPAA Security

Holistic Approach to Information Security

Governance, Risk, and Compliance Systems in Higher Education

1 5 Identify Connect Leverage MOBILE-READY SINGLE PLATFORM

SERVICENOW GOVERNANCE, RISK, AND COMPLIANCE

How To Resolve Security Incidents and Vulnerabilities Fast

Executive visibility to critical business assets

Effective Risk Management in Decision Making Process

Information Security Risks; All-in-One Terminology

QG Vulnerability Management Module

Presentation transcript:

The Security Dashboard Visualizing IT and Business Risk Information Security Decisions October 6, 2004

Panelists Pete Lindstrom, Spire Security Shon Harris, Logical Security Bill Boni, Motorola Moderator: Andy Briney, InfoSecurity

What’s a Security Dashboard?

Dashboard Wish List 1. Simplifies the management of operational and IT security activities. 2. Correlates data from multiple sources and turns it into actionable information. 3. Maximizes technology investments by integrating with existing products. 4. Measures compliance with accepted practices, internal standards and government regulations (ISO 17799, GLBA, HIPAA, Basel II). 5. Tracks vulnerabilities and remediation status. 6. Prioritizes remediation activities by business impact. 7. Maintains historical information for trend analysis. 8. Maintains prioritized remediation action plans. 9. Facilitates communication between the Business, Information Security, Operations, Audit/Compliance and Risk Management. 10. Produces a meaningful management console/dashboard. Source: Steve Katz

In a Nutshell… Asset discovery and management Vulnerability remediation Threat correlation and assessment Compliance/policy management Reporting/audit Prioritizes risks, remediation workflow Treats operational risk as a lifecycle

How realistic is Andy’s wish list? 1.It’s real: I’m running a management system that does most of this 2.Likely to happen, but not for a few years 3.Unlikely to happen in the near future 4.What you’re asking for is impossible. 5.I dunno enough about this to have an opinion.

Now, for a dose of reality DASHBOARD OBSTACLES Poorly conceived and executed risk analysis models and processes Constantly changing risk environment Evolving (immature?) technologies Immature communications protocols and standards: No lingua franca Poor understanding of relationship of technical risk to business risk