SAFE KNOWLEDGEwww.zondex.com SAFE KNOWLEDGE GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection.

Slides:



Advertisements
Similar presentations
Business Improvement Review Knowledge Understanding Action.
Advertisements

Page 1 Capability Business Benefit Business Risk KEYBA Capabilities: Benefits V Risks Facilitation of Decision making Getting the right people together.
HR Manager – HR Business Partners Role Description
Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.
IMFO Audit & Risk Indaba June 2012
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Executive View of Project Management Jim Green, Vice-President Corporate Financing and Risk Management Development Services, WWREI, T&S BMO Financial Group.
Introduction to Enterprise Risk Management (ERM)
Code/Date © 2005 by Smiths Group: Proprietary Data Smiths Competency Model Strategic Decision Making Leading People Driving Results Commercial Orientation.
© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.
IT Governance Navigating for Value Michael Vitale 6 May 2003 CIO Conference Steering the Enterprise Through Stormy Seas Image source: Access2000.
Action Implementation and Monitoring A risk in PHN practice is that so much attention can be devoted to development of objectives and planning to address.
The Australian/New Zealand Standard on Risk Management
Strategic and Operational planning. Planning Planning means the creation of a plan Planning: the organizational process of creating and maintaining a.
Challenge Questions How good is our operational management?
Management’s Role in Major IT Initiatives
Performance Management Upul Abeyrathne, Dept. of Economics, University of Ruhuna, Matara.
1. RECENT PERFORMANCE AND CAPACITY TO DRIVE PROGRESS Recent data Areas to considerExample questions Red Green Is the school on trajectory? Is attendance.
Relevant Impact Building an Enterprise Security Program Tech Security ConferenceMinneapolis April 10, 2014.
Learning and Development Developing leaders and managers
Information Technology Audit
What is Business Analysis Planning & Monitoring?
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
SEC835 Database and Web application security Information Security Architecture.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Public Bodies Governance Conference 8 March 2013 Performance and risk: keeping your finger on the pulse!
Security Policies Jim Stracka The Problem Today.
1 CREATING A LEARNING ORGANIZATION AND AN ETHICAL ORGANIZATION STRATEGIC MANAGEMENT BUAD 4980.
1 Implementing Computer Applications in Counseling James P. Sampson, Jr. Florida State University Copyright 2003 by James P. Sampson, Jr. All rights reserved.
Strategic Commissioning
Outcomes of the 16 th Regional Disaster Managers Meeting held from 9 th – 11 th August 2010 Presentation to the Pacific Humanitarian Team Monday 6 th December.
Developing a result-oriented Operational Plan Training
Communication System Coherent Instructional Program Academic Behavior Support System Strategic FocusBuilding Capacity.
Logistics and supply chain strategy planning
Challenges in Infosecurity Practices at IT Organizations
Institutional Development for Improved Water Quality | November 2010 Operation and Maintenance for Safe Drinking Water – Institutional development to achieve.
Industry SDLCs and Business Climate. Justin Kalicharan Credentials Director and Senior Technology Officer Over 14 years of coding experience in various.
Irene Khan – Secretary General Building effective and responsive INGOs, the strategic role of HR: The IS Job Value Review 8 February 2008.
CSZ QUANTUM LEAP – Vic Falls Peter Doona Finance Director BAT Zimbabwe.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Project Management For the Non Project Manager 1.
Project Management IV1021Fö5 Risk Management. Agenda Project Risk Project Risk Management The Risk Management Process Goal: get an understanding of basic.
Governance and Commissioning Natalie White DCSF Consultant
Introducing Project Management Update December 2011.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Information System Project Management Lecture Five
Kathy Corbiere Service Delivery and Performance Commission
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Continual Service Improvement Methods & Techniques.
Info-Tech Research Group1 Manage IT Budgets & Cost World Class Operations - Impact Workshop.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
Risk management. Definition and Aim  Risk management is examine systematically all risks and react on them, taking into account all the effects of.
" The Importance of RM in strategic in sustainable service delivery How to avoid Service Delivery Protest ” Institute of Municipal Finance Officers & Related.
Flood Forum Victoria 14 November 2014 Presented by: Joe Buffone Deputy Commissioner Director Risk & Resilience.
RISK MANAGEMENT IN THE PUBLIC SECTOR CONVERGING MULTIPLE STAKEHOLDER’S EXPECTATIONS Organised by National Treasury Presented by WELEKAZI DUKUZA CEREBRO.
Practical IT Research that Drives Measurable Results 1Info-Tech Research Group Establish an Effective IT Steering Committee.
AGRO PARKS “The Policy Cycle” Alex Page Baku November 2014.
Australian National Audit Office Better Practice Guide: Implementation of Programme and Policy Initiatives Presentation to the Canberra PMI Chapter 7 March.
ExpertSelect Belgium S.A. – Chaussée des Collines 54 – B-1300 Wavre – BELGIUM – +32 (0) – Optivalue.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Learning and Development Developing leaders and managers
IT Governance at the SCO
HPI Leadership and Challenges
Learning and Development Developing leaders and managers
Helene Skikos DG Education and Culture
Portfolio, Programme and Project
Define Your IT Strategy
Presentation transcript:

SAFE KNOWLEDGEwww.zondex.com SAFE KNOWLEDGE GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection

SAFE KNOWLEDGEwww.zondex.com The Management versus Technical Staff Challenge Create win-win IT security outcomes that meet management objectives for the enterprise, and realistic productivity expectations of the IT department

SAFE KNOWLEDGEwww.zondex.com Differing cultures n Non-technical managers are mostly in a world of budgets, timeframes, deadlines, deliverables, results and the “big picture” n IT staff are mostly in a world of rapid change, uncertainties, threats, complexity and detail, as well as timeframes, deadlines and deliverables n The difference is often clear to IT staff but unclear to non-technical managers

SAFE KNOWLEDGEwww.zondex.com The Management versus Technical Staff Conundrum n Corporate structure that fails to acknowledge a rapidly changing security landscape n Poorly defined IT security roles and responsibilities for non-technical management and IT management teams n Failure of technical expectations to be fulfilled due to unrealistic low budgets and failure of non technical management to approve sufficient human resources to meet the requirements of the IT department n No common approach and a lack of language clarity between management and technical staff

SAFE KNOWLEDGEwww.zondex.com Enterprise Structure n Enterprise management and IT department in separate isolated silos n These silos fail to share accountability and responsibility for IT security policy and practice n The silo approach does not work because shared responsibilities and communications are often neglected n Silos can address isolated work area requirements but will leave gaps across the whole enterprise (including legal)

SAFE KNOWLEDGEwww.zondex.com Roles and Responsibilities n Inappropriate delegation of responsibilities and tasks is a common weakness n Legal responsibilities and associated liabilities delegated to the technical team with little or no ownership by senior non- technical management n Accountability that should be shared, erroneously devolved to the IT technical department instead of being “owned” from top management down

SAFE KNOWLEDGEwww.zondex.com Expectations and resources n Failure of management to articulate the IT security expectations of the enterprise n Management often underestimates the human resources needed to implement and manage IT security across the enterprise n Management often underestimates the financial cost to deliver a whole of enterprise security solution n Failure of technical team to communicate realistic requirements and timelines to meet the management expectation

SAFE KNOWLEDGEwww.zondex.com What about IT Security? n Management perceives IT security as a given n Therefore management tends to take it for granted n This can create a false sense of security n New IT security implementations are given low priority n IT security solutions often implemented after an incident has occurred … (reactive management, rather than proactive management) n Management failure to understand that IT security is a valid cost of doing business

SAFE KNOWLEDGEwww.zondex.com GAP Bridging the GAP – How Mgmt sees IT Department Momentum Potential Results (Output) Time IT is uniquely positioned to bridge the gap! Management want RESULTS

SAFE KNOWLEDGEwww.zondex.com Key challenges n Achieve a strategic whole-of-enterprise IT security solution to manage risk n Address strategic outcomes based on well informed and realistic expectations set by top management n Allocation of appropriate resources for each step of the process n Think strategically, act tactically, because each step is is only a part of the whole

SAFE KNOWLEDGEwww.zondex.com Management Role n Set a realistic agenda in concert with the IT department ensuring expectations are deliverable n Assume overall responsibility and liability n Provide appropriate resources, human and financial to deliver the desired outcome n Engage in continuing review with the IT department to ensure minimisation of risk associated with new and emerging threats

SAFE KNOWLEDGEwww.zondex.com IT Department Role n Provide management with accurate and timely information that will aid the planning and decision making process n Evaluate new and emerging products and services that may meet the IT security needs of the enterprise n Ensure language is clear and unambiguous for non-technical senior decision makers n Work to each pre-agreed management brief to ensure on-time and on-budget delivery

SAFE KNOWLEDGEwww.zondex.com Closing the gap Logical Physical Physical Security Process IT ContingencyIT SecurityPersonnel Security Business Continuity Risk Management Regulatory Requirements The Information Risk Spectrum John Meaking – Standard Chartered Bank

SAFE KNOWLEDGEwww.zondex.com Risk – a common dialogue  Asset Values ($)  Vulnerabilities (access to assets)  Threats (scenario exploits vulnerability)  RISK

SAFE KNOWLEDGEwww.zondex.com Risk analysis ASSET CONTROLS = RISK X IMPACT LIKELIHOOD VULNERABILITY THREAT EXPOSURE FACTOR John Meakin – Standard Chartered Bank Frequency & Exposure Control Effectiveness Unknown and Unquantifiable in absolute terms Consequence – some guesswork

SAFE KNOWLEDGEwww.zondex.com Matrix – a common dialogue Risk Degree of Risk Likelihood (Prob.) H/M/L Impact H/M/L Consequence Severity Think generically about using Risk Assessments

SAFE KNOWLEDGEwww.zondex.com Where to start? n Look for High Likelihood High Impact (HH) n Pareto n Demonstrate Cost/Benefit. Don’t emphasise ROI

SAFE KNOWLEDGEwww.zondex.com Prioritising Critical Few Trivial Many

SAFE KNOWLEDGEwww.zondex.com Demonstrate value & results n Through appropriate metrics n In terms management understands n Avoid measuring too much or inappropriately (let risk drive what is measured) n Communicate trends and changes regularly

SAFE KNOWLEDGEwww.zondex.com Successful Team Attributes n Plan and work as an enterprise team with shared responsibilities and accountabilities n Focus on realistic pre-agreed outcomes n Avoid “isolated empire” thinking and engage in “whole of enterprise” thinking n Undertake an ongoing, regular review process n Be nice to each other

SAFE KNOWLEDGEwww.zondex.com Three final thoughts Computers are incredibly fast accurate and stupid. People are unbelievably slow, inaccurate and brilliant. Despite the foregoing, the marriage of the two is a positive force beyond calculation.

SAFE KNOWLEDGEwww.zondex.com Geoff Roberts Tel: Reflex – PC Guardian – SecuriKey – Trust Digital – Zondex