Presentation is loading. Please wait.

Presentation is loading. Please wait.

1© Copyright 2011 EMC Corporation. All rights reserved. Workshop for Security Strategy Review Name, Title RSA, The Security Division of EMC.

Published byOwen Sherman Modified over 8 years ago

Similar presentations

Presentation on theme: "1© Copyright 2011 EMC Corporation. All rights reserved. Workshop for Security Strategy Review Name, Title RSA, The Security Division of EMC."— Presentation transcript:

1 1© Copyright 2011 EMC Corporation. All rights reserved. Workshop for Security Strategy Review Name, Title RSA, The Security Division of EMC

2 2© Copyright 2011 EMC Corporation. All rights reserved. Agenda The Case for Strategy Review & Alignment with the Organizational Mission Customer Questions Challenges and Requirements Security Strategy Components How we do it Why RSA for Services

3 3© Copyright 2011 EMC Corporation. All rights reserved. The Case for Strategy Review “The Security Strategy should reflect that organizations often represent target-rich environments. And it needs to be compiled in a way that makes sense to the Board of Directors.” Tom Heiser, President, RSA

4 4© Copyright 2011 EMC Corporation. All rights reserved. Organizational Mission & Security Strategy Security Strategy Enabling the ability to compete by protecting Business Assets Improve Profitability Gain Market Share Manage Risk Manage to budget Innovate & Invest in the future Enable agility and change

5 5© Copyright 2011 EMC Corporation. All rights reserved. Our Customers Are Asking Themselves How do we communicate Strategy to C-level? Is our Strategy aligned with the Business? Are there gaps in our defense plans? How do we become more proactive? How do we enhance awareness? What are our Risks, who are our Adversaries?

6 6© Copyright 2011 EMC Corporation. All rights reserved. What We’ve Heard Programmatic Security Strategy review and renewal Enhanced understanding of Risk and the impact of a breach on the mission of the Organization Ability to stay current with the ever changing Threat environment and potential target assets The Business is so agile. Security Strategy struggles to keep up “ ” Investments get prioritized towards Corporate Initiatives that have an ROI “ ” Business stakeholders are optimists by nature. The threats are not perceived as real. ” “ A Strategy that enables the Organization mission and evolves with the Business and Risk environments Mobile computing and Social media are undermining our efforts “ ” Plan for enhancing end-user awareness A Security Strategy with C- level buy-in Difficulty gaining Executive Mindshare “ ”

7 7© Copyright 2011 EMC Corporation. All rights reserved. People, Policy, Process & Product Defense-in- depth Based Creating a Security Strategy Primary Security Strategy components Business Alignment Risk Based Threat Aware Proactive Approach Sustainable Compliance Governance Model for Agile Strategy Update and Renewal

8 8© Copyright 2011 EMC Corporation. All rights reserved. 0 1 2 3 4 5 1. Business Alignment 2. Sustainable Compliance 3. Risk Program 4. Threat Environment Awareness 5. Proactivity Level 6. Defense-in-depth Approach 7. People, Policy, Process & Product Priorities for 20XX-20XX Strategy Component Maturity Levels Key Goals for 20XX 1.Enhance Business Alignment. - Identify Critical Assets 2.Create Threat Awareness Program - Identify adversary communities 3.Improve People, Policy Process component. - Create End-User Awareness Program Current Maturity Industry/Competitor Benchmark Maturity Goal How we do it Strategy Components & Maturity Levels

9 9© Copyright 2011 EMC Corporation. All rights reserved. How we do it: Engagement Methodology Planning & Logistics Workshop based Discovery & Analysis Strategy Design & Development Strategy ReviewKickoff Present Strategy time0time+1time+3time+2time+4time+5time+6

10 10© Copyright 2011 EMC Corporation. All rights reserved. How we do it: Planning & Kickoff Phase ►Objectives –Confirm engagement scope and goals –Deliver on-time, on-target and meet expectations ►Activities –Introduce respective team members –Agree engagement logistics –Review Statement of Work; confirm scope and milestones –Review customer preparation activities and any potential concerns or risks –Identify stakeholders; confirm resourcing plan, roles and responsibilities –Agree Communications Plan and Change Order process –Schedule Workshops and attendees ►Phase Outputs –Updated SOW (if applicable) –Workshop Scheduler –Project Plan

11 11© Copyright 2011 EMC Corporation. All rights reserved. How we do it: Discovery & Analysis Phase ►Objectives –Gather and review stakeholder input to ensure that the Security Strategy reflects organizational needs and priorities ►Activities –Conduct Workshops to review current state, processes and requirements –Gather organizational, industry and regulatory documentation relating to each strategy component –Document and review current strategy and governance process –Analyze information relating to each of the Strategy components; measure maturity levels and identify gaps and priorities ►Phase Outputs –Workshop and meeting minutes –Customer collateral listing including Organization Chart, Standards, Guidelines & Regulations, etc.

12 12© Copyright 2011 EMC Corporation. All rights reserved. How we do it: Design & Development Phase ►Objectives –Develop a Security Strategy that reflects organizational needs and priorities ►Activities –Compile the strategy based on the Discovery & Analysis phase –Identify strategy dependencies and outline the resourcing requirements –Include plan for communication of strategy to stakeholders and general end-user awareness plan ►Phase Outputs –Draft Strategy Findings Report Including strategy definition and relevance to Organizational mission –Draft Executive Presentation Including conceptual representations as appropriate

13 13© Copyright 2011 EMC Corporation. All rights reserved. How we do it: Review Phase ►Objectives –Provide transparency and opportunity to incorporate updates and reflect stakeholder input –Facilitate executive level discussion and drive consensus around the role of the Security Strategy in facilitating the Organizational mission ►Activities –Socialize Findings Report and Executive Presentation and conduct formal review sessions –Review current state, gaps and strategy update requirements with customer –Gather further information and conduct further workshops (if required) –Update Strategy and gather approvals on final version ►Phase Outputs –Strategy Findings Report –Executive Presentation

14 14© Copyright 2011 EMC Corporation. All rights reserved. How we do it: Present Phase ►Objectives –Communicate Security Strategy that represents organizational needs and requirements and stakeholder input ►Activities –Conduct Executive Presentation –Review Findings Report –Confirm Strategy update and renewal process –Identify next steps (as appropriate) ►Phase Outputs –Strategy Findings Report –Executive Presentation –Meeting minutes, including next steps (as appropriate)

15 15© Copyright 2011 EMC Corporation. All rights reserved. Engagement Deliverables ►Executive Presentation –Presentation that communicates the Security Strategy to C-level executives ►Findings Report review & recommendations: –Strategy Definition Role of the Strategy in assuring the Organizational Mission Role of the Strategy in sustaining Compliance Representation of Organization’s Risk Propensity and Risk Program, including procedures for the identification of the most critical information and breach impact Review of the Program for managing the Threat Environment Recommendations for the development of a Proactive security program High level recommendations for the Organization’s approach to defense-in- depth Recommendations for aligning Security Strategy with Security Organization Structure Recommendations for go-forward Strategy Governance Next steps, including downstream impact of Strategy on end-users and the need for Security Awareness Programs, etc.

16 16© Copyright 2011 EMC Corporation. All rights reserved. Success Metrics EMC always puts customers first. The need for a security strategy that safeguards the organizational mission is not left to chance. It is more of a Board-level consideration than ever before. ” “ Improved morale and reduced attrition rates Board and C- level Awareness Strategy Maturity level tracked and enhanced

17 17© Copyright 2011 EMC Corporation. All rights reserved. Customer Success Leverage new and existing product investments NEEDS Manage risk and compliance associated with sensitive data Leading provider of customized telecommunications and data services Focused on identifying and protecting sensitive Corporate information, along with customer information Solution Target Capabilities Assessment for SIEM Requirements Analysis for multiple lines of business Identification of gaps across Technology and Operations. Remediation plan and an Incident Handling plan for managing security incidents A single Incident Handling Program aligned with business and Compliance requirements. Included policy, workflow asset management and use case recommendations and metrics for measuring success. Would like to have EMC Board Level data relating to Security Strategy here

18 18© Copyright 2011 EMC Corporation. All rights reserved. RSA’s Services Approach to Meeting our Customers’ Challenges

19 19© Copyright 2011 EMC Corporation. All rights reserved. How we do it Services for Holistic Solution Fulfillment Requirements Analysis and Assessment of the current state along with Remediation Planning and Roadmaps for the target state. Architecture & Design of Technology and Operations solutions to meet requirements Installation, Implementation, Integration, Customization and Optimization services Enabling go-forward solution management through Health- checks, Custom Knowledge Transfer, Personalized Support Programs, etc. Residencies, Project Management and Education Services

20 20© Copyright 2011 EMC Corporation. All rights reserved. All stakeholder needs addressed How we do it Solution Framework for all needs Technical Needs Operations Needs Business Needs RSA Service Delivery Framework OperateStrategyDesignImplement

21 21© Copyright 2011 EMC Corporation. All rights reserved. Why our Customers Choose RSA for Services Deep industry expertise Financial Services, Energy, Public Sector, Telecommunications, Media, Retail, Healthcare and Life Sciences Information-centric approach All engagements approached based on the value of information to the business and the need to protect it Holistic Solution Set & Domain Expertise Breadth & Depth of offerings with Business, Operations and Technology expertise Partner ecosystem Service Partners to facilitate holistic solution fulfillment on a global basis Leadership 30 year+ track record delivering holistic security solutions and THOUSANDS of engagements Scale and Stability Over 12,000 EMC service professionals with over 2,000 Business and Technology consultants

22 Thank you!

Download ppt "1© Copyright 2011 EMC Corporation. All rights reserved. Workshop for Security Strategy Review Name, Title RSA, The Security Division of EMC."

Similar presentations

Life Science Services and Solutions

Life Science Services and Solutions
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Decision Making Tools for Strategic Planning 2014 Nonprofit Capacity Conference Margo Bailey, PhD April 21, 2014 Clarify your strategic plan hierarchy.

Decision Making Tools for Strategic Planning 2014 Nonprofit Capacity Conference Margo Bailey, PhD April 21, 2014 Clarify your strategic plan hierarchy.
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
IT Governance and Management

IT Governance and Management
IS&T Project Management: How to Engage the Customer September 27, 2005.

IS&T Project Management: How to Engage the Customer September 27, 2005.
GTM for Product Leaders Project Overview A project that guides product leaders and their teams in developing a successful go-to-market strategy.

GTM for Product Leaders Project Overview A project that guides product leaders and their teams in developing a successful go-to-market strategy.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Charting a course PROCESS.

Charting a course PROCESS.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
Continual Service Improvement Process

Continual Service Improvement Process
Campaign Readiness Project Overview Enabling a structured, scalable approach to customer-centric campaigns.

Campaign Readiness Project Overview Enabling a structured, scalable approach to customer-centric campaigns.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
The Challenge of IT-Business Alignment

The Challenge of IT-Business Alignment
GBA 573 - IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.

GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.

CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
+ Regulation and Compliance Summary “ Making Great Ideas Become Reality”

+ Regulation and Compliance Summary “ Making Great Ideas Become Reality”
Technology Transfer Execution Framework. 2 © 2007 Electric Power Research Institute, Inc. All rights reserved. Relationship Between Your EPRI Value and.

Technology Transfer Execution Framework. 2 © 2007 Electric Power Research Institute, Inc. All rights reserved. Relationship Between Your EPRI Value and.

Similar presentations

Ads by Google