Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security: Risk Management or Business Enablement?

Published byBéla Tóth Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Security: Risk Management or Business Enablement?"— Presentation transcript:

1 Information Security: Risk Management or Business Enablement?
Mike Childs Vice President Rook Security

2 Agenda Why Should We Care? The View from the Top
Risk Management or Business Enablement Case Study

3 Why Should We Care?

4 Data Breaches

5 // Source of Data Breaches
Source: Verizon Business Data Breach Report Verizon Business 2013 Data Breach Report Verizon Business 2013 Data Breach Report

6 // Timeline of a Breach In 60% of cases, attackers are able to compromise an organization within minutes. Source: Verizon Data Breach Report 2015

7 How are breaches identified?
Only 3% of breaches were detected with common security controls Source: Verizon Business Data Breach Report

8 The View from the Top

9 Business View Of Information Security
Two Factor Authentication takes too long! How does this fit into our business strategy? What is the Return on Investment? You can’t impact our network latency! Isn’t that too difficult for our clients? Why do we have to change our passwords every month?

10 Risk Management or Business Enablement?

11 Question Why Not Both?

12 Key Business Drivers For Risk Management
Regulatory Compliance Maintain Continuity Prevent Financial Loss Detect Unauthorized Access

13 Key Business Drivers For Business Enablement
Protect Brand Reputation Contractual Obligations Third Party Vendor Audits Expanded Business Opportunities

14 Case Study

15 Healthcare Services Company
Develop an Information Security Strategy Focus on how to protect the business and its data Develop strategy based on the risk to sensitive data Align regulatory compliance standards with information security strategy Develop and implement policies, standards, and procedures to support the Information Security Strategy Integrate policies, standards, and procedures into regular business processes Develop and Test an Incident Response Plan Plan should include detecting, responding to and limiting the effects of an information security event

16 Questions? Mike Childs Office: 888.712.9531 x711

Download ppt "Information Security: Risk Management or Business Enablement?"

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Risk Awareness: The Need for Transparency in Operations Tom McNamara Senior Vice President, Global Sales EthicsPoint.

Risk Awareness: The Need for Transparency in Operations Tom McNamara Senior Vice President, Global Sales EthicsPoint.
RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.

RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.

Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Similar presentations

Ads by Google