Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strategy: If you don’t know where you’re going, you’ll never get there

Published byAriel Long Modified over 6 years ago

Similar presentations

Presentation on theme: "Strategy: If you don’t know where you’re going, you’ll never get there"— Presentation transcript:

1 Strategy: If you don’t know where you’re going, you’ll never get there
Don Welch, Ph.D. CISO

2

3 Agenda Introduction Risk Strategy Basics IT and Business Strategy
Strategic Analysis Design Framework Communicating the Strategy

4 Introduction

5 Why listen to me?

6 Cyber Security Environment

7

8

9 Foreign Intelligence

10 Criminals

11 Hacktivists

12 C-Level Leaders

13 Risk

14

15

16 Strategy 101

17 Strategy: Definition High level plan to achieve one or more goals under conditions of uncertainty WikiPedia

18 Strategy: Definitions
A pattern in a stream of decisions Henry Mintzberg, McGill University

19 Strategy: Definitions
Planning and marshalling resources for their most efficient and effective use Business Dictionary

20 Strategy: Definitions
Plan to achieve long-term goals Guide for decisions at all levels Efficient and effective resource allocation

21

22

23 Asymmetry and Adversaries

24

25 Strategic Environment Analysis
Threat Asset Impact Attacker Payoff Capability

26

27 Constraints Funding Regulations and Laws Staff Time and Talent
Business Overhead Political Capital Accountability Calendar Time

28

29

30 Coverage Matrix People Process Technology Identify Protect Detect
Respond Recover

31 Example Nested Matrix Detect/Technology Near Real-Time Post Compromise
Network Payload Endpoint

32 Example Nested Matrix Protect/People Users IT Staff Security Mandatory
Optional

33

34 Written Plan One Pager < 10 Pages Full Document

35

36

37

38

39

40 Information Security Strategy
Identify Low Protect Moderate High Watch High + (Restricted) Recover Respond

41

42

Download ppt "Strategy: If you don’t know where you’re going, you’ll never get there"

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.
Cyber Metrics in the DoD or How Do We Know What We Don’t Know? John S. Bay, Ph.D. Executive Director.

Cyber Metrics in the DoD or How Do We Know What We Don’t Know? John S. Bay, Ph.D. Executive Director.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart,

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart,
Module 2 Segregation of Duties Case Study Individual Assignment

Module 2 Segregation of Duties Case Study Individual Assignment
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Guideline 2 Identifying Recordkeeping Requirements Funafuti, Tuvalu June 2013.

Guideline 2 Identifying Recordkeeping Requirements Funafuti, Tuvalu June 2013.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.
PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.

PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
ClearView Value-adding Services for Non-Profit Operations Management Transparency for Understanding, Visibility for Decisions N OT F OR P ROFIT S ERVICES.

ClearView Value-adding Services for Non-Profit Operations Management Transparency for Understanding, Visibility for Decisions N OT F OR P ROFIT S ERVICES.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.

Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.
Security: Emerging Threats & Trends Danielle Alvarez, CISO.

Security: Emerging Threats & Trends Danielle Alvarez, CISO.
ADMINISTRATIVE AGENCIES Crystal Wahlstrom-Kauffman April 1 st, 2008 MGT 335.

ADMINISTRATIVE AGENCIES Crystal Wahlstrom-Kauffman April 1 st, 2008 MGT 335.

Similar presentations

Ads by Google