Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page 1 21 st Century Security: Convergence Collaboration and Competition?? April 5, 2005 Motorola.com Vice President and Chief Information.

Published byRachel Sutton Modified over 9 years ago

Similar presentations

Presentation on theme: "Page 1 21 st Century Security: Convergence Collaboration and Competition?? April 5, 2005 Motorola.com Vice President and Chief Information."— Presentation transcript:

1

2 Page 1 21 st Century Security: Convergence Collaboration and Competition?? April 5, 2005 Bill.Boni @ Motorola.com Vice President and Chief Information Security Officer

3 IT Governance Page 2 Agenda The “Warring Tribes” of Security Convergence Collaboration Competition Conclusions

4 IT Governance Page 3 Warring Tribes? Badges Bytes Beans

5 IT Governance Page 4 Badges – Corporate Security /Physical Security Typically drawn from law enforcement or military Reports Administration, Facilities, Human Resources Frames the issue as protection of people, facilities, operations Values authority and command Contributes prevention skillsets

6 IT Governance Page 5 Bytes – IT or Information Security Typically drawn from technologist ranks Reports to CIO or IT Operations Frames the issue as availability, integrity, confidentiality of information and systems Values creativity and technology innovation Contribution is continuity and availability of IT capacity

7 IT Governance Page 6 Beans – The Financial Wizards Typically drawn from financial community Reports to Chief Financial Officer or Frames the issue as “Risk Management” Values financial efficiency and loss avoidance Contribution is quantitative rigor

8 IT Governance Page 7 Convergence? What challenges are generally the same ? 1.Extended enterprise risks 2.Diverse operational risks 3.Increased legal and regulatory scrutiny 4.Complexity 5.Common approach 6.Common philosophy 7.Mobility and choices

9 IT Governance Page 8 Dissolution of Perimeter Security Joint Ventures Parts s Services Contract Manufacture Contract Design “Organization (Risk) Community” Customers Un-trusted Intranets Transportation 1.Extended Enterprises

10 IT Governance Page 9 b Hostile Internet Every system must be secured Inside is almost as risky as outside Individual systems Un-trusted Intranet Data Center = Foundational Issues Ubiquitous connectivity Microcomputers everywhere Mobile workforce Many assets not protected “Contingent workers” –Contractors and consultants Links to partners / suppliers 2.Diverse Operational Risks

11 IT Governance Page 10 Web / Internet Databases Collaboration Wireless Mobile Devices Customers Competitors Governments Suppliers/ Partners Employees 3.Legal and Regulatory Issues Pressure mounting on organizations to prove compliance with an increasing array of laws and regulations. All elements of security become ever more challenging. Laws/RegulationsTechnologiesStakeholders Sarbanes-Oxley GLB/HIPAA/Patriot EU Data Protection U.S. Info Security Responsibility Act

12 IT Governance Page 11 4.Complexity of Protection Systems Many bits & pieces Too few qualified security personnel ~.005% of employees Lack of standards Integrated safeguards –Smart cards –Digital forensics

13 IT Governance Page 12 5. A Common Approach to Strategy? PROTECT –Key assets and capabilities DETECT –Attacks and malicious actions RESPOND –Rapid notification and reaction Recover –Disaster / business continuity planning

14 IT Governance Page 13 6. Common Philosophy : Security Must Be Rational COST OF SECURITY COUNTERMEASURES COST OF SECURITY BREACHES OPTIMAL LEVEL OF SECURITY AT MINIMUM COST COST ($) 0% SECURITY LEVEL 100% TOTAL COST

15 IT Governance Page 14 7a. IP Networking - Mobility

16 IT Governance Page 15 7b. Securing the Mobile Users As the person responsible for the organization you only have “control” in this space But the mobile users moving throughout the entire set of possibilities

17 IT Governance Page 16 Competition Overall leadership Staffing Budget Access to leadership

18 IT Governance Page 17 State of the Security Profession? Corporate – Physical security - CSO IT – Information Security - CISO The Security Alliance Initiative –ASIS –ISSA –ISACA CRO ERM : Revenge of the “bean counters” ?

19 IT Governance Page 18 Enterprise Risk Management Top Down - comprehensive risk management –Insurance –Financial –Strategic –Operational Operational Risks Security Professionals Financial Expertise benefits from metrics/data

20 IT Governance Page 19 The board should manage enterprise risk by: transparency l Ascertaining that there is transparency about the significant risks to the organization responsibility l Being aware that the final responsibility for risk management rests with the board competitive advantage l Considering that a proactive risk management approach creates competitive advantage embedded l Insisting that risk management is embedded in the operation of the enterprise assurance l Obtaining assurance that management has put processes and technology in place for (information) security Risk Management Source: IT Governance Institute

21 IT Governance Page 20 3 Generic Approaches to Organization Security Silo’s of independence –Little or no communication and coordination Councils of collaboration –Periodic, ad hoc, often incident focused Unified organization –Formal, structured, aligned

22 IT Governance Page 21 Protection Program Focus Areas Security Governance –Organization operations and partners Network Defense –Security strategy and architecture Protection Management –Projects and continuity program

23 IT Governance Page 22 Security Roles Information Protection Physical Security Financial Protect people, property and tangible assets from loss, destruction, theft, alteration, or unauthorized access Enterprise risks Secure digital assets Inspection procedures Information security Disaster/business continuity Risk assessments Security technology Investigations Independent controls assessment Internal / external regulatory compliance Risk management Incident Response

24 IT Governance Page 23 Changes Ahead for Security Professionals Cybercrime failures will result in major liability judgments Public / Private Sector formally share infrastructure protection roles –Certification / licensing for (all?) security professionals CSO’s assume responsibility for operational risks Security is subsumed into ERM and Finance/CRO’s predominate

25 IT Governance Page 24 A Security Professional for All Seasons…. Grounded in multiple protection disciplines Capable project/program manager Life long passion to learn Business acumen Diplomatic and adaptable Adept at framing issues as risk management Professional training / certifications

26 IT Governance Page 25 A Security Mantra Vision without Action is Imagination Action without Vision creates Chaos Vision with Right Action is Transformation See the Future and Plan Backwards

Download ppt "Page 1 21 st Century Security: Convergence Collaboration and Competition?? April 5, 2005 Motorola.com Vice President and Chief Information."

Similar presentations

A brief for top management Prepared by the Institute of Quality Assurance Integrated Management Special Interest Group Future management is integrated.

A brief for top management Prepared by the Institute of Quality Assurance Integrated Management Special Interest Group Future management is integrated.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Life Science Services and Solutions

Life Science Services and Solutions
© Prentice Hall 2002 15.1 CHAPTER 15 Managing the IS Function.

© Prentice Hall CHAPTER 15 Managing the IS Function.
Auditing Governance Functions

Auditing Governance Functions
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Security and Personnel

Security and Personnel
Security Controls – What Works

Security Controls – What Works
“The 21st Century CIO” Mark Polansky

“The 21st Century CIO” Mark Polansky
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer

Information Systems Security Officer
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
1–11–1 Chapter 1. 1–21–2 Nature of Human Resource Management Human Resource (HR) Management  The design of formal systems in an organization to ensure.

1–11–1 Chapter 1. 1–21–2 Nature of Human Resource Management Human Resource (HR) Management  The design of formal systems in an organization to ensure.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Managing the Information Technology Resource Course Introduction.

Managing the Information Technology Resource Course Introduction.
Procurement Strategic Planning Process Transformation Procurement Risks and Opportunities Procurement Process Capabilities & Interdependencies Key Strategic.

Procurement Strategic Planning Process Transformation Procurement Risks and Opportunities Procurement Process Capabilities & Interdependencies Key Strategic.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google