Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAFE KNOWLEDGEwww.zondex.com SAFE KNOWLEDGE GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection.

Published byDominic Hunter Modified over 9 years ago

Similar presentations

Presentation on theme: "SAFE KNOWLEDGEwww.zondex.com SAFE KNOWLEDGE GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection."— Presentation transcript:

1 SAFE KNOWLEDGEwww.zondex.com SAFE KNOWLEDGE GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection

2 SAFE KNOWLEDGEwww.zondex.com The Management versus Technical Staff Challenge Create win-win IT security outcomes that meet management objectives for the enterprise, and realistic productivity expectations of the IT department

3 SAFE KNOWLEDGEwww.zondex.com Differing cultures n Non-technical managers are mostly in a world of budgets, timeframes, deadlines, deliverables, results and the “big picture” n IT staff are mostly in a world of rapid change, uncertainties, threats, complexity and detail, as well as timeframes, deadlines and deliverables n The difference is often clear to IT staff but unclear to non-technical managers

4 SAFE KNOWLEDGEwww.zondex.com The Management versus Technical Staff Conundrum n Corporate structure that fails to acknowledge a rapidly changing security landscape n Poorly defined IT security roles and responsibilities for non-technical management and IT management teams n Failure of technical expectations to be fulfilled due to unrealistic low budgets and failure of non technical management to approve sufficient human resources to meet the requirements of the IT department n No common approach and a lack of language clarity between management and technical staff

5 SAFE KNOWLEDGEwww.zondex.com Enterprise Structure n Enterprise management and IT department in separate isolated silos n These silos fail to share accountability and responsibility for IT security policy and practice n The silo approach does not work because shared responsibilities and communications are often neglected n Silos can address isolated work area requirements but will leave gaps across the whole enterprise (including legal)

6 SAFE KNOWLEDGEwww.zondex.com Roles and Responsibilities n Inappropriate delegation of responsibilities and tasks is a common weakness n Legal responsibilities and associated liabilities delegated to the technical team with little or no ownership by senior non- technical management n Accountability that should be shared, erroneously devolved to the IT technical department instead of being “owned” from top management down

7 SAFE KNOWLEDGEwww.zondex.com Expectations and resources n Failure of management to articulate the IT security expectations of the enterprise n Management often underestimates the human resources needed to implement and manage IT security across the enterprise n Management often underestimates the financial cost to deliver a whole of enterprise security solution n Failure of technical team to communicate realistic requirements and timelines to meet the management expectation

8 SAFE KNOWLEDGEwww.zondex.com What about IT Security? n Management perceives IT security as a given n Therefore management tends to take it for granted n This can create a false sense of security n New IT security implementations are given low priority n IT security solutions often implemented after an incident has occurred … (reactive management, rather than proactive management) n Management failure to understand that IT security is a valid cost of doing business

9 SAFE KNOWLEDGEwww.zondex.com GAP Bridging the GAP – How Mgmt sees IT Department Momentum Potential Results (Output) Time IT is uniquely positioned to bridge the gap! Management want RESULTS

10 SAFE KNOWLEDGEwww.zondex.com Key challenges n Achieve a strategic whole-of-enterprise IT security solution to manage risk n Address strategic outcomes based on well informed and realistic expectations set by top management n Allocation of appropriate resources for each step of the process n Think strategically, act tactically, because each step is is only a part of the whole

11 SAFE KNOWLEDGEwww.zondex.com Management Role n Set a realistic agenda in concert with the IT department ensuring expectations are deliverable n Assume overall responsibility and liability n Provide appropriate resources, human and financial to deliver the desired outcome n Engage in continuing review with the IT department to ensure minimisation of risk associated with new and emerging threats

12 SAFE KNOWLEDGEwww.zondex.com IT Department Role n Provide management with accurate and timely information that will aid the planning and decision making process n Evaluate new and emerging products and services that may meet the IT security needs of the enterprise n Ensure language is clear and unambiguous for non-technical senior decision makers n Work to each pre-agreed management brief to ensure on-time and on-budget delivery

13 SAFE KNOWLEDGEwww.zondex.com Closing the gap Logical Physical Physical Security Process IT ContingencyIT SecurityPersonnel Security Business Continuity Risk Management Regulatory Requirements The Information Risk Spectrum John Meaking – Standard Chartered Bank

14 SAFE KNOWLEDGEwww.zondex.com Risk – a common dialogue  Asset Values ($)  Vulnerabilities (access to assets)  Threats (scenario exploits vulnerability)  RISK

15 SAFE KNOWLEDGEwww.zondex.com Risk analysis ASSET CONTROLS = RISK X IMPACT LIKELIHOOD VULNERABILITY THREAT EXPOSURE FACTOR John Meakin – Standard Chartered Bank Frequency & Exposure Control Effectiveness Unknown and Unquantifiable in absolute terms Consequence – some guesswork

16 SAFE KNOWLEDGEwww.zondex.com Matrix – a common dialogue Risk Degree of Risk Likelihood (Prob.) H/M/L Impact H/M/L Consequence Severity Think generically about using Risk Assessments

17 SAFE KNOWLEDGEwww.zondex.com Where to start? n Look for High Likelihood High Impact (HH) n Pareto n Demonstrate Cost/Benefit. Don’t emphasise ROI

18 SAFE KNOWLEDGEwww.zondex.com Prioritising Critical Few Trivial Many

19 SAFE KNOWLEDGEwww.zondex.com Demonstrate value & results n Through appropriate metrics n In terms management understands n Avoid measuring too much or inappropriately (let risk drive what is measured) n Communicate trends and changes regularly

20 SAFE KNOWLEDGEwww.zondex.com Successful Team Attributes n Plan and work as an enterprise team with shared responsibilities and accountabilities n Focus on realistic pre-agreed outcomes n Avoid “isolated empire” thinking and engage in “whole of enterprise” thinking n Undertake an ongoing, regular review process n Be nice to each other

21 SAFE KNOWLEDGEwww.zondex.com Three final thoughts Computers are incredibly fast accurate and stupid. People are unbelievably slow, inaccurate and brilliant. Despite the foregoing, the marriage of the two is a positive force beyond calculation.

22 SAFE KNOWLEDGEwww.zondex.com Geoff Roberts geoff@apro.com.au Tel: +61 2 4228 6213 www.apro.com.au Reflex – PC Guardian – SecuriKey – Trust Digital – Zondex

Download ppt "SAFE KNOWLEDGEwww.zondex.com SAFE KNOWLEDGE GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection."

Similar presentations

Business Improvement Review Knowledge Understanding Action.

Business Improvement Review Knowledge Understanding Action.
Page 1 Capability Business Benefit Business Risk KEYBA Capabilities: Benefits V Risks Facilitation of Decision making Getting the right people together.

Page 1 Capability Business Benefit Business Risk KEYBA Capabilities: Benefits V Risks Facilitation of Decision making Getting the right people together.
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.

Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Executive View of Project Management Jim Green, Vice-President Corporate Financing and Risk Management Development Services, WWREI, T&S BMO Financial Group.

Executive View of Project Management Jim Green, Vice-President Corporate Financing and Risk Management Development Services, WWREI, T&S BMO Financial Group.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Code/Date © 2005 by Smiths Group: Proprietary Data Smiths Competency Model Strategic Decision Making Leading People Driving Results Commercial Orientation.

Code/Date © 2005 by Smiths Group: Proprietary Data Smiths Competency Model Strategic Decision Making Leading People Driving Results Commercial Orientation.
© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.

© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.
IT Governance Navigating for Value Michael Vitale 6 May 2003 CIO Conference Steering the Enterprise Through Stormy Seas Image source: Access2000.

IT Governance Navigating for Value Michael Vitale 6 May 2003 CIO Conference Steering the Enterprise Through Stormy Seas Image source: Access2000.
Action Implementation and Monitoring A risk in PHN practice is that so much attention can be devoted to development of objectives and planning to address.

Action Implementation and Monitoring A risk in PHN practice is that so much attention can be devoted to development of objectives and planning to address.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Strategic and Operational planning. Planning Planning means the creation of a plan Planning: the organizational process of creating and maintaining a.

Strategic and Operational planning. Planning Planning means the creation of a plan Planning: the organizational process of creating and maintaining a.
Challenge Questions How good is our operational management?

Challenge Questions How good is our operational management?
Management’s Role in Major IT Initiatives

Management’s Role in Major IT Initiatives
Performance Management Upul Abeyrathne, Dept. of Economics, University of Ruhuna, Matara.

Performance Management Upul Abeyrathne, Dept. of Economics, University of Ruhuna, Matara.
1. RECENT PERFORMANCE AND CAPACITY TO DRIVE PROGRESS Recent data Areas to considerExample questions Red Green Is the school on trajectory? Is attendance.

1. RECENT PERFORMANCE AND CAPACITY TO DRIVE PROGRESS Recent data Areas to considerExample questions Red Green Is the school on trajectory? Is attendance.
Relevant Impact Building an Enterprise Security Program Tech Security ConferenceMinneapolis April 10, 2014.

Relevant Impact Building an Enterprise Security Program Tech Security ConferenceMinneapolis April 10, 2014.
Learning and Development Developing leaders and managers

Learning and Development Developing leaders and managers

Similar presentations

Ads by Google