Adequate Security
-
Upload
wayan-sriyasa -
Category
Documents
-
view
225 -
download
0
Transcript of Adequate Security
-
8/10/2019 Adequate Security
1/18
Adequate SecurityHow much security is enough?by IW. Sriyasa
-
8/10/2019 Adequate Security
2/18
-
8/10/2019 Adequate Security
3/18
INTRODUCTION
-
8/10/2019 Adequate Security
4/18
Security Strategy Questions
What is the value?
Product
Services
Process
-
8/10/2019 Adequate Security
5/18
Security Strategy Questions
What assets?
information
technology
people
-
8/10/2019 Adequate Security
6/18
Security Strategy Questions
What potential adversecondition & consequences?
The cost?
Disruptions?
-
8/10/2019 Adequate Security
7/18
Security Strategy Questions
How to manage residualrisks?
Residual risk is risk remainingafter mitigation taken
-
8/10/2019 Adequate Security
8/18
-
8/10/2019 Adequate Security
9/18
Organizational Character
Market Sector Character
-
8/10/2019 Adequate Security
10/18
Characteristics to Consider
Organization Characteristics
Size (employees, customers,physical locations)
Complexity (organizational units,products, services, processes,systems)
Value & criticality of intellectualprop. Information stored ortransmitted digitally.
Dependences on IT Systems,impact of systems downtime.
-
8/10/2019 Adequate Security
11/18
Characteristics to Consider
Market Sector Characteristics
Potential impact to criticalinfrastructure
Customer sensitivity to andexpectation for security & privacy
Potential brand and reputation
damage.
Cust. ability & likelihood toswitch to a competitor
-
8/10/2019 Adequate Security
12/18
Defining dequate Security
The condition where the protection and sustainabilitystrategies for an organization's critical assets andbusiness processes are commensurate with the
organization's tolerance for risk.
The condition where the protection and sustainabilitystrategies for an organization's critical assets andbusiness processes are commensurate with the
organization's tolerance for risk.
-
8/10/2019 Adequate Security
13/18
-
8/10/2019 Adequate Security
14/18
Defining dequate Security
The condition where the protection and sustainabilitystrategies for an organization's critical assets andbusiness processes are commensurate with the
organization's tolerance for risk.
Information(enterprise strategy &plans, customer data)
Infrastructure(supporting fasilities &
utilities)
People (keypersonsel with unique
knowledge & skills)
Brand, image &reputation
Criticalassets
-
8/10/2019 Adequate Security
15/18
Defining dequate Security
The condition where the protection and sustainabilitystrategies for an organization's critical assets andbusiness processes are commensurate with the
organization's tolerance for risk.
Products & services Financial management& reporting
Relationships to 3 rdparty CRM
BusinessProcesses that
create:
-
8/10/2019 Adequate Security
16/18
Determining dequate Security
Critical assets and business processes thatsupport achieving our organizational goals?
Under what conditions and with whatlikelihood are assets and processes at risk?
What mitigating actions do we need to takeand with what priority?
what protection strategies do we need to putin place? Cost/benefit analysis
How well are we managing our security statetoday?
-
8/10/2019 Adequate Security
17/18
Conclusion
The level of adequate security is changingrelated to risk tolerance will be taken.
Achieving adequate security is continuousprocess
What mitigating actions do we need to takeand with what priority?
Planning process for monitor, review & update anorganization's security state must be part of day to day businessconduct
-
8/10/2019 Adequate Security
18/18
Thank you