Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)
15
Supported by In association with Presented by Hotel Digital Security Seminar SEPT 19, 2014 Dhananjay Rokde, CISO, Cox & Kings Group BUILD A BUSINESS CASE – GET THE MANAGEMENT'S ATTENTION
-
Upload
xeventshospitality -
Category
Technology
-
view
67 -
download
1
Transcript of Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)
Supported by In association with Presented by
Hotel Digital Security Seminar SEPT 19, 2014
Dhananjay Rokde, CISO, Cox & Kings Group
BUILD A BUSINESS CASE – GET THE MANAGEMENT'S ATTENTION
Presented by
In association with
Supported by
Dhananjay Rokde
By X Events Hospitality (www.x-events.in)
2
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Dhananjay has an enhanced ability at managing global information security programs for large enterprises, with experience of Governance Risk & Compliance (GRC) unification & implementation programmes. He has received the ‘Top 100 CISO Award’, ‘Future CIO Award’ and the ‘CIO Masters Award for excellence in Information Security’. He is presently in-charge of the overall information & infrastructure security operations, risk management and compliance of the entire group.
He also has an advanced diploma in IT Cyber Laws & Data Privacy from the Asian School of Cyber Laws.
Presented by
In association with
Supported by
Agenda
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
3
¨ Establishing ‘measurable’ expectations ¨ Always promise value – not ROI ¨ Strategize in advance – don’t wait ¨ Train, educate and continuous awareness ¨ Implement established standards ¨ Reporting ¨ Further reading
Presented by
In association with
Supported by
Establishing ‘measurable’ expectations
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
4
¨ Establish a clear ‘written’ agreement on the organizations ‘acceptable risk criteria’ (ARC) ¤ Regularly audit, assess, modify and sign-off on this criteria
¨ Define constraints within the ARC for ¤ Confidentiality ¤ Integrity ¤ Availability
¨ Mark boundaries for the asset classification ¤ Data classification ¤ People, Process & Technology
¨ Clearly imply that there will NO ‘negotiations’ on statutory compliance & local laws
¨ Have clearly defined exceptions and exclusions.
Presented by
In association with
Supported by
Always promise value – not ROI
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
5
¨ It is NOT possible to justify all security investments! ¤ They are not your average CapEx or OpEx items ¤ ROI is derived over (very) long periods of time ¤ Standard depreciation, asset valuation does not
apply to these investments ¨ REMEMBER – Its always about what we have
to ‘loose’, than gain.
Presented by
In association with
Supported by
Strategize in advance – don’t wait
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
6
¨ Have a long term information security vision and mission ¨ It is good to define at least a 5 year roadmap with distinct milestones
¤ There should be a ‘measurable’ increase in the security posture after every milestone
¤ This should typically be done along with the understanding and agreement of the CxO layer
¤ The business strategy and security strategy should go hand-in-hand ¨ Leave room for contingencies. There will be some. ¨ Have a focussed continuous improvement plan ¨ REMEMBER – your security strategy is NOT a project plan
Presented by
In association with
Supported by
Implement established standards
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
7
¨ Agree with the management on implementing global best practices ¤ ISMS – ISO 27001 ¤ Application Security – OWASP & SAMM ¤ Risk Management– ISO 31000 ¤ BCP – ISO 25999
Presented by
In association with
Supported by
Reporting
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
8
¨ Basic ¤ Risk reviews ¤ Impact Assessments ¤ Corrective action plans
¨ Advanced ¤ Global risk heat maps ¤ Balanced score cards
Presented by
In association with
Supported by
Further reading
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
9
¨ The 5 R’s of building an Information Security business case ¤ http://www.csoonline.com/article/2124269/metrics-budgets/the-
five-rs--building-a-business-case-for-information-security.html ¨ The business model for information security
¤ http://www.isaca.org/Knowledge-Center/Research/Documents/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf
¨ OWASP ¤ www.owasp.org
¨ SAMM ¤ www.samm.org
Presented by
In association with
Supported by
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014 10
Presented by
In association with
Supported by
About us
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
11
X Events manages & supports events exclusively for the hospitality & travel industries.
o Our USP is that we are hoteliers by training. We focus on the two most important aspects of an event; content quality and impact.
o We do it because we believe in it.
www.x-events.in
By X Events Hospitality (www.x-events.in)
HATT is India's young and premium community for CXOs from the Hospitality, Healthcare, Aviation, Travel and Tourism industries.
o With over 1,000 members across India, we are now poised to expand globally with a presence in South East Asia and the Middle East by 2016.
www.hattforum.com FB/hattforum
Presented by
In association with
Supported by
Our host – Brian Pereira
By X Events Hospitality (www.x-events.in)
12
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Brian is a veteran technology journalist with two decades of experience. He has served as editor for two magazines: CHIP and InformationWeek India. He is a respected speaker & host at conferences worldwide. In his current role at Hannover Milano Fairs India, Brian serves as project head for CeBIT Global Conferences, the world's largest ICT fair that will debut in India this November, in Bangalore.
Presented by
In association with
Supported by
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
13
Five expert speakers 1. Latest threats in digital security (Worms, attacks, viruses, flaws) - Santosh Satam, CEO, SecurBay Services.
2. The immediate action needed to tighten up (Priority list, cost, internal policies) - Ambarish Deshpande, MD - India & SAARC, Blue Coat 3. Information loss prevention (Principles & practices) - Geet Lulla, VP - India & ME, Seclore
4. How to build a business case & get the management's attention - Dhananjay Rokde, CISO, Cox & Kings Group. 5. Global cyber security outlook - A. K. Viswanathan, Senior Director - Enterprise Risk Services, Deloitte India.
By X Events Hospitality (www.x-events.in)
The seminar schedule
Presented by
In association with
Supported by
Our sponsors & supporters
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
14
Thank You
Supported by In association with Presented by
www.x-events.in SEPT 19, 2014
HOTEL DIGITAL SECURITY SEMINAR
