Evolved Role of the Information Securtiy Professional
-
Upload
guestb58577 -
Category
Career
-
view
297 -
download
1
description
Transcript of Evolved Role of the Information Securtiy Professional
![Page 1: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/1.jpg)
The Information Security Profession: Today and Beyond
Presented by: Kelly Manthey
Partner
www.solstice-consulting.com
Date: May 18th 2010
![Page 2: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/2.jpg)
Objectives• Introduction
• Review the traditional roles of Information Security and Compliance professions and where they intersect
• A perspective on the common pitfalls of the Information Security profession and how to evolve
![Page 3: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/3.jpg)
Traditional View of Information Security
• Aligned with technology• Reviews, consults, tests, and
monitors the security position of the company’s technology
• Concerned with the confidentiality, integrity and availability of data
• Operational focus• Focus on audit requirements
![Page 4: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/4.jpg)
What is an InformationSecurity Professional
• keep the bad guys out• let the trusted guys in• give trusted guys access
to what they are authorized to access
CISO, CSO, GRC
Managers
Operational Security
Layers of the Profession
In simple terms….
![Page 5: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/5.jpg)
The Compliance Professional
• Concerned with aligning business operations to meet the laws and regulations
• Critical success factors – trust and ethics
![Page 7: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/7.jpg)
The Facets of the Compliance Role
Enforcement
Monitoring
Policies Education
![Page 8: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/8.jpg)
Successful Compliance Professionals…..
• Embed compliance into the day-to-day operation of a company
• Remove ambiguity• Communicate and educate• Are seasoned employees with
experience in the company• Drive executive accountability
![Page 9: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/9.jpg)
Intersection of Roles
• Both assess risk• Concerned with data
integrity• Carry a compliance
message to the organization
• Create policies and requirements
• Seeking to align accountability with business process
![Page 10: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/10.jpg)
4 Common Pitfalls in today’s Information Security Dept.
• Relying on technology to make you complaint
• Technology control focus and not enough business focus
• “Us” and “Them” mentality• Getting further upstream
![Page 11: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/11.jpg)
Qualities of the “New” Information Security Leader
• Less focus on the 1’s and 0’s more so on business drivers• More business focus• Aligns goals with business• Asks “Why”• Play an active part defining the
solution, don’t just implement
• Speaks in terms the business understands• Break down the technical speak;
knows how to make capabilities relevant to non-technical people
• Communication skills
• A keen understanding for how to demonstrate data integrity
• See IS function as a differentiator for competitive advantage
• Focuses on balancing tactical problem solving with business priorities and company culture
• Less checking the box, more business enablement• Less CYA
![Page 12: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/12.jpg)
Developing the New Information Security Leader
• Evangelize within your company• Be inclusive & collaborative; get to know your
Audit and Compliance peers; consider their input as part of developing solutions
• Interact with your peers at other companies• Seek industry insight and stay current through
professional development resources• Use your vendors as a resource
![Page 13: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/13.jpg)
Why Evolve?
• Because it’s a different world today
• Criminals are smarter (and less assuming)
• Threats have evolved, are greater, the impact is more severe
• Customer perception; company reputation
![Page 14: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/14.jpg)
Why Evolve? - Business Realties
Security Breaches
Enterprise Re-Orgs
Mergers and Acquisition
Regulatory Expectations
Auditors
Economic Realities
Technology Evolution
Partnership and cross -functional
collaboration required to thrive
![Page 15: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/15.jpg)
How to Evolve
• Don’t just implement; Educate!• Security , Compliance, and Audit functions
working together toward a common goals• Communication, Communication,
Communication• Hire the right talent – capable, adaptable,
collaborative, objective thinking• Lead by example with passion• Be a proactive- seek insight, knowledge, and
new perspectives
![Page 16: Evolved Role of the Information Securtiy Professional](https://reader033.fdocuments.us/reader033/viewer/2022061208/548b2734b47959d86b8b4a4d/html5/thumbnails/16.jpg)
Follow-ups.. . .Kelly Manthey [email protected]
Blog: http://mantheyblog.solstice-consulting.com/Twitter: @kmanthey
Other Thought Leadership: •www.solstice-consulting.com•CIO.com Blog: http://advice.cio.com/user/solstice_consulting/track
Follow us on Facebook and Twitter:•Twitter: http://twitter.com/solsticellc•Facebook: http://www.facebook.com/solsticeconsulting