Risk Management and Security in Strategic Planning
-
Upload
keyaan-williams -
Category
Technology
-
view
103 -
download
3
Transcript of Risk Management and Security in Strategic Planning
![Page 1: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/1.jpg)
Risk Management and Security in Strategic Planning
SIM D/FW November Meeting
![Page 2: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/2.jpg)
ContactKeyaan WilliamsSenior ConsultantRisk Management & Governance
• https://www.nccgroup.trust/us/
• @KeyaanWIlliams
![Page 3: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/3.jpg)
Opening Thoughts
Strategic planning is a critical business activity that most businesses don’t do well.
![Page 4: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/4.jpg)
Opening Thoughts
When businesses do conduct strategic planning, they often
overlook risk management and security concerns that affect the
plan’s outcome.
![Page 5: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/5.jpg)
Opening Thoughts
Risk and security considerations often contribute to the way an
organization conducts its business.
![Page 6: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/6.jpg)
Agenda
Strategic Planning
Strategy, Risk, and Security
The Long View
*Real* Security
Q&A
![Page 7: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/7.jpg)
Strategic PlanningThe context of this discussion
![Page 8: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/8.jpg)
Strategic Planning
Strategic planning is the process an organization uses to define its direction
(strategy) and make decisions about how to allocate resources to pursue this direction.
![Page 9: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/9.jpg)
Strategic Planning
“Strategic planning produces fundamental decisions and actions that shape and guide what an organization is, who it serves, what it does, and why it does it, with a focus on
the future.”
~Balanced Scorecard
![Page 10: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/10.jpg)
Five Steps to a strategic plan
Where are you?
What is important?
What must you achieve?
Who is accountable?
Review and measure performance
![Page 11: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/11.jpg)
Strategic Planning
Strategy
Portfolio
Program
Projects and
Activities
![Page 12: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/12.jpg)
Strategy, Risk, and SecurityHow do they work together?
![Page 13: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/13.jpg)
Strategy, Risk, and Security
If strategy provides the context for where we are going, risk and security
tell us how to get there.
Risk• Big Picture• Strategic
Security• Tactics• Operational
![Page 14: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/14.jpg)
Strategy, Risk, and Security
Risk management provides a systematic approach for identifying, understanding,
and controlling exposures.
Operational Financial Security Contractual Programmatic
![Page 15: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/15.jpg)
Strategy, Risk, and Security
The ERM Perspective• What risks exist?• What impact will they cause?• What can I do about it? • How effective were my choices?
?
?
?
?
![Page 16: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/16.jpg)
Strategy, Risk, and Security
Assessment Action
• Accept• Change• Transfer
Review
The Risk Management Cycle
![Page 17: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/17.jpg)
Strategy, Risk, and Security
The Security Perspective• What threats exist?• What vulnerabilities exist?• How do I manage them?• What controls do I use?• How many layers of defense?
?
?
?
?
![Page 18: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/18.jpg)
Strategy, Risk, and Security
CSC 20 OWASP 10
NIST RMF
ISO 27000
PCI DSS NERC FFIEC
The Security PerspectiveThe common focus is on applying controls from a specific standard or requirement.
![Page 19: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/19.jpg)
The Long ViewHow do you develop long-term strategic planning for security?
![Page 20: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/20.jpg)
The Long View
An organization’s culture and priorities make a difference – especially when incorporating
security into the long-term strategy.
![Page 21: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/21.jpg)
The Long ViewThe Board Executives
Security
Business LeadersIT
Global Users
The root and flow of info is critical!
![Page 22: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/22.jpg)
The Long View Strategic Plan
Goal
Objectives
strategies
Objectives
strategies
Goal
Objectives
Placement of security in the hierarchy affects the outcome.
![Page 23: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/23.jpg)
The Long View
Placement:• Is security a strategic goal?• Is security strategic objective?• Is security a strategy activitythat supports an objective?
The lower something rests in the hierarchy, the less important it is.
![Page 24: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/24.jpg)
*Real* SecurityHow do you manage risks beyond compliance?
![Page 25: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/25.jpg)
*Real* Security
If security is a strategic goal, then compliance is simply an activity in the
strategic planning hierarchy.
![Page 26: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/26.jpg)
*Real* Security
Compliance is a significant business driver, but compliance defines the bare minimum
that you must do to satisfy industry requirements.
![Page 27: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/27.jpg)
*Real* Security
*Real* security considers business drivers beyond compliance and addresses these
drivers in the strategic plan.
![Page 28: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/28.jpg)
*Real* Security
Produce Widgets
Sales Delivery
Support Maint.
End
Each phase in the process has a compliance concern and a security concern.
![Page 29: Risk Management and Security in Strategic Planning](https://reader036.fdocuments.us/reader036/viewer/2022062523/587065591a28ab48378b4d93/html5/thumbnails/29.jpg)
Q&A