Security is a Myth: The Impossible Job of the CIO
-
date post
21-Oct-2014 -
Category
Technology
-
view
515 -
download
0
description
Transcript of Security is a Myth: The Impossible Job of the CIO
![Page 1: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/1.jpg)
Opening Remarks
The Day Ahead
Ed LapradeADNET Technologies, LLC
![Page 2: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/2.jpg)
2012: Managing IT is Simpler ThanEver!
![Page 3: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/3.jpg)
the Facts
Sophisticated SecurityWealth of Mobile Devices
BYOD is Here!Business Workflow Apps
The Cloud is Changing the World!
Simple DashboardsMore Savvy Users
![Page 4: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/4.jpg)
it’s not that simple . . .
![Page 5: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/5.jpg)
competition
datapeople
threats
riskscompliance
manage
investment
our thoughts are filled with
![Page 6: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/6.jpg)
the world got smaller . . .. . . and more complex
![Page 7: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/7.jpg)
TREND: Consumerization of IT
![Page 8: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/8.jpg)
consumerization of IT
A Gartner report says the bring your own device (BYOD) trend is here to stay, so enterprises need to bolster security policies.
Nathan Eddy – eWeek June 18, 2012
one effect . . .
![Page 9: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/9.jpg)
the trend to BYOD
![Page 10: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/10.jpg)
TREND: move to Cloud
![Page 11: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/11.jpg)
the evolution
![Page 12: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/12.jpg)
when you consider
Cash FlowSecurityComplexitySLAsRegulations
![Page 13: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/13.jpg)
sometimes the decision criteria is
not
BLACK White
![Page 14: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/14.jpg)
TREND: Social Media
![Page 15: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/15.jpg)
need to mitigate risk
guidelines? employees
trained? fit with culture?
Source: Intel Social Media Guidelines
![Page 16: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/16.jpg)
TREND: Productivity Software
![Page 17: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/17.jpg)
improving productivity
Enterprise Content Management (ECM)
Business Intelligence (BI)
Business Analytics Information
Visualization
Improve effectiveness Reduce operational costs Optimize business
processes Achieve regulatory
compliance Attract & retain
customers
Software Goals
![Page 18: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/18.jpg)
today is more complex than yesterday . . .. . . tomorrow will be more complex than
today
SUMMARY
![Page 19: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/19.jpg)
explaining the complex
WorkSmart
![Page 20: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/20.jpg)
THANK YOU to our Partners!
![Page 21: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/21.jpg)
![Page 22: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/22.jpg)
Security is a MYTH
The Impossible Job of the CIO
Christopher LuiseADNET Technologies, LLC
![Page 23: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/23.jpg)
the PREMISE
balance appropriate investment freedom
myth
off-balanceinappropriatemeasurement
securitytruth
![Page 24: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/24.jpg)
IMAGINE you come home to find…
![Page 25: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/25.jpg)
![Page 26: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/26.jpg)
scared
vulnerable
guilt
defenseless
angry
alarmed helpless
alone
BLAME
![Page 27: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/27.jpg)
it’s not just emotional
![Page 28: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/28.jpg)
All the work you do
PlanningDevelopingTestingRolloutsReporting
![Page 29: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/29.jpg)
Your WORK is gone
Your TRUST has disappearedYour CREDIBILITY is lost
![Page 30: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/30.jpg)
FACT
![Page 31: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/31.jpg)
NOTHING is fully secure
nothing.
![Page 32: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/32.jpg)
security is an ILLUSION
![Page 33: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/33.jpg)
what YOU see…
![Page 34: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/34.jpg)
Behavioral Patterns
Puzzles
Holes
what HACKERS see…
2, 3, 6, 7, 14, 15, 30…
![Page 35: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/35.jpg)
15 percent of large organizations detected successful network hacker penetrations.
Source: PwC 2012 Information Security Breaches Survey
![Page 36: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/36.jpg)
finding a way in
What happens if I pull on this string? Today’s strings unravel
People Processes Places Systems Information
It’s not sophistication – it’s merely CURIOSITY
![Page 37: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/37.jpg)
FACT
![Page 38: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/38.jpg)
they are the REAL threats
![Page 39: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/39.jpg)
75 percent of organizations where security policy was poorly understood experienced a staff-related breach.
Source: PwC 2012 Information Security Breaches Survey
![Page 40: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/40.jpg)
Lack of stakeholder buy-in No support for change Allowance of exceptions
The CIO has an IMPOSSIBLE JOB.
when the organization FAILS THE CIO
![Page 41: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/41.jpg)
FEAR may be warranted.
But in measured doses.
![Page 42: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/42.jpg)
What is APPROPRIATE?What is RATIONAL?
![Page 43: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/43.jpg)
CAN I SLEEP AT NIGHT? (What do I NOT Know?)
![Page 44: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/44.jpg)
Mobile devices & BYOD (ITaaH) Social media (gone wild) Cloud Training & policies Assigned rights Awareness – from top to bottom Authentication – Ml!cwsI
your biggest VULNERABILITIES
![Page 45: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/45.jpg)
you cannot IGNORE THIS
“If security is not part of innovation, it’s going to cost you. There are certain things you can neglect, but the majority you cannot ignore. Sooner or later it will hit you. And the later you put security and compliance into projects, the more it will cost, because it just adds complexity.”
Andreas Wuchner, head IT risk management, security & compliance, Novartis
![Page 46: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/46.jpg)
MEASURINGWhat gets measured, gets done.
![Page 47: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/47.jpg)
93 percent of large organisations and 76 percent of small businesses experienced a security breach last year.
Source: PwC 2012 Information Security Breaches Survey
![Page 48: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/48.jpg)
50 percent of large organisations expect to spend more on security next year, yet 67 percent still expect more security breaches
5067
Source: PwC 2012 Information Security Breaches Survey
![Page 49: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/49.jpg)
“Amateurs study cryptography;Professionals study economics”
- Allan Schiffman, July 2004
![Page 50: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/50.jpg)
There’s never enough <X> to go around
To play better, you must keep score Discipline is easier with numbers
Why measure?
![Page 51: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/51.jpg)
So, if you do things right and NOTHING happens…How do you measure what didn’t happen?
Measurement
![Page 52: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/52.jpg)
How much is TOO MUCH security?
Spending more and achieving less (perceived)
Stealing from business initiatives Excess administrative overhead to
manage Overburdened IT staff
Throwing money at the problem is not a strategy.
![Page 53: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/53.jpg)
Measured and appropriate RESPONSE
Balance Knowledge Risk – measured and assumed Not fear
![Page 54: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/54.jpg)
80 percent of large organizations, and 53 percent of small businesses, fail to evaluate the return on investment of security expenditure
8053
Source: PwC 2012 Information Security Breaches Survey
![Page 55: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/55.jpg)
Highest-Level Metrics
How secure am I? Am I better off than this time last year? Am I spending the right amount of $$? How do I compare to my peers? ROSI? It’s a start… What risk transfer options do I have?
![Page 56: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/56.jpg)
Building the STRATEGY
Ask yourself:
“Is our approach RATIONAL?
APPROPRIATE?”
![Page 57: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/57.jpg)
TRADEOFFSCompromise is not optimal.
![Page 58: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/58.jpg)
Security is about tradeoffs; but you know that
It is easier to make tradeoffs when you have a measure to compare them with
Even then, it is not necessarily easy
![Page 59: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/59.jpg)
it’s a BALANCING act
SECURITY FREEDOM
![Page 60: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/60.jpg)
Culture?
![Page 61: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/61.jpg)
building the STRATEGY
1. Understand where your organization is investing (Corporate Strategy).
2. Review and analyze. Collaborate.3. Rank your weakness – Internal & External
(PIE) (Probability x Impact = Exposure)4. Align an approach. Enable.5. Build in awareness (organizational)6. Get or find authority
![Page 62: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/62.jpg)
Chris’ steps to SLEEPING AT NIGHT
Independent review Simplify complex systems Make complex simple authentications Design security approach into projects Malfeasance is the least of your worries –
AWARENESS! Backup/fail-safes Measure security spend.
![Page 64: Security is a Myth: The Impossible Job of the CIO](https://reader035.fdocuments.us/reader035/viewer/2022081412/5446f58bafaf9f59178b4856/html5/thumbnails/64.jpg)
Thank you and ENJOY!