Presentation is loading. Please wait.

Presentation is loading. Please wait.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Published byDinah Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security."— Presentation transcript:

1 Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security

2 Agenda  Why Should We Care?  The View from the Top  Risk Management or Business Enablement  Case Study

3 Why Should We Care? 3

4 Data Breaches

5 // Source of Data Breaches Source: Verizon Business Data Breach Report Verizon Business 2013 Data Breach Report

6 // Timeline of a Breach Source: Verizon Data Breach Report 2015 In 60% of cases, attackers are able to compromise an organization within minutes.

7 How are breaches identified? Source: Verizon Business Data Breach Report Only 3% of breaches were detected with common security controls

8 The View from the Top 8

9 Business View Of Information Security How does this fit into our business strategy? Why do we have to change our passwords every month? You can’t impact our network latency! What is the Return on Investment? Two Factor Authentication takes too long! Isn’t that too difficult for our clients?

10 Risk Management or Business Enablement? 10

11 Question 11

12 Key Business Drivers For Risk Management  Regulatory Compliance  Maintain Continuity  Prevent Financial Loss  Detect Unauthorized Access

13 Key Business Drivers For Business Enablement  Protect Brand Reputation  Contractual Obligations  Third Party Vendor Audits  Expanded Business Opportunities

14 Case Study 14

15 Healthcare Services Company  Develop an Information Security Strategy  Focus on how to protect the business and its data  Develop strategy based on the risk to sensitive data  Align regulatory compliance standards with information security strategy  Develop and implement policies, standards, and procedures to support the Information Security Strategy  Integrate policies, standards, and procedures into regular business processes  Develop and Test an Incident Response Plan  Plan should include detecting, responding to and limiting the effects of an information security event

16 Questions? Mike Childs Office: 888.712.9531 x711 mike.childs@rooksecurity.com www.rooksecurity.com

Download ppt "Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security."

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.

IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.

RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Discussing “Risk Analysis in Software Design” 1 FEB 2006 - Joe Combs.

Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

Similar presentations

Ads by Google