Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Strategy: Protecting Your Key Corporate Assets

Published byさなえ ゆのもと Modified over 6 years ago

Similar presentations

Presentation on theme: "IT Security Strategy: Protecting Your Key Corporate Assets"— Presentation transcript:

1 IT Security Strategy: Protecting Your Key Corporate Assets
Tech Data Do not hand out copies of the presentation nor make the presentation available to the customers. This is only designed for leading discussions and not meant as reference material. You want to control the timing and questions. If your customer has a copy of this presentation, you relinquish that control. If the prospect requests a copy, say, “I’d love to, but this is proprietary to our company. You’re welcome to take notes.” Only reveal one bullet at a time. This is designed to walk your prospect through the thought process in a psychologically correct way. Like baking a cake, if you skip a step or don’t follow the recipe, it won’t turn out the way you want. Note that if the headers end in an ellipsis or three dots (…) there are more points on this topic on the next slide. In general, the last bullet on the slide ends with a period so that you know to make the transition to the next slide. The most legible slides are black type on white background. This can be seen with the lights full on. You do not want a dark conference room. You want everyone to see everyone and stay awake. Notice that the scripting is in present tense, as if you are doing these things for them now. Think of this as describing how you’re doing it for other customers and you’re exploring if it’s right for these people. From a psychological view, you are asking them to consider it as already in process, substantially increasing their likelihood to agree to your next step. There are 24 slides in this presentation. Cover most slides in seconds with the discussion slides taking more time. Don’t belabor the points because your audience is intelligent and savvy. Make your point and move on. If you use PowerPoint in the presenter mode, you’ll have access to these notes, so position your computer so that your prospect can’t see the screen.

2 Non-Disclosure This discussion is under our mutual nondisclosure agreement. “Before I begin our discussion, I’d like to remind you that we may ask you questions of a sensitive nature that we will not disclose to others and we’ll discuss methods that we consider to be proprietary. This security meeting is covered by our mutual non-disclosure agreement. Will you agree to that?” [Get agreement from all involved in the meeting. If someone doesn’t agree, say, “I cannot proceed until we all agree.”]

3 Purpose of Our Discussion
Decide if we should expand our relationship Identify your questions and concerns about your IT security Identify whether your issues are within our expertise Report our findings about security issues Establish next-step recommendations based on your situation Create an action plan for your consideration. [Objective: Identify the customer’s desired outcomes in 3 minutes] “The second agreement I need from you is that you be willing to make a decision at the end of this discussion about whether to expand our relationship or not. We don’t want to waste your time or our time. We only work with people who want to work with us. Are you willing to do that?” If they are unable to do this, you have the wrong people in the room and this presentation has little effectiveness. You may choose to end the discussion at this time and reschedule with the right people, so you do not waste your time. Go through these items one at a time and get agreement. Don’t rush through these because agreement on this agenda sets up the meetings success. “We want to identify your questions and concerns about your IT security to identify if your issues are within our expertise. If not, we’ll say so and may make recommendations where you can get help for these issues.” “Then we’ll report our findings about current security issues and what we’ve learned about managing them.” “After discussing your situation, we’ll then establish a high-level set of recommendations on what to do next and create an action plan for your consideration if you like what you experience here in the next 30 minutes.” “Does this meet your needs for this meeting?”

4 Introductions Your team Our team Role, responsibility, experience
What would make this a valuable meeting for you? Our team [Objective: Establish relationships and set the customer’s agenda. Go around the room and get acquainted.] “Great! Let’s get a feeling for who’s here and what they want. Would you introduce yourself and tell me about your role, responsibility and experience? And let us know what you want so that our discussion is completely relevant to you.” [Everyone introduces themselves] “Thank you. Here’s our team…”

5 Why Security? IT is the engine of your business: When it’s compromised, you’re at risk Your assets have value that bad guys want. [Objective: Establish a basic understanding of security principles.] “So, why security? IT is the engine of your business: When it’s compromised, you’re at risk. Let’s face it, when your computers are compromised or non-operational, you can’t sell, ship, bill, or collect money. You’re out of business.” “And to make things worse, your assets have value that bad guys want.”

6 Why Our Customers Choose Us
Local, responsive and concerned means we’ll be there when called Experienced in delivering and securing IT in all varieties: traditional, cloud, blended systems, mobile Deep network of resources to solve unique situations We work until the the problem is resolved We take a holistic view and focus on growing our customer’s business by judicious application of IT. [Objective: Create credibility in 2 minutes. About our company. Tell short war stories that connect with this customer using the formula: scenario, problem, solution.] “Let me tell you a little about our company. Our customers tell us that they choose us because we are local – we’ve been here for 15 years – responsive – we have a 24-hour tech team – and we are concerned for our customers. All of this means we’ll be there when you need us. “We are experienced in delivering and securing IT of all varieties, such as traditional computers, cloud-based solutions, blended systems and mobile devices. “Our customers like that we have a deep network of resources to solve unique situations. We know who knows. “This means we have never had a problem that we couldn’t solve. We stay with it until it’s fixed.” “Our customers like that we take a holistic view of their business, helping them with the systems they need to grow their business securely with careful applications of IT. “Which of these characteristics are most interesting to you?”

7 What Gets Secured…? What do you want to protect? What’s vulnerable?
How much do you want to protect it? What’s vulnerable? Human failure Equipment failure Malicious attack. [Objective: Educate the customer on what needs to be secured. This is a multi slide segment.] “What should you secure? While we’ll work on your specifics later, here are general principles we use to help identify where to focus. “What do you want to protect and how much do you want to protect it? We’ll go into more details in a moment. “What’s vulnerable? And how is it vulnerable? Most common causes of security problems come from these three vectors: human failure – for example, someone leaves a door unlocked or a computer logged on; equipment failure – such as a lock breaks or a security device stops working; or malicious attack – for example, a competitor or organized crime ring attempts to steal from you.”

8 What Gets Secured…? What’s valuable?
What can and can’t you live without? What are you legally required to protect? Defend this first or you could go to jail What do you need to operate your business? Defend that next or you could go out of business. [Continued] “The next questions is, what’s valuable? What can and can’t you live without? If you can’t live without it, we apply our best security practices to keep it safe. “We can break this down further into: What are you legally required to protect? Defend this first or you could go to jail. If there is anything like this for your business, we focus on that. You don’t have to tell me right now. “Next, what do you need to operate your business? We defend that next or you could go out of business. We work with your team to identify and protect those elements.”

9 What Gets Secured? What is impossible to replace and what can be covered by insurance? What’s a trade secret and what’s common knowledge? [Continued] “Next, what is impossible to replace and what can be covered by insurance? We apply high levels of security to your most scarce resources or assets. Often these are overlooked, yet when they’re damaged, compromised or stolen, you can be severely impacted. “And finally, what’s a trade secret and what’s common knowledge? We’ll make sure that your trade secrets are appropriately protected. If something is common knowledge, then we make sure that you’re not wasting money protecting that. “Which of these elements are you most concerned about right now?”

10 Your Key Assets: People – employees, customers, key vendors and stakeholders Property – physical, electronic and intellectual Processes – the procedures used to successfully conduct business Proprietary data – trade secrets, confidential information and personal data. [Objective: Discuss the state of security in 5 minutes over the next four slides] “Now let’s talk about the key assets you need to protect. As we go through these, identify which are most important to you so that we get an idea about prioritizing your security plan. “People – employees, customers, key vendors and stakeholders all need to be protected from harm. This is frequently accomplished by locks, security cameras, protection and so forth. “Property – physical, electronic and intellectual property. We’ll protect this in similar ways to protecting people along with data leak protection. “Processes – the procedures used to successfully conduct business. We protect this with access control and accountability enforcement along with other methods. “And Proprietary data – trade secrets, confidential information and personal data. We figure out the best way to protect these critical assets. “Tell me about your priorities on these assets?”

11 The Outcome of Security
Availability of corporate assets Integrity of those assets Confidentiality of assets that are private Accountability, making those who access the data responsible for their behavior. [Objective: Define the desired outcomes of a properly implemented security strategy and identify if they have these elements in place.] “A properly designed and implemented security strategy protects your assets and delivers these four outcomes. “Availability of corporate assets so that you can use them when you want. If your systems are off-line or your assets disappear, you’re in trouble. “Integrity of those assets, meaning that data hasn’t been tampered with or physical assets haven’t been watered down. “Confidentiality of assets that are private so that you can maintain compliance and protect your secrets and the secrets of your customers. “And Accountability, making those who access the data responsible for their behavior so that you can prevent and prosecute bad behavior. “Do you know if you have all of these important elements covered in your security strategy?

12 The Value of Security… Increases staff efficiencies from not having to individually deal with security issues like spam, viruses and rogue Increases in systems efficiency created by the security system because of upgraded technology Eliminates cost of security breaches from unpatched software. [Objective: Identify the value beyond protection of a well designed and implemented security strategy.] “Yet a well-designed and implemented security strategy delivers more than just asset protection. “For example, it increases staff efficiencies from not having to individually deal with security issues like spam, viruses and rogue and other security-related problems. “It increases in systems efficiency created by the security system because of upgraded technology that implements your security policies. “It eliminates cost of security breaches from unpatched software, one of the biggest problems we see that’s also one of the easiest to fix.”

13 Security is a Real Challenge
New IT threats every second High-profile attacks New attack points Mobile devices Data leakage Social engineering. [Objective: Educate about security threats. Yes, the photo is meant to shock. It’s what bad guys do. If you have recent news about a high-profile attack, mention it along with the company name. “If ______ can’t do it, how can you expect to do it without help?”] “Security is a real challenge. Keeping up with all of the emerging threats is more than a full-time job. For example, there is a new IT threat about every second. “The result is we read about high-profile attacks in the news every week. And if the big companies can’t keep up, how are you supposed to? We partner with vendors and companies who completely focus on dealing with the rapidly changing threats and bring that protection to you so that you don’t have to worry about it. “And there are always new attack points such as mobile devices, a very real problem today, data leakage – both unintentional and malicious – and social engineering such as phishing attacks and malicious websites. “Do you have systems, policies and education in places to manage these threats?”

14 Seven Security Layers Access control Deter intrusion Detect intrusion
Determine attack nature Delay further access Defend Recover. [Objective: Educate on the multi-layer security model and identify potential holes.] “No single security system is 100 percent reliable. For this reason, we use a multi-layer approach to your security. “Access control is exactly that: Controlling who gets access to what with an emphasis on minimum required access. “Deter intrusion is usually what people think of when they here the word security. It’s things like locks and passwords. “Detect intrusion is what people think when they hear the word alarm system. It’s an alert that someone or something has gotten passed the locks or computer firewall. “Determine the attack nature helps us decide what to do right now. Typical solutions include video cameras and computer intrusion systems. “Delay further access is designed to slow down the bad guys. This is why you put valuable things in a safe that’s locked in a room that’s locked in the building. We can also do this with computer systems through multi-layer protection and multi-factor authentication. “Defend is what we do when the guards or police arrive. We can also do this with computers by cutting off access to the outside world if necessary. “Recover. If the worst happens and the bad guys are successful, we’ll have to clean up afterwards. This means restoring data and so forth. “Do you have all of these layers in place as part of your security strategy? “Which of these layers do you have in place? We can help with each of them.”

15 The Value of Security Reduces legal exposure from unsecured premises and computer systems Increases sales based on improved security and stability Reduces business interruptions caused by security breaches. [Continued] “Furthermore, it reduces legal exposure from unsecured premises and computer systems. “We see increases in sales based on improved security and stability that increases customer confidence and competitive advantage. “It also reduces business interruptions caused by security breaches. For example, when you have a system outage, you may never know if it was a computer problem or an attack without the right systems in place. “Which of these improvements appeals to you most?”

16 Your Security Concerns
What do you need to secure? What would it be worth to secure that? What would it cost if it wasn’t secured? What is your security policy? [Objective: Discover what they want to secure in 5 minutes.] “With that discussion about security, let’s talk about your specific concerns to understand if we can address them to your satisfaction. [Ask and discuss the following questions for a minute or so each] “What do you need to secure? “What would it be worth to secure that? “What would it cost if it wasn’t secured? “What is your security policy?”

17 What Would You Like to Have Happen?
What would it be like if everything worked correctly? How will you know who to choose? [Objective: Determine their specific objective.] “Thinking about your company and your security strategy, what would it be like if everything worked correctly? “How will you know who to choose to help you do this?”

18 Our Recommendations Assessment Security policy Remediation plan
Policy audit and implementation Bring compliance up-to-date Adjust implementation of policies. [Objective: Offer high-level recommendations. This is an overview with details on following slides. 30 seconds.] “Based on what you’ve told us so far, I recommend exploring four steps. Do an assessment to identify what you have and what’s missing, review or create your security policy, identify a remediation plan to bring you into compliance, if necessary, and perform routine policy audits to make sure that you have correct implementation. Let’s look at each of these closer.”

19 Assessment Review your situation using the seven layer security model
Identify any issues Recommend any specific actions with cost/risk analysis If we find nothing, you’re just being cautious. “First, we start with an assessment. We review your situation using the seven layer security model and identify any issues. We will then recommend any specific actions with cost/risk analysis for your decision. If we find nothing, you’re just being cautious. And our customers tell us that counts in security!”

20 Security Policy Review your security policy Look for completeness
Look for areas that have changed Mobile New compliance mandates. “Next, we review your security policy, looking for completeness and, more important, looking for areas that have changed, such as mobile devices and new compliance mandates. We are going to look for what you didn’t realize that you don’t know. “Our customers tell us that this gives them peace of mind.”

21 Remediation Plan If required
“Next, we’ll create a remediation plan, if required. This brings your compliance up-to-date and then we implement any adjustment to your policies.”

22 Policy Audit and Implementation
Audit for compliance Education where needed Help your team with enforcement strategies. “And the last step that we recommend right now is to perform regular policy audits to make sure that you stay in compliance. “We educate your people when needed to minimize or eliminate issues such as social engineering. “And we can help your team with enforcement. Our customers tell us that they like for us to be the heavy when it comes to enforcing policies.”

23 Proposed Next Steps Agree to an assessment
Our security team will perform this Meet for a review of findings Decide the next step, if any. [Objective: Get agreement to an assessment.] “Now it’s time for you to decided what you want to do next. I highly recommend that you agree to an assessment. Our expert security team will perform this. We then meet with you to review our findings and decide what the next steps will be. “Our assessment and review of findings is only $_______. “On a scale of one to 10, how confident are you that you need this assessment? [If they say anything less than a ten ask, “What do you need to get to a (their number plus one)]

24 Schedule the Next Meetings
Assessment Who and when Report of findings Executive team Two weeks later. [Objective: set details for the next meeting.] “Who on your team will be responsible for working with our people? “When can we get this on our schedule? “Let’s schedule a time to deliver our report of findings two weeks after that. “Perfect. Let’s get started!”

Download ppt "IT Security Strategy: Protecting Your Key Corporate Assets"

Similar presentations

The Sales Presentation

The Sales Presentation
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Network security policy: best practices

Network security policy: best practices
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
STEP 4 Manage Delivery. Role of Project Manager At this stage, you as a project manager should clearly understand why you are doing this project. Also.

STEP 4 Manage Delivery. Role of Project Manager At this stage, you as a project manager should clearly understand why you are doing this project. Also.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
INTERNAL CONTROLS What are they? Why should I care?

INTERNAL CONTROLS What are they? Why should I care?
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.

James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.
For more course tutorials visit

For more course tutorials visit
CMGT 400 GUIDE Real Success CMGT 400 Entire Course FOR MORE CLASSES VISIT CMGT 400 Week 1 Individual Assignment Risky Situation CMGT.

CMGT 400 GUIDE Real Success CMGT 400 Entire Course FOR MORE CLASSES VISIT CMGT 400 Week 1 Individual Assignment Risky Situation CMGT.
For More Best A+ Tutorials CMGT 400 Entire Courses (UOP Course) CMGT 400 Week 1 DQ 1 (UOP Course)  CMGT 400 Week 1 Individual Assignments.

For More Best A+ Tutorials CMGT 400 Entire Courses (UOP Course) CMGT 400 Week 1 DQ 1 (UOP Course)  CMGT 400 Week 1 Individual Assignments.
SAM Baseline Review Engagement

SAM Baseline Review Engagement
Michael Wright • Chief Security Officer • Tech Lock

Michael Wright • Chief Security Officer • Tech Lock
Technology and Business Continuity

Technology and Business Continuity
Office 365 Security Assessment Workshop

Office 365 Security Assessment Workshop
Persuasive Messages Module Twelve McGraw-Hill/Irwin

Persuasive Messages Module Twelve McGraw-Hill/Irwin

Similar presentations

Ads by Google