Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005."— Presentation transcript:

1 Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005

2 Agenda Today’s Security Realities Perception of Security Showing the business value of Security The 3 R’s Seeing Security Differently Retooling to leverage the Value

3 Today’s security realities… Threats are on the rise Time to respond has decreased Regulatory pressures are on the rise Business integration has eroded the network perimeter Spending more on security doesn’t equate to better protection

4 When we think of Security Guns - Guards - Geeks Keeping bad guys out Cost center focused Poorly defined metrics Lost in translation Out of alignment with business drivers Unable to show business value

5 Traditional Security Approaches Infrastructure security point solutions Firewalls VPN Antivirus Software Security operations Account creation Passwords Application Security Authorization policies

6 What’s the impact? Technology focus Higher TCO Long and costly cycles System access Application development Provisioning Inconsistent policies Focused on threat Avoidance vs. Risk Management Perceived as inflexible Not seen as a ‘value add’

7 Showing the value of Security Instead of Threats – focus on the 3 R’s Revenue How can security increase revenue opportunities? Can security help to reduce or avoid costs? What are your key information assets? Reputation What is the your brand worth? What are your relationships worth? Regulations What are you required to do?

8 Revenue Opportunities Efficiency Gains and Reduced Costs Centralized identity controls Self Registration Automated password resets Spam filtering Outsourcing Early Risk Assessments Lower TCO

9 New market opportunities Could security be a market differentiator? Secure ebiz strategy Barriers to entry Patents Speed to Market initiatives Business process improvements Shortened development cycles Automated provisioning Revenue Opportunities

10 Information Asset Protection Protect what matters most Apply the same principles as insuring your physical assets Could you lower your insurance premiums by implementing stronger security? “Intangible assets such as intellectual property represent approximately 60% to 80% of a company’s assets.” – Accenture Survey 2004 Revenue Opportunities

11 Security as a Differentiator

12 Reputation What’s your Brand Equity value? What do you spend on demand creation to grow your market? What would be the impact to your stock price if your customer database were hacked?

13 Examples of reputation damage

14 Regulations SOX, GLBA, HIPAA, EU Privacy…. What regulations are relevant to your industry? What are your local and overseas requirements? Are your service providers also in compliance? Are there competitive advantages to anticipating the next set of regulations?

15 Retooling your organization Gain Business Ownership Move security to an advisory role & let the business decide Seek new Funding Models Tie key security operational costs to IT but push more security costs out to business units Restructure to deliver the right services Develop an IP Protection Strategy Define what’s most important to protect

16 Retooling your organization Improve Communications Focus on Risk Management rather than threats and vulnerabilities Measure and communicate biz value Expand Team Skills ALL personnel should be security literate Require security personnel to understand the business Improve processes Tie security & risk to procurement, SDLC, operational processes Focus more on Value Proposition and less on ROI Establish Accountability Tie performance reviews and merit increases to compliance and awareness levels

17

18 Questions / Comments?

19 Changing the Paradigm Stop seeing Security as only technology Require your security teams to talk “Business” Determine the right level of risk Focus on process improvements Communicate the value security brings to the business – the 3 R’s Faster to market Improved productivity New revenue streams Stronger brand

20 “It’s not the strongest species that survives, nor the most intelligent, but the ones most responsive to change…” Charles Darwin

Download ppt "Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005."

Similar presentations

What is Business Architecture?. Overview Agility matters today more than yesterday Previous methods for managing change were designed for the needs of.

What is Business Architecture?. Overview Agility matters today more than yesterday Previous methods for managing change were designed for the needs of.
Geert Kruiter VP Continental Europe The role and impact of M&A on innovation.

Geert Kruiter VP Continental Europe The role and impact of M&A on innovation.
MASTER OF MANAGEMENT PROGRAM MM46 PPM GRADUATE SCHOOL OF MANAGEMENT January 09, 2010 LECTURER : HENRY CHRISTIANTO., ST., MTI.

MASTER OF MANAGEMENT PROGRAM MM46 PPM GRADUATE SCHOOL OF MANAGEMENT January 09, 2010 LECTURER : HENRY CHRISTIANTO., ST., MTI.
Company Analysis.

Company Analysis.
Strategic case for information & IT Acknowledgements to Euan Wilson (Staffordshire University)

Strategic case for information & IT Acknowledgements to Euan Wilson (Staffordshire University)
Presented by www.SourceOneInc.com Supply Management By: Leigh Podolak Presented by Source One Management Services, LLC www.SourceOneInc.com Lesson 1 Roles.

Presented by Supply Management By: Leigh Podolak Presented by Source One Management Services, LLC Lesson 1 Roles.
Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.

Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.

ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.
Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.

Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.
May-15 C ONFIDENTIAL confidential Pete McGarahan Executive Industry Fellow The Outsourcing Debate.

May-15 C ONFIDENTIAL confidential Pete McGarahan Executive Industry Fellow The Outsourcing Debate.
Strategic Charles W. L. Hill Management Gareth R. Jones

Strategic Charles W. L. Hill Management Gareth R. Jones
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Introduction to sustainability policy and reporting in other sectors Tim Birley Tim Birley Consultancy for CaSPr.

Introduction to sustainability policy and reporting in other sectors Tim Birley Tim Birley Consultancy for CaSPr.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Security Controls – What Works

Security Controls – What Works
“The 21st Century CIO” Mark Polansky

“The 21st Century CIO” Mark Polansky
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.

Similar presentations

Ads by Google