Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why build a strategy? 7/15/2015 University of Wisconsin–Madison2 Options: Detection or Prevention Last strategic plan was five years old and never formally.

Published byClarence Austin Modified over 8 years ago

Similar presentations

Presentation on theme: "Why build a strategy? 7/15/2015 University of Wisconsin–Madison2 Options: Detection or Prevention Last strategic plan was five years old and never formally."— Presentation transcript:

1

2 Why build a strategy? 7/15/2015 University of Wisconsin–Madison2 Options: Detection or Prevention Last strategic plan was five years old and never formally adopted by leadership Newer technology breeds newer and more sophisticated threats Well engineered and professional looking malware Zero Day attacks continue to increase in volume (24 tracked in 2014)* Total Days of Exposure for malware was over 295 in 2014* Threat Actors are more clever and the stakes are higher Campaigns such as Dragonfly, Waterbug, and Turla infiltrated industrial systems, embassies, and other sensitive targets* Volume and Complexity of Threat Activity Increasing Spear-Phishing attempts increased by 8% and more sophisticated * Increased “State Sponsored” cyberespionage and greater focus on Higher Education* Well engineered and professional looking malware Optimized risk management requires cybersecurity approaches that center on the data “Strategy without tactics is the slowest route to victory, tactics without strategy is the noise before defeat.” - Sun Tzu (Ancient Chinese Military Strategist) * = From Symantec’s 2015 Internet Security Threat Report

3 Getting to work… 7/15/2015 University of Wisconsin–Madison3 Options: Detection or Prevention Know what you want at the end of the run… This is more than a Gap Analysis and Cybersecurity is more than a service function Understand the assets and the need for protection Be prepared to “dovetail” business risk to the security plans Know where you are and where you want to be – it’s that simple!!! The mindset you need to create a useful strategy: Executive Buy-In Support from the CIO and other C-Leaders plus VPs Discussions that align guidance to business strategy Speak in a Common Language Level set the definitions of risk, vulnerability and threat Understand how the business works and how managers talk Do not be the “Merchant of No!” Learn the fastest way to get to YES! “Security Teams must demonstrate the ability to view business problems from different or multiple perspectives.” – Gus Agnos (VP Strategy & Operations at Synack) It has to be a team effort involving domain leaders and key performers

4 Where is our focus? Cybersecurity Incident Response Cycle Vulnerability scanning & analysis inconsistent / infrequent Threat Intel and Reporting Security Education and Training Incident Response – Metrics and Trends Security engineering and formal approval of systems connecting or operating Common Services = Common Delivery Reactive vs. Proactive Third Party Assessment Scalable Security Tools Data Location 7/15/2015 University of Wisconsin–Madison4 Staff perform relevant and meaningful cybersecurity tasks Data Classification Periodic (Comprehensive) Security Assessments Tangled funding sources Data Data Governance Data Ownership

5 Components of UW-Madison Cybersecurity Strategy 7/15/2015 University of Wisconsin–Madison5 Options: Detection or Prevention Preparation is key! You cannot do this alone! Working Groups and Committees (UW-MIST, MTAG, ITC, TISC, etc) Cybersecurity Leadership Team Executive and Department/College/Business Unit Buy-In Cost, Schedule, Performance Governance and Collaboration UW-Madison Cybersecurity Strategy Strategic ElementsEnabling Objectives Data Governance and Information Classification PlanRetain previous strategy’s actions (“find it/delete it/protect it”) Establish the UW-Madison Risk Management FrameworkEnable & support culture to value cybersecurity & reduce risk Build community of experts/improve user competence (SETA)Establish Restricted Data Environments Consolidate Security Operations & institute best practicesCentral data collection/aggregation to analyze security events Improve Cyber Threat Analysis/Dissemination /RemediationIdentify and seek sources of repeatable funding Optimize Services, Security Metrics, Compliance & CDM Identify UW-Madison compliance issues (FERPA, HIPAA, PCI- DSS, Red Flags Rule, etc.) Establish Collaborative Partnerships to assure teaching and research availability (Wisconsin Idea) Develop and refine sustainable security ops/risk assessments Develop & implement a marketing and communications plan

Download ppt "Why build a strategy? 7/15/2015 University of Wisconsin–Madison2 Options: Detection or Prevention Last strategic plan was five years old and never formally."

Similar presentations

Task Force V: Faculty & Staff Capacity Building Our Charge: –Provide recommendations to develop a capacity building plan for faculty and staff that allow.

Task Force V: Faculty & Staff Capacity Building Our Charge: –Provide recommendations to develop a capacity building plan for faculty and staff that allow.
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.

Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc.

Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc.
Cybersecurity Strategy … a first look

Cybersecurity Strategy … a first look
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Software Process and Product Metrics

Software Process and Product Metrics
Procurement Transformation State of North Carolina

Procurement Transformation State of North Carolina
Implementation of Project Governance at the Center Level

Implementation of Project Governance at the Center Level
+ Hybrid Roles in Your School If not now, then when?

+ Hybrid Roles in Your School If not now, then when?
Information Technology Audit

Information Technology Audit
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Prepare for Change Ideas for Today and Tomorrow. Change is inevitable: Internal Factors Aging infrastructures Aging workforce Projects vs. programs New.

Prepare for Change Ideas for Today and Tomorrow. Change is inevitable: Internal Factors Aging infrastructures Aging workforce Projects vs. programs New.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Similar presentations

Ads by Google