THE BUSINESS OF SECURITY
Security Technologies Director Entrust Datacard @sandycarielli
Copyright By PowCoder代写 加微信 powcoder
SECURITY AND BUSINESS
By 2020, 75% of businesses will be digital
THE RISE OF DIGITAL BUSINESS
DIGITAL BUSINESS, SECURITY AND RISK
Rather than eliminate risk, accept and implement controls to help enable business
SECURITY AS A BUSINESS ENABLER: A CONTROL THAT MAKES YOU FASTER
PRIORITIZATION
WHAT “MUST” BE DONE YOUR BUDGET
COMMUNICATION
A STORY ABOUT SECURITY RISK AND POOR COMMUNICATION…
CISO Qualities
What do you see as the key qualities of a chief information security officer (CISO)?
IT Security
How do you prefer information regarding cybersecurity be presented?
STRATEGIC RATHER THAN
TECHNOLOGIST Source: Veracode/NYSE
1. Stage your meetings
2. No jargon
3. Stay focused
4. Talk risk – but think about acceptable risk
5. Talk cost of exposure and recovery – and measure against value
SPEAKING THEIR LANGUAGE: SANDY’S (UPDATED) RULES FOR SECURITY LEADERS
TALKING TO THE BUSINESS
It’s a month until the big release of your company’s product is about to ship. Many customers are waiting for this release, and it’s likely to make the company $20M in additional revenue in the first month alone. You have found a security bug that you believe is high severity. A fix could delay the release by several weeks.
How do you assess the risk and impact?
How do you communicate that to the business?
SCENARIO #1
You would like to hire an outside consulting firm to do some “ethical hacking” of your products and identify vulnerabilities. This will cost approximately $250,000 per year. You do not have this money in your budget, and you’d like to ask for it.
How do you justify the cost?
How do you explain the benefits of such a
SCENARIO #2
This morning, an unknown attacker staged a Distributed Denial of Service (DDoS) attack against your website, bringing it down for a couple of hours. Customers are concerned and the attack has been reported about in the media. You need to report to the board:
What happened?
How did this happen?
How did we get back online?
What do we need to do in the near term and longer term to reduce the risk of this happening again?
What should we tell the media and our customers?
SCENARIO #3
QUESTIONS?
THANK YOU!
Security Technologies Director, Entrust Datacard @sandycarielli
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com