SlideShare a Scribd company logo

Build an Information Security Strategy

Download as PPTX, PDF
Andrew Byers
Andrew Byers

Organizations are struggling to keep up with today’s evolving threat landscape. From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks. Every organization needs some kind of information security program to protect their systems and assets. Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.

1 of 12
Downloaded 1,085 times
Info-Tech Research Group 1Info-Tech Research Group 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2015 Info-Tech Research Group Inc. Build an Information Security Strategy Tailor best practices to effectively manage information security.
Info-Tech Research Group 2Info-Tech Research Group 2 This Research is Designed For: This Research Will Help You: This Research Will Assist: This Research Will Help You: This Research Is Designed For: This Research Will Help You: This Research Will Also Assist: This Research Will Help Them: Our understanding of the problem Security leaders or IT leaders who are tasked with developing a security strategy CISOs/CSOs who would like to improve their security strategy and ensure that it is comprehensive enough for today’s threat landscape Understand current security practices capabilities and performance Understand your security obligations, scope, boundaries, and responsibilities Establish a security target state based on your organizational context Develop a strategy and roadmap to help you achieve your security target state CEOs and other business leaders who want to understand which elements should be involved in a good security strategy Understand the value of good security practices
Info-Tech Research Group 3Info-Tech Research Group 3 Resolution Situation Complication Info-Tech Insight Executive Summary Technology sophistication and business adoption, the proliferation of hacking techniques, and the expansion of hacking motivations from financial to now social, political, or strategic motivations have resulted in organizations facing major security risk. Every organization needs some kind of information security program to protect their systems and assets. Organizations today face pressures from regulatory or legal obligations, customer requirements, and now senior management expectations. Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how, not to mention an assessment alone is only the starting point. Senior management wants to know that adequate targets have been determined and there is a robust plan on how they are going to be met. Info-Tech has developed and tested a robust information security framework with supporting methodologies to generate your organization’s comprehensive, highly actionable, and measurable security strategy and roadmap: • Info-Tech’s best of breed security framework combines COBIT 5, PCI DSS, ISO 27000 series, NIST SP 800-53, and SANS security components to ensure all areas of security are considered and covered. • Robust security requirements gathering across the organization, key stakeholders, customers, regulators, and other parties ensure the security strategy is built in alignment to and support of enterprise and IT strategies and plans. • A comprehensive current state assessment, gap analysis, and initiative generation ensures nothing is left off the table. • Tested and proven rationalization and prioritization methodologies ensure the strategy you generate is not only the one the organization needs, but the one the organization will support. Best of Breed It’s hard to know which security framework is best. Info-Tech analyzed and integrated frameworks to ensure an exhaustive approach to security. Alignment Security is still a friction point and viewed as a cost center. Align your security strategy with corporate and IT strategies to ensure support. Communication To have a strategy implemented, you need to communicate to stakeholders in their language and show their concerns and perspectives were accounted for.
Info-Tech Research Group 4Info-Tech Research Group 4 Use these icons to help direct you as you navigate this research This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project. This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team analysts, who will come onsite to facilitate a workshop for your organization. Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
Info-Tech Research Group 5Info-Tech Research Group 5 Consulting “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” Guided Implementation “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” Workshop “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” Diagnostics and consistent frameworks used throughout all four options Info-Tech offers various levels of support to best suit your needs
Info-Tech Research Group 6Info-Tech Research Group 6 Best-Practice Toolkit 1.1 Introduce security management 1.2 Understand business and IT strategy and plans 1.3 Define security obligations, scope, and boundaries 1.4 Define risk tolerance level 1.5 Assess security risk profile 2.1 Assess current security capabilities and performance 2.2 Review pen test results 2.3 Define security target state 3.1 Identify security gaps 3.2 Build initiatives to bridge the gap 3.3 Estimate the resources needed 3.4 Prioritize gap initiatives 3.5 Determine start time and accountability 4.1 Finalize security roadmap and action plan 4.2 Build a security charter 4.3 Build the security program organizational structure 4.4 Create a change and communication plan 4.5 Develop a metrics program 4.6 Develop a security services catalog Guided Implementations Review the scope of the security strategy plans Define the organizational risk tolerance Assess the security risk profile of the business Perform a current state assessment of the security controls Determine the future target state of the security controls Identify existing gaps and create gap initiatives to close the gaps Determine the benefit, cost, and resources needed for each initiative Build a roadmap based on the security initiatives Optimize your strategy Onsite Workshop Module 1: Assess Security Requirements Module 2: Perform a Gap Analysis Module 3: Continue the Gap Analysis Module 4: Plan for the Transition Phase 1 Results: • Security obligations statement • Security scope and boundaries statement • Security risk profile • Defined risk tolerance level Phase 2 Results: • Current security capabilities • Target future state defined Phase 3 Results: • Security program gaps identified • Gap initiatives defined • Estimated effort, budget, and resource readiness assessment Phase 4 Results: • Security roadmap and action plan • Security charter • Change and communication plan • Metrics program • Security services catalog Assess Security Requirements Perform a Gap Analysis Develop Gap Initiatives Plan for the Transition Information security project overview
Info-Tech Research Group 7Info-Tech Research Group 7 Workshop overview Contact your account representative or email Workshops@InfoTech.com for more information. Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5 Activities Assess security requirements Perform a gap analysis Develop gap initiatives Plan for the transition Communicate and implement 1.1 Introduce security management 1.2 Understand business and IT strategy and plans 1.3 Define security obligations, scope, and boundaries 1.4 Define risk tolerance level 1.5 Assess security pressure posture 2.1 Assess current security capabilities and performance 2.2 Review pen test results 2.3 Define security target state 3.1 Identify security gaps 3.2 Build initiatives to bridge the gap 3.3 Estimate the resources needed 3.4 Prioritize gap initiatives 3.5 Determine start time and accountability 4.1 Finalize security roadmap and action plan 4.2 Create a change and communication plan 4.3a Build a security charter 4.3b Build the security program organizational structure 4.3c Develop a metrics program 4.3d Develop a security services catalog 5.1 Finalize deliverables 5.2 Support communication efforts 5.3 Identify resources in support of priority initiatives Deliverables 1. Security obligations statement 2. Security scope and boundaries statement 3. Defined risk tolerance level 4. Security pressure posture 1. Security capabilities and performance report 2. Security future state 1. Future state–current state gap analysis 2. Initiatives to address the gap 3. Estimated effort needed 4. Budget & resource readiness analysis 1. Security roadmap and action plan 2. Security charter 3. Change and communication plan 4. Metrics program 5. Security services catalog 1. Security strategy and roadmap deck/document 2. Mapping of Info-Tech resources against individual initiatives
Info-Tech Research Group 8Info-Tech Research Group 8 Info-Tech’s framework integrates several best practices to create a best-of-breed security framework COBIT 5 ISO 27000 Series Comprehensive standard providing best practices associated with each control PCI-DSS Provides more detailed instructions than most other best practices but not much breadth SANS Twenty Critical Security Controls Provides a great list of controls for effective cyber defence NIST SP800 Series Provides a detailed list of security controls along with many implementation best practices intended for federal information systems and organizations COBIT 5 for Security More principle and process-based than other best practices SANS Critical Controls NIST SP800- 53 ISO 27000 series PCI-DSS Info-Tech’s Best-of-Breed Information Security Framework
Info-Tech Research Group 9Info-Tech Research Group 9 Practical component level of Information Security Program Framework InformationSecurityFramework GovernanceManagement Context and Leadership Evaluation and Direction Compliance, Audit and Review Information Security Charter Culture and Awareness Information Security Organizational Structure Security Risk Management Security Strategy and Communication Security Policies Security Compliance Management External Security Audit Management Review of Security Internal Security Audit Prevention Detection Response and Recovery Measurement Identity and Access Management Identity Security Data Security Hardware Asset Management Data Security & Privacy Infrastructure Security Network Security Metrics Program Endpoint Security Malicious Code Application Security Vulnerability Management Cryptography Management Physical Security Configuration and Change Management Vendor Management Security Threat Detection Log and Event Management Security Incident Management Security eDiscovery and Forensics Backup and Recovery Information Security in BCM Continuous Improvement Change and Support HR Security HR Security Cloud Security
Info-Tech Research Group 10Info-Tech Research Group 10 Domain level of Information Security Program FrameworkInformationSecurityFramework Governance Management Prevention Detection Response and Recovery Assurance Measurement Metrics Program Continuous Improvement Context and Leadership Evaluation and Direction Compliance, Audit and Review Management Commitment Strategic Alignment Confident or Risk/Compliance Posture Defence in Depth People, Process, Technology Flexibility to Trends Result-Orientated Transparency Continuous Improvement
Info-Tech Research Group 11Info-Tech Research Group 11 Info-Tech’s Information Security Methodology and Maturity Level Model Context and Leadership Evaluation and Direction Compliance and Review Prevention Detection Response and Recovery Measurement ML: 5 ML: 4 ML: 3 ML: 2 ML: 1 Each security area has five possible maturity levels • This generates a security maturity matrix and is the basis for the framework. Collectively, these seven areas form Info-Tech’s information Security Framework • These areas were designed by Info-Tech to be process- and management-based areas that can be evaluated independently of each other. • Each security component has many sub-components 1 2 All seven security areas are evaluated on the five-level maturity model • Using info-Tech scoring methodology, sub components are evaluated individually with the aggregate scores generating the component scores. 3 Target scores for each security area are identified • The security maturity model is used to identify maturity levels that meet the organization’s security requirements. • From the current state maturity levels and target levels, gaps are identified and developed into initiatives to be completed. 4 The best advice I can give is to bring everything together end to end. Don’t limit yourself in any one focused area…If you take an end-to-end approach instead of trying to focus on specific areas and compartmentalize them, you will be 100% more successful. – Technology Services, USA Building a holistic framework ensures that all your bases are covered while preventing duplications of the same functions, resulting in a more efficient program.
Info-Tech Research Group 12Info-Tech Research Group 12 Navigate the 4 phases of the blueprint using this table of contents and deliverables Phase 1: Assess security requirements Phase 2: Perform a gap analysis Phase 3: Develop gap initiatives Phase 4: Plan for the transition 1.1 Introduce Security Management 2.1 Assess current security capabilities 3.1 Identify security gaps 4.1 Finalize the security roadmap and action plan Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool 1.2 Understand business and IT strategy plans 2.2 Review penetration test results 3.2 Build initiatives to bridge the gap 4.2 Build a security charter Template: Information Security Strategy Workbook Template Prerequisite: Penetration Test Results Report Tool: Information Security Program Gap Analysis and Roadmap Tool Template: Information Security Charter Template 1.3 Define security obligations, scope, and boundaries 2.3 Define security target state 3.3 Estimate resources needed 4.3 Build the security program organizational structure Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Template: Security Governance Organizational Structure Template 1.4 Define risk tolerance level 3.4 Prioritize gap initiatives 4.4 Create a change and communication plan Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Information Security Communication Plan Template 1.5 Assess security risk profile 3.5 Determine start time and accountability 4.5 Develop a metrics program Tool: Security Pressure Posture Analysis Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Security Metrics Tool 4.6 Develop a security services catalog Template: Security Services Catalog
Ad

Recommended

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
ChatGPT What It Is and How Writers Can Use It.pdf
ChatGPT What It Is and How Writers Can Use It.pdfChatGPT What It Is and How Writers Can Use It.pdf
ChatGPT What It Is and How Writers Can Use It.pdf
Adsy
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
Vivek Chauhan
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
John Arnold
 
Strategic Plan Execution for Cooperatives
Strategic Plan Execution for CooperativesStrategic Plan Execution for Cooperatives
Strategic Plan Execution for Cooperatives
Jo Balucanag - Bitonio
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0
Maganathin Veeraragaloo
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
Strategy 3 Assignment
Strategy 3 AssignmentStrategy 3 Assignment
Strategy 3 Assignment
charul singh
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Ad

More Related Content

What's hot (20)

Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 

Viewers also liked (20)

Strategy 3 Assignment
Strategy 3 AssignmentStrategy 3 Assignment
Strategy 3 Assignment
charul singh
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Digital grid: Disruptive digital technologies
Digital grid: Disruptive digital technologiesDigital grid: Disruptive digital technologies
Digital grid: Disruptive digital technologies
Accenture the Netherlands
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
Priyanka Aash
 
Things That Don't Matter in Your Presentation!
Things That Don't Matter in Your Presentation!Things That Don't Matter in Your Presentation!
Things That Don't Matter in Your Presentation!
Ayman Sadiq
 
Accenture Mobility - Trends for the Next Decade
Accenture Mobility - Trends for the Next DecadeAccenture Mobility - Trends for the Next Decade
Accenture Mobility - Trends for the Next Decade
Lars Kamp
 
Presentation Design Trends 2015
Presentation Design Trends 2015Presentation Design Trends 2015
Presentation Design Trends 2015
SketchBubble
 
Screw You Bullet Points! [Rest in Peace]
Screw You Bullet Points! [Rest in Peace]Screw You Bullet Points! [Rest in Peace]
Screw You Bullet Points! [Rest in Peace]
Ayman Sadiq
 
5 tools for an awesome presentation-By Samid Razzak
5 tools for an awesome presentation-By Samid Razzak5 tools for an awesome presentation-By Samid Razzak
5 tools for an awesome presentation-By Samid Razzak
Md. Samid Razzak
 
The Art of the Presentation
The Art of the PresentationThe Art of the Presentation
The Art of the Presentation
Jeffrey Stevens
 
Presentation Design Trends 2014
Presentation Design Trends 2014Presentation Design Trends 2014
Presentation Design Trends 2014
SketchBubble
 
OpenACC Month Highlights- October
OpenACC Month Highlights- OctoberOpenACC Month Highlights- October
OpenACC Month Highlights- October
NVIDIA
 
Digital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing WorldDigital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing World
Edelman
 
23 quick color themes for your presentation
23 quick color themes for your presentation23 quick color themes for your presentation
23 quick color themes for your presentation
Presentitude
 
5 Ways To Surprise Your Audience (and keep their attention)
5 Ways To Surprise Your Audience (and keep their attention)5 Ways To Surprise Your Audience (and keep their attention)
5 Ways To Surprise Your Audience (and keep their attention)
Slides | Presentation Design Agency
 
Digital Business - Accenture
Digital Business - AccentureDigital Business - Accenture
Digital Business - Accenture
Accenture the Netherlands
 
17 Ways to Design a Presentation People Want to View
17 Ways to Design a Presentation People Want to View17 Ways to Design a Presentation People Want to View
17 Ways to Design a Presentation People Want to View
Jim MacLeod
 
MBA case study presentation template
MBA case study presentation templateMBA case study presentation template
MBA case study presentation template
gorvis
 
Strategy 3 Assignment
Strategy 3 AssignmentStrategy 3 Assignment
Strategy 3 Assignment
charul singh
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Digital grid: Disruptive digital technologies
Digital grid: Disruptive digital technologiesDigital grid: Disruptive digital technologies
Digital grid: Disruptive digital technologies
Accenture the Netherlands
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
Priyanka Aash
 
Things That Don't Matter in Your Presentation!
Things That Don't Matter in Your Presentation!Things That Don't Matter in Your Presentation!
Things That Don't Matter in Your Presentation!
Ayman Sadiq
 
Accenture Mobility - Trends for the Next Decade
Accenture Mobility - Trends for the Next DecadeAccenture Mobility - Trends for the Next Decade
Accenture Mobility - Trends for the Next Decade
Lars Kamp
 
Presentation Design Trends 2015
Presentation Design Trends 2015Presentation Design Trends 2015
Presentation Design Trends 2015
SketchBubble
 
Screw You Bullet Points! [Rest in Peace]
Screw You Bullet Points! [Rest in Peace]Screw You Bullet Points! [Rest in Peace]
Screw You Bullet Points! [Rest in Peace]
Ayman Sadiq
 
5 tools for an awesome presentation-By Samid Razzak
5 tools for an awesome presentation-By Samid Razzak5 tools for an awesome presentation-By Samid Razzak
5 tools for an awesome presentation-By Samid Razzak
Md. Samid Razzak
 
The Art of the Presentation
The Art of the PresentationThe Art of the Presentation
The Art of the Presentation
Jeffrey Stevens
 
Presentation Design Trends 2014
Presentation Design Trends 2014Presentation Design Trends 2014
Presentation Design Trends 2014
SketchBubble
 
OpenACC Month Highlights- October
OpenACC Month Highlights- OctoberOpenACC Month Highlights- October
OpenACC Month Highlights- October
NVIDIA
 
Digital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing WorldDigital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing World
Edelman
 
23 quick color themes for your presentation
23 quick color themes for your presentation23 quick color themes for your presentation
23 quick color themes for your presentation
Presentitude
 
5 Ways To Surprise Your Audience (and keep their attention)
5 Ways To Surprise Your Audience (and keep their attention)5 Ways To Surprise Your Audience (and keep their attention)
5 Ways To Surprise Your Audience (and keep their attention)
Slides | Presentation Design Agency
 
Digital Business - Accenture
Digital Business - AccentureDigital Business - Accenture
Digital Business - Accenture
Accenture the Netherlands
 
17 Ways to Design a Presentation People Want to View
17 Ways to Design a Presentation People Want to View17 Ways to Design a Presentation People Want to View
17 Ways to Design a Presentation People Want to View
Jim MacLeod
 
MBA case study presentation template
MBA case study presentation templateMBA case study presentation template
MBA case study presentation template
gorvis
 
Ad

Similar to Build an Information Security Strategy (20)

Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
Info-Tech Research Group
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Prahlad Reddy
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Tyler Carlson
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
Heather Salmons Newswanger
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
Swati Gupta
 
Intelligent security operations a staffing guide
Intelligent security operations a staffing guideIntelligent security operations a staffing guide
Intelligent security operations a staffing guide
Colleen Johnson
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
Divya Tiwari
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
Jack585826
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
George Goodall
 
IT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxIT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
360 BSI
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
Manuel Guillen
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
Bachir Benyammi
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, a
MaximaSheffield592
 
Mastering NIST CSF 2.0 - The New Govern Function.pdf
Mastering NIST CSF 2.0 - The New Govern Function.pdfMastering NIST CSF 2.0 - The New Govern Function.pdf
Mastering NIST CSF 2.0 - The New Govern Function.pdf
Bachir Benyammi
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
Naushad Rajani. - CISA, CISSP, CCSP, PMP, DCPP (Privacy)
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask Yourself
LERNER Consulting
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
Info-Tech Research Group
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Prahlad Reddy
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Tyler Carlson
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
Heather Salmons Newswanger
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
Swati Gupta
 
Intelligent security operations a staffing guide
Intelligent security operations a staffing guideIntelligent security operations a staffing guide
Intelligent security operations a staffing guide
Colleen Johnson
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
Divya Tiwari
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
Jack585826
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
George Goodall
 
IT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxIT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
360 BSI
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
Manuel Guillen
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
Bachir Benyammi
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, a
MaximaSheffield592
 
Mastering NIST CSF 2.0 - The New Govern Function.pdf
Mastering NIST CSF 2.0 - The New Govern Function.pdfMastering NIST CSF 2.0 - The New Govern Function.pdf
Mastering NIST CSF 2.0 - The New Govern Function.pdf
Bachir Benyammi
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
Naushad Rajani. - CISA, CISSP, CCSP, PMP, DCPP (Privacy)
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask Yourself
LERNER Consulting
 
Ad

Recently uploaded (20)

UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 

Build an Information Security Strategy

  • 1. Info-Tech Research Group 1Info-Tech Research Group 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2015 Info-Tech Research Group Inc. Build an Information Security Strategy Tailor best practices to effectively manage information security.
  • 2. Info-Tech Research Group 2Info-Tech Research Group 2 This Research is Designed For: This Research Will Help You: This Research Will Assist: This Research Will Help You: This Research Is Designed For: This Research Will Help You: This Research Will Also Assist: This Research Will Help Them: Our understanding of the problem Security leaders or IT leaders who are tasked with developing a security strategy CISOs/CSOs who would like to improve their security strategy and ensure that it is comprehensive enough for today’s threat landscape Understand current security practices capabilities and performance Understand your security obligations, scope, boundaries, and responsibilities Establish a security target state based on your organizational context Develop a strategy and roadmap to help you achieve your security target state CEOs and other business leaders who want to understand which elements should be involved in a good security strategy Understand the value of good security practices
  • 3. Info-Tech Research Group 3Info-Tech Research Group 3 Resolution Situation Complication Info-Tech Insight Executive Summary Technology sophistication and business adoption, the proliferation of hacking techniques, and the expansion of hacking motivations from financial to now social, political, or strategic motivations have resulted in organizations facing major security risk. Every organization needs some kind of information security program to protect their systems and assets. Organizations today face pressures from regulatory or legal obligations, customer requirements, and now senior management expectations. Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how, not to mention an assessment alone is only the starting point. Senior management wants to know that adequate targets have been determined and there is a robust plan on how they are going to be met. Info-Tech has developed and tested a robust information security framework with supporting methodologies to generate your organization’s comprehensive, highly actionable, and measurable security strategy and roadmap: • Info-Tech’s best of breed security framework combines COBIT 5, PCI DSS, ISO 27000 series, NIST SP 800-53, and SANS security components to ensure all areas of security are considered and covered. • Robust security requirements gathering across the organization, key stakeholders, customers, regulators, and other parties ensure the security strategy is built in alignment to and support of enterprise and IT strategies and plans. • A comprehensive current state assessment, gap analysis, and initiative generation ensures nothing is left off the table. • Tested and proven rationalization and prioritization methodologies ensure the strategy you generate is not only the one the organization needs, but the one the organization will support. Best of Breed It’s hard to know which security framework is best. Info-Tech analyzed and integrated frameworks to ensure an exhaustive approach to security. Alignment Security is still a friction point and viewed as a cost center. Align your security strategy with corporate and IT strategies to ensure support. Communication To have a strategy implemented, you need to communicate to stakeholders in their language and show their concerns and perspectives were accounted for.
  • 4. Info-Tech Research Group 4Info-Tech Research Group 4 Use these icons to help direct you as you navigate this research This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project. This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team analysts, who will come onsite to facilitate a workshop for your organization. Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
  • 5. Info-Tech Research Group 5Info-Tech Research Group 5 Consulting “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” Guided Implementation “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” Workshop “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” Diagnostics and consistent frameworks used throughout all four options Info-Tech offers various levels of support to best suit your needs
  • 6. Info-Tech Research Group 6Info-Tech Research Group 6 Best-Practice Toolkit 1.1 Introduce security management 1.2 Understand business and IT strategy and plans 1.3 Define security obligations, scope, and boundaries 1.4 Define risk tolerance level 1.5 Assess security risk profile 2.1 Assess current security capabilities and performance 2.2 Review pen test results 2.3 Define security target state 3.1 Identify security gaps 3.2 Build initiatives to bridge the gap 3.3 Estimate the resources needed 3.4 Prioritize gap initiatives 3.5 Determine start time and accountability 4.1 Finalize security roadmap and action plan 4.2 Build a security charter 4.3 Build the security program organizational structure 4.4 Create a change and communication plan 4.5 Develop a metrics program 4.6 Develop a security services catalog Guided Implementations Review the scope of the security strategy plans Define the organizational risk tolerance Assess the security risk profile of the business Perform a current state assessment of the security controls Determine the future target state of the security controls Identify existing gaps and create gap initiatives to close the gaps Determine the benefit, cost, and resources needed for each initiative Build a roadmap based on the security initiatives Optimize your strategy Onsite Workshop Module 1: Assess Security Requirements Module 2: Perform a Gap Analysis Module 3: Continue the Gap Analysis Module 4: Plan for the Transition Phase 1 Results: • Security obligations statement • Security scope and boundaries statement • Security risk profile • Defined risk tolerance level Phase 2 Results: • Current security capabilities • Target future state defined Phase 3 Results: • Security program gaps identified • Gap initiatives defined • Estimated effort, budget, and resource readiness assessment Phase 4 Results: • Security roadmap and action plan • Security charter • Change and communication plan • Metrics program • Security services catalog Assess Security Requirements Perform a Gap Analysis Develop Gap Initiatives Plan for the Transition Information security project overview
  • 7. Info-Tech Research Group 7Info-Tech Research Group 7 Workshop overview Contact your account representative or email [email protected] for more information. Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5 Activities Assess security requirements Perform a gap analysis Develop gap initiatives Plan for the transition Communicate and implement 1.1 Introduce security management 1.2 Understand business and IT strategy and plans 1.3 Define security obligations, scope, and boundaries 1.4 Define risk tolerance level 1.5 Assess security pressure posture 2.1 Assess current security capabilities and performance 2.2 Review pen test results 2.3 Define security target state 3.1 Identify security gaps 3.2 Build initiatives to bridge the gap 3.3 Estimate the resources needed 3.4 Prioritize gap initiatives 3.5 Determine start time and accountability 4.1 Finalize security roadmap and action plan 4.2 Create a change and communication plan 4.3a Build a security charter 4.3b Build the security program organizational structure 4.3c Develop a metrics program 4.3d Develop a security services catalog 5.1 Finalize deliverables 5.2 Support communication efforts 5.3 Identify resources in support of priority initiatives Deliverables 1. Security obligations statement 2. Security scope and boundaries statement 3. Defined risk tolerance level 4. Security pressure posture 1. Security capabilities and performance report 2. Security future state 1. Future state–current state gap analysis 2. Initiatives to address the gap 3. Estimated effort needed 4. Budget & resource readiness analysis 1. Security roadmap and action plan 2. Security charter 3. Change and communication plan 4. Metrics program 5. Security services catalog 1. Security strategy and roadmap deck/document 2. Mapping of Info-Tech resources against individual initiatives
  • 8. Info-Tech Research Group 8Info-Tech Research Group 8 Info-Tech’s framework integrates several best practices to create a best-of-breed security framework COBIT 5 ISO 27000 Series Comprehensive standard providing best practices associated with each control PCI-DSS Provides more detailed instructions than most other best practices but not much breadth SANS Twenty Critical Security Controls Provides a great list of controls for effective cyber defence NIST SP800 Series Provides a detailed list of security controls along with many implementation best practices intended for federal information systems and organizations COBIT 5 for Security More principle and process-based than other best practices SANS Critical Controls NIST SP800- 53 ISO 27000 series PCI-DSS Info-Tech’s Best-of-Breed Information Security Framework
  • 9. Info-Tech Research Group 9Info-Tech Research Group 9 Practical component level of Information Security Program Framework InformationSecurityFramework GovernanceManagement Context and Leadership Evaluation and Direction Compliance, Audit and Review Information Security Charter Culture and Awareness Information Security Organizational Structure Security Risk Management Security Strategy and Communication Security Policies Security Compliance Management External Security Audit Management Review of Security Internal Security Audit Prevention Detection Response and Recovery Measurement Identity and Access Management Identity Security Data Security Hardware Asset Management Data Security & Privacy Infrastructure Security Network Security Metrics Program Endpoint Security Malicious Code Application Security Vulnerability Management Cryptography Management Physical Security Configuration and Change Management Vendor Management Security Threat Detection Log and Event Management Security Incident Management Security eDiscovery and Forensics Backup and Recovery Information Security in BCM Continuous Improvement Change and Support HR Security HR Security Cloud Security
  • 10. Info-Tech Research Group 10Info-Tech Research Group 10 Domain level of Information Security Program FrameworkInformationSecurityFramework Governance Management Prevention Detection Response and Recovery Assurance Measurement Metrics Program Continuous Improvement Context and Leadership Evaluation and Direction Compliance, Audit and Review Management Commitment Strategic Alignment Confident or Risk/Compliance Posture Defence in Depth People, Process, Technology Flexibility to Trends Result-Orientated Transparency Continuous Improvement
  • 11. Info-Tech Research Group 11Info-Tech Research Group 11 Info-Tech’s Information Security Methodology and Maturity Level Model Context and Leadership Evaluation and Direction Compliance and Review Prevention Detection Response and Recovery Measurement ML: 5 ML: 4 ML: 3 ML: 2 ML: 1 Each security area has five possible maturity levels • This generates a security maturity matrix and is the basis for the framework. Collectively, these seven areas form Info-Tech’s information Security Framework • These areas were designed by Info-Tech to be process- and management-based areas that can be evaluated independently of each other. • Each security component has many sub-components 1 2 All seven security areas are evaluated on the five-level maturity model • Using info-Tech scoring methodology, sub components are evaluated individually with the aggregate scores generating the component scores. 3 Target scores for each security area are identified • The security maturity model is used to identify maturity levels that meet the organization’s security requirements. • From the current state maturity levels and target levels, gaps are identified and developed into initiatives to be completed. 4 The best advice I can give is to bring everything together end to end. Don’t limit yourself in any one focused area…If you take an end-to-end approach instead of trying to focus on specific areas and compartmentalize them, you will be 100% more successful. – Technology Services, USA Building a holistic framework ensures that all your bases are covered while preventing duplications of the same functions, resulting in a more efficient program.
  • 12. Info-Tech Research Group 12Info-Tech Research Group 12 Navigate the 4 phases of the blueprint using this table of contents and deliverables Phase 1: Assess security requirements Phase 2: Perform a gap analysis Phase 3: Develop gap initiatives Phase 4: Plan for the transition 1.1 Introduce Security Management 2.1 Assess current security capabilities 3.1 Identify security gaps 4.1 Finalize the security roadmap and action plan Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool 1.2 Understand business and IT strategy plans 2.2 Review penetration test results 3.2 Build initiatives to bridge the gap 4.2 Build a security charter Template: Information Security Strategy Workbook Template Prerequisite: Penetration Test Results Report Tool: Information Security Program Gap Analysis and Roadmap Tool Template: Information Security Charter Template 1.3 Define security obligations, scope, and boundaries 2.3 Define security target state 3.3 Estimate resources needed 4.3 Build the security program organizational structure Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Template: Security Governance Organizational Structure Template 1.4 Define risk tolerance level 3.4 Prioritize gap initiatives 4.4 Create a change and communication plan Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Information Security Communication Plan Template 1.5 Assess security risk profile 3.5 Determine start time and accountability 4.5 Develop a metrics program Tool: Security Pressure Posture Analysis Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Security Metrics Tool 4.6 Develop a security services catalog Template: Security Services Catalog