Upload File

3 tips to funding your security program

20
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Fund Your Security Initiatives By Leveraging Business Objectives

Upload: hp-software

Post on 04-Jul-2015

54 views

Category:

Technology


1 download

Report

DESCRIPTION

How do you fund your security program? Here are simple ways to get management buy-in How do you enable the business? Speak in terms of risk. Show small wins

TRANSCRIPT

Page 1: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Fund Your Security InitiativesBy Leveraging Business Objectives

Page 2: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Funding Your Security

InitiativesBy Leveraging Business Objectives

Page 3: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3

It’s affecting the business

Security is not just an IT problem

CISO

Cyber threat 56% of organizations have

been the target of a cyber attack

Extended supply chain 44% of all data breach

involved third-party mistakes

Financial loss $8.6M average cost

associated with data breach

Cost of protection 11% of total IT budget spent

on security

Reputation damage 30% market cap reduction due

to recent events

Reactive vs. proactive 97% of data breaches could

have been avoided

Page 4: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4

Don’t Get

Hacked!!!

Problem: Barriers between Business & Security

Grow Revenues at 30%

Become more Agile

Improve Profitability

Improve Efficiency

99.999% Availability

Business Initiatives Security Initiatives

Page 5: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5

Security breaches are a business issue

HP | Ponemon Study 2013

$11.6

million

2013

$8.9

millio

n

Page 6: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6

Security needs to look at how they enable

business?How do we add value?

How does the company make $?

How do we save $?

Competitive Advantage

Security

Page 7: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7

Social media

Audio

CRM Data

Word, Excel

Images

Email

Financials

Legaldocuments

Call center

Cloud

Cloud

Archive

Laptop

Mobile phone

Partner

Data center

Remote office

Agreements

Our new style of working is exposing risk to the business

Got Risk?

Page 8: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8

Create a burning need to do something

• Industry Regulations

• PCI

• HIPPAA

• SOX

• Use Audits to compel Action

Document Risk in language the

business can understand

Page 9: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9

Getting Buy-in from Management

Situation: Detail Current Situation

Complication: Explain Risk

Implication: Discuss results if Risk is

not Addressed

Position: Your advice

Action: Next Steps

Benefits: How you make your boss

look good?

Page 10: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10

The goal

• Clear investment strategy

• Understanding of Risk

• Plans to mitigate

• Show how Risk trends down

Page 11: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11

Bring all the data together and create a context, in near real time

The solution seems obvious

Operations Security

Business

Page 12: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12

TIP #1- Speak the Language of the Business

• Always tie the security issue. Be it real time threat, potential risk, lack of

compliance etc. to a language the business can understand.

• Identify the “crown jewels” in your infrastructure. Don’t try and identify

everything at first (see Tip # 3 )

• Connect those assets to the applications they support, and in turn the

business services, and then up to the lines of business / structure of your

organization.

Page 13: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13

TIP #2- Leverage what you have

• A lot of the data you need exists.

• If you can, gather in your assets from a “source of truth” like your CMDB.

• Alternatively, if that isn’t feasible, leverage a monitoring tool alike ArcSight

ESM

• Pull in data from your vulnerability scanners

• Automation will save you

Page 14: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14

TIP #3: Start small

• Start small, work incrementally, don’t try and boil the ocean. Some visibility is

much better than zero visibility.

• Pick a subset of Compliance, Regulatory or Compliance controls that are

important and the value is understood. Model, implement and monitor those.

• Identify and monitor key Risk factors. Set a goal and track that progress as

an easy to understand KPI

• Don’t model your whole business. Start with the key business services.

Page 15: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15

Create a business centric view

• Assets from uCMDB

• Assets from HP ArcSight ESM/Express

• Model the business

Page 16: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16

Automate Compliance where possible

• uCMDB

• HP ArcSight ESM/Express/Logger

• Server Automation

• Third Party

Numerous data sources

Page 17: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17

Manage vulnerabilities

• Vulnerability Scanners

• Configurations Scanners

• Server Automation

• uCMDB

Page 18: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18

Bring it all together

• Create “risk factors”, set goals/KPIs

• Trend your progress

• Focus on “upper right”/red zone

Page 19: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19

How do we protect our assets?

Intrusion prevention

Security research and threat intelligence

Secure design and implementation

Quarantine

Threat

Intelligence

Our

enterprise

Their

ecosystem

Intrusion

Prevention

Secure

Software

DLP

Page 20: 3 tips to funding your security program

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Thank you


Personal Security Security Tips for Home Internet Users

10 Security Tips: Part 1

Top tips' for securing funding for sports facilities

50 Security Tips – Part 1

13 Tips for Cloud Security

Security Funding Opportunities: Lessons & Observations from

Tips n Tricks: External funding

5 Powerful tips for funding your business ideas

Tips about home security

Homeland Security: Understanding Funding and Spending

Top Ten Tips on Securing Funding

˜ Tips for better password security!€¦ · ˜ Tips for better password security! Here are 5 tips for better password security. ˜˚ Avoid using passwords that include personal

Federal Funding for Education Research: Tips and Trends

50 Security Tips – Part 2

Best Security Tips Case Study

Home Security Tips

Social Security: wipa rfa funding

Department of Homeland Security Funding

Home security and safety tips

Cyber Security Lockdown Tips Webinar

Tips on writing a Funding proposal

Equipment Leasing Tips | US Business Funding

Security Awareness: Security Tips for Protecting Ourselves Online

Tips for Corporate Security

8 BYOD Security Tips

Cyber- Security Tips · 2019-07-05 · Security Tips by Madison79. A Storybird Cyber- Security Tips by Madison79 Illustrated by Device_magikid Published on July 04, 2019 ... hear

Cyber Security Tips and Tools An Overview of the Tips and Tools Security Tips and... · CYBER SECURITY TIPS AND TOOLS CYBERSECURITY/PRIVACY AWARENESS Frosty Walker Chief Information

Five cloud security tips

Homeland Security Funding 2013

Winter Home Security Tips

Sports Funding · 5. Ongoing Funding Programmes 6. Facility Funding 7. Online Funding Searches 8. Fundraising Ideas & Tips This funding guide will be updated regularly. Updates on

Campus Security Funding: One-by-One. AGENDA Funding Trends Funding Strategies Funding Sources Presentation by Quarter Source, Inc. Slide Template

Preparation Tips for an Angel Funding Ask

California security guard training tips

6 WordPress Security Tips