the rational approach to disruptive information security

Information Security Information Security

JuggernautJuggernaut

The Rational Approach to Disruptive Information Security

By Ravila Helen White, CISSP, CISM, CISA, GCIH, ITIL v.3

ijijMaking it better without making Making it better without making it complexit complex

DisclaimerDisclaimerThis presentation and the concepts

herein are my opinions through private research, practice and chatting with other professionals.

It is not the opinion of past, present or future employers.

AgendaAgendaChecklist(s) – What is wrong

about them…Understanding Disruption– It’s

the driver behind technology we must secure…

How to be disruptive – NIST won’t help you but…

Checklist(s)Checklist(s)What is wrong about them….

Find a standardFind a best practicePerform a gap analysisTrain our usersAll the boxes for the auditors are

checked

Going down the wrong Going down the wrong path…path…

Why?Why?The solution must meet the use

caseThe solution must protect against

real threatsSolutions must align to business

operations

Appearance is Appearance is everything…everything…

The reality is…The reality is…Business is not linearBusiness is driven by innovationBusiness is driven by disruption

Knowing is not understanding. There is a great difference between knowing and understanding: you can know a lot about something and not really understand it. [Charles Kettering]

How we got here..How we got here..Not understand the mental

model of our organizationNot adjusting our mental modelImplementing mental models

based on checklists

Understanding DisruptionUnderstanding DisruptionIt’s the driver behind technology

we must secure… …

Disruptive Technology Disruptive Technology and/or Innovationand/or InnovationCreating a new market or value networkImprove a product or serviceDesigning for a different set of consumers

“It represents a mindset—a rebellious instinct to discard old business clichés and remake the market landscape. An eagerness to deliberately target situations where the competition is complacent and the customer has been consistently overlooked or under-served.” [Luke Wilson]

“The potential for reinvention is all around us, and it’s an exciting time to be thinking about how to structure (or restructure) your business, your community, or your life in ways that create new value. Enjoy the possibilities.” [Richard Branson - 1998]

Innovation Disrupted MarketUSB Flash drivesDownloadable digital

mediaMinicomputersDigital photographySteamboatsAutomobilesLCDGPS Navigation

Floppy Disk drivesCDs, DVDsMainframesChemical photographySailing shipsRail transportCRTNavigational map

(paper)

Harnessing DisruptionHarnessing Disruption

Examining the Examining the Outcome…Outcome…

© Gene Bellinger, Durval Castro and Anthony Mills - systems-thinking.org

How Mental Models How Mental Models InfluenceInfluenceA mental model is an image,

story, or an assumption that influences what we see in the world, determines the structures we put in place, and ultimately drives our behavior.

How to be disruptiveHow to be disruptiveNIST won’t help you, but…

Identify and remove the Identify and remove the inertia…inertia…Industry StandardsIndustry best practicesAudit ChecklistsIndustry jargon

Reframe your approach…Reframe your approach…

Reversal through Reversal through ISO7498ISO7498

The principle of The principle of reapplication…reapplication…

Patterns of behavior…Patterns of behavior…

Structured RationalizationStructured Rationalization

Value through disruption Value through disruption as…as…

Credits & ReferencesCredits & References

General Professional Influencers Disrupt: Think the

Unthinkable to Spark Transformation in Your Business

Google: www.Google.com The Visual Miscellaneum Change by Design Threat Modeling Thinking Page:

www.thinking.net Wikipedia:

www.wikipedia.com

Colleen F. Ponto, Ed.D

Copyright InformationCopyright InformationSome works in this presentation

have been licensed under the Creative Common license (CC). Please respect the license when using the concepts or adapting them.

For more information please go here:

www.creativecommons.org

Thank you…Thank you…

Questions and Comments

Contact me via slidshare.net