build a business case for it security - dhananjay rokde...
TRANSCRIPT
![Page 1: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/1.jpg)
Supported by In association with Presented by
Hotel Digital Security Seminar SEPT 19, 2014
Dhananjay Rokde, CISO, Cox & Kings Group
BUILD A BUSINESS CASE – GET THE MANAGEMENT'S ATTENTION
![Page 2: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/2.jpg)
Presented by
In association with
Supported by
Dhananjay Rokde
By X Events Hospitality (www.x-events.in)
2
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Dhananjay has an enhanced ability at managing global information security programs for large enterprises, with experience of Governance Risk & Compliance (GRC) unification & implementation programmes. He has received the ‘Top 100 CISO Award’, ‘Future CIO Award’ and the ‘CIO Masters Award for excellence in Information Security’. He is presently in-charge of the overall information & infrastructure security operations, risk management and compliance of the entire group.
He also has an advanced diploma in IT Cyber Laws & Data Privacy from the Asian School of Cyber Laws.
![Page 3: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/3.jpg)
Presented by
In association with
Supported by
Agenda
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
3
¨ Establishing ‘measurable’ expectations ¨ Always promise value – not ROI ¨ Strategize in advance – don’t wait ¨ Train, educate and continuous awareness ¨ Implement established standards ¨ Reporting ¨ Further reading
![Page 4: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/4.jpg)
Presented by
In association with
Supported by
Establishing ‘measurable’ expectations
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
4
¨ Establish a clear ‘written’ agreement on the organizations ‘acceptable risk criteria’ (ARC) ¤ Regularly audit, assess, modify and sign-off on this criteria
¨ Define constraints within the ARC for ¤ Confidentiality ¤ Integrity ¤ Availability
¨ Mark boundaries for the asset classification ¤ Data classification ¤ People, Process & Technology
¨ Clearly imply that there will NO ‘negotiations’ on statutory compliance & local laws
¨ Have clearly defined exceptions and exclusions.
![Page 5: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/5.jpg)
Presented by
In association with
Supported by
Always promise value – not ROI
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
5
¨ It is NOT possible to justify all security investments! ¤ They are not your average CapEx or OpEx items ¤ ROI is derived over (very) long periods of time ¤ Standard depreciation, asset valuation does not
apply to these investments ¨ REMEMBER – Its always about what we have
to ‘loose’, than gain.
![Page 6: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/6.jpg)
Presented by
In association with
Supported by
Strategize in advance – don’t wait
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
6
¨ Have a long term information security vision and mission ¨ It is good to define at least a 5 year roadmap with distinct milestones
¤ There should be a ‘measurable’ increase in the security posture after every milestone
¤ This should typically be done along with the understanding and agreement of the CxO layer
¤ The business strategy and security strategy should go hand-in-hand ¨ Leave room for contingencies. There will be some. ¨ Have a focussed continuous improvement plan ¨ REMEMBER – your security strategy is NOT a project plan
![Page 7: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/7.jpg)
Presented by
In association with
Supported by
Implement established standards
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
7
¨ Agree with the management on implementing global best practices ¤ ISMS – ISO 27001 ¤ Application Security – OWASP & SAMM ¤ Risk Management– ISO 31000 ¤ BCP – ISO 25999
![Page 8: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/8.jpg)
Presented by
In association with
Supported by
Reporting
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
8
¨ Basic ¤ Risk reviews ¤ Impact Assessments ¤ Corrective action plans
¨ Advanced ¤ Global risk heat maps ¤ Balanced score cards
![Page 9: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/9.jpg)
Presented by
In association with
Supported by
Further reading
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
9
¨ The 5 R’s of building an Information Security business case ¤ http://www.csoonline.com/article/2124269/metrics-budgets/the-
five-rs--building-a-business-case-for-information-security.html ¨ The business model for information security
¤ http://www.isaca.org/Knowledge-Center/Research/Documents/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf
¨ OWASP ¤ www.owasp.org
¨ SAMM ¤ www.samm.org
![Page 10: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/10.jpg)
Presented by
In association with
Supported by
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014 10
![Page 11: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/11.jpg)
Presented by
In association with
Supported by
About us
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
11
X Events manages & supports events exclusively for the hospitality & travel industries.
o Our USP is that we are hoteliers by training. We focus on the two most important aspects of an event; content quality and impact.
o We do it because we believe in it.
www.x-events.in
By X Events Hospitality (www.x-events.in)
HATT is India's young and premium community for CXOs from the Hospitality, Healthcare, Aviation, Travel and Tourism industries.
o With over 1,000 members across India, we are now poised to expand globally with a presence in South East Asia and the Middle East by 2016.
www.hattforum.com FB/hattforum
![Page 12: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/12.jpg)
Presented by
In association with
Supported by
Our host – Brian Pereira
By X Events Hospitality (www.x-events.in)
12
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Brian is a veteran technology journalist with two decades of experience. He has served as editor for two magazines: CHIP and InformationWeek India. He is a respected speaker & host at conferences worldwide. In his current role at Hannover Milano Fairs India, Brian serves as project head for CeBIT Global Conferences, the world's largest ICT fair that will debut in India this November, in Bangalore.
![Page 13: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/13.jpg)
Presented by
In association with
Supported by
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
13
Five expert speakers 1. Latest threats in digital security (Worms, attacks, viruses, flaws) - Santosh Satam, CEO, SecurBay Services.
2. The immediate action needed to tighten up (Priority list, cost, internal policies) - Ambarish Deshpande, MD - India & SAARC, Blue Coat 3. Information loss prevention (Principles & practices) - Geet Lulla, VP - India & ME, Seclore
4. How to build a business case & get the management's attention - Dhananjay Rokde, CISO, Cox & Kings Group. 5. Global cyber security outlook - A. K. Viswanathan, Senior Director - Enterprise Risk Services, Deloitte India.
By X Events Hospitality (www.x-events.in)
The seminar schedule
![Page 14: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/14.jpg)
Presented by
In association with
Supported by
Our sponsors & supporters
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
14
Thank You
![Page 15: Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)](https://reader034.vdocuments.mx/reader034/viewer/2022052623/559fb67a1a28abb3758b4799/html5/thumbnails/15.jpg)
Supported by In association with Presented by
www.x-events.in SEPT 19, 2014
HOTEL DIGITAL SECURITY SEMINAR