Upload File

rsa 2017 - ciso's 5 steps to success

17
How CISO’s assess their Security Program for Success RSA Conference 2017

Upload: gary-hayslip-cissp-cisa-crisc-ccsk

Post on 03-Mar-2017

241 views

Category:

Technology


3 download

Report

TRANSCRIPT

Page 1: RSA 2017 - CISO's 5 steps to Success

How CISO’s assess their Security Program for Success

RSA Conference 2017

Page 2: RSA 2017 - CISO's 5 steps to Success

It’s about Visibility people!

As a CISO, when assessing a security program you tend to have more questions than answers

Visibility

Page 3: RSA 2017 - CISO's 5 steps to Success

Cyber as a Business Enabler

“Cyber as a Business Enabler”5 steps I have used for a successful security program

Page 4: RSA 2017 - CISO's 5 steps to Success

Step #1 – “Meet & Greet”

Meet & Greet – it’s about relationships

Page 5: RSA 2017 - CISO's 5 steps to Success

Building the relationships for Success

Step #1 – “The Meet & Greet”• “Security doesn’t work in a

Vacuum, however it works well in a Community” • Grow your “Human Network”

• Meet your Team• Meet Your Stakeholders• Identify Influencers• Meet Key Executive Leadership

• Know the responsibility & authority of your position• Sometimes its more than what

you realize

Page 6: RSA 2017 - CISO's 5 steps to Success

Step #2 - Inventory

Inventory – You can’t protect it if you don’t know it exists

Page 7: RSA 2017 - CISO's 5 steps to Success

Understanding what is in your enterprise

Step #2 – “Inventory”• “To protect your organization, know

your enterprise environment”• People (Team Members, Contractors, Peers)• Reports (Contracts, Metrics, Prior Audits,

Inspections)• Architecture (Network, Location,

Hardware, Application, Cloud)• Budgets (Security Program, Department,

Organization)• Processes & Policies

• (Security Strategy, Policies, Workflows, Laws, Regulations, Compliance)

• Review your Predecessor’s documents, emails, notes.• Now review their notes on your team

members

Page 8: RSA 2017 - CISO's 5 steps to Success

Step #3 - Assessment

Assessment – Just how mature is my program, what issues will I need to address?

Page 9: RSA 2017 - CISO's 5 steps to Success

Time to measure your controls with a framework

Step #3 – “Assessment”• “Continuous Assessment,

establish and verify your baseline”• Health of your Security Suite• Review recent audits, policies,

projects• Current audit findings,

recommendations?• Measure Your Security

• Are you meeting your security metrics?

• Are you meeting performance metrics?

• Are you meeting 3rd Party Assessment Frameworks?

• Are you meeting Compliance Requirements?

Page 10: RSA 2017 - CISO's 5 steps to Success

Step #4 - Planning

Planning – Now that we know our security gaps, what’s the plan to remediate them?

Page 11: RSA 2017 - CISO's 5 steps to Success

Putting your vision into a plan

Step #4 – “Planning”• “Your Security Program & Team are

key to your Organization”• Draft your “Vision” of the Security

Program• Challenges to the current program

• Build your Strategic Security Project Plan

• Use your Project Plan to build your Security Budget

• Start Immediately (Momentum is key)• Will Correcting Issues = Clear Business

Benefits?• Reduce Risk Exposure?• Will Fixing the Issues = Credibility for

your Team?

Page 12: RSA 2017 - CISO's 5 steps to Success

Step #5 - Communicate

Communicate – Time to make the case for our plans to remediate our issues and mature the

program.

Page 13: RSA 2017 - CISO's 5 steps to Success

Making the case for change and the funds you require!

Step #5– “Communicate”

• Socialize your Security Vision• Vision = “Where we want to be”• Assessment = “Where we currently

are”• Gap Analysis = (Vision – Assessment)• Gap Analysis = Strategic Security

Project Plan = Security Budget

• Socialize the Security Gap• Correcting findings brings value to the

business

• “Visibility = Executive Sponsorship = Budget”

Page 14: RSA 2017 - CISO's 5 steps to Success

Some takeaways to assist you

Some points to remember• You will be collecting and

reviewing an enormous amount of data• This will take time, normally

between 3-6 months• Leverage your “Human Network”

• Use your team, your peers, vendors and stakeholders

• Don’t be afraid to ask for help• Collaborate

• Share your information• Visibility is crucial for your Team and

Security Program

Page 15: RSA 2017 - CISO's 5 steps to Success

At the end of this path

Conclusion• At the end of this 3-6 month journey, you will have:

• A “Human Network” to help you drive Cyber in your organization

• An updated Inventory of your Organizations Enterprise IT assets

• You will know the maturity of your Security Program and your assessment baseline

• You will have created your Strategic Security Project Plan

• This plan will help you create your Security Program budget

• Better understanding of how “Cyber = Business Value”

• Some Questions for you:• So did you miss anything?• When You get home, what are you going to verify?

Page 16: RSA 2017 - CISO's 5 steps to Success

The Full Picture

Page 17: RSA 2017 - CISO's 5 steps to Success

RSA 2017 – Path to Success

Questions, Rants, Discussions?

Gary HayslipDeputy DirectorChief Information Security Officer@ghaysliphttps://www.linkedin.com/in/ghayslip

https://app.box.com/v/Five-Step-CISO-Mindmaps


RSA MONTHLY FRAUD REPORT - RSA | Security … REPORT RSA MONTHLY FRAUD REPORT September 2014 Source: RSA Anti-Fraud Command Center Phishing Attacks per Month RSA identified 33,145

RSA: Bera Rsa Interim Report

RSAC 2016: CISO's guide to Startups

SSH Algorithms for Common Criteria Certification · Configuring a Host Key Algorithm for a Cisco IOS SSH Server SUMMARY STEPS 1. enable 2. configureterminal 3. ipsshserveralgorithmhostkey{x509v3-ssh-rsa|ssh-rsa}

Pizza Roulette - OWASP SNI 2 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048 RSA 2048

GDPR GUIDANCE - RSA Broker GDPR Guidance_group_… · Security Management System, security is equally important. Steps to achieve cyber security • Establish an effective governance

Global CISO Forum 2017: A CISO's Journey

RSA- ,RSA- ,RSA- and RSA- .Thereareprizesforfactoring ...dstinson/CS_758/F13/RSAattacks.pdfOther Attacks on RSA 201 numbers in the new RSA challenge: RSA- ,RSA-,RSA-,RSA-, RSA- ,RSA-

ompliance Automation Portal - eDemand Incedemandinc.com/.../edemand_compliance_portal_brochure.pdf · 2019. 12. 6. · Technology at work for your peace of mind ... It provides CISO's

Next Steps toward More Trustworthy Interfaces, continued Burt Kaliski, RSA Security 2 nd TIPPI Workshop June 19, 2006 Also includes presentations from

Duane Wessels DNS-OARC Workshop, Amsterdam · 1 ZSK RSA 1024 ZSK RSA 1536 ZSK RSA 2048 ZSK Roll RSA 1024 ZSK Roll RSA 1536 ZSK Roll RSA 2048 KSK Roll RSA 2048 Note that KSK Roll RSA

RSA Presentation - 5 Steps to Improving PCI Compliance

Attacken auf RSA und Das Rabin Kryptosystem · Uberblick¨ Wiederholung: RSA Attacken auf RSA Das Rabin Kryptosystem Semantische Sicherheit von RSA Das RSA Kryptosystem RSA - Kryptosystem

CISO's Guide to Securing SharePoint

compliance through rSa Securit Y managementincident management – RSA DLP Policy Workflow Manager. rSa data loss prevention and rSa archer egrc platform – RSA Archer eGRC Suite

RSA ADVANCED SECURITY OPERATIONS CENTER · RSA Security Analytics RSA Advanced ... RSA SECURITY ANALYTICS ARCHITECTURE ... Intelligence feeds APT Domains Suspicious Proxies Malicious

RSA Authentication Manager 6.1 for Windows Installation … · Documentation Provided as s ... Next Steps ... The RSA Secured Partner Solutions Directory provides information about

CONTENTSCisco Cisco logo logo N WebEX Cisco Cisco IT IT Yahoo MCafee AMD eBay Symantec Verisign Intel Logo IT. 12 RSA 2008 4 8 RSA RSA Marketing RSA RSA 2008 1 Web Email IM 2 3 4 RSA

RSA- ,RSA- ,RSA- and RSA- …dstinson/CS_758/S16/RSAattacks.pdfOther Attacks on RSA 207 5.7.3 Wiener’s Low Decryption Exponent Attack As always, suppose that where and are prime;

Carta dei Servizi RSA Nobile Baglioni - RSA Cacciamatta

RSA Authentication Manager to IDENTIKEY Authentication … · RSA Authentication Manager to IDENTIKEY Authentication Server 6.5 User Configuration The following steps will only work

Introduction to Cryptography: RSA · RSA Description Fermat’s little Theorem (FlT) Fast Multiplication Euclidean Algorithm Implementing RSA Introduction to Cryptography: RSA Introduction

RSA, RSW, Hon RBA, MA(RCA) RSA RSW

13 - The RSA - RSA

RSA Animates Jamie Cooke, Head of RSA Scotland

CISO's Guide for Securing the Remote Workforce

RSA Guide...This guide will help you to meet your responsibilities. Key steps to maintaining your vehicles If you follow these few simple steps, your goods vehicle, trailer and bus

FCMB Pensions · EXISTINC CONTRIBUTOR DATA RECAPTURE FORM FCMB PENSIONS RC No: 620900 Section 1: RSA Details RSA status RSA PIN PFA Name List of Other RSA* RSA PIN Name RSA PIN Name

1 Information Allocation RSA Référents RSA- Octobre 2010

RSA事業について - CAUA...RSA Identity and Access Management. RSA SecurID, RSA Adaptive Authentication, RSA Aveksa VPNやWebアプリケーション、仮想デスクトップ

The RSA Algorithm. Content Review of Encryption RSA An RSA example

Textbook RSA, Semantic Security, and ROM-RSA

RSA-W7(rsa) d1-d2

RSA e questioni relative Rossella Ascione. Il crittosistema RSA Introduzione al crittosistema RSA Firme digitali e RSA Attacchi a RSA

CRYPTANALYSE DE RSA - Abderrahmane Nitaj · Introduction `a RSA Cryptanalyse de RSA par les fractions continues Cryptanalyse de RSA par l’algorithme LLL Principes de RSA Cryptanalyses