the business of security is the strategy of the business...the panel brian tuskan chief security...
TRANSCRIPT
The Business of Security is the Strategyof the Business
“What’s in your wallet?”
Moderator
Ron WormanManaging DirectorThe Sage Group Producer, The Great Conversation in Security
The Panel
Brian TuskanChief Security Officer
Microsoft
Dr. Linda Florence, CPP
PresidentThe Florence Group
Tim Wenzel, CPPProgram Manager
Jeff Slotnick, CPP, PSPPresident Setracon
Learning objectives
• After attending this session, participants will be able to apply a strategy for change management
• After attending this session, participants will be able to understand the importance of developing and applying key performance indicators and metrics
• After attending this session, participants will be able to comprehend the importance of risk assessment and its role in strategic alignment
Defining Terms
Changing the Value Equation
• Traditional Definition of Risk• “exposure to danger, with potential for injury or
loss.”
• ISO31000’s New Definition of Risk• “the effect of uncertainty on objectives, whether
positive or negative.”
ISO 31000
Chief Security Officer
What is a business model?
Change Management
Kotter “Leading Change”
Metrics that Matter to the Program
and to the Business
Enterprise Security Risk Management
https://esrm.info/esrm/ https://COSO.ORG
Enterprise Risk Management
Panel Questions
Is it common or rare that security leaders are engaging the true owners of risk?
What are the common obstacles in doing this?
How do you engage the owners of risk?
Are there accessible models in education or through associations like ASIS for doing this?
Is there a core process you follow?
How do you collaborate on the findings?
How do you create a measurable action plan?
Summary of Findings
Resources
https://www.iso.org/iso-31000-risk-management.html
https://www.theirm.org/ (Institute of Risk Management)
https://www.eosworldwide.com/what-is-eos
https://www.jimcollins.com/books/turning-the-flywheel.html#articletop
https://www.kotterinc.com/book/our-iceberg-is-melting/
https://www.innosight.com/insight/reinvent-your-business-model/
Competency Models for Enterprise Security and Cybersecurity (University of Phoenix)
https://www.asisonline.org/publications/sg-chief-security-officer-an-organizational-model/
Private Security Officer Selection and Training (ASIS)
https://www.amazon.com/Change-Management-including-featured-Leading/
*https://www.asisonline.org/publications--resources/news/blog/esrm-an-enduring-security-risk-model/