the business of security leadership
TRANSCRIPT
The Business of Security Leadership
8 July 2016ISSA Tampa Bay
Speaker BioISSA International Board of DirectorsSecurity ExecutiveU.S. Government ExpatriateAuthorBusiness ownerMentorFamily guyMinistry leaderAmateur comedian
Keyaan [email protected]/in/keyaan
Outline
ISSA International Updates
The Business of Security Leadership
Summary
Q&A
Updates from the Mother Ship
What is going on at ISSA International?
In case you missed it:
2016 International Conference
November 2-3, 2016Hyatt Regency DallasRegistration is Now Open!
ISSA International ConferenceEarly registration is closed, but . . .
•One complimentary registration is available for each Chapter. •Have a sponsor rent a bus.•We still want to see you if you are out of work. We
have volunteer opportunities.
ISSA Fellows: 2016 Cycle is now open!
Submit a nomination for a Senior Member, Fellow, or Distinguished Fellow.
Deadline August 1, 2016 (11:59pm ET)
Special Interest Groups (SIGs)ISSA SIGs offer additional, targeted opportunities to get involved.• Security Education and Awareness• Women In Security• Financial SIG• Healthcare SIG• Cyber Security Career Lifecycle (CSCL)
Want to serve as a liaison? Contact [email protected]
ISSA CISO Executive Membership
If you are a CISO, this is a worthwhile membership level that offers 4 executive sessions per year to collaborate with
other CISOs and security leaders.
The Business of Security Leadership
Some thoughts and perspective about the role of security in a business.
I am not a security leader. Why do I care?
Everyone should care about security – especially security people.
I am not a security leader. Why do I care?
You don’t have to be a security leader to care about or contribute to security
leadership.
I sell security products or services. Why do I care?
You must have a deep understanding of your product and your customers to sell it
effectively.
What is the main idea?
Information security is not really about . . .
controls, compliance, or technology.We are focusing on the wrong problem.
What is security about?
Security is about equipping the business to operate with the fewest
possible disruptions.
How does security equip the business?
Enhance and support business initiatives.
How does security equip the business?
Protect confidentiality, integrity, and availability of business processes.
How does security equip the business?
Identify threats and provide mitigation and/or timely remediation.
How does security equip the business?
Support resilience of business systems and services.
Where does security leadership start?
Security leadership starts at the top. Business leaders must agree on governance for the enterprise before security can contribute to
the process.
Data management
Enterprise architecture BCM BIA Policy
Everyone agrees on governance. Now what?
Develop a strategy and clearly define programs and investments you need to genuinely equip
your business.
What else?
Security must operate like the other business units in an organization.
What do I need to run security like a business?
Program Management
Project Management
Managerial Accounting
Information Management Negotiation Collaboration
Summary
What could we possibly learn in such a short time?
This applies to everyone, not just security leaders.
Business is about business, and security just contributes.
Security must operate like a business unit to support the business effectively.
If you aren’t familiar with something we discussed, do research and learn more.
Q&A
Message me if I couldn’t get to you during the session.