Contenu connexe
Similaire à Governance fail security fail
Similaire à Governance fail security fail (20)
Plus de EnclaveSecurity (10)
Governance fail security fail
- 9. Bay Area Rapid Transit (BART)
Governance Fail, Security Fail © Enclave Security 2012
- 17. Cause & Effect
If you don’t brush or
floss your teeth,
you’re going to
loose them.
Governance Fail, Security Fail © Enclave Security 2012
- 18. Cause & Effect
If you don’t care of
your car, you won’t
be driving it for long.
Governance Fail, Security Fail © Enclave Security 2012
- 19. Cause & Effect
If you only eat crap
& never exercise,
you will get fat.
Governance Fail, Security Fail © Enclave Security 2012
- 20. Cause & Effect
If you tell your wife,
she does look fat in
those jeans…
Governance Fail, Security Fail © Enclave Security 2012
- 21. Cause & Effect
If you don’t defend
your computers, you
will get hacked.
Governance Fail, Security Fail © Enclave Security 2012
- 23. No Executive Support = Fail
Executives allocate:
• Decisions
• Time
• Money
Governance Fail, Security Fail © Enclave Security 2012
- 24. No Documented Plan = Fail
They’re called policies.
Have a consistent plan.
Governance Fail, Security Fail © Enclave Security 2012
- 25. No Budget = Fail
Controls cost money + time.
Doing business costs money + time.
Protecting data costs money + time.
Governance Fail, Security Fail © Enclave Security 2012
- 26. Wrong Controls = Fail
Governance Controls (COBIT)
Technical Controls (20 Critical Controls)
Governance Fail, Security Fail © Enclave Security 2012
- 27. No Metrics = Fail
Measure Yourself
Report Success & Failure
Fix Your Failures
(US DoS iPost)
Governance Fail, Security Fail © Enclave Security 2012
- 28. General Michael Hayden
“Quit whining, act
like a man, and
defend yourself.”
-BlackHat 2010
Governance Fail, Security Fail © Enclave Security 2012
- 29. Further Questions
• James Tarala
– E-mail: james.tarala@enclavesecurity.com
– Twitter: @isaudit, @jamestarala
– Blog: http://www.enclavesecurity.com/blogs/
• Resources for further study:
– SANS Audit Program – Audit 407, Governance Focused
– 20 Critical Controls Project
– The Balanced Scorecard (by Kaplan & Norton)
– Security Metrics (by Andrew Jaquith)
Governance Fail, Security Fail © Enclave Security 2012