SlideShare une entreprise Scribd logo

3 tips to funding your security program

Télécharger en tant que PPTX, PDF
CloudBees
CloudBees

How do you fund your security program? Here are simple ways to get management buy-in How do you enable the business? Speak in terms of risk. Show small wins

Technologie
1  sur  20
Fund Your Security Initiatives By Leveraging Business Objectives © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Funding Your Security © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Initiatives By Leveraging Business Objectives
Security is not just an IT problem It’s affecting the business CISO Cyber threat 56% of organizations have Reputation damage 30% market cap reduction due © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 3 to change without notice. been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $8.6M average cost associated with data breach to recent events Cost of protection 11% of total IT budget spent on security Reactive vs. proactive 97% of data breaches could have been avoided
Problem: Barriers between Business & Security Business Initiatives Security Initiatives © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 4 to change without notice. Don’t Get Hacked!!! Grow Revenues at 30% Become more Agile Improve Profitability Improve Efficiency 99.999% Availability
Security breaches are a business issue © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 5 to change without notice. HP | Ponemon Study 2013 $11.6 million 2013 $8.9 millio n
Security needs to look at how they enable business? How do we add value? How does the company make $? How do we save $? Securit Competitive Advantage y © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 6 to change without notice.
Our new style of working is exposing risk to the business Social media Audio Cloud © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 7 to change without notice. CRM Data Word, Excel Images Email Financials Legal documents Call center Cloud Archive Laptop Mobile phone Partner Data center Remote office Agreements Got Risk?
Create a burning need to do something • Industry Regulations • PCI • HIPPAA • SOX • Use Audits to compel Action Document Risk in language the business can understand © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 8 to change without notice.
Getting Buy-in from Management Situation: Detail Current Situation Complication: Explain Risk Implication: Discuss results if Risk is not Addressed Position: Your advice Action: Next Steps Benefits: How you make your boss look good? © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 9 to change without notice.
The goal • Clear investment strategy • Understanding of Risk • Plans to mitigate • Show how Risk trends down © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 10 to change without notice.
The solution seems obvious Bring all the data together and create a context, in near real time Business Operations Security © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 11 to change without notice.
TIP #1- Speak the Language of the Business • Always tie the security issue. Be it real time threat, potential risk, lack of compliance etc. to a language the business can understand. • Identify the “crown jewels” in your infrastructure. Don’t try and identify everything at first (see Tip # 3 ) • Connect those assets to the applications they support, and in turn the business services, and then up to the lines of business / structure of your organization. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 12 to change without notice.
TIP #2- Leverage what you have • A lot of the data you need exists. • If you can, gather in your assets from a “source of truth” like your CMDB. • Alternatively, if that isn’t feasible, leverage a monitoring tool alike ArcSight ESM • Pull in data from your vulnerability scanners • Automation will save you © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 13 to change without notice.
TIP #3: Start small • Start small, work incrementally, don’t try and boil the ocean. Some visibility is much better than zero visibility. • Pick a subset of Compliance, Regulatory or Compliance controls that are important and the value is understood. Model, implement and monitor those. • Identify and monitor key Risk factors. Set a goal and track that progress as an easy to understand KPI • Don’t model your whole business. Start with the key business services. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 14 to change without notice.
Create a business centric view • Assets from uCMDB • Assets from HP ArcSight ESM/Express • Model the business © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 15 to change without notice.
Automate Compliance where possible Numerous data sources • uCMDB • HP ArcSight ESM/Express/Logger • Server Automation • Third Party © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 16 to change without notice.
Manage vulnerabilities • Vulnerability Scanners • Configurations Scanners • Server Automation • uCMDB © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 17 to change without notice.
Bring it all together • Create “risk factors”, set goals/KPIs • Trend your progress • Focus on “upper right”/red zone © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 18 to change without notice.
How do we protect our assets? Intrusion prevention Security research and threat intelligence Secure design and implementation © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 19 to change without notice. Quarantine Threat Intelligence Our enterprise Their ecosystem Intrusion Prevention Secure Software DLP
Thank you © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Recommandé

Online Fraud Detection Using Big Data Analytics Webinar
Online Fraud Detection Using Big Data Analytics WebinarOnline Fraud Detection Using Big Data Analytics Webinar
Online Fraud Detection Using Big Data Analytics WebinarDatameer
 
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Capgemini
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionTrish McGinity, CCSK
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationSirius
 
Six Things About "The Cloud"
Six Things About "The Cloud"Six Things About "The Cloud"
Six Things About "The Cloud"Peter Coffee
 
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...SAS Institute India Pvt. Ltd
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Cloudera, Inc.
 

Recommandé

Online Fraud Detection Using Big Data Analytics Webinar
Online Fraud Detection Using Big Data Analytics WebinarOnline Fraud Detection Using Big Data Analytics Webinar
Online Fraud Detection Using Big Data Analytics WebinarDatameer
 
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?Capgemini
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionTrish McGinity, CCSK
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationSirius
 
Six Things About "The Cloud"
Six Things About "The Cloud"Six Things About "The Cloud"
Six Things About "The Cloud"Peter Coffee
 
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...
Incidents, Indicators, Insights – the emergence of the Security Analytics Pla...SAS Institute India Pvt. Ltd
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Cloudera, Inc.
 
Data driven-business
Data driven-businessData driven-business
Data driven-businessSAS Institute India Pvt. Ltd
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016Accenture Operations
 
Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015Gemma Wilson
 
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALUnrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALWayne Anderson
 
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19Cloudera, Inc.
 
TechMD - Backup vs Business Continuity
TechMD - Backup vs Business ContinuityTechMD - Backup vs Business Continuity
TechMD - Backup vs Business ContinuityTechMD
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeSplunk
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
 
Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]Integrated Enterprise Solutions Inc
 
FusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security TeamFusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security Teamaccenture
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Fujitsu Middle East
 
The cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderThe cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderAccenture Australia
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Accenture Operations
 
Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database InstanceRam Kedem
 
The 30-Second Security Pitch
The 30-Second Security PitchThe 30-Second Security Pitch
The 30-Second Security Pitchdigitallibrary
 
Less
LessLess
LessYoangelle
 
Com zule
Com zuleCom zule
Com zuleZulema Jamileth Vasques Paredes
 
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...Stéphane M. Grueso
 
Dari
DariDari
DariArgelis Corrales
 

Contenu connexe

Tendances

The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016Accenture Operations
 
Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015Gemma Wilson
 
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALUnrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALWayne Anderson
 
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19Cloudera, Inc.
 
TechMD - Backup vs Business Continuity
TechMD - Backup vs Business ContinuityTechMD - Backup vs Business Continuity
TechMD - Backup vs Business ContinuityTechMD
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeSplunk
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
 
FusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security TeamFusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security Teamaccenture
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Fujitsu Middle East
 
The cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderThe cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderAccenture Australia
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Accenture Operations
 

Tendances (16)

Data driven-business
Data driven-businessData driven-business
Data driven-business
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016
 
Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015Solutionpath - HPE Discover 2015
Solutionpath - HPE Discover 2015
 
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALUnrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
 
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
Shortening the Sales Cycle with a Modern Data Warehouse 1.30.19
 
TechMD - Backup vs Business Continuity
TechMD - Backup vs Business ContinuityTechMD - Backup vs Business Continuity
TechMD - Backup vs Business Continuity
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit Europe
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
 
Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]Ies Axcient E Ufocuspreso[1]
Ies Axcient E Ufocuspreso[1]
 
FusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security TeamFusionX & Accenture: One Global Security Team
FusionX & Accenture: One Global Security Team
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
 
The cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderThe cyber security leap: From laggard to leader
The cyber security leap: From laggard to leader
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure Continuous cyber attacks: Building the next-gen infrastructure
Continuous cyber attacks: Building the next-gen infrastructure
 

En vedette

Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database InstanceRam Kedem
 
The 30-Second Security Pitch
The 30-Second Security PitchThe 30-Second Security Pitch
The 30-Second Security Pitchdigitallibrary
 
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...Stéphane M. Grueso
 
El Individuo Presen.
El Individuo Presen.El Individuo Presen.
El Individuo Presen.desarrolloorg
 
Dirigentes
DirigentesDirigentes
DirigentesNinguna
 
Formatos digitales
Formatos digitalesFormatos digitales
Formatos digitalesnetroncoy
 

En vedette (11)

Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database Instance
 
The 30-Second Security Pitch
The 30-Second Security PitchThe 30-Second Security Pitch
The 30-Second Security Pitch
 
Less
LessLess
Less
 
Com zule
Com zuleCom zule
Com zule
 
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, ...
 
Dari
DariDari
Dari
 
El Individuo Presen.
El Individuo Presen.El Individuo Presen.
El Individuo Presen.
 
Dirigentes
DirigentesDirigentes
Dirigentes
 
Conectivismo
ConectivismoConectivismo
Conectivismo
 
Propuesta
PropuestaPropuesta
Propuesta
 
Formatos digitales
Formatos digitalesFormatos digitales
Formatos digitales
 

Similaire à 3 tips to funding your security program

Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2Christian Verstraete
 
The new dominant companies are running on data
The new dominant companies are running on data The new dominant companies are running on data
The new dominant companies are running on data SnapLogic
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)Copaco Nederland
 
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014
 
Dark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File AnalysisDark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File AnalysisCraig Adams
 
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataBig Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataMatt Stubbs
 
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataBig Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataMatt Stubbs
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Sridhar Karnam
 
Making Big Data a First Class citizen in the enterprise
Making Big Data a First Class citizen in the enterpriseMaking Big Data a First Class citizen in the enterprise
Making Big Data a First Class citizen in the enterpriseTony Baer
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
 
The Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdfThe Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdfaNumak & Company
 
Digital government presentation final
Digital government presentation finalDigital government presentation final
Digital government presentation finalShirlie23
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene
 
Protect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in TaxProtect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in TaxCapgemini
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014pietvz
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini
 

Similaire à 3 tips to funding your security program (20)

Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2
 
The new dominant companies are running on data
The new dominant companies are running on data The new dominant companies are running on data
The new dominant companies are running on data
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)
 
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
 
Dark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File AnalysisDark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File Analysis
 
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataBig Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on Data
 
Big Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on DataBig Data LDN 2017: The New Dominant Companies Are Running on Data
Big Data LDN 2017: The New Dominant Companies Are Running on Data
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
 
Making Big Data a First Class citizen in the enterprise
Making Big Data a First Class citizen in the enterpriseMaking Big Data a First Class citizen in the enterprise
Making Big Data a First Class citizen in the enterprise
 
01 big dataoverview
01 big dataoverview01 big dataoverview
01 big dataoverview
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
 
The Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdfThe Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdf
 
Digital government presentation final
Digital government presentation finalDigital government presentation final
Digital government presentation final
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
 
Protect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in TaxProtect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in Tax
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
 
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
Take the Big Data Challenge - Take Advantage of ALL of Your Data 16 Sept 2014
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
 

Dernier

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Dernier (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

3 tips to funding your security program

  • 1. Fund Your Security Initiatives By Leveraging Business Objectives © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. Funding Your Security © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Initiatives By Leveraging Business Objectives
  • 3. Security is not just an IT problem It’s affecting the business CISO Cyber threat 56% of organizations have Reputation damage 30% market cap reduction due © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 3 to change without notice. been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $8.6M average cost associated with data breach to recent events Cost of protection 11% of total IT budget spent on security Reactive vs. proactive 97% of data breaches could have been avoided
  • 4. Problem: Barriers between Business & Security Business Initiatives Security Initiatives © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 4 to change without notice. Don’t Get Hacked!!! Grow Revenues at 30% Become more Agile Improve Profitability Improve Efficiency 99.999% Availability
  • 5. Security breaches are a business issue © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 5 to change without notice. HP | Ponemon Study 2013 $11.6 million 2013 $8.9 millio n
  • 6. Security needs to look at how they enable business? How do we add value? How does the company make $? How do we save $? Securit Competitive Advantage y © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 6 to change without notice.
  • 7. Our new style of working is exposing risk to the business Social media Audio Cloud © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 7 to change without notice. CRM Data Word, Excel Images Email Financials Legal documents Call center Cloud Archive Laptop Mobile phone Partner Data center Remote office Agreements Got Risk?
  • 8. Create a burning need to do something • Industry Regulations • PCI • HIPPAA • SOX • Use Audits to compel Action Document Risk in language the business can understand © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 8 to change without notice.
  • 9. Getting Buy-in from Management Situation: Detail Current Situation Complication: Explain Risk Implication: Discuss results if Risk is not Addressed Position: Your advice Action: Next Steps Benefits: How you make your boss look good? © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 9 to change without notice.
  • 10. The goal • Clear investment strategy • Understanding of Risk • Plans to mitigate • Show how Risk trends down © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 10 to change without notice.
  • 11. The solution seems obvious Bring all the data together and create a context, in near real time Business Operations Security © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 11 to change without notice.
  • 12. TIP #1- Speak the Language of the Business • Always tie the security issue. Be it real time threat, potential risk, lack of compliance etc. to a language the business can understand. • Identify the “crown jewels” in your infrastructure. Don’t try and identify everything at first (see Tip # 3 ) • Connect those assets to the applications they support, and in turn the business services, and then up to the lines of business / structure of your organization. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 12 to change without notice.
  • 13. TIP #2- Leverage what you have • A lot of the data you need exists. • If you can, gather in your assets from a “source of truth” like your CMDB. • Alternatively, if that isn’t feasible, leverage a monitoring tool alike ArcSight ESM • Pull in data from your vulnerability scanners • Automation will save you © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 13 to change without notice.
  • 14. TIP #3: Start small • Start small, work incrementally, don’t try and boil the ocean. Some visibility is much better than zero visibility. • Pick a subset of Compliance, Regulatory or Compliance controls that are important and the value is understood. Model, implement and monitor those. • Identify and monitor key Risk factors. Set a goal and track that progress as an easy to understand KPI • Don’t model your whole business. Start with the key business services. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 14 to change without notice.
  • 15. Create a business centric view • Assets from uCMDB • Assets from HP ArcSight ESM/Express • Model the business © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 15 to change without notice.
  • 16. Automate Compliance where possible Numerous data sources • uCMDB • HP ArcSight ESM/Express/Logger • Server Automation • Third Party © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 16 to change without notice.
  • 17. Manage vulnerabilities • Vulnerability Scanners • Configurations Scanners • Server Automation • uCMDB © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 17 to change without notice.
  • 18. Bring it all together • Create “risk factors”, set goals/KPIs • Trend your progress • Focus on “upper right”/red zone © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 18 to change without notice.
  • 19. How do we protect our assets? Intrusion prevention Security research and threat intelligence Secure design and implementation © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject 19 to change without notice. Quarantine Threat Intelligence Our enterprise Their ecosystem Intrusion Prevention Secure Software DLP
  • 20. Thank you © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Notes de l'éditeur

  1. Yes, you are under attack now, your organization is under attack, your personal computer and mobile devices are under attack now. Your data is no longer secure. Your privacy may be breached. Security is a board level discussion now. The Chief Information Security Officer sits at the heart of the response to the growing threat. They have increased budgets now to address the growing threat and to keep the IT organizations safe. 56% ORGANIZATIONS HAVE BEEN THE TARGET OF NATION-STATE CYBER ATTACK – so there is a 50% chance that your organization may be attacked CLICK Also, Gartner survey of Enterprise CIO’s the 5 biggest challenges that enterprise faced in Security and risk were: Managing Risk Reduce CAPEX Fill Security Gaps Optimize security gaps Adapt to changing regulations
  2. Key Points Why is Processing Human Information Different? Human Information is made up of ideas, is diverse, and has context. Ideas don’t exactly match like data does; they have distance. Human Information is not static – it’s dynamic and lives everywhere. Legacy / Past techniques have all fallen short.
  3. Average annual cost of cyber crime in 2012 to individual businesses in the U.S. The Open Source Vulnerability Database reported 7,477 vulnerabilities in 2011, and reported 7,998 before the end of November, 2012. More than 20 per day Point in time review is essential, but that is today. What about tomorrow?
  4. Key Points Lots of data, lots of opportunity Data lives within and outside your company in various places and formats Opportunity has to overcome the challenge Using ‘systems thinking’ to convince mgmt they need to do something