SlideShare une entreprise Scribd logo

Risk Management and Security in Strategic Planning

K
Keyaan Williams

This content was originally presented to the DFW chapter of the Society for Information Management. The presentation evaluates the role of risk management and security in the strategic planning process that defines the direction and prioritization of resources used by an organization.

Technologie
1  sur  29
Télécharger pour lire hors ligne
Risk Management and Security in Strategic Planning SIM D/FW November Meeting
Contact Keyaan Williams Senior Consultant Risk Management & Governance • https://www.nccgroup.trust/us/ • Keyaan.Williams@nccgroup.trust • @KeyaanWIlliams
Opening Thoughts Strategic planning is a critical business activity that most businesses don’t do well.
Opening Thoughts When businesses do conduct strategic planning, they often overlook risk management and security concerns that affect the plan’s outcome.
Opening Thoughts Risk and security considerations often contribute to the way an organization conducts its business.
Agenda Strategic Planning Strategy, Risk, and Security The Long View *Real* Security Q&A
Strategic Planning The context of this discussion
Strategic Planning Strategic planning is the process an organization uses to define its direction (strategy) and make decisions about how to allocate resources to pursue this direction.
Strategic Planning “Strategic planning produces fundamental decisions and actions that shape and guide what an organization is, who it serves, what it does, and why it does it, with a focus on the future.” ~Balanced Scorecard
Five Steps to a strategic plan Where are you? What is important? What must you achieve? Who is accountable? Review and measure performance
Strategic Planning Strategy Portfolio Program Projects and Activities
Strategy, Risk, and Security How do they work together?
Strategy, Risk, and Security If strategy provides the context for where we are going, risk and security tell us how to get there. Risk • Big Picture • Strategic Security • Tactics • Operational
Strategy, Risk, and Security Risk management provides a systematic approach for identifying, understanding, and controlling exposures. Operational Financial Security Contractual Programmatic
Strategy, Risk, and Security The ERM Perspective • What risks exist? • What impact will they cause? • What can I do about it? • How effective were my choices?
Strategy, Risk, and Security Assessment Action • Accept • Change • Transfer Review The Risk Management Cycle
Strategy, Risk, and Security The Security Perspective • What threats exist? • What vulnerabilities exist? • How do I manage them? • What controls do I use? • How many layers of defense?
Strategy, Risk, and Security CSC 20 OWASP 10 NIST RMF ISO 27000 PCI DSS NERC FFIEC The Security Perspective The common focus is on applying controls from a specific standard or requirement.
The Long View How do you develop long-term strategic planning for security?
The Long View An organization’s culture and priorities make a difference – especially when incorporating security into the long-term strategy.
The Long View The Board Executives Security Business LeadersIT Global Users The root and flow of info is critical!
The Long View Strategic Plan Goal Objectives strategies Objectives strategies Goal Objectives Placement of security in the hierarchy affects the outcome.
The Long View Placement: •Is security a strategic goal? •Is security strategic objective? •Is security a strategy activity that supports an objective? The lower something rests in the hierarchy, the less important it is.
*Real* Security How do you manage risks beyond compliance?
*Real* Security If security is a strategic goal, then compliance is simply an activity in the strategic planning hierarchy.
*Real* Security Compliance is a significant business driver, but compliance defines the bare minimum that you must do to satisfy industry requirements.
*Real* Security *Real* security considers business drivers beyond compliance and addresses these drivers in the strategic plan.
*Real* Security Produce Widgets Sales Delivery Support Maint. End Each phase in the process has a compliance concern and a security concern.
Q&A

Recommandé

Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk AssessmentSmart Assessment
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskMighty Guides, Inc.
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101Srinivasan Vanamali
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 

Recommandé

Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk AssessmentSmart Assessment
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskMighty Guides, Inc.
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101Srinivasan Vanamali
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Contenu connexe

Tendances

Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 

Tendances (20)

ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptx
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Risk identification
Risk identificationRisk identification
Risk identification
 

En vedette

Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Minimizing Business Risk in IT Projects
Minimizing Business Risk in IT ProjectsMinimizing Business Risk in IT Projects
Minimizing Business Risk in IT ProjectsITPSB Pty Ltd
 
Reducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surfaceReducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surfaceSecurity Innovation
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...Par-Tec S.p.A.
 
Five Golden Rules
Five Golden RulesFive Golden Rules
Five Golden Ruleswalklea
 
Cyber risk e assicurazioni
Cyber risk e assicurazioniCyber risk e assicurazioni
Cyber risk e assicurazioniGiulio Coraggio
 
Oss. Informaton Security & Privacy
Oss. Informaton Security & PrivacyOss. Informaton Security & Privacy
Oss. Informaton Security & PrivacyAlessandro Piva
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 

En vedette (20)

Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
The role of governors in strategic planning and risk management
The role of governors in strategic planning and risk managementThe role of governors in strategic planning and risk management
The role of governors in strategic planning and risk management
 
Minimizing Business Risk in IT Projects
Minimizing Business Risk in IT ProjectsMinimizing Business Risk in IT Projects
Minimizing Business Risk in IT Projects
 
Reducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surfaceReducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surface
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
IT Security & Risk Management
IT Security & Risk ManagementIT Security & Risk Management
IT Security & Risk Management
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
 
Five Golden Rules
Five Golden RulesFive Golden Rules
Five Golden Rules
 
Cyber risk e assicurazioni
Cyber risk e assicurazioniCyber risk e assicurazioni
Cyber risk e assicurazioni
 
Oss. Informaton Security & Privacy
Oss. Informaton Security & PrivacyOss. Informaton Security & Privacy
Oss. Informaton Security & Privacy
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk Managment
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 

Similaire à Risk Management and Security in Strategic Planning

Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Risk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyRisk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyИван Вали-Пур
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptxdotco
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the FutureResolver Inc.
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnicalJack585826
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartnerASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartnerPlatformSecurityManagement
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurancewisnu wardhana, i nyoman
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
COSO ERM Framework
COSO ERM FrameworkCOSO ERM Framework
COSO ERM Frameworkssuser6ea258
 

Similaire à Risk Management and Security in Strategic Planning (20)

Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Risk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyRisk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc aneny
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptx
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the Future
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartnerASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application Security
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurance
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
COSO ERM Framework
COSO ERM FrameworkCOSO ERM Framework
COSO ERM Framework
 

Dernier

Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 

Dernier (20)

Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 

Risk Management and Security in Strategic Planning

Notes de l'éditeur

  1. Reference: http://www.forbes.com/sites/aileron/2011/10/25/five-steps-to-a-strategic-plan/#750b661e61af
  2. Culture is a way of doing things Priorities define what is important and in what order
  3. Each phase in the process has a compliance concern and a security concern