SlideShare une entreprise Scribd logo

Jim Noble SEASIM Keynote

Télécharger en tant que PPTX, PDF
S
SeattleSIM

What your Execs think of IT

1  sur  23
What Your Execs Think of IT and why you should care. © 2015 The Advisory Council International LLC1 Jim Noble CEO, The Advisory Council International Trusted Advisors to Executives Everywhere
WHY us? 2
A Not-for-Profit team of legendary CIOs With more than 1000 years of implementation experience Offering advice to improve IT business outcomes © 2015 The Advisory Council International LLC The Advisory Council International Jim Noble, fmr. CIO Al Guibord, fmr. CIO Harvey Koeppel fmr. CIO June Drewry fmr. CIO Carl Wilson fmr. CIO Bob Ridout fmr. CIO Ed Toben fmr. CIO Jody Davids fmr. CIO Michael Tasooji fmr. CIO Chuck Williams fmr. CTO Karl Landert fmr. CIO John Cross fmr. CIO Ian Alderton fmr. CIO Georges Diserens fmr. CIO Neil Cameron fmr. CIO Simon Orebi Gann fmr. CIO Jeri Dunn fmr. CIO Bruce Fadem fmr. CIO Steve Sheinheit fmr. CIO Randy Krotowski fmr. CIO Filippo Passerini CIO 3
WHO matters? 4
5 The Vital Few ~10 ~5 ~12 Board of Directors Audit Committee Executive Leadership + EAs Level 1 Management Level 2 Management Employees
WHAT did we discover? 6
What They Tell Us 7 1) Business imperatives 2) Benefits realization 3) Unplanned outages 4) Absorbability 5) Risk 6) Systems of Record 7) Competitors THEY THINK ABOUT YOU TALK ABOUT 1) IT strategy 2) Cost 3) Service tower uptime 4) Doability 5) DR/BC/Cyber security 6) Systems of Engagement 7) Innovation / Disruption
3) Operational Uptime • 99.9% means nothing to them • Availability of vertical services means nothing to them • Outages are related to the business cycle • They are only interested in unplanned outage minutes of end-to-end services at certain times • “Silent running” is simply your ticket to the game • Does your IT organization structure reflect this? 8
4) Doability Vs Absorbability 9 • It’s much easier for us to deliver than them to assimilate • IT folk celebrate when the system goes live. The business thinks that the project starts at that point • Is it better to sequence the traffic than to land it all at the same time? Corporate Change Impact Peoplesoft Enhancements PetroTech Competency Mapping PPI Peoplesoft Upgrade
5) Risk: They Are Intellectually Curious About Cloud • They read about it in an airline magazine… • They have suddenly become technical architects… • They have realized that it is a big opportunity and a big risk to your company: o An opportunity to make the business much more agile o An opportunity to keep IT headcount to a minimum o A risk to the governance and security of the company’s valuable data o A risk of loss over regulatory compliance (SOX, PCI etc.) 10
What We Tell Them About Cloud • 1980: Origins in telecomms – the Internet replaced point-to-point leased lines • 1990: NASA SETI for supercomputer of distributed PCs • 2000: First commercially successful SaaS application (Salesforce.com) • 2006: First commercial “on demand” hosting (Amazon Web Services) • 2010: Critical mass achieved on availability of web services (similar concept to Apple’s App Store) . . . 11 • 2015: Average mid-cap company uses hundreds of cloud-based apps, mostly unsanctioned. Shadow IT gone wild.
It’s Here to Stay – Get Used to It 12 There are 5,000 enterprise apps today (and growing).
13 RISK = THREAT x VULNERABILITY x CONSEQUENCE What They Tell Us About Risk
CEOs Have Woken Up! 1 High taxation 2 Loss of customers/cancelled orders 3 Cyber risk 4 Price of material inputs 5= Excessively strict regulation 5= Changing legislation 7 Inflation 8 Cost and availability of credit 9 Rapid technological changes 10 Currency fluctuation 11= Interest rate change 11= Talent and skills shortage 13 Reputational risk 14 Corporate liability 15= Major asset price volatility 15= Poor/incomplete regulation 17 Fraud and corruption 18 Government spending cuts 19 Theft of assets or intellectual property 20 Failed investment 21 Corporate governance and internal oversight failure 22 Critical infrastructure failure 23 Supply chain failure 24 Increased protectionism 25 Insolvency risk 1 Loss of customers/Cancelled orders 2 Talent and skills shortages (including succession risk) 3 Reputational risk 4 Currency fluctuation 5 Changing legislation 6 Cost and availability of credit 7 Price of material inputs 8 Inflation 9 Corporate liability 10 Excessively strict regulation 11 Rapid technological changes 12 Cyber attacks (malicious) 13 High taxation 14 Failed investment 15 Major asset price volatility 16 Theft of assets/Intellectual Property 17 Fraud and corruption 18 Interest rate change 19 Cyber risks (non-malicious) 20 Poor/Incomplete regulation 21 Critical infrastructure failure 22 Government spending cuts 23 Supply chain failure 24 Pollution and environmental liability 25 Sovereign debt Lloyds Risk Register 2012 Lloyds Risk Register 2014 Lloyds survey of 585 global CEOs
They Read The Media… THE FACTS: THE CONSEQUENCES: THE LESSONS: Hackers were able to steal sensitive personal and financial data from over 619,000 of the Company's employees and customers Shareholder sued individual Board members for lack of “Duty of Care” AIG clarified that their D&O insurance does not cover neglect of Duty of Care Federal judge permitted FTC lawsuit to proceed against the Corporation The firm’s Officers have to comprehend the risk posed by cyber security, and it can affect their personal wealth. 15
Many business executives believe that a competent IT leader can prevent an intrusion into their company. It is impossible to prevent a focused intruder from gaining access, and yet 85% of IT security spend is dedicated to prevention. On average, it takes 212 days to react to an intrusion. And We Tell Them You Must Assume A Sophisticated Attack Will Succeed
The Bad Guys Don’t Have to be Experts
12 A Bank’s Vulnerability Scorecard
Just Buy Insurance? 19 Cost Of Coverage Completeness Of Coverage 100% Sweet Spot Insured Uninsured
So How Can Awareness Help? 20 • 85% of IT security spend goes on prevention • Average of 212 days between intrusion and detection • 90% of compromises exploit human frailties • Be appreciative of the value-at-risk (i.e. materiality) • Be alert to web phishing and e-mails containing malware • Be sympathetic to strong passwords and regular changes • Be observant for odd behaviors
HOW can you get to them? 21
Conveying Your Message 22 • Befriend their executive assistants • Avoid scheduled meetings • Travel to nowhere on the same flight • Outside interests: Golf, fishing…. • Be persistent!
23 Al Guibord – alang@tac-int.com 1 203 663 3888 X701

Recommandé

Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Not-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentNot-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentCitrin Cooperman
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk SureCloud
 
Will cardwell presentation lithuania - oct 2011
Will cardwell presentation lithuania - oct 2011Will cardwell presentation lithuania - oct 2011
Will cardwell presentation lithuania - oct 2011finnwill
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Loss of Employee Loyalty in a Changing World
Loss of Employee Loyalty in a Changing WorldLoss of Employee Loyalty in a Changing World
Loss of Employee Loyalty in a Changing WorldSteven Anderson
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 

Recommandé

Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Not-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentNot-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentCitrin Cooperman
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk SureCloud
 
Will cardwell presentation lithuania - oct 2011
Will cardwell presentation lithuania - oct 2011Will cardwell presentation lithuania - oct 2011
Will cardwell presentation lithuania - oct 2011finnwill
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Loss of Employee Loyalty in a Changing World
Loss of Employee Loyalty in a Changing WorldLoss of Employee Loyalty in a Changing World
Loss of Employee Loyalty in a Changing WorldSteven Anderson
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
Stanford lille presentation march 2011
Stanford lille presentation march 2011Stanford lille presentation march 2011
Stanford lille presentation march 2011finnwill
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
The missing parts of the governance puzzle : The 2000 tide and what to expect...
The missing parts of the governance puzzle : The 2000 tide and what to expect...The missing parts of the governance puzzle : The 2000 tide and what to expect...
The missing parts of the governance puzzle : The 2000 tide and what to expect...PECB
 
IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015Robert Baldi
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementMafazo: Digital Solutions
 
ACE Presentation at Aalto School of Arts and Design
ACE Presentation at Aalto School of Arts and DesignACE Presentation at Aalto School of Arts and Design
ACE Presentation at Aalto School of Arts and Designfinnwill
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009RCioffi
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of SecurityKarina Elise
 
Duncan hine input1_irm_and_outsourcing
Duncan hine input1_irm_and_outsourcingDuncan hine input1_irm_and_outsourcing
Duncan hine input1_irm_and_outsourcingE-Government Center Moldova
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleKevin Duffey
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBookPatrick Whelan, CISA
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
 
Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEOKevin Duffey
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
Bt idc event cloud adoption in ireland
Bt idc event cloud adoption in irelandBt idc event cloud adoption in ireland
Bt idc event cloud adoption in irelandFiona Sexton
 

Contenu connexe

Tendances

Stanford lille presentation march 2011
Stanford lille presentation march 2011Stanford lille presentation march 2011
Stanford lille presentation march 2011finnwill
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
The missing parts of the governance puzzle : The 2000 tide and what to expect...
The missing parts of the governance puzzle : The 2000 tide and what to expect...The missing parts of the governance puzzle : The 2000 tide and what to expect...
The missing parts of the governance puzzle : The 2000 tide and what to expect...PECB
 
IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015Robert Baldi
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementMafazo: Digital Solutions
 
ACE Presentation at Aalto School of Arts and Design
ACE Presentation at Aalto School of Arts and DesignACE Presentation at Aalto School of Arts and Design
ACE Presentation at Aalto School of Arts and Designfinnwill
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009RCioffi
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of SecurityKarina Elise
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleKevin Duffey
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
 
Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEOKevin Duffey
 

Tendances (20)

Stanford lille presentation march 2011
Stanford lille presentation march 2011Stanford lille presentation march 2011
Stanford lille presentation march 2011
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber Attack
 
The missing parts of the governance puzzle : The 2000 tide and what to expect...
The missing parts of the governance puzzle : The 2000 tide and what to expect...The missing parts of the governance puzzle : The 2000 tide and what to expect...
The missing parts of the governance puzzle : The 2000 tide and what to expect...
 
IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015IIA August Briefing_15AUG2015
IIA August Briefing_15AUG2015
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk Management
 
ACE Presentation at Aalto School of Arts and Design
ACE Presentation at Aalto School of Arts and DesignACE Presentation at Aalto School of Arts and Design
ACE Presentation at Aalto School of Arts and Design
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of Security
 
Duncan hine input1_irm_and_outsourcing
Duncan hine input1_irm_and_outsourcingDuncan hine input1_irm_and_outsourcing
Duncan hine input1_irm_and_outsourcing
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a Role
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBook
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software Technology
 
Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEO
 

Similaire à Jim Noble SEASIM Keynote

Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
Bt idc event cloud adoption in ireland
Bt idc event cloud adoption in irelandBt idc event cloud adoption in ireland
Bt idc event cloud adoption in irelandFiona Sexton
 
GSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
GSA Asia Pacific Executive Summit 2019, Taipei, TaiwanGSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
GSA Asia Pacific Executive Summit 2019, Taipei, TaiwanJohn Ciacchella
 
GSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
GSA Asia Pacific Executive Summit 2019, Taipei, TaiwanGSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
GSA Asia Pacific Executive Summit 2019, Taipei, TaiwanJohn Ciacchella
 
Snapshot UK CIO 2018
Snapshot UK CIO 2018 Snapshot UK CIO 2018
Snapshot UK CIO 2018 David Germain
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"OCTF Industry Engagement
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Felipe Lamus
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon BradyStarttech Ventures
 
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
Sasi it security market overview 3 15
Sasi it security market overview 3 15Sasi it security market overview 3 15
Sasi it security market overview 3 15Dan Blank
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 

Similaire à Jim Noble SEASIM Keynote (20)

Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
Bt idc event cloud adoption in ireland
Bt idc event cloud adoption in irelandBt idc event cloud adoption in ireland
Bt idc event cloud adoption in ireland
 
GSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
GSA Asia Pacific Executive Summit 2019, Taipei, TaiwanGSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
GSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
 
GSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
GSA Asia Pacific Executive Summit 2019, Taipei, TaiwanGSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
GSA Asia Pacific Executive Summit 2019, Taipei, Taiwan
 
Snapshot UK CIO 2018
Snapshot UK CIO 2018 Snapshot UK CIO 2018
Snapshot UK CIO 2018
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
 
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-Ups
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017
 
Sasi it security market overview 3 15
Sasi it security market overview 3 15Sasi it security market overview 3 15
Sasi it security market overview 3 15
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
Cyber-attacks
Cyber-attacksCyber-attacks
Cyber-attacks
 

Jim Noble SEASIM Keynote

  • 1. What Your Execs Think of IT and why you should care. © 2015 The Advisory Council International LLC1 Jim Noble CEO, The Advisory Council International Trusted Advisors to Executives Everywhere
  • 3. A Not-for-Profit team of legendary CIOs With more than 1000 years of implementation experience Offering advice to improve IT business outcomes © 2015 The Advisory Council International LLC The Advisory Council International Jim Noble, fmr. CIO Al Guibord, fmr. CIO Harvey Koeppel fmr. CIO June Drewry fmr. CIO Carl Wilson fmr. CIO Bob Ridout fmr. CIO Ed Toben fmr. CIO Jody Davids fmr. CIO Michael Tasooji fmr. CIO Chuck Williams fmr. CTO Karl Landert fmr. CIO John Cross fmr. CIO Ian Alderton fmr. CIO Georges Diserens fmr. CIO Neil Cameron fmr. CIO Simon Orebi Gann fmr. CIO Jeri Dunn fmr. CIO Bruce Fadem fmr. CIO Steve Sheinheit fmr. CIO Randy Krotowski fmr. CIO Filippo Passerini CIO 3
  • 5. 5 The Vital Few ~10 ~5 ~12 Board of Directors Audit Committee Executive Leadership + EAs Level 1 Management Level 2 Management Employees
  • 7. What They Tell Us 7 1) Business imperatives 2) Benefits realization 3) Unplanned outages 4) Absorbability 5) Risk 6) Systems of Record 7) Competitors THEY THINK ABOUT YOU TALK ABOUT 1) IT strategy 2) Cost 3) Service tower uptime 4) Doability 5) DR/BC/Cyber security 6) Systems of Engagement 7) Innovation / Disruption
  • 8. 3) Operational Uptime • 99.9% means nothing to them • Availability of vertical services means nothing to them • Outages are related to the business cycle • They are only interested in unplanned outage minutes of end-to-end services at certain times • “Silent running” is simply your ticket to the game • Does your IT organization structure reflect this? 8
  • 9. 4) Doability Vs Absorbability 9 • It’s much easier for us to deliver than them to assimilate • IT folk celebrate when the system goes live. The business thinks that the project starts at that point • Is it better to sequence the traffic than to land it all at the same time? Corporate Change Impact Peoplesoft Enhancements PetroTech Competency Mapping PPI Peoplesoft Upgrade
  • 10. 5) Risk: They Are Intellectually Curious About Cloud • They read about it in an airline magazine… • They have suddenly become technical architects… • They have realized that it is a big opportunity and a big risk to your company: o An opportunity to make the business much more agile o An opportunity to keep IT headcount to a minimum o A risk to the governance and security of the company’s valuable data o A risk of loss over regulatory compliance (SOX, PCI etc.) 10
  • 11. What We Tell Them About Cloud • 1980: Origins in telecomms – the Internet replaced point-to-point leased lines • 1990: NASA SETI for supercomputer of distributed PCs • 2000: First commercially successful SaaS application (Salesforce.com) • 2006: First commercial “on demand” hosting (Amazon Web Services) • 2010: Critical mass achieved on availability of web services (similar concept to Apple’s App Store) . . . 11 • 2015: Average mid-cap company uses hundreds of cloud-based apps, mostly unsanctioned. Shadow IT gone wild.
  • 12. It’s Here to Stay – Get Used to It 12 There are 5,000 enterprise apps today (and growing).
  • 13. 13 RISK = THREAT x VULNERABILITY x CONSEQUENCE What They Tell Us About Risk
  • 14. CEOs Have Woken Up! 1 High taxation 2 Loss of customers/cancelled orders 3 Cyber risk 4 Price of material inputs 5= Excessively strict regulation 5= Changing legislation 7 Inflation 8 Cost and availability of credit 9 Rapid technological changes 10 Currency fluctuation 11= Interest rate change 11= Talent and skills shortage 13 Reputational risk 14 Corporate liability 15= Major asset price volatility 15= Poor/incomplete regulation 17 Fraud and corruption 18 Government spending cuts 19 Theft of assets or intellectual property 20 Failed investment 21 Corporate governance and internal oversight failure 22 Critical infrastructure failure 23 Supply chain failure 24 Increased protectionism 25 Insolvency risk 1 Loss of customers/Cancelled orders 2 Talent and skills shortages (including succession risk) 3 Reputational risk 4 Currency fluctuation 5 Changing legislation 6 Cost and availability of credit 7 Price of material inputs 8 Inflation 9 Corporate liability 10 Excessively strict regulation 11 Rapid technological changes 12 Cyber attacks (malicious) 13 High taxation 14 Failed investment 15 Major asset price volatility 16 Theft of assets/Intellectual Property 17 Fraud and corruption 18 Interest rate change 19 Cyber risks (non-malicious) 20 Poor/Incomplete regulation 21 Critical infrastructure failure 22 Government spending cuts 23 Supply chain failure 24 Pollution and environmental liability 25 Sovereign debt Lloyds Risk Register 2012 Lloyds Risk Register 2014 Lloyds survey of 585 global CEOs
  • 15. They Read The Media… THE FACTS: THE CONSEQUENCES: THE LESSONS: Hackers were able to steal sensitive personal and financial data from over 619,000 of the Company's employees and customers Shareholder sued individual Board members for lack of “Duty of Care” AIG clarified that their D&O insurance does not cover neglect of Duty of Care Federal judge permitted FTC lawsuit to proceed against the Corporation The firm’s Officers have to comprehend the risk posed by cyber security, and it can affect their personal wealth. 15
  • 16. Many business executives believe that a competent IT leader can prevent an intrusion into their company. It is impossible to prevent a focused intruder from gaining access, and yet 85% of IT security spend is dedicated to prevention. On average, it takes 212 days to react to an intrusion. And We Tell Them You Must Assume A Sophisticated Attack Will Succeed
  • 17. The Bad Guys Don’t Have to be Experts
  • 19. Just Buy Insurance? 19 Cost Of Coverage Completeness Of Coverage 100% Sweet Spot Insured Uninsured
  • 20. So How Can Awareness Help? 20 • 85% of IT security spend goes on prevention • Average of 212 days between intrusion and detection • 90% of compromises exploit human frailties • Be appreciative of the value-at-risk (i.e. materiality) • Be alert to web phishing and e-mails containing malware • Be sympathetic to strong passwords and regular changes • Be observant for odd behaviors
  • 21. HOW can you get to them? 21
  • 22. Conveying Your Message 22 • Befriend their executive assistants • Avoid scheduled meetings • Travel to nowhere on the same flight • Outside interests: Golf, fishing…. • Be persistent!
  • 23. 23 Al Guibord – alang@tac-int.com 1 203 663 3888 X701