Most organizations have a CIO; many have a CISO. These key leadership positions often approach solutions differently and have different motivations. The CIO must deliver IT, automation, innovation and efficiency. The CISO is tasked with assuring adherence to security frameworks and regulatory standards, and protecting against, and responding to, vulnerabilities and incidents. These mandates can conflict. And often the CISO reports to the CIO. We will take a light-hearted look at questions including: What are the issues?; Are CISOs and CIOs from different planets?; Can we align to meet critical business needs, deliver value and protect the organization?
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
CISOs are from Mars, CIOs are from Venus
1. Celebrating a decade
of guiding security
professionals.
@Secure360 or www.Secure360.org
CISOs are from Mars
CIOs are from Venus
Barry Caplin
Tues. May 12, 2015, 1:30P
2. CISOs are from Mars
CIOs are from Venus
Secure360
Tues. May 12, 2015 1:30P
bcaplin1@fairview.org
bc@bjb.org @bcaplin
http://about.me/barrycaplin
http://securityandcoffee.blogspot.com
Barry Caplin
VP, Chief Information Security Officer
Fairview Health Services
16. • Coherence of
financial data
Integrity
• Data in correlates
with data out
• Chain of custody of
log and forensic data
16
• Transparency
• Coherence of
financial data
25. Key Opportunities
“V”OI
• Not just cost center
• CIO/CFO need budget justification
• Not just hard $
• Value:
Efficiency
Improvements – service, capability
Maturity
Tool rationalization
25
26. Key Opportunities
Management – Vendor; Configuration;
Incident; Risk
• Security v IT definition
• Metrics and Measures
• Example
ITIL incident process meshes with Security
event/incident/investigation process
26
28. Key Opportunities
Keep the auditors happy
• External/Internal/Financial
• Easier audits = less pressure on IT resources
• Fewer findings = less hassle for CIO
28
29. Key Opportunities
Keep the board happy
• Good Communication
• Better opportunities and funding for all!
29
Check out my about.me, with links to twitter feed and Security and Coffee blog.
CISO reports to CIO – Conflict of Interest? Security overruled?
CISO reports to {CRO, CEO, CxO} - Visibility into IT?; Budget?
CISO - Protection of data; Minimum necessary
CIO - What happens in the boardroom, stays in the boardroom
CISO - Data in correlates with data out; Chain of custody of log and forensic data; Coherence of financial data
CIO - Transparency; Coherence of financial data
CISO – Probability/Impact of Threats
CIO - Not meeting business needs