SlideShare une entreprise Scribd logo
1  sur  19
Security Policies:
The Next Generation
              Peter Hesse
      Gemini Security Solutions, Inc.

 Security B-Sides Atlanta | October 8, 2010
Why do we have security policies?
We need rules
to play the game
Written a policy lately?
Written a policy lately?


       ISO 27001
Written a policy lately?
           ORANG PCI-DSS
41 CFR 102
           E BOOK SAS-70
    FISMAISO 27001
                    WeBTRUST
  BITS SysTrust ISO 17799 /
   DITSCAP FIPS 199 BS 7799
        Cloud Audit  HIPAA
The language of policy
 [Organization] and applicable
 subsidiary Level 2 Unit ISMs will
 coordinate and document the
 establishment of all external network
 connections for their unit with Network
 Services. As every external network
 connection is potentially an entry point
 for intruders, Level 2 Unit ISMs must
 document all external network
 connections in their unit, including
 modems.
Code versus Policy
Code versus Policy
What happens if we
    simplify?
One-size-fits-all or
      tailor made?
What is the focus?

Systems must be patched within 30
days of release of patch from vendor


Management approval is required to
download any copyrighted material
from the Internet
Improving security
 policy: Prioritize
Improving security
 policy: Prioritize
Improving security
 policy: Prioritize
Improving security
 policy: Prioritize
The Next Generation:

• Simplify, streamline, squeeze out jargon
• Prioritize and heat map based on relative
  risk and audience
• Build approaches that transcend
  documentation and encourage good
  behavior
Fin.

• Peter Hesse, Gemini Security Solutions
  @pmhesse, pmhesse@geminisecurity.com


• Extra special thanks to my partner-in-crime
  on this work, Michael Santarcangelo
  @catalyst (www.securitycatalyst.com)

Contenu connexe

Tendances

Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
5 star technology advertising 2015
5 star technology advertising 20155 star technology advertising 2015
5 star technology advertising 2015leopoldgiterson
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
 
Secure Network Infrastructures for Unified Communications Deployments
Secure Network Infrastructures for Unified Communications DeploymentsSecure Network Infrastructures for Unified Communications Deployments
Secure Network Infrastructures for Unified Communications Deploymentsdigitallibrary
 
Secure Network Infrastructures for Unified Communications Deployments
Secure Network Infrastructures for Unified Communications DeploymentsSecure Network Infrastructures for Unified Communications Deployments
Secure Network Infrastructures for Unified Communications Deploymentsdigitallibrary
 
The Business Relevance of Security: Challenges & Solutions
The Business Relevance of Security: Challenges & SolutionsThe Business Relevance of Security: Challenges & Solutions
The Business Relevance of Security: Challenges & Solutionsdigitallibrary
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security PresentationIdeba
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security PresentationIdeba
 
People can be our strongest link - Executive Leaders Network
People can be our strongest link - Executive Leaders NetworkPeople can be our strongest link - Executive Leaders Network
People can be our strongest link - Executive Leaders NetworkPeabody
 
Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
 
DFARS compliance
DFARS complianceDFARS compliance
DFARS complianceLinqsGroup
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...IBM Sverige
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsINKPPT
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsForcepoint LLC
 
Windstream Managed Network Security Ebook
Windstream Managed Network Security EbookWindstream Managed Network Security Ebook
Windstream Managed Network Security EbookIdeba
 
Windstream Managed Network Security Infographic
Windstream Managed Network Security InfographicWindstream Managed Network Security Infographic
Windstream Managed Network Security InfographicIdeba
 
Worldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsWorldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsAPNIC
 

Tendances (20)

Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
 
5 star technology advertising 2015
5 star technology advertising 20155 star technology advertising 2015
5 star technology advertising 2015
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.
 
It securities
It securitiesIt securities
It securities
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps Scatter
 
Secure Network Infrastructures for Unified Communications Deployments
Secure Network Infrastructures for Unified Communications DeploymentsSecure Network Infrastructures for Unified Communications Deployments
Secure Network Infrastructures for Unified Communications Deployments
 
Secure Network Infrastructures for Unified Communications Deployments
Secure Network Infrastructures for Unified Communications DeploymentsSecure Network Infrastructures for Unified Communications Deployments
Secure Network Infrastructures for Unified Communications Deployments
 
The Business Relevance of Security: Challenges & Solutions
The Business Relevance of Security: Challenges & SolutionsThe Business Relevance of Security: Challenges & Solutions
The Business Relevance of Security: Challenges & Solutions
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security Presentation
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security Presentation
 
People can be our strongest link - Executive Leaders Network
People can be our strongest link - Executive Leaders NetworkPeople can be our strongest link - Executive Leaders Network
People can be our strongest link - Executive Leaders Network
 
Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & Security
 
DFARS compliance
DFARS complianceDFARS compliance
DFARS compliance
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 mins
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
 
Windstream Managed Network Security Ebook
Windstream Managed Network Security EbookWindstream Managed Network Security Ebook
Windstream Managed Network Security Ebook
 
Windstream Managed Network Security Infographic
Windstream Managed Network Security InfographicWindstream Managed Network Security Infographic
Windstream Managed Network Security Infographic
 
Worldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsWorldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report Highlights
 

En vedette

Obesity: nutrients modulators of neuropeptides and neurotransmmitters
Obesity: nutrients modulators of neuropeptides and neurotransmmitters Obesity: nutrients modulators of neuropeptides and neurotransmmitters
Obesity: nutrients modulators of neuropeptides and neurotransmmitters Nutriline SRL
 
23 tweets for wesley kuhn
23 tweets for wesley kuhn23 tweets for wesley kuhn
23 tweets for wesley kuhnWesley Yuhn
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
 
SI Capital Company Brochure 2016
SI Capital Company Brochure 2016SI Capital Company Brochure 2016
SI Capital Company Brochure 2016Matthew Lambert
 
Ejempplos cuadros de sintesis
Ejempplos cuadros de sintesisEjempplos cuadros de sintesis
Ejempplos cuadros de sintesisjunior sanchez
 
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...
PresentationMachine Learning, Linear and Bayesian Models  for Logistic Regres...PresentationMachine Learning, Linear and Bayesian Models  for Logistic Regres...
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...Bohdan Pavlyshenko
 
Resume of Richard K Metzner-2016
Resume of Richard K Metzner-2016Resume of Richard K Metzner-2016
Resume of Richard K Metzner-2016Richard Metzner
 
Presentazione italia unita per la scienza
Presentazione italia unita per la scienzaPresentazione italia unita per la scienza
Presentazione italia unita per la scienzaKrizia Ferrini
 
Wi fi hotspot solutions coworking space
Wi fi hotspot solutions   coworking spaceWi fi hotspot solutions   coworking space
Wi fi hotspot solutions coworking spaceShailendra Jain
 
WiFi Hotspot solutions (co working space)
WiFi Hotspot solutions (co working space)WiFi Hotspot solutions (co working space)
WiFi Hotspot solutions (co working space)Shailendra Jain
 
Curso superior de naturopatia on line- dossier
Curso superior de naturopatia on line- dossierCurso superior de naturopatia on line- dossier
Curso superior de naturopatia on line- dossierAtma Escuela
 

En vedette (17)

Obesity: nutrients modulators of neuropeptides and neurotransmmitters
Obesity: nutrients modulators of neuropeptides and neurotransmmitters Obesity: nutrients modulators of neuropeptides and neurotransmmitters
Obesity: nutrients modulators of neuropeptides and neurotransmmitters
 
23 tweets for wesley kuhn
23 tweets for wesley kuhn23 tweets for wesley kuhn
23 tweets for wesley kuhn
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
 
Gebeurtenis
GebeurtenisGebeurtenis
Gebeurtenis
 
SI Capital Company Brochure 2016
SI Capital Company Brochure 2016SI Capital Company Brochure 2016
SI Capital Company Brochure 2016
 
Klantenbinding anno 2017
Klantenbinding anno 2017Klantenbinding anno 2017
Klantenbinding anno 2017
 
Ejempplos cuadros de sintesis
Ejempplos cuadros de sintesisEjempplos cuadros de sintesis
Ejempplos cuadros de sintesis
 
Crecimiento economico
Crecimiento economicoCrecimiento economico
Crecimiento economico
 
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...
PresentationMachine Learning, Linear and Bayesian Models  for Logistic Regres...PresentationMachine Learning, Linear and Bayesian Models  for Logistic Regres...
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...
 
Resume of Richard K Metzner-2016
Resume of Richard K Metzner-2016Resume of Richard K Metzner-2016
Resume of Richard K Metzner-2016
 
Dirty Secrets of Personal Branding (Advocaten)
Dirty Secrets of Personal Branding (Advocaten)Dirty Secrets of Personal Branding (Advocaten)
Dirty Secrets of Personal Branding (Advocaten)
 
Presentazione italia unita per la scienza
Presentazione italia unita per la scienzaPresentazione italia unita per la scienza
Presentazione italia unita per la scienza
 
Wi fi hotspot solutions coworking space
Wi fi hotspot solutions   coworking spaceWi fi hotspot solutions   coworking space
Wi fi hotspot solutions coworking space
 
WiFi Hotspot solutions (co working space)
WiFi Hotspot solutions (co working space)WiFi Hotspot solutions (co working space)
WiFi Hotspot solutions (co working space)
 
Curso superior de naturopatia on line- dossier
Curso superior de naturopatia on line- dossierCurso superior de naturopatia on line- dossier
Curso superior de naturopatia on line- dossier
 
Devops skills you got what it takes ?
Devops skills   you got what it takes ?Devops skills   you got what it takes ?
Devops skills you got what it takes ?
 
Export Marketing Planning for exporters from emerging markets
Export Marketing Planning for exporters from emerging marketsExport Marketing Planning for exporters from emerging markets
Export Marketing Planning for exporters from emerging markets
 

Similaire à Security Policy: The Next Generation

Security Standards Please respond to the following A number of .pdf
Security Standards Please respond to the following A number of .pdfSecurity Standards Please respond to the following A number of .pdf
Security Standards Please respond to the following A number of .pdffsenterprises
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions  - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions  - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinMiriam L
 
DojoSec FISMA Presentation
DojoSec FISMA PresentationDojoSec FISMA Presentation
DojoSec FISMA Presentationdanphilpott
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowPECB
 
Cisco Phy Sec Overview Netversant
Cisco Phy Sec Overview   NetversantCisco Phy Sec Overview   Netversant
Cisco Phy Sec Overview NetversantJayCase
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfssuser57b3e5
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWithum
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseSafeNet
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee PresentationTony DeGonia (LION)
 
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & MicrosoftCCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & Microsoftwalk2talk srl
 
Verderber Rothke What’s New With PCI
Verderber   Rothke   What’s New With PCIVerderber   Rothke   What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Canada
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfAmyPoblete3
 

Similaire à Security Policy: The Next Generation (20)

Security Standards Please respond to the following A number of .pdf
Security Standards Please respond to the following A number of .pdfSecurity Standards Please respond to the following A number of .pdf
Security Standards Please respond to the following A number of .pdf
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions  - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions  - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
 
MEDS
MEDSMEDS
MEDS
 
DojoSec FISMA Presentation
DojoSec FISMA PresentationDojoSec FISMA Presentation
DojoSec FISMA Presentation
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
 
Cisco Phy Sec Overview Netversant
Cisco Phy Sec Overview   NetversantCisco Phy Sec Overview   Netversant
Cisco Phy Sec Overview Netversant
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the Enterprise
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security Framework
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee Presentation
 
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & MicrosoftCCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
 
Verderber Rothke What’s New With PCI
Verderber   Rothke   What’s New With PCIVerderber   Rothke   What’s New With PCI
Verderber Rothke What’s New With PCI
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 

Dernier

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 

Dernier (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 

Security Policy: The Next Generation

Notes de l'éditeur

  1. Is it just because we’ve been doing it so long we don’t remember? Policies are written to counter known or notional risk.
  2. What game are we playing if I show this to you? Helps set the rules of the game – guidance -- not that they can’t be changed later
  3. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  4. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  5. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  6. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  7. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  8. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  9. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  10. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  11. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  12. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  13. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  14. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  15. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  16. Policies are hard to develop so people follow useful frameworks. <click> Then they have to follow some more frameworks. <click> And some more. And more and more. You end up with something you didn’t really expect. Kind of reminds me of a platypus, webbed feet, duck bill, thick fur, mostly aquatic, lays eggs…
  17. Can you understand this? I can’t. Length of policy also a huge problem.
  18. Policies are largely formed by cut and paste. By cutting and pasting without thinking through why things are in there (“I just know they have to be”) we create additional problems. Policies which are harder to justify, policies the writers can’t even understand, policies that are too long. Like making sausage
  19. Quote from http://googleblog.blogspot.com/2010/09/trimming-our-privacy-policies.html We’re also simplifying our main Google Privacy Policy to make it more user-friendly by cutting down the parts that are redundant and rewriting the more legalistic bits so people can understand them more easily.
  20. Did you know that NIST created a guide for improving the security of your XP home installation, aimed at federal teleworkers? Useful, right? It is 175 pages. However, they distill the guide down to 5 main points, care to guess what they are? -Patching -Running as limited user -Anti-malware -Personal firewall -Perform backups Do they need the rest of the document?
  21. Policies often treat as one-size-fits-all, but that is not the case. If a policy includes every risk mitigation technique known to the organization, it will have requirements that apply only to IT, only to management, only to finance – and few that apply to all users. Yet, they’re all in the same policy. We need multiple policies, or multiple views of the same policy, to make sense to the audience
  22. Is the risk associated with these two policy statements equivalent? Do these statements apply to the average user? (No, 1 is for IT only, 2 is for people doing downloads, and management to know that they need to approve – but how do they determine if they should?) What do you do when one of these policies is met, but the other isn’t?
  23. - Here is what we’re doing. We are working on prioritizing policy based on a heat map. Heat map can change based on the revelation of new threats, improved perception of risk, improved controls being put into place. - Not getting into the metrics / qualitative/ quantitative holy war, but policies related to greater risks should have greater importance; those that relate to lower risks should be waived, deemed less important, or excised entirely - The heat map could automatically filter based on the perspective of the audience
  24. - Here is what we’re doing. We are working on prioritizing policy based on a heat map. Heat map can change based on the revelation of new threats, improved perception of risk, improved controls being put into place. - Not getting into the metrics / qualitative/ quantitative holy war, but policies related to greater risks should have greater importance; those that relate to lower risks should be waived, deemed less important, or excised entirely - The heat map could automatically filter based on the perspective of the audience
  25. - Here is what we’re doing. We are working on prioritizing policy based on a heat map. Heat map can change based on the revelation of new threats, improved perception of risk, improved controls being put into place. - Not getting into the metrics / qualitative/ quantitative holy war, but policies related to greater risks should have greater importance; those that relate to lower risks should be waived, deemed less important, or excised entirely - The heat map could automatically filter based on the perspective of the audience