SlideShare une entreprise Scribd logo
1  sur  35
Télécharger pour lire hors ligne
How to Invest Efficiently in
Cybersecurity?
(Return on Security Investment)
https://bsg.tech
hello@bsg.tech
Over 15 years in cybersecurity
OSCP, CISSP, CISA
Blogger, podcaster, and conference speaker
Provides consulting services in software security,
cybersecurity awareness, strategy, and
investment.
sapran@bsg.tech
Vlad
Styran
10+ years of experience in IT-audit and
consulting, IT project management
Experiences in leading large outsourcing
teams in Ukraine, Poland, and USA
Experiences in building customer
relationships within the US, UK, and
Western Europe geographies.
Leads the BSG advisory practice and consults
large development teams in all aspects of
cybersecurity. varusha@bsg.tech
Andriy
Varusha
Our job is to help companies in all
aspects of cybersecurity. We
complete more than 50 security
projects yearly. And we are aware of
the business security vulnerabilities
across the verticals.
We help our customers address their
future security challenges: prevent
data breaches and achieve
compliance.
About BSG
What should CISOs and top managers know about ROSI?
Investing in cybersecurity: how to showcase the effectiveness?
Leading indicators of cybersecurity investment effectiveness on practice.
Are there any "secrets" of effective cybersecurity investment?
What cybersecurity strategy will bring the best ROSI?
Strategic services for planning a cybersecurity program.
Questions and Answers.
1.
2.
3.
4.
5.
6.
7.
Plan for Today
What should CISOs and Top Managers
know about Return on Security Investment?
1.
Is it the same thing?
Effectiveness vs Efficiency
of Security Investment
*ROI measures the amount of return on a particular investment, relative to the investment’s cost.
ROI vs ROSI in Cybersecurity:
How to Calculate?
Gain from investment – Cost of investment
ROI = _____________________________________________
Cost of investment
ALE * mitigation ratio – Cost of solution
ROSI = _____________________________________________
Cost of Solution
*ROSI integrates the risks and costs associated with a security incident, combines that with the
impact of a security solution.
IT doesn’t speak the same
language as business
What is the primary value of cybersecurity for business?
Business Mindset vs CISO Mindset
How bad the outcome of the attack,
its frequency and probability
in dollars?
What the best I can do
to minimize risks
and get the best value
per dollar invested?
The Gordon Loeb Model
The Gordon Loeb Rule
Never spend on security more than 37% of your
expected loss without the security investment
2. Investing in Cybersecurity:
How to Showcase the Effectiveness?
The Gordon Loeb Rule
Never spend on security more than 37% of your
expected loss without the security investment
Asset worth $1,000,000
Probability of attack 0.07
Probability of the attack's success 0.42
Optimal security investment:
1,000,000 x 0.07 x 0.42 x 0.37 = 10,878
Don't move the ball in one direction
Security Productivity and Cost of Security
1.Secon101x
https://www.edx.org/course/cyber-security-economics-delftx-secon101x-0
2. Ross Anderson’s Economics and Security resource page
http://www.cl.cam.ac.uk/%7Erja14/econsec.html
3. Bruce Schneier on Economics of Security
https://www.schneier.com/essays/economics/
4. Vlad Styran - Security Economics@ OWASP Kyiv Winter 2017
https://www.youtube.com/watch?v=vZAldeJ-_rw
3. Indicators of Cybersecurity Investment
Effectiveness on practice
Everyone gets hacked, and you don’t
1.
How to demonstrate the Return on
Security Investment?
2. You look for the signs of getting hacked,
and can`t find them.
3. You pay others to hack you, and they
have a hard time doing it.
4. Everyone pays high insurance
premiums and you don’t.
5. When you finally get hacked,
it is not a big deal.
4. Are there any "Secrets" of Effective
Cybersecurity Investment?
Informationisbeautiful:
World's Biggest Data Breaches & Hacks
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Statista: Statistics of Cyber Crime and Security
https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
CSIS: Statistics of Cyber Crime and Security
https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
EnforcementTracker: GDPR Enforcement Tracker
https://www.enforcementtracker.com/
Verizon: Data Breach Investigations Report
https://enterprise.verizon.com/resources/reports/dbir/
National Vulnerability Database
https://nvd.nist.gov/vuln
CISA (USA)
https://www.cisa.gov/
Forrester
https://go.forrester.com/blogs/category/cybersecurity/
Gartner
https://www.gartner.com/en/information-technology/insights/cybersecurity
5. What Cybersecurity Strategy will bring
the best Return on Security Investment?
Find out what your company do and what is
important for clients in terms of security
1.
Building a Strategic Cybersecurity Plan
2. Determine ways how cybercriminals can
disrupt your business activity a cause harm
3. Plan actions of how to prevent and
mitigate cyber incidents
4. Review and test your chosen strategy by
hiring a pentest firm or internally
6. Strategic Services for Planning a
Cybersecurity Program
Security Consulting
Governance, Risk & Compliance
Application Security
Penetration Testing
Security Awareness
Security Program Services
Projects and Clients
Review
BSG Security
Findings
https://bit.ly/bsg2020report
Questions and Answers
Stay in Touch With
If you have any questions,
please contact us at:
https://bsg.tech
hello@bsg.tech

Contenu connexe

Tendances

Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusSirius
 
What is Security Orchestration?
What is Security Orchestration?What is Security Orchestration?
What is Security Orchestration?Siemplify
 
Less tech more talk the future of the ciso role
Less tech more talk the future of the ciso roleLess tech more talk the future of the ciso role
Less tech more talk the future of the ciso rolePriyanka Aash
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security OperationsPriyanka Aash
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Proofpoint
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalDejan Jeremic
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorPriyanka Aash
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
Make IR Effective with Risk Evaluation and Reporting
Make IR Effective with Risk Evaluation and ReportingMake IR Effective with Risk Evaluation and Reporting
Make IR Effective with Risk Evaluation and ReportingPriyanka Aash
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 

Tendances (20)

Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Know
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
 
What is Security Orchestration?
What is Security Orchestration?What is Security Orchestration?
What is Security Orchestration?
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
 
Less tech more talk the future of the ciso role
Less tech more talk the future of the ciso roleLess tech more talk the future of the ciso role
Less tech more talk the future of the ciso role
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security Operations
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-final
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributor
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
 
INFINITY Presentation
INFINITY PresentationINFINITY Presentation
INFINITY Presentation
 
Make IR Effective with Risk Evaluation and Reporting
Make IR Effective with Risk Evaluation and ReportingMake IR Effective with Risk Evaluation and Reporting
Make IR Effective with Risk Evaluation and Reporting
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 

Similaire à Webinar: "How to invest efficiently in cybersecurity (Return on Security Investment)

Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Matthew Rosenquist
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Fortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipFortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipMighty Guides, Inc.
 
Adding Incident Response Containers To The Cyber Security Tool Belt
Adding Incident Response Containers To The Cyber Security Tool BeltAdding Incident Response Containers To The Cyber Security Tool Belt
Adding Incident Response Containers To The Cyber Security Tool BeltDharmendra Rama
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
MMV Webinar 3. Cybersecurity Perspectives. March 2018
MMV Webinar 3. Cybersecurity Perspectives. March 2018MMV Webinar 3. Cybersecurity Perspectives. March 2018
MMV Webinar 3. Cybersecurity Perspectives. March 2018Match-Maker Ventures
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
Justifying Security Investment
Justifying Security InvestmentJustifying Security Investment
Justifying Security InvestmentJojo Colina
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023CBIZ, Inc.
 
10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdfCIO Look Magazine
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon BradyStarttech Ventures
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsBrian Rushton-Phillips
 

Similaire à Webinar: "How to invest efficiently in cybersecurity (Return on Security Investment) (20)

Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Fortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipFortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused Leadership
 
Adding Incident Response Containers To The Cyber Security Tool Belt
Adding Incident Response Containers To The Cyber Security Tool BeltAdding Incident Response Containers To The Cyber Security Tool Belt
Adding Incident Response Containers To The Cyber Security Tool Belt
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
MMV Webinar 3. Cybersecurity Perspectives. March 2018
MMV Webinar 3. Cybersecurity Perspectives. March 2018MMV Webinar 3. Cybersecurity Perspectives. March 2018
MMV Webinar 3. Cybersecurity Perspectives. March 2018
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
Justifying Security Investment
Justifying Security InvestmentJustifying Security Investment
Justifying Security Investment
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
 
10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
 

Dernier

ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...ISONIKELtd
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.mcshagufta46
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsyasinnathani
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toumarfarooquejamali32
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGlokeshwarmaha
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyHanna Klim
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Lviv Startup Club
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarNathanielSchmuck
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..dlewis191
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...AustraliaChapterIIBA
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato pptElizangelaSoaresdaCo
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHelene Heckrotte
 
Scrum Events & How to run them effectively
Scrum Events & How to run them effectivelyScrum Events & How to run them effectively
Scrum Events & How to run them effectivelyMarianna Nakou
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfJohnCarloValencia4
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 

Dernier (20)

ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.
 
WAM Corporate Presentation Mar 25 2024.pdf
WAM Corporate Presentation Mar 25 2024.pdfWAM Corporate Presentation Mar 25 2024.pdf
WAM Corporate Presentation Mar 25 2024.pdf
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story points
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb to
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agency
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry Webinar
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato ppt
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
 
Scrum Events & How to run them effectively
Scrum Events & How to run them effectivelyScrum Events & How to run them effectively
Scrum Events & How to run them effectively
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 

Webinar: "How to invest efficiently in cybersecurity (Return on Security Investment)

  • 1. How to Invest Efficiently in Cybersecurity? (Return on Security Investment) https://bsg.tech hello@bsg.tech
  • 2. Over 15 years in cybersecurity OSCP, CISSP, CISA Blogger, podcaster, and conference speaker Provides consulting services in software security, cybersecurity awareness, strategy, and investment. sapran@bsg.tech Vlad Styran
  • 3. 10+ years of experience in IT-audit and consulting, IT project management Experiences in leading large outsourcing teams in Ukraine, Poland, and USA Experiences in building customer relationships within the US, UK, and Western Europe geographies. Leads the BSG advisory practice and consults large development teams in all aspects of cybersecurity. varusha@bsg.tech Andriy Varusha
  • 4. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 security projects yearly. And we are aware of the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance. About BSG
  • 5. What should CISOs and top managers know about ROSI? Investing in cybersecurity: how to showcase the effectiveness? Leading indicators of cybersecurity investment effectiveness on practice. Are there any "secrets" of effective cybersecurity investment? What cybersecurity strategy will bring the best ROSI? Strategic services for planning a cybersecurity program. Questions and Answers. 1. 2. 3. 4. 5. 6. 7. Plan for Today
  • 6. What should CISOs and Top Managers know about Return on Security Investment? 1.
  • 7. Is it the same thing? Effectiveness vs Efficiency of Security Investment
  • 8. *ROI measures the amount of return on a particular investment, relative to the investment’s cost. ROI vs ROSI in Cybersecurity: How to Calculate? Gain from investment – Cost of investment ROI = _____________________________________________ Cost of investment ALE * mitigation ratio – Cost of solution ROSI = _____________________________________________ Cost of Solution *ROSI integrates the risks and costs associated with a security incident, combines that with the impact of a security solution.
  • 9. IT doesn’t speak the same language as business What is the primary value of cybersecurity for business?
  • 10. Business Mindset vs CISO Mindset How bad the outcome of the attack, its frequency and probability in dollars? What the best I can do to minimize risks and get the best value per dollar invested?
  • 12. The Gordon Loeb Rule Never spend on security more than 37% of your expected loss without the security investment
  • 13. 2. Investing in Cybersecurity: How to Showcase the Effectiveness?
  • 14. The Gordon Loeb Rule Never spend on security more than 37% of your expected loss without the security investment Asset worth $1,000,000 Probability of attack 0.07 Probability of the attack's success 0.42 Optimal security investment: 1,000,000 x 0.07 x 0.42 x 0.37 = 10,878
  • 15. Don't move the ball in one direction
  • 16. Security Productivity and Cost of Security 1.Secon101x https://www.edx.org/course/cyber-security-economics-delftx-secon101x-0 2. Ross Anderson’s Economics and Security resource page http://www.cl.cam.ac.uk/%7Erja14/econsec.html 3. Bruce Schneier on Economics of Security https://www.schneier.com/essays/economics/ 4. Vlad Styran - Security Economics@ OWASP Kyiv Winter 2017 https://www.youtube.com/watch?v=vZAldeJ-_rw
  • 17. 3. Indicators of Cybersecurity Investment Effectiveness on practice
  • 18. Everyone gets hacked, and you don’t 1. How to demonstrate the Return on Security Investment? 2. You look for the signs of getting hacked, and can`t find them. 3. You pay others to hack you, and they have a hard time doing it. 4. Everyone pays high insurance premiums and you don’t. 5. When you finally get hacked, it is not a big deal.
  • 19. 4. Are there any "Secrets" of Effective Cybersecurity Investment?
  • 20. Informationisbeautiful: World's Biggest Data Breaches & Hacks https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • 21. Statista: Statistics of Cyber Crime and Security https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
  • 22. CSIS: Statistics of Cyber Crime and Security https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
  • 23. EnforcementTracker: GDPR Enforcement Tracker https://www.enforcementtracker.com/
  • 24. Verizon: Data Breach Investigations Report https://enterprise.verizon.com/resources/reports/dbir/
  • 29. 5. What Cybersecurity Strategy will bring the best Return on Security Investment?
  • 30. Find out what your company do and what is important for clients in terms of security 1. Building a Strategic Cybersecurity Plan 2. Determine ways how cybercriminals can disrupt your business activity a cause harm 3. Plan actions of how to prevent and mitigate cyber incidents 4. Review and test your chosen strategy by hiring a pentest firm or internally
  • 31. 6. Strategic Services for Planning a Cybersecurity Program
  • 32. Security Consulting Governance, Risk & Compliance Application Security Penetration Testing Security Awareness Security Program Services
  • 33. Projects and Clients Review BSG Security Findings https://bit.ly/bsg2020report
  • 35. Stay in Touch With If you have any questions, please contact us at: https://bsg.tech hello@bsg.tech