Safe knowledge
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

SAFE KNOWLEDGE PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

SAFE KNOWLEDGE. GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection. The Management versus Technical Staff Challenge.

Download Presentation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Safe knowledge



Implementation Partner


IT Security and Data Protection

The management versus technical staff challenge

The Management versus Technical Staff Challenge

Create win-win IT security outcomes that meet management objectives for the enterprise, and realistic productivity expectations of the IT department

Differing cultures

Differing cultures

  • Non-technical managers are mostly in a world of budgets, timeframes, deadlines, deliverables, results and the “big picture”

  • IT staff are mostly in a world of rapid change, uncertainties, threats, complexity and detail, as well as timeframes, deadlines and deliverables

  • The difference is often clear to IT staff but unclear to non-technical managers

The management versus technical staff conundrum

The Management versus Technical Staff Conundrum

  • Corporate structure that fails to acknowledge a rapidly changing security landscape

  • Poorly defined IT security roles and responsibilities for non-technical management and IT management teams

  • Failure of technical expectations to be fulfilled due to unrealistic low budgets and failure of non technical management to approve sufficient human resources to meet the requirements of the IT department

  • No common approach and a lack of language clarity between management and technical staff

Enterprise structure

Enterprise Structure

  • Enterprise management and IT department in separate isolated silos

  • These silos fail to share accountability and responsibility for IT security policy and practice

  • The silo approach does not work because shared responsibilities and communications are often neglected

  • Silos can address isolated work area requirements but will leave gaps across the whole enterprise (including legal)

Roles and responsibilities

Roles and Responsibilities

  • Inappropriate delegation of responsibilities and tasks is a common weakness

  • Legal responsibilities and associated liabilities delegated to the technical team with little or no ownership by senior non-technical management

  • Accountability that should be shared, erroneously devolved to the IT technical department instead of being “owned” from top management down

Expectations and resources

Expectations and resources

  • Failure of management to articulate the IT security expectations of the enterprise

  • Management often underestimates the human resources needed to implement and manage IT security across the enterprise

  • Management often underestimates the financial cost to deliver a whole of enterprise security solution

  • Failure of technical team to communicate realistic requirements and timelines to meet the management expectation

What about it security

What about IT Security?

  • Management perceives IT security as a given

  • Therefore management tends to take it for granted

  • This can create a false sense of security

  • New IT security implementations are given low priority

  • IT security solutions often implemented after an incident has occurred … (reactive management, rather than proactive management)

  • Management failure to understand that IT security is a valid cost of doing business

Bridging the gap how mgmt sees it department

Bridging the GAP – How Mgmt sees IT Department

Management want RESULTS




IT is uniquely positioned to bridge the gap!




Key challenges

Key challenges

  • Achieve a strategic whole-of-enterprise IT security solution to manage risk

  • Address strategic outcomes based on well informed and realistic expectations set by top management

  • Allocation of appropriate resources for each step of the process

  • Think strategically, act tactically, because each step is is only a part of the whole

Management role

Management Role

  • Set a realistic agenda in concert with the IT department ensuring expectations are deliverable

  • Assume overall responsibility and liability

  • Provide appropriate resources, human and financial to deliver the desired outcome

  • Engage in continuing review with the IT department to ensure minimisation of risk associated with new and emerging threats

It department role

IT Department Role

  • Provide management with accurate and timely information that will aid the planning and decision making process

  • Evaluate new and emerging products and services that may meet the IT security needs of the enterprise

  • Ensure language is clear and unambiguous for non-technical senior decision makers

  • Work to each pre-agreed management brief to ensure on-time and on-budget delivery

Closing the gap

Risk Management

Regulatory Requirements

The Information Risk Spectrum




IT Security

IT Contingency







Closing the gap

John Meaking – Standard Chartered Bank

Risk a common dialogue

Risk – a common dialogue

  • Asset Values ($)

  • Vulnerabilities (access to assets)

  • Threats (scenario exploits vulnerability)

  • RISK

Risk analysis

Risk analysis







Unknown and Unquantifiable in absolute terms





Frequency & Exposure

Consequence – some guesswork

Control Effectiveness

John Meakin – Standard Chartered Bank

Matrix a common dialogue

Matrix – a common dialogue



Think generically about using Risk Assessments

Where to start

Where to start?

  • Look for High Likelihood High Impact (HH)

  • Pareto

  • Demonstrate Cost/Benefit. Don’t emphasise ROI



Trivial Many

Critical Few

Demonstrate value results

Demonstrate value & results

  • Through appropriate metrics

    • In terms management understands

    • Avoid measuring too much or inappropriately (let risk drive what is measured)

  • Communicate trends and changes regularly

Successful team attributes

Successful Team Attributes

  • Plan and work as an enterprise team with shared responsibilities and accountabilities

  • Focus on realistic pre-agreed outcomes

  • Avoid “isolated empire” thinking and engage in “whole of enterprise” thinking

  • Undertake an ongoing, regular review process

  • Be nice to each other

Three final thoughts

Three final thoughts

Computers are incredibly fast accurate and stupid.

People are unbelievably slow, inaccurate and brilliant.

Despite the foregoing, the marriage of the two is a positive force beyond calculation.

Geoff roberts

Geoff Roberts

[email protected]

Tel: +61 2 4228 6213

Reflex – PC Guardian – SecuriKey – Trust Digital – Zondex

  • Login