slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Assurance Services PowerPoint Presentation
Download Presentation
Information Assurance Services

Loading in 2 Seconds...

play fullscreen
1 / 28

Information Assurance Services - PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Assurance Services' - velvet


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2

Seccuris is Canada’s premier Information Assurance integrator. We enable organizations to achieve business goals through effective management of information risk.We are agile, innovative, flexible, and responsive. We assist your organization in managing all aspects of information risk. We specialize in end-to-end services, comprehensive solutions, and tailored programs.

slide3

Information Assurance Services

    • Information Security Consulting, Security Architecture, PCI, Vulnerability Assessment, Penetration Testing, Information Security Audit…
  • Managed Security Services
    • Managed Threat Monitoring Services, Managed Vulnerability Assessment…
  • Training and Education
    • SABSA Certification, TOGAF, Information Security Core Fundamentals…
  • Research and Development
slide4

Selling Security

Presented by Leo Thrush

slide5

Agenda

Introduction

What is the problem?

Find the decision maker

So many personality types

Problem solving

Being the expert

However, this is a discussion…

Please ask questions as they come to mind.

slide6

Introduction

Leo Thrush

PhD Candidate, MBA, Masters in Strategic Resourcing, CISSP, PMP, ISSEP, ISSMP, CBCP, SCF, GCSC, CISM, CAP, NSA-AO

  • Managing Security Consultant, Seccuris
  • Professor, University of Fairfax
  • Previous roles:
    • Chief Instructor, (ISC)2
    • White House IT Security Advisor
    • Senior IT Security Advisor, Pentagon
    • NSA/CIA Senior Security Architect
  • Focus on management consulting, enterprise architecture, IT strategy, IT service management, and teaching
  • Relevant Certifications:
    • SABSA Security Architect
    • Information System Security Engineer
slide7

The Problem

How do I sell securityto the boss?

…and get them to support and fund it?

slide8

Start with Applied Psychology

c. 590 BC Ezekiel's four living creatures:lion (bold), ox (sturdy), man (humane), eagle (far-seeing)

c. 340 BC Plato's four characters:artistic (iconic), sensible (pistic), intuitive (noetic), reasoning (dianoetic)

c. 325 BC Aristotle's four sources of happiness: sensual (hedone), material (propraietari), ethical (ethikos), logical (dialogike)

c. 1958 Myers‘ Jungian types:SP (sensing perceiving), SJ (sensing judging), NF (intuitive feeling),NT (intuitive thinking)

slide9

Myers-Briggs Type Indicator

  • Favorite world: Do you prefer to focus on the outer world or on your own inner world? This is called Extraversion (E) or Introversion (I).
  • Information: Do you prefer to focus on the basic information you take in or do you prefer to interpret and add meaning? This is called Sensing (S) or Intuition (N).
  • Decisions: When making decisions, do you prefer to first look at logic and consistency or first look at the people and special circumstances? This is called Thinking (T) or Feeling (F).
  • Structure: In dealing with the outside world, do you prefer to get things decided or do you prefer to stay open to new information and options? This is called Judging (J) or Perceiving (P).
slide11

The Decision Maker

  • Who is the decision maker?
    • Your boss?
    • Your boss’s boss?
    • Someone else?
  • Brief your way to the right person—no shortcuts
  • Staff work is critical
slide12

The Decision Maker’s Personality Type

  • ISTJ: Serious and quiet, interested in security and peaceful living
  • ESTJ: Quiet and reserved, interested in how and why things work
  • ISFJ: Usually put the needs of others above their own needs
  • ESTP:Doers who are focused on immediate results
slide13

The Decision Maker’s Personality Type

  • Risk takers: Early adopters, easy to motivate once convinced
  • Risk adverse: Doing this brings risk, not doing it brings risk… Is the difference worth the resources?
  • Many ways to categorize, and none are perfect; everyone is an individual. However…
slide14

The Decision Maker’s Personality Type

  • Temperament gives insight to their decision-making:
  • NT and SJ individuals tend to be more linear and serial, more structured, more rational and analytical, and more goal-oriented in their approach to problem solving
  • NF and SP individuals demonstrate a preference for an approach that is more holistic and parallel, more emotional and intuitive, more creative, more visual, and more tactual/kinesthetic
slide15

Temperament Based Techniques

  • NT and SJ
    • Analysis
    • Backwards planning
    • Categorizing/classifying
    • Challenging assumptions
    • Evaluating/judging
    • NF and SP
    • Brainstorming
    • Imaging/visualization
    • Incubation
    • Outcome psychodrama
    • Outrageous provocation
    • Synthesizing
slide16

The Problem Solving Process

  • The Input Phase: Gain a clearer understanding of the problem or situation
  • The Processing Phase: Develop, evaluate, and select alternatives and solutions that can solve the problem
  • The Output Phase: Develop plan and implement solution
  • The Review Phase: Evaluate implementation of the solution; this should be an ongoing process
slide17

Case Study

  • The Input Phase: Security of Wireless Devices
    • NT and SJ:
      • Analysis: How many?
      • Backwards planning: If we want to implement this solution in January, when must I make the decision?
      • Categorizing: Big risk not a big risk
      • Challenging assumptions: How do we know it is a problem?
slide18

Case Study

  • The Input Phase: Security of Wireless Devices
    • NT and SJ:
      • Brainstorming: What do each of you think is the cause?
      • Imaging/visualization: Show me how this happens
      • Incubation: Let me think about this
      • Outrageous provocation: Only stupid people lose devices
slide19

What is the Motivation?

  • Achievement of goals
  • Promotion (power, money, title, parking…)
  • Personal Recognition
  • Company/Team/Department Recognition
  • Avoidance of pain
slide20

Experience in IT/IT Security

  • Been there, done that or new to field
  • Leader or manager
  • Techie or …
  • Position in organization
  • Authority and budget
slide21

Maturity (not Age)

  • Closely linked to previous considerations
  • Confidence in personal decision making
    • Experience
    • Frequency
    • Level of difficulty and responsibility of previous decisions
  • Confidence in recommendation and who is making it
slide22

You are the Expert

  • What is of the very most importance to the business?
  • Short-term versus long-term
  • If you were the boss, what would you do?
  • If you had one dollar, what would you do with it?
  • Facts versus assumptions—how do you know?
slide23

Solve the Boss’s Problems

  • IF the boss does what you want, then what are the issues for the boss?
    • Money
    • Politics
    • Timing
    • Personalities
    • Program management
    • Legal
slide24

Solve the Boss’s Problems

  • Speak my language
  • Know my problems
  • Provide solutions to MY problems
slide25

The Boss Cares…

  • If the boss didn’t care, you would be working somewhere else
  • You would not have the boss’s time
  • It’s not personal
  • Don’t become emotional
  • “Don’t become so attached to your position that if it falters your ego goes with it”
  • General Colin Powell, U.S. Army
slide26

Summary: The Answer to the Question

  • Work your way to the correct decision maker
  • Learn as much as you can about them, and use that to select the best strategies and tactics
  • Be the expert and be ready to prove it
  • Know the alternatives and why they are not better than your recommendation
  • Work the roadblocks before the briefing
  • Don’t let the decision maker say “No”
  • Use formal change management strategy and tactics
slide27

References

  • Adickes, E. (1907). Character und weltanschauung. Tubingen.
  • Huitt, W. (1992). Problem solving and decision making: Consideration of individual differences using the Myers-Briggs Type Indicator. Journal of Psychological Type, 24, 33-44.
  • Lawrence, G. (1984). A synthesis of learning style research involving the MBTI. Journal of Psychological Type, 8, 2-15.
  • Whimbey, A., & Lochhead, J. (1982). Problem solving and comprehension (3rd ed.). Philadelphia: Franklin Institute Press.
  • Wonder, J., & Donovan, P. (1984). Whole-brain thinking: Working from both sides of the brain to achieve peak job performance. New York: Ballantine Books.
  • Woods, D. (1987). How might I teach problem solving. In J. Stice (Ed.), Developing critical thinking and problem-solving abilities (pp. 55-72). San Francisco: Jossey-Bass.
slide28
Thank You.

Leo Thrush

lthrush@seccuris.com

Seccuris Inc.

704-10 Kingsbridge Garden Circle

Mississauga, ON

L5R 3K6

(905) 361-3273