janus associates n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
JANUS Associates PowerPoint Presentation
Download Presentation
JANUS Associates

Loading in 2 Seconds...

play fullscreen
1 / 23

JANUS Associates - PowerPoint PPT Presentation


  • 84 Views
  • Uploaded on

JANUS Associates. Information Security Governance (A Comprehensive Approach to Information Security). Presented by: Patricia A. P. Fisher, CEO. What is the State of Information Security Today?. Phishing breaches were 4 times higher in 2012 than in 2011

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'JANUS Associates' - yepa


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
janus associates

JANUS Associates

Information Security Governance

(A Comprehensive Approach to Information Security)

Presented by: Patricia A. P. Fisher, CEO

slide2

What is the State of

Information Security Today?

  • Phishing breaches were 4 times higher in 2012 than in 2011
  • Cost of breaches has increased from $214 to $222 per breach
  • Cyberattacks – 102 successful attacks per week, compared to 72 in 2011, 50 in 2010 (RSA)
  • By January 2013, cyber crime had grown to 46% of all attacks (Hackmageddon.com)
  • Symantec reports that over $114bn in cash losses was reported worldwide
slide3

National Information Security Governance

  • What is information security governance?
    • Leadership
    • Framework established to ensure that all the security elements put in place to protect your data environment work efficiently, accomplish what is intended, and do so cost effectively
    • Processes to carry out what is intended by the leadership‘
  • Why is it important?
    • Provides a framework for secure business operations in an interconnected world
    • Ensures the Country’s security resources are well spent
slide4

National Information Security Governance

  • Why is it important?
    • Provides ability to conduct secure business operations in an interconnected world
    • Ensures the Country’s security resources are well spent
    • Gains international respect
slide5

National Information Security Governance

  • What does it need to include?
    • Alignment with the information security strategy of the Nation
    • Management of risks
    • Efficient and effective management
    • Verification of results
slide6

National Information Security Governance

  • What benefits can be gained from a security governance program?
    • International recognition
    • Fewer breaches to deal with/increased efficiency
    • More effective use of resources
slide7

Governance Model

Organizational Governance

Security Governance

IT Governance

Financial Governance

  • Policies
  • &
  • Procedures

Verification

Reporting

slide8

Who Does What In Governance?

Governance Responsibility

Country Government Level

Organization

Strategy

Risk Management

Ministry A

Ministry B

Policies

Function

Function

Function

Procedures

……...Departments……..

slide9

Existing Problems

  • Governments are often working at the tactical level without a strategic framework
  • Examples:
    • Security tools
    • Incident response
  • Lack of regular feedback to executive management
  • Examples:
    • Ad hoc testing occurs without a pre-defined structure
    • Few requirements for action plans to provide solutions
slide10

Security of Operations

Stove-pipe management

Ministry of

Finance

Ministry of

Agriculture

Ministry of

Education

Ministry for Resources

slide11

Make Security Strategic

Stove-pipe management leads to gaps

GAP

GAP

GAP

Ministry of

Finance

Ministry of

Agriculture

Ministry of

Education

Ministry for Resources

slide12

A Holistic Approach to Governance

Ministry of

Finance

Ministry of

Agriculture

Ministry of

Education

Ministry for Resources

Security

Risk Management

slide13

Governance Implementation

  • The Role of Government Executive Management - Strategic
  • Commit To Holistic Security Excellence
    • Set a common vision
    • Establish principles to guide the program

Security

slide14

Governance Implementation

  • The Role of Ministry Executive Management - Strategic
  • Commit To a Program
    • Create the security program plan
    • Apply the necessary resources
  • Manage Change
    • Drive transformation through organization
  • Measure Success
    • Internal testing and measurement
    • Audit improvement

Security

slide15

Governance Implementation

  • Governance Requirements
  • Centralized leadership
  • Scalability and agility
  • Comprehensive planning
  • Management of risk
  • Continuous improvement in quality
slide16

Best Practices Security Governance

Approve

Define

Interpret

Implement

slide17

Tiered Security Process

Ministry Management

Drive the Program

Risks

Audit Results

Vulnerability Assessments

Continuous Monitoring

Security Awareness

Policies

Guidelines

Standards

Feedback

Page 12

slide18

Likelihood X Impact = RISK

Drive to the left

Page 14

slide19

Risk Management

Plan

Risk Analysis

Audits

DO

Plan of Action and Milestones

Act

Revise Policy & Program

Redirect Risk Analysis

Check

Continuous Monitoring

“After-Action” Reports

Page 16

slide20

Vendor Risk Management

  • Risk Can Not Be Outsourced
    • Boundaries of ownership for security controls must be crystal clear
    • Continuous security monitoring and reporting back
    • Integration of incident response between the vendor and your organizations

Page 17

slide21

The Role of Executives

  • Set Example:
    • “Tone from the Top”
    • Role Model Accountability
  • Set Expectations:
    • Security expectations must be explicit in vendor agreements
  • Establish Oversight:
    • Vendors should submit to independent security assessments and audits

Page 17

slide22

Information Security Measures

of Performance

  • Program is Effective
      • Investment reduces the number of findings in audit reports
      • Success rate in closing items in the Plan of Action and Milestones
      • Impacts from security incidents trend lower
  • Policies Are Followed and Effective
    • Procedures should generate evidence of performance
    • Continuous monitoring: antivirus, intrusion detection
    • Vulnerability assessments
    • After action reports on disaster recovery, incident response

Page 18

slide23

In Summary

  • Security Governance
  • Set information security vision – Country level
  • Establish strategy – Ministry level
  • Bring in experienced employees/advisors
  • Drive the vision
  • Verify
  • Improve security and lower levels of risk
  • Become best in class to improve
  • quality, lower costs