SlideShare una empresa de Scribd logo

Building a Scorecard to Evaluate Security Management Frameworks

Descargar como PPT, PDF
Michael Smith
Michael Smith

This document proposes building a scorecard for evaluating security management and control frameworks. It discusses issues with existing frameworks becoming checklists over time and proposes a rational way to judge frameworks based on factors like efficacy, completeness, robustness, and cost for organizations of different sizes. The document shares initial reactions to frameworks like ISO 27002 and PCI-DSS. It aims to prioritize effort, allow split-horizon assessment/audit, and end "Legislation Amateur Hour" through conscious design of security frameworks. The author questions if they have proposed something better for governance, risk, and compliance (GRC) or gone too far.

Tecnología
1 de 13
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management and Control Frameworks ,[object Object],[object Object],Meta-Metrics: Building a Scorecard for the Evaluation of Security Management and Control Frameworks
Laws, Sausages, and Frameworks? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Part Where Mike Gets Meta ,[object Object],[object Object],[object Object],[object Object]
Framework Scorecard $$$$$ Small, Medium, Large Organizations
Framework Scorecard $$$$$ Small, Medium, Large Organizations Efficacy Tactical/Technical Patch and Vulnerability
Framework Scorecard $$$$$ Small, Medium, Large Organizations Efficacy Tactical/Technical Patch and Vulnerability Completeness Sustainable Program
Framework Scorecard $$$$$ Small, Medium, Large Organizations Efficacy Tactical/Technical Patch and Vulnerability Completeness Sustainable Program ?Robustness? Shelfware-Resistance Low-Maintenance Atomicity v/s Dependence
SWAG Reactions: ISO 27002 $$ Reasonably large Some Guidelines Reasonably Complete OK Robust, some audit burden and rework
SWAG Reactions: PCI-DSS Relatively Small Mostly Tactical Bollocks for Sustainable Has “Policy” Robustness as a function of small size
SWAG Reactions: NIST RMF Much Cost Prescribed but not the focus due to abstraction The Whole Hawg of Completeness Horribly fragile, this adds significantly to the cost
Uses ,[object Object],[object Object],[object Object],[object Object],[object Object]
OMG What Have I done? ,[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],16

Recomendados

Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeVeracode
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 
Decluttering Health & Safety
Decluttering Health & SafetyDecluttering Health & Safety
Decluttering Health & SafetyAustralian Institute of Health & Safety
 
Stop the Blame, Find the Cause
Stop the Blame, Find the CauseStop the Blame, Find the Cause
Stop the Blame, Find the CauseMedgate Inc.
 
Is Your Safety Inbox a Black Hole?
Is Your Safety Inbox a Black Hole?Is Your Safety Inbox a Black Hole?
Is Your Safety Inbox a Black Hole?November Research Group
 
Ron perris compliance-v-security - atlseccon2011
Ron perris compliance-v-security - atlseccon2011Ron perris compliance-v-security - atlseccon2011
Ron perris compliance-v-security - atlseccon2011Atlantic Security Conference
 
Using PRIMO Mobile to Collect Adverse Events in the Field
Using PRIMO Mobile to Collect Adverse Events in the FieldUsing PRIMO Mobile to Collect Adverse Events in the Field
Using PRIMO Mobile to Collect Adverse Events in the FieldNovember Research Group
 

Recomendados

Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeVeracode
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 
Decluttering Health & Safety
Decluttering Health & SafetyDecluttering Health & Safety
Decluttering Health & SafetyAustralian Institute of Health & Safety
 
Stop the Blame, Find the Cause
Stop the Blame, Find the CauseStop the Blame, Find the Cause
Stop the Blame, Find the CauseMedgate Inc.
 
Is Your Safety Inbox a Black Hole?
Is Your Safety Inbox a Black Hole?Is Your Safety Inbox a Black Hole?
Is Your Safety Inbox a Black Hole?November Research Group
 
Ron perris compliance-v-security - atlseccon2011
Ron perris compliance-v-security - atlseccon2011Ron perris compliance-v-security - atlseccon2011
Ron perris compliance-v-security - atlseccon2011Atlantic Security Conference
 
Using PRIMO Mobile to Collect Adverse Events in the Field
Using PRIMO Mobile to Collect Adverse Events in the FieldUsing PRIMO Mobile to Collect Adverse Events in the Field
Using PRIMO Mobile to Collect Adverse Events in the FieldNovember Research Group
 
NCET Tech
NCET Tech NCET Tech
NCET Tech Archersan
 
Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessRi cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessMeg Weber
 
Cyber-attacks
Cyber-attacksCyber-attacks
Cyber-attacksThe Economist Media Businesses
 
PERUMIN 31: Bow-tie Risk Analysis
PERUMIN 31: Bow-tie Risk AnalysisPERUMIN 31: Bow-tie Risk Analysis
PERUMIN 31: Bow-tie Risk AnalysisPERUMIN - Convención Minera
 
CV-SMB-infographic-small
CV-SMB-infographic-smallCV-SMB-infographic-small
CV-SMB-infographic-smallJeff Geissler
 
FEI Brisbane Lunch: Cybersecurity and the CFO
FEI Brisbane Lunch: Cybersecurity and the CFOFEI Brisbane Lunch: Cybersecurity and the CFO
FEI Brisbane Lunch: Cybersecurity and the CFOKate Mills
 
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...Lean Startup Co.
 
CMGT 582 Entire Course NEW
CMGT 582 Entire Course NEWCMGT 582 Entire Course NEW
CMGT 582 Entire Course NEWshyamuopuop
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017zapp0
 
Best Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System ReplacementBest Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System ReplacementEdgewater
 
Rapid Threat Modeling Techniques
Rapid Threat Modeling TechniquesRapid Threat Modeling Techniques
Rapid Threat Modeling TechniquesPriyanka Aash
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamJohn D. Johnson
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
High lntegrity Services
High lntegrity ServicesHigh lntegrity Services
High lntegrity Servicesianthm
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010prevalentnetworks
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessmentpchronis
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
Value Stories - 3rd issue - April 2019
Value Stories - 3rd issue - April 2019Value Stories - 3rd issue - April 2019
Value Stories - 3rd issue - April 2019Redington Value Distribution
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 

Más contenido relacionado

La actualidad más candente

Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessRi cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessMeg Weber
 
CV-SMB-infographic-small
CV-SMB-infographic-smallCV-SMB-infographic-small
CV-SMB-infographic-smallJeff Geissler
 
FEI Brisbane Lunch: Cybersecurity and the CFO
FEI Brisbane Lunch: Cybersecurity and the CFOFEI Brisbane Lunch: Cybersecurity and the CFO
FEI Brisbane Lunch: Cybersecurity and the CFOKate Mills
 
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...Lean Startup Co.
 

La actualidad más candente (7)

NCET Tech
NCET Tech NCET Tech
NCET Tech
 
Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessRi cyber-security-for-your-small-business
Ri cyber-security-for-your-small-business
 
Cyber-attacks
Cyber-attacksCyber-attacks
Cyber-attacks
 
PERUMIN 31: Bow-tie Risk Analysis
PERUMIN 31: Bow-tie Risk AnalysisPERUMIN 31: Bow-tie Risk Analysis
PERUMIN 31: Bow-tie Risk Analysis
 
CV-SMB-infographic-small
CV-SMB-infographic-smallCV-SMB-infographic-small
CV-SMB-infographic-small
 
FEI Brisbane Lunch: Cybersecurity and the CFO
FEI Brisbane Lunch: Cybersecurity and the CFOFEI Brisbane Lunch: Cybersecurity and the CFO
FEI Brisbane Lunch: Cybersecurity and the CFO
 
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...
Balance Compliance and Experimentation by Joanne Molesky - The Lean Startup C...
 

Similar a Building a Scorecard to Evaluate Security Management Frameworks

CMGT 582 Entire Course NEW
CMGT 582 Entire Course NEWCMGT 582 Entire Course NEW
CMGT 582 Entire Course NEWshyamuopuop
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017zapp0
 
Best Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System ReplacementBest Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System ReplacementEdgewater
 
Rapid Threat Modeling Techniques
Rapid Threat Modeling TechniquesRapid Threat Modeling Techniques
Rapid Threat Modeling TechniquesPriyanka Aash
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamJohn D. Johnson
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
High lntegrity Services
High lntegrity ServicesHigh lntegrity Services
High lntegrity Servicesianthm
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010prevalentnetworks
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessmentpchronis
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Business Mashups, or Mashup Business?
Business Mashups, or Mashup Business?Business Mashups, or Mashup Business?
Business Mashups, or Mashup Business?guestc65425
 
Missing the Iceberg – avoiding project failure through killing or redefining ...
Missing the Iceberg – avoiding project failure through killing or redefining ...Missing the Iceberg – avoiding project failure through killing or redefining ...
Missing the Iceberg – avoiding project failure through killing or redefining ...Association for Project Management
 
ALM and DevOps in the health industry
ALM and DevOps in the health industryALM and DevOps in the health industry
ALM and DevOps in the health industryAgile Partner S.A.
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 

Similar a Building a Scorecard to Evaluate Security Management Frameworks (20)

CMGT 582 Entire Course NEW
CMGT 582 Entire Course NEWCMGT 582 Entire Course NEW
CMGT 582 Entire Course NEW
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
 
Best Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System ReplacementBest Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System Replacement
 
Rapid Threat Modeling Techniques
Rapid Threat Modeling TechniquesRapid Threat Modeling Techniques
Rapid Threat Modeling Techniques
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive Team
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
High lntegrity Services
High lntegrity ServicesHigh lntegrity Services
High lntegrity Services
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessment
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
Value Stories - 3rd issue - April 2019
Value Stories - 3rd issue - April 2019Value Stories - 3rd issue - April 2019
Value Stories - 3rd issue - April 2019
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Business Mashups, or Mashup Business?
Business Mashups, or Mashup Business?Business Mashups, or Mashup Business?
Business Mashups, or Mashup Business?
 
Missing the Iceberg – avoiding project failure through killing or redefining ...
Missing the Iceberg – avoiding project failure through killing or redefining ...Missing the Iceberg – avoiding project failure through killing or redefining ...
Missing the Iceberg – avoiding project failure through killing or redefining ...
 
ALM and DevOps in the health industry
ALM and DevOps in the health industryALM and DevOps in the health industry
ALM and DevOps in the health industry
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 

Más de Michael Smith

Building A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentBuilding A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentMichael Smith
 
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09Michael Smith
 
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application SecuritySecurity Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application SecurityMichael Smith
 
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation DecisionThe Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation DecisionMichael Smith
 
Why Care About Government Security
Why Care About Government SecurityWhy Care About Government Security
Why Care About Government SecurityMichael Smith
 

Más de Michael Smith (8)

Barcodes
BarcodesBarcodes
Barcodes
 
Building A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentBuilding A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and Government
 
Dojo Con 09
Dojo Con 09Dojo Con 09
Dojo Con 09
 
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
 
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application SecuritySecurity Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
 
The Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation DecisionThe Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
 
Backtrack 3 USB
Backtrack 3 USBBacktrack 3 USB
Backtrack 3 USB
 
Why Care About Government Security
Why Care About Government SecurityWhy Care About Government Security
Why Care About Government Security
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Building a Scorecard to Evaluate Security Management Frameworks

  • 1.
  • 2.
  • 3.
  • 4. Framework Scorecard $$$$$ Small, Medium, Large Organizations
  • 5. Framework Scorecard $$$$$ Small, Medium, Large Organizations Efficacy Tactical/Technical Patch and Vulnerability
  • 6. Framework Scorecard $$$$$ Small, Medium, Large Organizations Efficacy Tactical/Technical Patch and Vulnerability Completeness Sustainable Program
  • 7. Framework Scorecard $$$$$ Small, Medium, Large Organizations Efficacy Tactical/Technical Patch and Vulnerability Completeness Sustainable Program ?Robustness? Shelfware-Resistance Low-Maintenance Atomicity v/s Dependence
  • 8. SWAG Reactions: ISO 27002 $$ Reasonably large Some Guidelines Reasonably Complete OK Robust, some audit burden and rework
  • 9. SWAG Reactions: PCI-DSS Relatively Small Mostly Tactical Bollocks for Sustainable Has “Policy” Robustness as a function of small size
  • 10. SWAG Reactions: NIST RMF Much Cost Prescribed but not the focus due to abstraction The Whole Hawg of Completeness Horribly fragile, this adds significantly to the cost
  • 11.
  • 12.
  • 13.

Notas del editor

  1. If you would like us to speak for your event or group, please ask. If you would like to learn more and to keep up-to-date on groundbreaking Government security news, subscribe to the guerilla-ciso blog feed. Presentation released under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License. More information available at http://creativecommons.org/licenses/by-nc-sa/3.0/