SlideShare una empresa de Scribd logo

Developing an Information Security Program

Descargar como PPT, PDF
S
Shauna_Cox

2011 BDPA Conference Presentation

1 de 39
2011 National BDPA Technology Conference Developing an Information Security Program Shauna Cox August 3 – 6, 2011 Chicago, IL
Presentation Objectives ,[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Reality ,[object Object],A Security Professional must be successful every time.
Why is an Information Security Program Needed? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Technology & Business Cycle Changes ,[object Object],[object Object],[object Object],[object Object]
Regulatory Requirements ,[object Object],[object Object],[object Object],[object Object],[object Object]
Potential Threats ,[object Object],[object Object],[object Object],[object Object]
Sophistication of Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object]
Strategic Necessity ,[object Object],[object Object]
Myth ,[object Object],[object Object]
Information Security Principles
People, Places & Things ,[object Object],[object Object],[object Object]
Roles & Responsibilities ,[object Object],[object Object],[object Object],[object Object]
Information Security Function ,[object Object],[object Object],[object Object]
Executive Management ,[object Object],[object Object],[object Object]
Management ,[object Object],[object Object],[object Object],[object Object]
Users ,[object Object],[object Object],[object Object],[object Object]
Scope of Authority & Need
Tools & Techniques ,[object Object],[object Object],[object Object]
Information Security Program Components ,[object Object],[object Object],[object Object],[object Object],[object Object]
Executive Commitment ,[object Object],[object Object],[object Object]
Policies & Procedures ,[object Object],[object Object],[object Object],[object Object],[object Object]
Metrics ,[object Object],[object Object],[object Object],[object Object],[object Object]
Governance Structure ,[object Object],[object Object]
Awareness Training ,[object Object],How?
Methodologies / Standards ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ISO 17799 Domains ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Program Development Process
Program Development Process ,[object Object],[object Object],[object Object],[object Object],Source: All-In-One CISSP Exam Guide, 4 th Edition, by Shon Harris
Plan & Organize ,[object Object],[object Object],[object Object],[object Object]
Implement ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Operate & Maintain ,[object Object],[object Object],[object Object]
Monitor & Evaluate ,[object Object],[object Object],[object Object]
A Day in the Life Conduct Self- Assessments Respond to Audits Train & Educate Provide Expertise Monitor Systems Manage Projects Track Compliance Gauge SLA Adherence
Game Changers ,[object Object],[object Object],[object Object]
Resources ,[object Object],[object Object],[object Object],[object Object]
Questions
Contact Information ,[object Object],[object Object]

Recomendados

Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 

Recomendados

Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityGamentortc
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Mukesh Chinta
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101Donald E. Hester
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy FrameworksAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 

Más contenido relacionado

La actualidad más candente

Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityGamentortc
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Mukesh Chinta
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 

La actualidad más candente (20)

Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Security policy
Security policySecurity policy
Security policy
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
information security management
information security managementinformation security management
information security management
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
 

Similar a Developing an Information Security Program

D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfpriyanshamadhwal2
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
Information Security Framework
Information Security FrameworkInformation Security Framework
Information Security Frameworkssuser65fa31
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docxoswald1horne84988
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.pptHasnolAhmad2
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need LR_Yanus
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 

Similar a Developing an Information Security Program (20)

D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
 
Information Security Framework
Information Security FrameworkInformation Security Framework
Information Security Framework
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptx
 

Developing an Information Security Program