SlideShare una empresa de Scribd logo

Template to Pitch Security Programs to CxO MGT

P
pangel4

A template to use for Presenting ('selling') a Security Program (strategy) to CxO Management. Ref - Security Program to CxO MGT_2013_July30v2

Tecnología
1 de 8
Descargar para leer sin conexión
Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
 What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
 What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
 What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
 Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
 Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐

Recomendados

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboardsteve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Propositionnycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales PlaybookPeter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECCSECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guideTony Hague
 

Recomendados

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboardsteve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Propositionnycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales PlaybookPeter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECCSECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guideTony Hague
 
CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCorporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psTristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software SalesJohn Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationRamkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMProduct School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to ExecutionAlithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - WebinarGramener
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015Alessandro Braga
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015Alessandro Braga
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfScryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01laboratoridalbasso
 
6 Sigma
6 Sigma6 Sigma
6 Sigmaalexjoseph813
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business ArchitectureEnterprise Architects
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&ASecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Más contenido relacionado

Similar a Template to Pitch Security Programs to CxO MGT

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCorporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psTristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software SalesJohn Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationRamkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMProduct School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to ExecutionAlithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - WebinarGramener
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfScryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01laboratoridalbasso
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&ASecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 

Similar a Template to Pitch Security Programs to CxO MGT (20)

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architecture
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv ps
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software Sales
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email Processing
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organization
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PM
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to Execution
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Sys
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdf
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01
 
6 Sigma
6 Sigma6 Sigma
6 Sigma
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business Architecture
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&A
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Template to Pitch Security Programs to CxO MGT

  • 1. Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
  • 2.  What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
  • 3.  What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
  • 4.  What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
  • 5.  Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
  • 6.  Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
  • 7. Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
  • 8. About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐