Strategy: If you don’t know where you’re going, you’ll never get there - PowerPoint Presentation

Slide1

Strategy: If you don’t know where you’re going, you’ll never get there

Don Welch, Ph.D.

CISO

Slide2

Slide3

Agenda

Introduction

Risk

Strategy Basics

IT and Business StrategyStrategic AnalysisDesign FrameworkCommunicating the Strategy

Slide4

Introduction

Slide5

Why listen to me?

Slide6

Cyber Security Environment

Slide7

Slide8

Slide9

Foreign Intelligence

Slide10

Criminals

Slide11

Hacktivists

Slide12

C-Level Leaders

Slide13

Risk

Slide14

Slide15

Slide16

Strategy 101

Slide17

Strategy: DefinitionHigh level plan to achieve one or more goals under conditions of uncertainty

WikiPedia

Slide18

Strategy: DefinitionsA pattern in a stream of decisions

Henry

Mintzberg

, McGill University

Slide19

Strategy: DefinitionsPlanning and marshalling resources for their most efficient and effective use

Business Dictionary

Slide20

Strategy: DefinitionsPlan to achieve long-term goals

Guide for decisions at all levels

Efficient and effective resource allocation

Slide21

Slide22

Slide23

Asymmetry and Adversaries

Slide24

Slide25

Strategic Environment Analysis

Asset

Impact

Attacker

Payoff

Capability

Threat

Slide26

Slide27

Constraints

Funding

Regulations and Laws

Staff Time and Talent

Business OverheadPolitical CapitalAccountability

Calendar Time

Slide28

Slide29

Slide30

Coverage Matrix

People

Process

Technology

Identify

Protect

Detect

Respond

Recover

Slide31

Example Nested Matrix

Detect/Technology

Near Real-Time

Post Compromise

Network

Payload

Endpoint

Slide32

Example Nested Matrix

Protect/People

Users

IT Staff

Security

Mandatory

Optional

Slide33

Slide34

Written Plan

One Pager

< 10 Pages

Full Document

Slide35

Slide36

Slide37

Slide38

Slide39

Slide40

Information Security Strategy

Low

Moderate

High

High + (Restricted)

Identify

Protect

Watch

Respond

Recover

Slide41

Slide42