Don Welch PhD CISO Agenda Introduction Risk Strategy Basics IT and Business Strategy Strategic Analysis Design Framework Communicating the Strategy Introduction Why listen to me Cyber Security Environment ID: 781708
Download The PPT/PDF document "Strategy: If you don’t know where youâ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Strategy: If you don’t know where you’re going, you’ll never get there
Don Welch, Ph.D.
CISO
Slide2Slide3Agenda
Introduction
Risk
Strategy Basics
IT and Business StrategyStrategic AnalysisDesign FrameworkCommunicating the Strategy
Slide4Introduction
Slide5Why listen to me?
Slide6Cyber Security Environment
Slide7Slide8Slide9Foreign Intelligence
Slide10Criminals
Slide11Hacktivists
Slide12C-Level Leaders
Slide13Risk
Slide14Slide15Slide16Strategy 101
Slide17Strategy: DefinitionHigh level plan to achieve one or more goals under conditions of uncertainty
WikiPedia
Slide18Strategy: DefinitionsA pattern in a stream of decisions
Henry
Mintzberg
, McGill University
Slide19Strategy: DefinitionsPlanning and marshalling resources for their most efficient and effective use
Business Dictionary
Slide20Strategy: DefinitionsPlan to achieve long-term goals
Guide for decisions at all levels
Efficient and effective resource allocation
Slide21Slide22Slide23Asymmetry and Adversaries
Slide24Slide25Strategic Environment Analysis
Asset
Impact
Attacker
Payoff
Capability
Threat
Slide26Slide27Constraints
Funding
Regulations and Laws
Staff Time and Talent
Business OverheadPolitical CapitalAccountability
Calendar Time
Slide28Slide29Slide30Coverage Matrix
People
Process
Technology
Identify
Protect
Detect
Respond
Recover
Slide31Example Nested Matrix
Detect/Technology
Near Real-Time
Post Compromise
Network
Payload
Endpoint
Slide32Example Nested Matrix
Protect/People
Users
IT Staff
Security
Mandatory
Optional
Slide33Slide34Written Plan
One Pager
< 10 Pages
Full Document
Slide35Slide36Slide37Slide38Slide39Slide40Information Security Strategy
Low
Moderate
High
High + (Restricted)
Identify
Protect
Watch
Respond
Recover
Slide41Slide42