Scribd
Upload
125 views28 pages

Understanding Security Management

Uploaded by

Remi Abo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
125 views28 pages

Understanding Security Management

Uploaded by

Remi Abo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Security Management

UNDERSTANDING SECURITY CONCEPTS

Kevin Henry
CISSP-ISSAP, CISM CISA GSEC
kevinmhenry@[Link]
Security
In our minds is often:

Safety
Assurance
Protection of assets
CIA
Security
To Users may be:

Guards Passwords Hindrance to getting


the job done

Annoyance Useless
Security
To Managers may be:

Cost Unnecessary

Liability Ineffective
We Need to Overcome This Lack of
Understanding

Learning A business Strategic Effective


function- woven
into the business
Our Role as Security Managers

Management Basic Knowledge Understand the


Perspective Business
The Information Security Triad

Meaningful terms to define security


- Confidentiality
- Integrity
- Availability
Confidentiality

Protect sensitive data Privacy and secrecy

Prevent unauthorized
Create confidence
disclosure
Integrity

Protect sensitive data and Integrity of data and of


systems process

Maintain and operate with Prevent unauthorized


accuracy modification
Availability

Protect critical data and Ensure that critical data is


systems accessible when required

Ensure adequate reliability,


Prevent destruction
resilience, robustness
The first challenge the Security Manager has
to overcome is the misconceptions of the
value and role of security in the
organization:
Key Points - Training and awareness
- Relevance to business goals
Review - Defining security in meaningful ways
• Confidentiality
• Integrity
• Availability
Alignment with Business Mission
Security Is More than Technology

Management/ Physical/
Technical/Logical
Administrative Environmental
The Core The right people, using the right tools in the
Concept right way
The normal effect of security
The proper effect of security
Strategic Goal of Security

The natural approach to security is tactical


and operational
- It needs to be strategic
- Where is the business going
• Facilitate future growth and adoption
of technology
Security Must Have a Strategy

Plan Program Projects Tasks


The Security Manager Must Develop

Budget Team Metrics Reporting


The Ultimate Goal of a Security Program Must
Be:
to gain Senior Management support

To justify the expense To maintain that support

To ensure compliance with


To demonstrate value regulations and business goals
and mission
The Security Manager has to demonstrate
value to the organization
Key Points - Strategic planning
Review - Measureable results
- Project management
Building a Security Program
Security Changes:

New technologies New risk New regulations

New threats and People change


vulnerabilities jobs
Building a Security Program

Based on the security strategy


- Budget
• Cost/benefit analysis
• Deliverables
Building a Security Program
Cont.

Based on the security strategy


- Team members
• Skills/qualifications
§ Technical
§ Managerial
§ Leadership
§ Business
§ Investigative
§ Analytical
Building a Security Program
Cont.
Gap analysis

Build a roadmap to
Know visionary make incremental
Know current state
state steps towards the
visionary state
State
The condition an entity is in at a point in time
The Security Manager has to build a security
program that has a clear vison and a realistic
understanding of the current environment
Key Points The security program is made up of several
Review elements and each is important:
- Budget
- People
- Tools

You might also like