practical insights in the day-to-day routine of an information security officer

How to be realistic about information security and don’t stress out.

Practical tips that will help any organization.

Practical insights in the

day-to-day routine of an

information security officer

Douwe Pieter van den Bos

• Risk Appetite

• Maturity

• Risk Analysis

• Secure Software Development

• Project Management

• Security Advise

• Security Testing

• Security Audits

• Red-teaming

• Risk Management

• Improvement Planning

Information Security Management

Information Security in a fast moving world

Gaining threads

Legislation

Privacy concerns

Customer awareness

Information Security is

becoming a larger issue

for all organizations,

including Oracle

customers.

Risk Maturity

Ad Hoc Opportunistic Systematic Managed Optimized

Be realistic Plan

Risk Appetite Plan

Risk Analysis

Confidentiality

Integrity

Availability

pliance

Report

Risk Classification Plan

Risk ClassificationImpact

Chance

Secure Software Development

Best Practices

https://www.ncsc.nl/dienstverlening/expertise-

advies/kennisdeling/whitepapers/ict-beveiligingsrichtlijnen-voor-

webapplicaties.html

http://www.oracle.com/technetwork/topics/entarch/itso-165161.html

http://www.nist.gov/cyberframework/

http://www.cip-overheid.nl/downloads/grip-op-ssd/

Security Advices Plan

https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-

incidenten/beveiligingsadviezen

Learn and Act Fast! Plan

An audit is not scary. It’s just a quick

way to investigate what you’re

doing right and where you might

improve.

Red Team! Plan

Who is the owner of risk?

http://www.taskforcebid.nl/producten/instrumenten-informatieveiligheid/

Risk Management

Quick Win Plan Accept

Low costs Low impact / chance

Just do it.

These risks are

easily

mitigated. Low

cost, despite of

the impact or

chance.

Make a project

out of it. You

will have to

plan and

prioritize.

The impact is

so low, or the

chance of

occurrence is

so low that you

can decide to

accept the risk.

Improvement Planning

Target 1

Target 2

Target 3

Target 4Target 5

Douwe Pieter van den Bos

douwepieter@otechmag.com

+31 6 149 143 43

practical insights in the day-to-day routine of an information security officer

risk appetite plandocheckact

risk maturityad

owner of risk

realistic plandocheckact

impact isso low

douwe pieter van den

ofthe impact orchance

improvement planningtarget

Technology

lv thrombus detection by routine echocardiography · lv...

a day of social media insights

microsoft word - day to day stretches 2-8-06.doc · web...

14-day - healthworks fitness€¦ · 14-day beginner’s...

10 minute a day social media routine

extreme training plan 5 day mass plan - usn · extreme...

#sbjsms day 1 recap of #sportsbiz insights

content marketing world 2015: insights from day one

new insights in routine procedure for mathematical

chapter 20 section 1. routine care that you give to your...

pid00100095 - tfl wi-fi data insights project...

valentine's day insights to woo digital marketers

day to day problems in routine immunization

extreme training plan 5 day mass plan - usn ·...

our week day routine - the mom edit | style. momlife

life, death and careful routine fill the day at a liberian

world population day- some insights

date day class breakup (equip approach ... - insights ias

20 day reboot supplement routine - amazon s3day... 20-day...

5 day workout routine