creating a cybersecurity strategy for your organization’s data...1 •business •about the city...

1 •Business •About the City •Bienvenido •Election Creating a Cybersecurity Strategy for Your Organization’s Data Clayton Calvert Consultant 2 Agenda Set Expectations Organization Strategy Measures Examples Conclusion 1 2

Upload: others

Post on 07-Sep-2020

5 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

•Business•About the City•Bienvenido•Election

Creating a Cybersecurity Strategy for Your Organization’s Data

Clayton Calvert

Consultant

Agenda

Set Expectations

Organization

Strategy

Measures

Examples

Conclusion

Page 2: Creating a Cybersecurity Strategy for Your Organization’s Data...1 •Business •About the City •Bienvenido •Election Creating a Cybersecurity Strategy for Your Organization’s

Expectations

This talk will…

Provide strategies for orienting cybersecurity strategy with organizational goals

Help delineate the difference between measures and metrics

Provide examples of cybersecurity strategies in action

This talk will not…

Make you a risk expert

Make you a cybersecurity expert

Organization ‐ VMOSA

Vision Mission Objectives StrategyAction Plans

Organization

Handoff

Security

https://www.atlas101.ca/pm/concepts/vmosa-vision-mission-objectives-strategies-and-action-plans/

Organization – SWOT Analysis

Vision

Mission

Objectives

Strategy

Action Plans

Strategy

How you choose plans to meet your objectives, not what you choose

Measures

Three Questions to Ask:

1. What is my desired outcome?

2. Why is it the right outcome?

3. How do I know the measure predicts the outcome?

Observations in contextof desired Outcome

Orient

Decide

Act

Observe

Strategy

Action Plan

Measures

OODA Loop Mapping

VMOSAFactor from SWOT

VMOSA VMOSA

Page 5: Creating a Cybersecurity Strategy for Your Organization’s Data...1 •Business •About the City •Bienvenido •Election Creating a Cybersecurity Strategy for Your Organization’s

Example Strategies

SMART

Specific

Measurable

Achievable

Relevant

Timely

Page 6: Creating a Cybersecurity Strategy for Your Organization’s Data...1 •Business •About the City •Bienvenido •Election Creating a Cybersecurity Strategy for Your Organization’s

Reactive

Not a good strategy

https://www.pexels.com/photo/fire-orange-emergency-burning-1749/

Supporting Infosec Operations

Support infosec ops to minimize the likelihood of loss

https://www.pexels.com/photo/group-of-people-in-conference-room-1181304/

Page 7: Creating a Cybersecurity Strategy for Your Organization’s Data...1 •Business •About the City •Bienvenido •Election Creating a Cybersecurity Strategy for Your Organization’s

Economic Engineering

Decrease value proposition to attacker

https://www.pexels.com/photo/photography-of-one-us-dollar-banknotes-545064/

Reducing Infosec Risk

Set risk appetite over a given timeframe to work toward

https://www.pexels.com/photo/ace-card-game-cards-casino-297507/

Page 8: Creating a Cybersecurity Strategy for Your Organization’s Data...1 •Business •About the City •Bienvenido •Election Creating a Cybersecurity Strategy for Your Organization’s

Improve Compliance

Pass compliance standards

https://www.pexels.com/photo/auditorium-benches-chairs-class-207691/

Implement NIST Framework

Use NIST standards

https://www.pexels.com/photo/gray-metal-building-structure-2308120/

Page 9: Creating a Cybersecurity Strategy for Your Organization’s Data...1 •Business •About the City •Bienvenido •Election Creating a Cybersecurity Strategy for Your Organization’s

Map Risks to Plans

DOTMLPF‐P

Doctrine

Organization

Training

Materiel

Leadership

Personnel

Facilities

Policy

https://web.archive.org/web/20070204073933/http://www.dtic.mil/cjcs_directives/cdata/unlimit/3170_01.pdf

Conclusion

Collect vision, mission, objectives, and strategy and make it data‐driven:

Document measures and where they come from Determine why they are the right measures

Use these measures to identify and choose plans

Continually monitor performance

•Business•About the City•Bienvenido•Election

Questions?

Clayton [email protected]://netlogx.com/

CREATING THE FUTURE - First Nations Education … · CREATING THE FUTURE ... The most important step in governance planning, ... for the most part, will ultimately determine the organization’s

Creating a National Framework Cybersecurity

CISA | CYBERSECURITY AND INFRASTRUCTURE ......TLP:WHITE PSA Kirby Wedekind October 30, 2019 Cyber Resilience Review Evaluates the maturity of an organization’s capabilities and capacities

Cybersecurity Talent Identification and Assessment...candidates for an organization’s needs. With the adoption of a standard lexicon, including cyber role responsibilities, education

CYBERSECURITY RESILIENCE GUIDE · etc.) that your organization’s management wishes to disallow. Many of these sites can diminish employee productivity, create potential legal repercussions

Cybersecurity Education Catalog€¦ · CYBERSECURITY EDUCATION CATALOG Introduction The human factor – what employees do or don’t do – is the biggest vulnerability to an organization’s

CREATING A CULTURE OF CYBERSECURITY - Stay Safe Online...creating a culture of cybersecurity from the break room to the boardroom steps to a cybersecure organization use national cyber

CREATING A CYANOBACTERIA MONITORING PLAN FOR THE … · CREATING A CYANOBACTERIA MONITORING PLAN FOR THE STATE OF ... my proposed plan was also informed by the World Health Organization’s

TPM PIM Guide Update Summary - lockheedmartin.com · TPM PIM Guide Update Summary Follow the steps below to update your organization’s cybersecurity posture within Trading Partner

A broker guide to selling cyber insurance€¦ · We score and quantify client cyber risk: current threat intelligence + effectiveness of an organization’s cybersecurity controls

BALDRIGE CYBERSECURITY EXCELLENCE … Baldrige Cybersecurity Excellence Builder self-assessment helps you understand and improve what is critical to your organization’s cybersecurity

Creating A Diverse CyberSecurity Program

A firewall is just the beginning when securing your networkdelaune.com/Delaune_Work_IBM_Security/Interactive... · component in your organization’s cybersecurity defense. But even

2020 Cybersecurity & Risk Summit Series · Cybersecurity & Risk Summit Series by Global Risk Leadership helps ... you can reinforce your organization’s profile as a leader in the

U.S. Cybersecurity Defense Assessment - DTICU.S. Cybersecurity Defense Assessment To establish a front line of defense against today’s immediate threats by creating shared situational

Idealized Design: Creating an Organization’s Futureptgmedia.pearsoncmg.com/images/9780137071111/samplepages/... · IDEALIZED DESIGN Creating an Organization’s Future Russell L

Cybersecurity: the basics - ramsac › wp-content › uploads › 2018 › 10 › ... · Cybersecurity: the basics | 4 Creating a cybersecurity policy Know What to Do When Something

Electricity Subsector Cyb ersecurity Risk …...four elements that structure an organization’s approach to cybersecurity risk management • The Risk Management Cycle is not static

Measuring and Creating Situational Awareness in Cybersecurity

Protect your reputation. Prevent a breach. And gain a ... · Equip your employees with strong cybersecurity practices. An organization’s cybersecurity is only as strong as its weakest

MQTT and the NIST Cybersecurity Framework Version 1.0 · Web viewThe NIST Cybersecurity Framework complements, and does not replace, an organization’s existing business or cybersecurity

BUILDING AN AGILE CYBERSECURITY OPERATING MODEL FOR A ...€¦ · resilience and align the cybersecurity operating model with the organization’s new digital and IT strategies. BUILDING

Demystifying cybersecurity: Best practices to help ... · Demystifying cybersecurity: ... are solely responsible for securing your systems and data, including your organization’s

Creating a Cybersecurity Commons - Dbray

Creating a Culture of Cybersecurity and Safety on Your Campus and in Your Community (283999493)

Creating a “Culture” of Cybersecurity Robin “Montana” Williams Director, National Cybersecurity Education Office National Cyber Security Division June

CREATING THE NEXT in CYBERSECURITY SOLUTIONS · 2018. 5. 23. · Our researchers, faculty, and alumni hold appointments as cybersecurity advisors and assist top federal officials,

Secure Buildings from Cyber Threats...Assessing the maturity of an organization’s or a facility’s cybersecurity program and readiness could potentially be a complex undertaking,

Cybersecurity - MemberClicks · invite you into the white-hot, rapidly evolving world of cybersecurity. Creating a culture of cybersecurity has been a challenge – successfully defending

KPMG Internal Audit: Top 10 key risks in 2015aechile.cl/.../2015/04/top-10-considerations-internal-audit-2015.pdf · KPMG Internal Audit: ... organization’s cybersecurity process

Creating Passion is an Inside Job-The Why & How of Building a Great Staff Culturefor Your Organization’s Success

2016 special report series: Cybersecurity and the airline ... · PDF file2016 special report series: Cybersecurity and the airline industry ... In the airline industry, ... an organization’s

Creating cybersecurity solutions in skolkovo

Job Profile: Information Systems Security Manager · Manage a diverse team of security administrators, analysts and IT professionals Advise leadership on organization’s cybersecurity