Upload File

in the age of continuous compromise executive reporting trey ford global security strategist rapid7

  • Home
  • Documents
  • In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7
22
In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

Upload: scott-sharp

Post on 23-Dec-2015

215 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

In the age of Continuous

Compromise

EXECUTIVE REPORTING

Trey FordGlobal Security Strategist

Rapid7

Page 2: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

AGENDA

•Boardroom Disciplines

•The Security Executive’s Challenges

•What’s Reported – 90 CISOs Point of View

•Affecting Change – Rapid7 Research Project

Page 3: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

BOARDROOM DISCIPLINES

Page 4: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

ESTABLISHED PROFESSIONS

• Medicine

• Law

• Engineering

• Accounting

Page 5: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

BOARDROOM TECHNOLOGYNCR - 1884 IBM - 1911

Page 6: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

SECURITY EXECUTIVE’S CHALLENGES

Page 7: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

INFORMATION SECURITY

NO REAL ‘HOW TO’ GUIDE

Page 8: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

SECURITY STATUS REPORTS

•Accounting has their GAAP

•Legal and Medicine has theirs

•What about Information Security?

Page 9: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

COMMUNICATION FLOW

Data, Verbose Reports

SUMMARIES

WISDOM

KNOWLEDGE

INFORMATION

DATA

Page 10: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

• Uncertainty at the Top

• Executives are Comfortable

• Engineers are NOT Comfortable

• The Secret

• Helping inform a point of view

• The idea may not be right or wrong

CURSE OF KNOWLEDGE

Summaries

Page 11: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

DELIVERING BADNESS

Vulnerability &

External Audit Reports

BURY THEM!?!

Page 12: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

INCIDENTS HAPPEN

Unsafe to Discuss?

Acknowledge bias:Prevention vs. Response

Page 13: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

ACTIVATING INCIDENT RESPONSE

AdmittingFailure?

Insurance Policy?

Page 14: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

Helping your CISO in the Boardroom

All CISOs have to address 3 questions (with EVERYTHING they say)

•What do I need to know?

•Why does this matter / Why do I care?

•What do you need from me?

Simple… and Hard.

Page 15: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

WHAT’S REPORTED

Page 16: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

WHAT’S REPORTED - TENURE

•20% have been in the CISO role less than 12 months

•New focus by Board in Security

•Last CISO was “too much business, not enough security”

•1/5 CISOs are looking for guidance or program validation

Page 17: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

WHAT’S REPORTED – AREA OF FOCUS

•15% report on specific security project status

•20% are concerned about Compliance Audits

•25% are focused on Incident Response

•49% are reporting on Vulnerability Management

Page 18: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

WHAT’S REPORTED – TANGIBLE

•6% report on Volume of Spam Blocked

•12% report no real metrics to their Board

•Also heard “lost laptops”, “stolen iPads”, “blocked websites”

•Many CISOs grasp for topics to catch their boards attention

Page 19: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

AFFECTING CHANGE

Page 20: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

Affecting Change – Rapid7 Research

•A Quantitative and Qualitative SURVEY

•>100 CISOs & non-Security Executives

•What gets reported? (Routine vs. Special Updates)

•Mapping against common Cybersecurity Frameworks

Agreeing on Simple…HARD TO DO!

Page 21: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7
Page 22: In the age of Continuous Compromise EXECUTIVE REPORTING Trey Ford Global Security Strategist Rapid7

QUESTIONS?

Let’s talk!@treyford -or-

[email protected]


Trey Johnson - media.sliderfishing.com

Treasures By Trey Ratcliff

Option Strategist Covered Call Strategy Option Strategist

Trey slide show

Www.treymalicoat.com [email protected] Bullying: The Hidden Epidemic Violence in American Schools Trey Malicoat, MS

Rapid7 FISMA Compliance Guide

Qualys, Rapid7, Tenable Network Security, Microsoft | Company Showdown

Trey songz

Trey Trapp Featured Presentation

RAPID7 INSIGHT PLATFORM SECURITY - Softchoice

METASPLOIT€¦  · Web viewMETASPLOIT. Abstract. In this paper we explore the Rapid7 Metasploitable tutorial. METASPLOIT. Abstract. In this paper we explore the Rapid7 Metasploitable

Trey Songz - Slow Motion

모의킹 자동화솔루션소개 Rapid7 Metasploit Promembers.daoudata.co.kr/rock/upload/security_data_product/Metasploit.pdf · •20만명의컴뮤니티와본사리서치

Trey Gardner's Chapbook

Rapid7 and Thycotic Integration · Rapid7 and Thycotic Integration at Ventas Bryan Krausen, Senior Systems Administrator, Ventas, Inc. Nathan Wenzler, Senior Technology Evangelist,

FirmPlay.com Careers Page Teardowns: Rapid7

PCI DSS v3.0 Compliance Guide - Rapid7

Rapid7 NERC-CIP Compliance Guide

Insight Cloud Security - Rapid7 · Insight Cloud Security 3 The Rapid7 Insight cloud provides data collection, visibility, analytics, and automation to establish a shared point-of-view

The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7

2020 - Rapid7

album: christine+trey: REVISION

Performance task trey z

aqua trey eu s

TREY HARRIS, Conductor

SAP Penetration Testing Using Metasploit - Rapid7

F INANCIAL M ANAGERS S OCIETY C YBERSECURITY U PDATE Maranda Cigna Rapid7 Global Services Manager [email protected] [email protected]

Trey Conrad - CMBAM Portfolio

Career Path of the Corporate Social Strategist - Moxieresources.moxiesoft.com/.../images/career_social_strategist.pdf · Corporate Social Strategist ... the Corporate Strategist Reaches

BENG 183 Trey Ideker

A COMPARISON OF TENABLE AND RAPID7 APPROACHES TO ... · A CompArison of TenAble And rApid7 ApproAChes To VulnerAbiliTy prioriTizATion 10 Method 4 - Weighted “The strategy is based

COMPANY OVERVIEW - Rapid7

Dr. Trey Guinn 1. Trey Guinn 1 Nonverbal Communication Basic Perspectives Dr. Trey Guinn You say it best ... 3391 NVC SU17 7.11 Author: Dr. Trey Guinn Created Date:

Trey MS Thesis 2013

Fossil fuels trey cram