it security strategy: protecting your key corporate assets

Download IT Security Strategy:  Protecting Your Key Corporate Assets

Post on 03-Jan-2016




2 download

Embed Size (px)


IT Security Strategy: Protecting Your Key Corporate Assets. Tech Data. Non-Disclosure. This discussion is under our mutual nondisclosure agreement. Purpose of Our Discussion. Decide if we should expand our relationship Identify your questions and concerns about your IT security - PowerPoint PPT Presentation



  • Non-DisclosureThis discussion is under our mutual nondisclosure agreement.

  • Purpose of Our DiscussionDecide if we should expand our relationshipIdentify your questions and concerns about your IT securityIdentify whether your issues are within our expertise Report our findings about security issuesEstablish next-step recommendations based on your situationCreate an action plan for your consideration.

  • IntroductionsYour teamRole, responsibility, experienceWhat would make this a valuable meeting for you?Our teamRole, responsibility, experience

  • Why Security?IT is the engine of your business: When its compromised, youre at riskYour assets have value that bad guys want.

  • Why Our Customers Choose UsLocal, responsive and concerned means well be there when calledExperienced in delivering and securing IT in all varieties: traditional, cloud, blended systems, mobileDeep network of resources to solve unique situationsWe work until the the problem is resolvedWe take a holistic view and focus on growing our customers business by judicious application of IT.

  • What Gets Secured?What do you want to protect? How much do you want to protect it? Whats vulnerable?Human failureEquipment failureMalicious attack.

  • What Gets Secured?Whats valuable?What can and cant you live without?What are you legally required to protect? Defend this first or you could go to jailWhat do you need to operate your business?Defend that next or you could go out of business.

  • What Gets Secured?What is impossible to replace and what can be covered by insurance? Whats a trade secret and whats common knowledge?

  • Your Key Assets: People employees, customers, key vendors and stakeholdersProperty physical, electronic and intellectualProcesses the procedures used to successfully conduct businessProprietary data trade secrets, confidential information and personal data.

  • The Outcome of SecurityAvailability of corporate assetsIntegrity of those assetsConfidentiality of assets that are privateAccountability, making those who access the data responsible for their behavior.

  • The Value of SecurityIncreases staff efficiencies from not having to individually deal with security issues like spam, viruses and rogue emailIncreases in systems efficiency created by the security system because of upgraded technologyEliminates cost of security breaches from unpatched software.

  • Security is a Real ChallengeNew IT threats every secondHigh-profile attacksNew attack pointsMobile devicesData leakageSocial engineering.

  • Seven Security LayersAccess controlDeter intrusionDetect intrusionDetermine attack natureDelay further accessDefend Recover.

  • The Value of SecurityReduces legal exposure from unsecured premises and computer systemsIncreases sales based on improved security and stabilityReduces business interruptions caused by security breaches.

  • Your Security ConcernsWhat do you need to secure?What would it be worth to secure that?What would it cost if it wasnt secured?What is your security policy?

  • What Would You Like to Have Happen?What would it be like if everything worked correctly?How will you know who to choose?

  • Our RecommendationsAssessmentSecurity policyRemediation planPolicy audit and implementationBring compliance up-to-dateAdjust implementation of policies.

  • AssessmentReview your situation using the seven layer security modelIdentify any issuesRecommend any specific actions with cost/risk analysisIf we find nothing, youre just being cautious.

  • Security PolicyReview your security policyLook for completeness Look for areas that have changedMobileNew compliance mandates.

  • Remediation PlanIf required

  • Policy Audit and ImplementationAudit for complianceEducation where neededHelp your team with enforcement strategies.

  • Proposed Next StepsAgree to an assessmentOur security team will perform thisMeet for a review of findingsDecide the next step, if any.

  • Schedule the Next MeetingsAssessmentWho and whenReport of findingsExecutive teamTwo weeks later.

    Do not hand out copies of the presentation nor make the presentation available to the customers. This is only designed for leading discussions and not meant as reference material. You want to control the timing and questions. If your customer has a copy of this presentation, you relinquish that control.

    If the prospect requests a copy, say, Id love to, but this is proprietary to our company. Youre welcome to take notes.

    Only reveal one bullet at a time. This is designed to walk your prospect through the thought process in a psychologically correct way. Like baking a cake, if you skip a step or dont follow the recipe, it wont turn out the way you want.

    Note that if the headers end in an ellipsis or three dots () there are more points on this topic on the next slide. In general, the last bullet on the slide ends with a period so that you know to make the transition to the next slide.

    The most legible slides are black type on white background. This can be seen with the lights full on. You do not want a dark conference room. You want everyone to see everyone and stay awake.

    Notice that the scripting is in present tense, as if you are doing these things for them now. Think of this as describing how youre doing it for other customers and youre exploring if its right for these people. From a psychological view, you are asking them to consider it as already in process, substantially increasing their likelihood to agree to your next step.

    There are 24 slides in this presentation. Cover most slides in 15-30 seconds with the discussion slides taking more time. Dont belabor the points because your audience is intelligent and savvy. Make your point and move on.

    If you use PowerPoint in the presenter mode, youll have access to these notes, so position your computer so that your prospect cant see the screen.*Before I begin our discussion, Id like to remind you that we may ask you questions of a sensitive nature that we will not disclose to others and well discuss methods that we consider to be proprietary. This security meeting is covered by our mutual non-disclosure agreement. Will you agree to that?

    [Get agreement from all involved in the meeting. If someone doesnt agree, say, I cannot proceed until we all agree.]*[Objective: Identify the customers desired outcomes in 3 minutes]

    The second agreement I need from you is that you be willing to make a decision at the end of this discussion about whether to expand our relationship or not. We dont want to waste your time or our time. We only work with people who want to work with us. Are you willing to do that?

    If they are unable to do this, you have the wrong people in the room and this presentation has little effectiveness. You may choose to end the discussion at this time and reschedule with the right people, so you do not waste your time.

    Go through these items one at a time and get agreement. Dont rush through these because agreement on this agenda sets up the meetings success.

    We want to identify your questions and concerns about your IT security to identify if your issues are within our expertise. If not, well say so and may make recommendations where you can get help for these issues.

    Then well report our findings about current security issues and what weve learned about managing them.

    After discussing your situation, well then establish a high-level set of recommendations on what to do next and create an action plan for your consideration if you like what you experience here in the next 30 minutes.

    Does this meet your needs for this meeting?

    *[Objective: Establish relationships and set the customers agenda. Go around the room and get acquainted.]

    Great! Lets get a feeling for whos here and what they want. Would you introduce yourself and tell me about your role, responsibility and experience? And let us know what you want so that our discussion is completely relevant to you.

    [Everyone introduces themselves]

    Thank you. Heres our team*[Objective: Establish a basic understanding of security principles.]

    So, why security? IT is the engine of your business: When its compromised, youre at risk. Lets face it, when your computers are compromised or non-operational, you cant sell, ship, bill, or collect money. Youre out of business.

    And to make things worse, your assets have value that bad guys want.

    *[Objective: Create credibility in 2 minutes. About our company. Tell short war stories that connect with this customer using the formula: scenario, problem, solution.]

    Let me tell you a little about our company. Our customers tell us that they choose us because we are local weve been here for 15 years responsive we have a 24-hour tech team and we are concerned for our customers. All of this means well be there when you need us.

    We are experienced in delivering and securing IT of all varieties, such as traditional computers, cloud-based solutions, blended systems and mobile devices.

    Our customers like that we have a deep network of resources to solve unique situations. We know who knows.

    This means we have never had a problem that we couldnt solve. We stay with it until its fixed.

    Our customers like that we take a holistic view of their business, helping them with the systems they need to grow their business securely with careful applications of IT.

    Which of these characteristics are most interesting to you?*[Objective: Educate the customer on what needs to be secured. This is a multi slide segment.]

    What should you secure?


View more >