robert fullagar cissp cism crisc clas ceh “security is everyone’s responsibility”
TRANSCRIPT
![Page 1: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/1.jpg)
Robert Fullagar CISSP CISM CRISC Clas CEH
“Security is everyone’s responsibility”
![Page 2: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/2.jpg)
Security Programme Structure and Methodology
Contents
• People Structure– Key positions– Roles of individuals
• Methodology/Approach– Deliverables
![Page 3: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/3.jpg)
PeopleSenior
Manager/Board Member
Senior Security SME
Business Representatives
Business Representatives
Business Representatives
Business Representatives
Programme Manager
Project Managers
Delivery TeamsExternal
ResourceSecurity SME
![Page 4: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/4.jpg)
Delivery Team Structure
Security SME
Programme Manager
Project Manager
Infrastructure Lead
External Resource
Do’ers
![Page 5: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/5.jpg)
Other People
Security Architects
Legal Specialist PMO Support
Technical Architects
Procurement HR
Etc
![Page 6: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/6.jpg)
Roles
• Influencer• Has a vested interest in improving security• Can keep the momentum going• Able to procure budget
SeniorManager/Board
Member
![Page 7: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/7.jpg)
Roles
• Set/agree scope for the business area• Set priority based on risk for the business area• Monitor progress• They are decision makers
Business Representatives
Business Representatives
Business Representatives
Business Representatives
![Page 8: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/8.jpg)
Roles
Senior Security SME
Programme Manager
Project Managers
• Action the decisions of the business representatives• Translate the business and technical requirements• Bring resource and structure to deliver the scope• Provide budgetary figures to the programme board• Select and evaluate solutions
![Page 9: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/9.jpg)
Roles
• These are the do’ers, the engine room• The detail people, they bring to bear that detailed
specific knowledge• They do the actual work, hands on work• They help make the projects boards scope a reality
Delivery TeamsExternal
ResourceSecurity SME
![Page 10: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/10.jpg)
Initiator
• Legislative• Contractual• External standards• Business driver or direction• Infrastructure replacement project• Consolidate security in finished project• Because its “Best Practice”
![Page 11: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/11.jpg)
What happens when
Phase 0Discovery 6-18 Months
Risk Assessment provides Input to phase 1
Phase 1Foundation 18 months – 2 years
Phase 2Leverage 2-5 Years +
Delivery phase 1 scope
Delivery phase 2 scope
Phase 0 – Eye on Phase 1 scope and long term strategy
Phase 1 – Define long term strategy
BAU Security Cycle
![Page 12: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/12.jpg)
Board DeliverablesSenior
Manager/Board Member
Business Representatives
Business Representatives
Business Representatives
Business Representatives
Phase 0 - Scope– Business area – Drivers – why– Financial commitment– Time and resource commitment– Draft strategy
![Page 13: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/13.jpg)
Phase 0 – Plan – Resource and tasks– Budget +/- 100%– Approach– Quick wins
• Minimal cost
– Risk Assessment
Programme Deliverables
Senior Security SME
Programme Manager
Project Managers
Delivery TeamsExternal
ResourceSecurity SME
![Page 14: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/14.jpg)
Board DeliverablesSenior
Manager/Board Member
Business Representatives
Business Representatives
Business Representatives
Business Representatives
Phase 1– Priorities the items from the risk assessment– Financial support– Allocate and commit resource– Long term strategy
![Page 15: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/15.jpg)
Phase 1 – Risk assessment– Proposals to remediate – Accurate costs– Plan, time and resource– Deliver agreed scope
Programme Deliverables
Senior Security SME
Programme Manager
Project Managers
Delivery TeamsExternal
ResourceSecurity SME
![Page 16: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/16.jpg)
Board
Summary
Programme
Phase 0Phase 0
– Business Driver• Vision
– Initial Budget– Commitment
![Page 17: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/17.jpg)
Phase 0– Plan– Budget– Approach– Quick wins
Board
Summary
Programme
Phase 0
![Page 18: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/18.jpg)
Board
Summary
Phase 1
GO
![Page 19: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/19.jpg)
Phase 1– Risk Assessment– Remediation actions– Budget to remediate– Outline plan
Board
Summary
Programme
Phase 1
![Page 20: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/20.jpg)
Board
Summary
Programme
Phase 1Phase 1
– Priorities Risks– Financial support– Commitment– Agree plans
![Page 21: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/21.jpg)
Board
Summary
Phase 1
Long term strategy
![Page 22: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/22.jpg)
BAU Security
Plan
Do
Check
Act
![Page 23: Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”](https://reader035.vdocuments.site/reader035/viewer/2022062407/56649dc65503460f94abb319/html5/thumbnails/23.jpg)
Thank You
Questions