Upload
david-severski
View
245
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Edited version of internal presentation on security risk management efforts.
Citation preview
Helping Leaders Make Informed DecisionsIS LEADERSHIP PRESENTATION
Agenda Review of CISM Background
Analysis Lifecycle
Current Analysis Products
Upcoming Products
CISM Background
Skill Sets Over 50 years of domain expertise
CIS/IA PhD, MBA, MSIM
20+ domain certifications
Average 30+ hours a month of outside outreach and training
Analysis Lifecycle
Acquisition Storage and Processing Analysis Reporti
ng
Acquisition Threat Intelligence
◦ REN-ISAC◦ NH-ISAC◦ VCDB◦ Subscription Services◦ Private Sources
Internal Data Sources◦ Orchestrate◦ Security Logs◦ Nessus◦ Interviews
Storage and Processing SQL Server
NoSQL◦ MongoDB◦ Elasticsearch◦ Apache Pig (Hadoop)
PowerShell
Analysis Simulation
◦ Rstats◦ Python
Reporting Written Reports
◦ Compliance Analysis
Visualization◦ Tableau
Example Work Products◦ Policy◦ Audits◦ Security Findings◦ Data Loss Protection◦ Network Security Posture Analysis◦ Security Incident Management
Current Analysis Products
A Tale of Three Demonstrations1. Vulnerability Performance Management
2. PCI-DSS Compliance Tracking
3. Application Risk Overview
Upcoming EffortsModelling Application Risk
Application Risk Simulation
Which of the various options will provide the highest returns to the
safety, stability, and security of my application at the lowest cost?
Project X Application Risk Simulation
Questions? David F. Severski
Phone