Opening Remarks

The Day Ahead

Ed LapradeADNET Technologies, LLC

2012: Managing IT is Simpler ThanEver!

the Facts

Sophisticated SecurityWealth of Mobile Devices

BYOD is Here!Business Workflow Apps

The Cloud is Changing the World!

Simple DashboardsMore Savvy Users

it’s not that simple . . .

competition

datapeople

threats

riskscompliance

manage

investment

our thoughts are filled with

the world got smaller . . .. . . and more complex

TREND: Consumerization of IT

consumerization of IT

A Gartner report says the bring your own device (BYOD) trend is here to stay, so enterprises need to bolster security policies.

Nathan Eddy – eWeek June 18, 2012

one effect . . .

the trend to BYOD

TREND: move to Cloud

the evolution

when you consider

Cash FlowSecurityComplexitySLAsRegulations

sometimes the decision criteria is

not

BLACK White

TREND: Social Media

need to mitigate risk

guidelines? employees

trained? fit with culture?

Source: Intel Social Media Guidelines

TREND: Productivity Software

improving productivity

Enterprise Content Management (ECM)

Business Intelligence (BI)

Business Analytics Information

Visualization

Improve effectiveness Reduce operational costs Optimize business

processes Achieve regulatory

compliance Attract & retain

customers

Software Goals

today is more complex than yesterday . . .. . . tomorrow will be more complex than

today

SUMMARY

explaining the complex

WorkSmart

THANK YOU to our Partners!

Security is a MYTH

The Impossible Job of the CIO

Christopher LuiseADNET Technologies, LLC

the PREMISE

balance appropriate investment freedom

myth

off-balanceinappropriatemeasurement

securitytruth

IMAGINE you come home to find…

scared

vulnerable

guilt

defenseless

angry

alarmed helpless

alone

BLAME

it’s not just emotional

All the work you do

PlanningDevelopingTestingRolloutsReporting

Your WORK is gone

Your TRUST has disappearedYour CREDIBILITY is lost

FACT

NOTHING is fully secure

nothing.

security is an ILLUSION

what YOU see…

Behavioral Patterns

Puzzles

Holes

what HACKERS see…

2, 3, 6, 7, 14, 15, 30…

15 percent of large organizations detected successful network hacker penetrations.

Source: PwC 2012 Information Security Breaches Survey

finding a way in

What happens if I pull on this string? Today’s strings unravel

People Processes Places Systems Information

It’s not sophistication – it’s merely CURIOSITY

FACT

they are the REAL threats

75 percent of organizations where security policy was poorly understood experienced a staff-related breach.

Source: PwC 2012 Information Security Breaches Survey

Lack of stakeholder buy-in No support for change Allowance of exceptions

The CIO has an IMPOSSIBLE JOB.

when the organization FAILS THE CIO

FEAR may be warranted.

But in measured doses.

What is APPROPRIATE?What is RATIONAL?

CAN I SLEEP AT NIGHT? (What do I NOT Know?)

Mobile devices & BYOD (ITaaH) Social media (gone wild) Cloud Training & policies Assigned rights Awareness – from top to bottom Authentication – Ml!cwsI

your biggest VULNERABILITIES

you cannot IGNORE THIS

“If security is not part of innovation, it’s going to cost you. There are certain things you can neglect, but the majority you cannot ignore. Sooner or later it will hit you. And the later you put security and compliance into projects, the more it will cost, because it just adds complexity.”

Andreas Wuchner, head IT risk management, security & compliance, Novartis 

MEASURINGWhat gets measured, gets done.

93 percent of large organisations and 76 percent of small businesses experienced a security breach last year.

Source: PwC 2012 Information Security Breaches Survey

50 percent of large organisations expect to spend more on security next year, yet 67 percent still expect more security breaches

5067

Source: PwC 2012 Information Security Breaches Survey

“Amateurs study cryptography;Professionals study economics”

- Allan Schiffman, July 2004

There’s never enough <X> to go around

To play better, you must keep score Discipline is easier with numbers

Why measure?

So, if you do things right and NOTHING happens…How do you measure what didn’t happen?

Measurement

How much is TOO MUCH security?

Spending more and achieving less (perceived)

Stealing from business initiatives Excess administrative overhead to

manage Overburdened IT staff

Throwing money at the problem is not a strategy.

Measured and appropriate RESPONSE

Balance Knowledge Risk – measured and assumed Not fear

80 percent of large organizations, and 53 percent of small businesses, fail to evaluate the return on investment of security expenditure

8053

Source: PwC 2012 Information Security Breaches Survey

Highest-Level Metrics

How secure am I? Am I better off than this time last year? Am I spending the right amount of $$? How do I compare to my peers? ROSI? It’s a start… What risk transfer options do I have?

Building the STRATEGY

Ask yourself:

“Is our approach RATIONAL?

APPROPRIATE?”

TRADEOFFSCompromise is not optimal.

Security is about tradeoffs; but you know that

It is easier to make tradeoffs when you have a measure to compare them with

Even then, it is not necessarily easy

it’s a BALANCING act

SECURITY FREEDOM

Culture?

building the STRATEGY

1. Understand where your organization is investing (Corporate Strategy).

2. Review and analyze. Collaborate.3. Rank your weakness – Internal & External

(PIE) (Probability x Impact = Exposure)4. Align an approach. Enable.5. Build in awareness (organizational)6. Get or find authority

Chris’ steps to SLEEPING AT NIGHT

Independent review Simplify complex systems Make complex simple authentications Design security approach into projects Malfeasance is the least of your worries –

AWARENESS! Backup/fail-safes Measure security spend.

remain calm – ALL IS WELL!

@ITWithValue @ChristopherLuise

@TechWorx cluise@goADNET.com

Thank you and ENJOY!