Upload
barry-caplin
View
305
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Most organizations have a CIO; many have a CISO. These key leadership positions often approach solutions differently and have different motivations. The CIO must deliver IT, automation, innovation and efficiency. The CISO is tasked with assuring adherence to security frameworks and regulatory standards, and protecting against, and responding to, vulnerabilities and incidents. These mandates can conflict. And often the CISO reports to the CIO. We will take a light-hearted look at questions including: What are the issues?; Are CISOs and CIOs from different planets?; Can we align to meet critical business needs, deliver value and protect the organization?
Citation preview
CISOs are from Mars
CIOs are from Venus
[email protected] @bcaplin
http://about.me/barrycaplin
http://securityandcoffee.blogspot.com
Barry CaplinChief Information Security
OfficialFairview Health Services
http://about.me/barrycaplin
securityandcoffee.blogspot.com
@bcaplin
3
Different worlds
The Sword of Anti-Virus
4
The Light Saber of Endpoint Protection
5
The Shield of Next-Gen Firewall
6
Next Gen
Firewall
The Scepter of IT Budget
7
The Cloud of…
8
Different worlds – reporting structure
CISO reports to CIO
• Security overruled?
CISO reports to {CRO, CEO, CxO}
• Visibility into IT?
• Budget?
9
Different languages
10
• Nation States
• Hacktivists
Threats
• Malicious hackers
• Malware
11
• Over-time; over-budget
• Outsourcing
Confidentiality
• Protection of Data
• Minimum Necessary
12
What happens in the boardroom, stays in the boardroom
• Coherence of financial data
Integrity
• Data in correlates with data out
• Chain of custody of log and forensic data
13
• Transparency
• Coherence of financial data
Risk
• Probability/Impact of Threats
• Data Breach
14
• Not meeting business needs
• Data Breach
IO
15
CIO
C
onsidering
nterim
pportunities
OSCI
16
CISOareers
veroon
Meet in the middle
18
Unite Against theCommon Enemy
19
Key Opportunities
• Mobile/BYOD/Cloud
• “V”OI
• Management – Vendor; Configuration; Incident; Risk
• Lifecycle/SDLC
• Keep the auditors happy
• Keep the board happy
21
Good Things are sure to follow
22
http://about.me/barrycaplin
securityandcoffee.blogspot.com
@bcaplin