Enterprise Information Security

Enterprise Information Security FUTURE-PROOFING PROCESSES RECOMMENDATION ACTIONS RESULTS - Acquire deep understanding of business processes from end-to-end Discern “normal" from "abnormal" conditions within a business process Shift - Ascertain how attackers would undermine processes Focus Work with the business to document business from processes Technical - Make security controls more effective to better protect the Assets to business Critical Business Processes (), $3Э %24 - Articulate cybersecurity - Weigh cybersecurity risks vs. business rewards risks in business terms Define scenarios describing Prioritize cybersecurity risks against other risks Institute the likelihood of incidents Business and magnitude of business impact Estimates Conduct business risk of Cyber- Security Hone risk quantification techniques to approximate projected monetary losses conversations on materiality of risks and adequacy of mitigation strategies Risks RISK Er€ $100,000? REWARD $1 Million? $10 Million? $100 Million? - Implement a more automated risk-assessment - Realize a holistic view of cybersecurity risks process Establish Make it workable to hold the business accountable for managing Track risks as they are identified, evaluated, accepted, and remediated Business- risks Centric Risk - Take advantage of time-sensitive business opportunities Assessments Modify risk-acceptance process to enable increased risk for select projects short-term - Optimize security controls Establish procedures to systematically collect evidence and report on the efficacy of security controls Set a Course for Enable efficient audits that are Evidence- not disruptive to the business Based Controls - Improve internal and 3rd-party assessments Document and review Assurance controls, focusing on the most critical 1000010 101001010 10100010 - Automate collection and reporting over time Develop Informed Examine the types of security questions data analytics can answer - Identify relevant sources of data and know how to gain access to this data Data-Collection Methods - Obtain meaningful analysis Build a set of data-analytics use cases, following an iterative process - Make progress towards a data- analytics capability Enrich analysis with business process data and external threat intelligence Security for Business Innovation Council An industry initiative sponsored by RSĄ TWEET THIS www.emc.com/rsa-sbic112