Session ID: CISO-W22 Session Classification: General Interest

Similar documents
Certified Information Security Manager (CISM) Course Overview

FDIC InTREx What Documentation Are You Expected to Have?

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

OWASP CISO Survey Report 2015 Tactical Insights for Managers

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

NERC Staff Organization Chart Budget 2018

<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager.

Altius IT Policy Collection

Secure & Unified Identity

Security Metrics Framework

Juniper Vendor Security Requirements

Changing face of endpoint security

ISE North America Leadership Summit and Awards

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

The Modern SOC and NOC

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

NERC Staff Organization Chart Budget 2019

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Structuring Security for Success

2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB)

Combating Cyber Risk in the Supply Chain

NERC Staff Organization Chart Budget 2019

Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

Security Readiness Assessment

NERC Staff Organization Chart Budget 2017

A Data-Centric Approach to Endpoint Security

Cyber Criminal Methods & Prevention Techniques. By

NERC Staff Organization Chart Budget 2017

Position Description IT Auditor

Building a Resilient Security Posture for Effective Breach Prevention

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cloud Strategies for Addressing IT Challenges

Cybersecurity Session IIA Conference 2018

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

What It Takes to be a CISO in 2017

Secure Access & SWIFT Customer Security Controls Framework

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Daxko s PCI DSS Responsibilities

The Common Controls Framework BY ADOBE

Best Practices in ICS Security for System Operators

Sirius Security Overview

CISO as Change Agent: Getting to Yes

Security Architecture

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

One Hospital s Cybersecurity Journey

Global Security Consulting Services, compliancy and risk asessment services

Watson Developer Cloud Security Overview

Microsoft Security Management

NEN The Education Network

Consolidation Committee Final Report

AT&T Endpoint Security

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

to Enhance Your Cyber Security Needs

CISO View: Top 4 Major Imperatives for Enterprise Defense

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

the SWIFT Customer Security

NERC Staff Organization Chart Budget

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

locuz.com SOC Services

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

The Third Annual Study on the Cyber Resilient Organization

QuickBooks Online Security White Paper July 2017

Certified Information Systems Auditor (CISA)

The Business Value of including Cybersecurity and Vendor Risk in ERM

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

Turning Risk into Advantage

Automating the Top 20 CIS Critical Security Controls

THE POWER OF TECH-SAVVY BOARDS:

Healthcare Security Success Story

Altius IT Policy Collection Compliance and Standards Matrix

The Cost of Denial-of-Services Attacks

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SDLC Maturity Models

Session 5: Business Continuity, with Business Impact Analysis

Bringing Cybersecurity to the Boardroom Bret Arsenault

Policy-Based Security, Compliance, and Risk Management

Spotlight Report. Information Security. Presented by. Group Partner

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Uncovering the Risk of SAP Cyber Breaches

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Reinvent Your 2013 Security Management Strategy

Threat and Vulnerability Assessment Tool

Technology Outsourcing with Cloud Computing. Understanding the Opportunity

Security Diagnostics for IAM

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Information Technology Branch Organization of Cyber Security Technical Standard

Nebraska CERT Conference

Altitude Software. Data Protection Heading 2018

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Securing Your Secured Data

INTELLIGENCE DRIVEN GRC FOR SECURITY

Transforming Security Part 2: From the Device to the Data Center

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Altius IT Policy Collection Compliance and Standards Matrix

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Transcription:

Session ID: CISO-W22 Session Classification: General Interest

Pain Points What are your two biggest information security-related pain points?* Mobile Device Security Security Awareness Training User Behavior Compliance/Auditing Organizational Politics Data Security Data Leakage Prevention Budget Authorization/Access Control Resource Constraints Staffing SIEM Remote Access Patch Management Monitoring Improvements Keeping Up With New Technology Hackers Data Analytics and Reporting Vulnerability Management User/Business Requirements Malware Endpoint Security Application Security 1 1 1 10% n=192. *Note that due to multiple responses per interview, totals may exceed 100%. Industry Profile - 2H 12

Top Projects What are your organization s top three information security projects in the next 12 months?* Data Leakage Prevention Identity Management Mobile Device Security Firewall Install/Refresh SIEM Security Awareness Training Intrusion Management Dual-/Multi-factor Authentication Mobile Device Management Log Management Endpoint Security Encryption Authorization/Access Control Risk Assessment Application Security Policy Management Monitoring Improvements Cloud Computing Control Single Sign On Network Segmentation Network Access Control Email Security Data Classification Anti-malware Vulnerability Management Security Certification PCI Compliance Datacenter Migration/Modification Business Continuity/Disaster Recovery Vulnerability Assessment VPN/Remote Access Mergers and Acquisitions GRC Application-aware Firewall 1 1 9% 1 2 n=193. *Note that due to multiple responses per interview, totals may exceed 100%. Industry Profile - 2H 12

Technology Roadmap What is your status of implementation for this technology? Patch Management 8 Vulnerability/Risk Assessment/Scanning (of Infrastructure) 8 9% Network Intrusion Detection and/or Prevention (NIDS/NIPS) 80% Two-factor (Strong) Authentication for Infrastructure 6 20% Identity Management 59% 2 Security Information Event Management (SIEM) 5 9% 2 Mobile Device Management 4 1 8% 2 App Sec Testing Code/Binary Analysis Based Vulnerability 4 4 8% App Sec Testing External App Fuzzing/Testing Vulnerability 40% 4 10% Managed Security Service Provider (MSSP) 3 5 Web-application Firewall (WAF) 3 48% Application-aware Firewall 3 1 4 Endpoint Data Loss Prevention Solutions 28% 1 4 In Use Now In Pilot/Evaluation (Budget Has Already Been Allocated) Near-term Plan (In Next 6 Months) Long-term Plan (6-18 Months) Past Long-term Plan (Later Than 18 Months Out) Not in Plan Don't Know/No Response n=200. Technology Roadmap - 2H 12

Drivers for What are the three drivers for information security within your organization?* Compliance Requirements Managing Reputational Risk Data Protection Requirements Customer Expectations Risk Management Regulatory Requirements Business Requirements Intellectual Property Protection Malware/Hacking Alignment to Best Practices Senior Management Expectations Asset Protection Requirements Availability Requirements Audit Response Revenue Protection Keeping Up With Technology Partner/Supplier Requirements Mobile Device Proliferation Cost Containment 1 1 1 9% 9% 2 2 6 n=193. *Note that due to multiple responses per interview, totals may exceed 100%. Wave 15

Method of Project Approval How are information security projects approved within your organization? Compliance Decides ROI Calculation Risk Assessment Committee Approval CIO Decides Senior Management Decides Reaction to Security Problem CISO Driven Security Can't Initiate a Project Business Unit Driven Sacred Cow Strategic Plan Scare Tactics Linked to Customer Requirement Board of Director Approval Various Human Resources Decides External IT Research Driven CFO Decides Other Don't Know 1 4 n=194. Industry Profile - 2H 12

Strengths and Weaknesses of Internal IT Audit Function Describe the strengths and weaknesses of your internal IT audit function, if you have one. Strengths Weaknesses No Specific Strengths 2 Lack of Technology Knowledge 2 Breadth of Coverage 1 Lack of Coverage 20% Financial Knowledge Enforcement Around Findings Technology Knowledge 1 1 1 Spread Too Thin Inability to Prioritize Findings 1 1 Relationship With 10% No Specific Weaknesses 8% Independent Reporting Line 8% Lack of Independence Risk Management Knowledge Reporting Quality of Testing Process Driven Poor Relationship With Information Security Poor Enforcement of Findings Lack of Process Physical Security Knowledge Poor Reporting Benchmarking Lack of Business Knowledge Left Chart, n=63; Right Chart, n=64. Wave 15

Highest Internal IT Security Risks Which of the personnel types below do you consider to be the highest internal IT security risk to your organization? Business Unit Staff (Non-IT Technical) 2 Contractors and Temporary Staff Technical Staff Elevated Privilege (Including IT Systems Administrators) 20% 19% Management/Executive Team 1 Outsourced Service Provider Personnel 9% Remote Employees Technical Staff Without Elevated Privilege (Including IT Systems Administrators) Business Partners Other n=194. Wave 15

Organizational Structure Is a separate division, or department at your enterprise? No 3 Yes 6 n=194. Wave 15

Physical and IT Security Reporting to Same Executive Do physical and IT security functions report to a single executive leader? No 7 Yes 2 n=194. Wave 15

Hours Spent Training End Users How many hours a month does your team spend on security awareness programs and training for end users? None 1 1-10 5 11-20 21-50 10% 51 18% n=103. Wave 15

Written Security Policies Does your organization have formal written security policies? No Yes 98% n=193. Wave 15

Application Security Technology Roadmap What is your status of implementation for this technology? App Sec Testing Code/Binary Analysis Based Vulnerability 4 4 8% App Sec Testing External App Fuzzing/Testing Vulnerability 40% 4 10% Web Application Load Testing 39% 4 1 Multi-factor Authentication for Web-based Applications 3 5 Database Security 3 48% 10% Web-application Firewall (WAF) 3 48% In Use Now Near-term Plan (In Next 6 Months) Past Long-term Plan (Later Than 18 Months Out) Don't Know/No Response In Pilot/Evaluation (Budget Has Already Been Allocated) Long-term Plan (6-18 Months) Not in Plan n=200. Technology Roadmap - 2H 12

Application Security Controls If your organization has developers, are application security controls built into the internal software development lifecycle? Yes 5 No 4 n=96. Wave 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback