SlideShare a Scribd company logo

Cyber Security Organizational Operating Model and Governance

Download as PPTX, PDF
S
Srinidhi Aithal

The document discusses the importance of an organizational operating model and governance for cyber security, emphasizing the need for effective security practices driven by board-level innovation. It identifies key challenges such as security posture, policy gaps, and internal threats, while highlighting the relevance of popular cyber security frameworks. Looking to the future, it proposes a next-generation model focusing on enterprise-wide acceptance, risk-based approaches, and continuous adaptability to evolving threats.

Leadership & Management
Related topics:
Risk-Management Cyber-Security
1 of 9
Downloaded 35 times
1
2
3
4
5
6
7
8
9
Cyber Security Organizational Operating Model And Governance Anusha Amareshbabu, Deepti Madhu, Rishi Midha, Srinidhi Aithal, Suvir Singh, Swati Mehta, Vikram Konduru UB – SOM – MSS – MGS 650/420 IA November 16, 2015; Buffalo, NY Deloitte Challenge
Safeguard and Maintain Confidentiality, Integrity and Availability Triad1 Information Security is not Just technical issues, but Governance responsibility2 Need for a “Safer Internal Business Community”3 • Organizations want to be more effective and competitive • Board of directors are driving Innovation like never before • Built in link between growth, innovation and cyber security CYBER SECURITY GOVERNANCE – THE EMERGING TREND
KEY CHALLENGES  Security Posture Lack of due diligence in evaluating Security Maturity Level  Physical and Logical Security Controlled Access Encryption  Competitors Corporate Espionage
KEY CHALLENGES (contd.)  Disgruntled Employees Headcount reduction Culture change after Merger  Policies and Awareness Mismatch of security policies and governance models  Financial Criminals Internal Threats APT
WHAT DOES THE FUTURE HOLD? LURKING PROBLEMS Technological Transformations Unhealthy Cyber Ecosystem Resource Allocation and Risk Appetite Globalization and Disappearing Business Boundaries
POPULAR CYBER SECURITY FRAMEWORKS  Cybersecurity Capability Maturity Model(C2M2)  National Institute Of Standards and Technology(NIST)  Control Objectives for Information and Related Technology(COBIT 5)  ITIL Security Management  ISO 27000-series
THE NEXT GENERATION MODEL  Enterprise-wide acceptance  Commensurate with the work culture  Senior management endorsement  Alignment with business objectives  Extend beyond the boundaries of the organization  Long-term risk-based approach  Comprehensive, Effective, and Adaptive
THE NEXT GENERATION MODEL ENHANCE SECURITY • Align corporate governance with IT • Perform risk analysis • Design enterprise wide policy • Build strong application controls • Establish accountability • Ensure security awareness • Audit processes, procedures, and controls BUILD RESILIENCE CONTINUOUS VIGILANCE • Monitor and adapt to threat trends in the industry • Design effective detection systems • Protect against internal attacks • Modify and update indicators of risk • Report inconsistencies for proactive measures • Effective, adaptive, and tested business continuity planning • Organization-wide training to enhance disaster response mechanism • Business impact analysis evaluations • Continuous rehearsals of disaster handling procedures
REFERENCES • https://securityintelligence.com/creating-a-cybersecurity-governance-framework-the- necessity-of-time/ • http://www.computerworld.com/article/2564800/security0/the-link-between- information-security-and-corporate-governance.html • http://www.govtech.com/blogs/lohrmann-on-cybersecurity/What-is-a-healthy- 061211.html • https://hbr.org/1991/05/transcending-business-boundaries-12000-world-managers- view-change • http://www.ciosummits.com/Financial_Services_Cyber_Challenges_White_Paper.pdf • https://www.securestate.com/blog/2015/02/06/cyber-security-concerns-in-the- mergers-acquisitions-due-diligence-process • http://www.boozallen.com/media/file/Overcoming-Financial-Crimes-wp.pdf • http://www2.deloitte.com/global/en/pages/risk/topics/cybersecurity.html

More Related Content

PDF
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PDF
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
PPTX
Enterprise Security Architecture Design
Priyanka Aash
 
PPTX
Cybersecurity Awareness Training
Dave Monahan
 
PDF
Introduction to Cybersecurity
Krutarth Vasavada
 
PPTX
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
PPTX
Siem solutions R&E
Owais Ahmad
 
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Enterprise Security Architecture Design
Priyanka Aash
 
Cybersecurity Awareness Training
Dave Monahan
 
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
Siem solutions R&E
Owais Ahmad
 

What's hot (20)

PPTX
Data Loss Prevention from Symantec
Arrow ECS UK
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
PPT
8. operations security
7wounders
 
PPTX
Security awareness
Josh Chandler
 
PPTX
Physical access control
Ahsin Yousaf
 
PPTX
Endpoint Protection
Sophos
 
PPT
information security management
Gurpreetkaur838
 
PDF
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
PPTX
Information Security Governance and Strategy - 3
Dam Frank
 
PPTX
Cloud Audit and Compliance
Quadrisk
 
PPTX
Iso 27001 awareness
Ãsħâr Ãâlâm
 
PPTX
NIST Critical Security Framework (CSF)
Priyanka Aash
 
PPTX
Cyber security
manoj duli
 
PPTX
What is iso 27001 isms
Craig Willetts ISO Expert
 
PPTX
Physical security
Tariq Mahmood
 
PPTX
Cyber Security Best Practices
Evolve IP
 
PPTX
Hyphenet Security Awareness Training
Jen Ruhman
 
PPT
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
PPTX
SIEM Primer:
Anton Chuvakin
 
PDF
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Data Loss Prevention from Symantec
Arrow ECS UK
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
8. operations security
7wounders
 
Security awareness
Josh Chandler
 
Physical access control
Ahsin Yousaf
 
Endpoint Protection
Sophos
 
information security management
Gurpreetkaur838
 
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Information Security Governance and Strategy - 3
Dam Frank
 
Cloud Audit and Compliance
Quadrisk
 
Iso 27001 awareness
Ãsħâr Ãâlâm
 
NIST Critical Security Framework (CSF)
Priyanka Aash
 
Cyber security
manoj duli
 
What is iso 27001 isms
Craig Willetts ISO Expert
 
Physical security
Tariq Mahmood
 
Cyber Security Best Practices
Evolve IP
 
Hyphenet Security Awareness Training
Jen Ruhman
 
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
SIEM Primer:
Anton Chuvakin
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Ad

Similar to Cyber Security Organizational Operating Model and Governance (20)

PDF
New technologies - Amer Haza'a
Fahmi Albaheth
 
PDF
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
PDF
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
PDF
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
PDF
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
PDF
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Matthew Rosenquist
 
PPTX
InfraGard Webinar March 2016 033016 A
Ward Pyles
 
PDF
Top 10 Cybersecurity Predictions for 2015
Matthew Rosenquist
 
PPTX
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Argyle Executive Forum
 
PDF
IREC165473PR RP 2017 Security Outlook
Chris Cornillie
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
foxyyhqlcu515
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
osikalopex47
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
eapysvt6956
 
PDF
Security as a Strategy
James Deiotte
 
PDF
CIA Trifecta ISACA Boise 2016 Watson
Patricia M Watson
 
PDF
br-security-connected-top-5-trends
Christopher Bennett
 
PDF
A Major Revision of the CISRCP Program
GoogleNewsSubmit
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
veikkieymann
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
baruulisy
 
PPTX
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
New technologies - Amer Haza'a
Fahmi Albaheth
 
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Matthew Rosenquist
 
InfraGard Webinar March 2016 033016 A
Ward Pyles
 
Top 10 Cybersecurity Predictions for 2015
Matthew Rosenquist
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Argyle Executive Forum
 
IREC165473PR RP 2017 Security Outlook
Chris Cornillie
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
foxyyhqlcu515
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
osikalopex47
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
eapysvt6956
 
Security as a Strategy
James Deiotte
 
CIA Trifecta ISACA Boise 2016 Watson
Patricia M Watson
 
br-security-connected-top-5-trends
Christopher Bennett
 
A Major Revision of the CISRCP Program
GoogleNewsSubmit
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
veikkieymann
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
baruulisy
 
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
Ad

Recently uploaded (20)

PDF
CHAPTER 14 Manageement of Nursing Educational Institutions- planing and orga...
anu7thomas
 
PPTX
Psychological_Contract_Presentation.pptx
nazia539565
 
PDF
Air India AI-171 Crash in Ahmedabad A Tragic Wake-Up Call.
Sky One
 
PPTX
Chapter One an overview of political economy
argachewbochena1
 
PDF
CHAPTER 15- Manageement of Nursing Educational Institutions- Staffing and st...
anu7thomas
 
PPTX
TCoE_IT_Concrete industry.why is it required
kishorbhole1
 
PDF
Case study -Uber strategic plan and management
hossammorsy1984
 
PPTX
Mangeroal Finance for Strategic Management
hossammorsy1984
 
PPTX
Concluding Session_Wrapup-India Jun 5 2024-Oct 5 2025 ZS.pptx
vinaypashan1
 
PPTX
School Annual day Presentation, Logo, Animation
ssuser4d85ec
 
PDF
MANAGEMENT LESSONS FROM ANCIENT KNOWLEDGE SYSTEM-ARTHASHASTRA AND THIRUKKURAL...
HARINIS967745
 
PPTX
2. CYCLE OF FUNCTIONING RIFLE -PP Presentation..pptx
Ernesto Valenton
 
PPTX
Leadership for Industry 4.0 And Industry 5.0
neham262006
 
PDF
CISSP Domain 5: Identity and Access Management (IAM)
VICTOR MAESTRE RAMIREZ
 
PPTX
Consulting on marketing-The needs wants and demands are a very important comp...
hamdullahazimi3
 
PPTX
MY GOLDEN RULES la regla de oro jhonatan requena
jhonatanrequena058
 
PPTX
Effective_communication._(strategy).pptx
neathrajayabalan224
 
PPTX
Human Resources management _HR structure
durga7339429670
 
PPTX
Press Release Importance & Structure.pptx
kanagaranjitham064
 
PDF
CHAPTER 14 Manageement of Nursing Educational Institutions- planing and orga...
anu7thomas
 
CHAPTER 14 Manageement of Nursing Educational Institutions- planing and orga...
anu7thomas
 
Psychological_Contract_Presentation.pptx
nazia539565
 
Air India AI-171 Crash in Ahmedabad A Tragic Wake-Up Call.
Sky One
 
Chapter One an overview of political economy
argachewbochena1
 
CHAPTER 15- Manageement of Nursing Educational Institutions- Staffing and st...
anu7thomas
 
TCoE_IT_Concrete industry.why is it required
kishorbhole1
 
Case study -Uber strategic plan and management
hossammorsy1984
 
Mangeroal Finance for Strategic Management
hossammorsy1984
 
Concluding Session_Wrapup-India Jun 5 2024-Oct 5 2025 ZS.pptx
vinaypashan1
 
School Annual day Presentation, Logo, Animation
ssuser4d85ec
 
MANAGEMENT LESSONS FROM ANCIENT KNOWLEDGE SYSTEM-ARTHASHASTRA AND THIRUKKURAL...
HARINIS967745
 
2. CYCLE OF FUNCTIONING RIFLE -PP Presentation..pptx
Ernesto Valenton
 
Leadership for Industry 4.0 And Industry 5.0
neham262006
 
CISSP Domain 5: Identity and Access Management (IAM)
VICTOR MAESTRE RAMIREZ
 
Consulting on marketing-The needs wants and demands are a very important comp...
hamdullahazimi3
 
MY GOLDEN RULES la regla de oro jhonatan requena
jhonatanrequena058
 
Effective_communication._(strategy).pptx
neathrajayabalan224
 
Human Resources management _HR structure
durga7339429670
 
Press Release Importance & Structure.pptx
kanagaranjitham064
 
CHAPTER 14 Manageement of Nursing Educational Institutions- planing and orga...
anu7thomas
 

Cyber Security Organizational Operating Model and Governance

  • 1. Cyber Security Organizational Operating Model And Governance Anusha Amareshbabu, Deepti Madhu, Rishi Midha, Srinidhi Aithal, Suvir Singh, Swati Mehta, Vikram Konduru UB – SOM – MSS – MGS 650/420 IA November 16, 2015; Buffalo, NY Deloitte Challenge
  • 2. Safeguard and Maintain Confidentiality, Integrity and Availability Triad1 Information Security is not Just technical issues, but Governance responsibility2 Need for a “Safer Internal Business Community”3 • Organizations want to be more effective and competitive • Board of directors are driving Innovation like never before • Built in link between growth, innovation and cyber security CYBER SECURITY GOVERNANCE – THE EMERGING TREND
  • 3. KEY CHALLENGES  Security Posture Lack of due diligence in evaluating Security Maturity Level  Physical and Logical Security Controlled Access Encryption  Competitors Corporate Espionage
  • 4. KEY CHALLENGES (contd.)  Disgruntled Employees Headcount reduction Culture change after Merger  Policies and Awareness Mismatch of security policies and governance models  Financial Criminals Internal Threats APT
  • 5. WHAT DOES THE FUTURE HOLD? LURKING PROBLEMS Technological Transformations Unhealthy Cyber Ecosystem Resource Allocation and Risk Appetite Globalization and Disappearing Business Boundaries
  • 6. POPULAR CYBER SECURITY FRAMEWORKS  Cybersecurity Capability Maturity Model(C2M2)  National Institute Of Standards and Technology(NIST)  Control Objectives for Information and Related Technology(COBIT 5)  ITIL Security Management  ISO 27000-series
  • 7. THE NEXT GENERATION MODEL  Enterprise-wide acceptance  Commensurate with the work culture  Senior management endorsement  Alignment with business objectives  Extend beyond the boundaries of the organization  Long-term risk-based approach  Comprehensive, Effective, and Adaptive
  • 8. THE NEXT GENERATION MODEL ENHANCE SECURITY • Align corporate governance with IT • Perform risk analysis • Design enterprise wide policy • Build strong application controls • Establish accountability • Ensure security awareness • Audit processes, procedures, and controls BUILD RESILIENCE CONTINUOUS VIGILANCE • Monitor and adapt to threat trends in the industry • Design effective detection systems • Protect against internal attacks • Modify and update indicators of risk • Report inconsistencies for proactive measures • Effective, adaptive, and tested business continuity planning • Organization-wide training to enhance disaster response mechanism • Business impact analysis evaluations • Continuous rehearsals of disaster handling procedures
  • 9. REFERENCES • https://securityintelligence.com/creating-a-cybersecurity-governance-framework-the- necessity-of-time/ • http://www.computerworld.com/article/2564800/security0/the-link-between- information-security-and-corporate-governance.html • http://www.govtech.com/blogs/lohrmann-on-cybersecurity/What-is-a-healthy- 061211.html • https://hbr.org/1991/05/transcending-business-boundaries-12000-world-managers- view-change • http://www.ciosummits.com/Financial_Services_Cyber_Challenges_White_Paper.pdf • https://www.securestate.com/blog/2015/02/06/cyber-security-concerns-in-the- mergers-acquisitions-due-diligence-process • http://www.boozallen.com/media/file/Overcoming-Financial-Crimes-wp.pdf • http://www2.deloitte.com/global/en/pages/risk/topics/cybersecurity.html