• No results found

Security as a Business Function

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security as a Business Function"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

Arsene Laurent, CISSP

Information Security Manager Telefonica USA, Inc.

[email protected] http://us.telefonica.com

Security as a Business Function

(2)

01

Introduction

- Some statistics

- A tale: Not so long ago… - Overview

02

Corporate Security Management

- Top-Down vs. Bottom-Up - Outsourcing

Agenda

Telefonica USA, Inc.

2

- Outsourcing

- Security as a Business Function

03

Conclusions
(3)

Introduction

CyberThreats To Corporate Data and Information

The Odds of a Cyber-Security Incident

Being struck by lightning: 294 Million to 1

Injury from shaving: 6,585 to 1

Becoming the victim of a cyber security or privacy

01

Becoming the victim of a cyber security or privacy

(4)

Introduction

The Republic of Minerva

01

Telefonica USA, Inc.

(5)

Introduction - Security Dynamics

01

AGGRESSOR VALUE Aggressor VALUE

Protector

Value

(6)

Corporate Security Management

Top-Down vs. Bottom-Up

The Bottom-Up approach

IT, Security Managers or engineers trying to

get individual security related projects

approved and implemented

02

Telefonica USA, Inc.

6

approved and implemented

(7)

Corporate Security Management

Top-Down vs. Bottom-Up

The Top-Down approach

Security Plan aligned with the Corporate

Strategy

Buy-in at senior-level

02

Buy-in at senior-level

(8)

Corporate Security Management Outsourcing

When organic capabilities are not appropriate

Lack of internal expertise, infrastructure

and availability of resources

02

Telefonica USA, Inc.

8

(9)

Corporate Security Management Outsourcing

Top 10 Reasons Companies Outsource

02

1.

Reduce and control operating costs

2.

Improve company focus

3.

Gain access to world-class capabilities

4.

Free internal resources for other purposes

5.

Resources are not available internally

5.

Resources are not available internally

6.

Accelerate reengineering benefits

7.

Function difficult to manage/out of control

8.

Make capital funds available

(10)

Corporate Security Management Outsourcing

Top 10 Factors in service provider selection

1.

Commitment to quality

2.

Price

3.

References/reputation

4.

Flexible contract terms

5.

Scope of resources

02

Telefonica USA, Inc.

6.

Additional value-added capability

7.

Cultural match

8.

Existing relationship

9.

Location

(11)

Corporate Security Management Outsourcing

Factors for Enterprises to Outsource Security

02

High fixed cost of constant monitoring (24x7)

Increasing complexity of applications and security infrastructure

High costs for outages. An enterprise downtime cost averages

3.6% of revenue in the last few years

3.6% of revenue in the last few years

Increased use of Intranets and Extranets

Lack of qualified IT security specialists

(12)

Corporate Security Management

Outsourcing Managed Security Services

02

(13)

Corporate Security Management

Security as a Business Function

02

Security: A service or a Business Function?

Security in the executive board

Security as one of the six management functions:

Security as one of the six management functions:

— Henry Fayol (1841-1925) “Administration Industrielle et Générale” written in

1916 (Functions and Principles of Management)

– 1. Technical (production, manufacturing) – 2. Commercial (buying, selling, exchange) – 3. Financial (obtaining and using capital)

(14)

Corporate Security Management

Today’s Security Departments

02

Have distorted, under-valued functions having decision making

capabilities subject to other departments.

Spend much time implementing reactive measures to respond to actions

that can harm the enterprise.

Telefonica USA, Inc.

The Security Executive can advise in politics and strategy, not only in

projects, systems and guards. In some situations systems and guards cannot provide solutions!

(15)

Corporate Security Management

Security as a Business Function

02

Ignoring the model of Security as a Business Function leads to wasteful

use of corporate resources (sometimes in millions of dollars) that do not result in a more secure corporation, and at the best postpones the risks.

How many Senior Managers know the answer to these questions:

How secure is the company?

To what extent is the Company’s position dependent on Security factors? To what extent is the Company’s position dependent on Security factors? What is the budget we need to invest in Security?

How do we measure the efficiency of the investment?

What’s the difference (or link) between Security, Business Continuity, Labor Risks, Financial

(16)

Conclusions

03

With appropriate Security measures, Minerva would still be a Republic.

The goal of corporate security is not the protection itself, but the

contribution that such protection can provide to the company in

economic-financial terms.

In other words, Security helps the company be in

Telefonica USA, Inc.

In other words, Security helps the company be in

the best market position. It ensures freedom of

action,

the

availability

of

goods

and

the

(17)

Conclusions

03

Security, understood from the "management“ perspective,

should help the organization to get to where it wants, i.e.:

How we want our product to be, our production, our

competition, our information...

Pure and simple strategy.

Pure and simple strategy.

(18)

Sources

US National Weather Service http://www.funny2.com/odds.htm

National Cyber Security Alliance (NCSA)

03

Survey of Current and Potential Outsourcing End-Users - The Outsourcing Institute Membership, 1998

Managed Security Services for Network Service Providers – Solution Brief by Alexis Berthillier – Juniper Networks and Frost and Sullivan

Telefonica USA, Inc.

18

Berthillier – Juniper Networks and Frost and Sullivan

(19)

Thank you for your attention

Arsene Laurent, CISSP

[email protected]

(20)

References

Download now ( PDF - 20 Page - 259.47 KB )

Related documents

Towards a political economy of republicanism : a critical assessment of Alaska's basic income scheme

En efecto, así como los libertarianos ven en cual- quier forma de intervención del Estado una fuente inevitable de interferencias arbitrarias –con la excepción de aquella acción

MINUTES. Addison Central School District Facilities Committee Committee Meeting Wednesday, September 23, 2020, 7:00 pm - 9:00 pm Virtual Connection

Victoria introduced Caitlin and Vicki to provide an overview of the IB experience, student supports, and the educational vision for ACSD as it relates to the Facilities Master

Master of. Public Health. at Hofstra University

Using an interdisciplinary approach, partnered with arts and sciences, medicine, education, business, communication and law, the School of Health Sciences and Human Services

The human gut virome: a multifaceted majority

In this scenario the human host genetic background and/or lifestyle factors may lead to an altered representation of anti-microbial mucosal phage, e.g., increased abundance of

Quadrupedal coordination of bipedal gait: implications for movement disorders

First, recording bilateral arm muscle reflex responses to unilateral tibial nerve stimulation prior to normal and obstacle swing allows the study of the task- modulated processing

Parallel Algorithms for Matrix Computations

Matrix computations, including the solution of systems of linear equations, least squares problems, and algebraic eigenvalue problems, govern the performance of many applications

Intra-household inequality and child welfare in Argentina

35 Female labor participation may generate many intra-household effects: time allocation effects (e.g., both parents working have less time to allocate to child care or domestic

ETHICAL ISSUES IN DEFENDING A TERRORISM CASE: STUCK IN THE MIDDLE

In the twenty-five years of this statute, which was enacted in 1978 to cover foreign intelligence-gathering within the confines of the United States, no court