Cyber and Technology Risk Management Forum, Park City, UT
7+( $57 2) &<%(56(&85,7< 0(75,&6
Metrics to Address Security Governance 'HFLVLRQ PDNLQJ IUDPHZRUN WKDW LQFOXGHV VHFXULW\ DQG ULVN DV FRQVLGHUDWLRQV SXUFKDVHV PDGH ZLWKRXW VHFXULW\ WHDP LQYROYHPHQW Examples: Two of three new application software purchases made this quarter received information security sign-off prior to purchase One application purchased by user department required unscheduled security team participation 6XVWDLQDELOLW\ RI VHFXULW\ DQG DELOLW\ WR PHHW H[SHFWDWLRQV 5DWLR RI VHFXULW\ ³DFWLYLWLHV´ WR RI VWDII Example: 15 hours weekly added to security team duties as the result of adding 10 unmanaged switches to the network
0,67UDLQLQJ,QVWLWXWH ,QF ,QQRYDWLYH,7//&
6OLGH
,7*=
0,6 7UDLQLQJ ,QVWLWXWH ,QF
3DJH
,7*=
LL7 &RQVXOWLQJ
7+( $57 2) &<%(56(&85,7< 0(75,&6
Metrics to Address Security Governance (cont’d) 0LWLJDWLRQ RI WKLUG SDUW\ ULVNV LQFOXGLQJ FRPSOLDQFH UHTXLUHPHQWV RI FRQWUDFWV ZLWK ³VHFXULW\´ ODQJXDJH YHQGRU FRQWUDFWRU DXGLWV YHQGRU FRQWDFWRU DWWHVWDWLRQV YHQGRUV FRQWUDFWRUV UHYLHZHG DQQXDOO\ YHQGRUV FRQWUDFWRUV´ UHYLHZHG´ RU YHQGRUV FRPSOHWLQJ VHFXULW\ TXHVWLRQQDLUHV
0,67UDLQLQJ,QVWLWXWH ,QF ,QQRYDWLYH,7//&
6OLGH
,7*=
0,6 7UDLQLQJ ,QVWLWXWH ,QF
3DJH
,7*=
LL7 &RQVXOWLQJ
Made with FlippingBook - Online Brochure Maker