�ݺ�ߣ

1. SThe New CIO^SECURITYThe 3rd Kuwait InfoSecurityConferenceMay 26, 2011Pradeep MenonExecutive Vice President and DirectorQuadrant Risk Management>

2. AGENDAThe Evolving Role of the CISOSelling Security Internally2

3. The CISO The role of the Chief Information Security Officer (CISO) is becoming very strategic in nature

4. Some of the Key Drivers for this Strategic Visibility include:SCIO^3

5. Why should organizations have a CISO? FraudInsider TheftLack of single source of truthThird party exposure?SRate of Adoption of New TechnologiesCIOHacking^Evolving TechnologiesLack of monitoring and controls4

6. Evolution of the role for Information SecuritySince last 2-3 years5-8 years ago9-12 years agoSource: Forrester Research5

7. New ResponsibilitiesThe emerging role of the CISO and information security office calls for new skills and responsibilities to be undertaken including:

8. Marketing and selling of Information Security within the organization

9. Quantifying benefits

10. Controller to Business Enabler

11. Program Managing Security rather than Project Managing

12. Representation in the Senior Management Decision Making Bodies6

13. The Major Roadblocks that still CISOs face7

14. AGENDAThe Evolving Role of the CISOSelling Security Internally8

15. Tips for Enhancing CISO Value and ReachBranding SecuritySecurity could be branded as a member of the organization

16. Creating characters, voices and visuals that represent security in a meaningful way

17. E.g. - Salim from aeCERT9

18. Tips for Enhancing CISO Value and ReachBranding SecurityMake the CEO sign important Information Security policies

19. Make the CEO speak about security

20. Educate the CEO with important news and reports through periodic meetingsCEO Involvement10

21. Tips for Enhancing CISO Value and ReachBranding SecurityOrganize quarterly meetings where Business users and InfoSec teams interact

22. Let Business Users express their views

23. Conduct white paper sessions to demonstrate how security issues can lead to loss of customers CEO InvolvementBusiness Involvement11

24. Tips for Enhancing CISO Value and ReachBranding SecuritySecurity should become a habit, not a regulation

25. Celebrate security practices and achievements

26. Place Kiosks, Stalls etc. to create awareness about following security practices

27. Let the CEO inaugurate the proceedings of the Day

28. Involve people from business units

29. Conduct contestsCEO InvolvementBusiness InvolvementSecurity Awareness Day12

30. Tips for Enhancing CISO Value and ReachBranding SecurityForm Information Security sub committees in organization such as KITS (if not already in place)

31. Influence regulatory bodies and excellence centers such as CAIT and Central Banks

32. e.g., SAMA regulation for Multi Factor Authentication

33. ADSIC – Information Security ProgramCEO InvolvementBusiness InvolvementSecurity Awareness Day‘External Agencies’13

34. Tips for Enhancing CISO Value and ReachBranding SecurityPublishing annual reports on IS activities and developments for the year

35. Creating a web portal for users to view various reports on the metrics based on which their contribution to IS initiatives are rated CEO InvolvementBusiness InvolvementSecurity Awareness DayExternal AgenciesAnnual ISMS Reporting14

36. Tips for Enhancing CISO Value and ReachBranding SecurityExternal consultancies are SMEs

37. Their experience is wide and deep in an area

38. Utilizing consultancies for specific programs might be easier to get a management buy-in

39. Organizational hierarchy could be a bottleneck to express views and concerns regarding security issues

40. Look upon consultancies as partners or change agents, not as vendors or spendersCEO InvolvementBusiness InvolvementSecurity Awareness DayExternal AgenciesAnnual ISMS ReportingExternal Consultancies15

41. Tips for Enhancing CISO Value and ReachBranding SecurityInviting CISOs from other companies helps in knowledge exchange and gains on both sides

42. Forums such as LinkedIn and Facebook have been instrumental in generating “Networking”

43. Involvement in joint research initiatives through organizations such as CAIT (The Central Agency for Information technology) , KITS (Kuwait Information Technology Society), aeCERT, OCERT etc.CEO InvolvementBusiness InvolvementSecurity Awareness DayExternal AgenciesAnnual ISMS ReportingExternal ConsultantsOther CISO Involvement16

44. Tips for Enhancing CISO Value and ReachBranding SecurityIncentives for your IS team members to contribute and attend various eventssuch as conferences, trainings, seminars etc.

45. Encourage publishing of white papers on popular websites and journals, on behalf of the organizationCEO InvolvementBusiness InvolvementSecurity Awareness DayExternal AgenciesAnnual ISMS ReportingExternal ConsultantsOther CISO InvolvementExternal Involvement17

46. Thank YouPradeep MenonExecutive Vice President and DirectorQuadrant Risk Managementpradeep.menon@qrmi-me.comTel: +971-4-6091970Mob: +971-50-4815260

�ݺ�ߣ

Pradeep menon how to influence people and win top management buy0in for ciso

More Related Content

Pradeep menon how to influence people and win top management buy0in for ciso