Post on 07-Sep-2020
transcript
1
•Business•About the City•Bienvenido•Election
Creating a Cybersecurity Strategy for Your Organization’s Data
Clayton Calvert
Consultant
2
Agenda
Set Expectations
Organization
Strategy
Measures
Examples
Conclusion
1
2
2
3
Expectations
This talk will…
Provide strategies for orienting cybersecurity strategy with organizational goals
Help delineate the difference between measures and metrics
Provide examples of cybersecurity strategies in action
This talk will not…
Make you a risk expert
Make you a cybersecurity expert
4
Organization ‐ VMOSA
Vision Mission Objectives StrategyAction Plans
Organization
Handoff
Security
https://www.atlas101.ca/pm/concepts/vmosa-vision-mission-objectives-strategies-and-action-plans/
3
4
3
5
Organization – SWOT Analysis
Vision
Mission
Objectives
Strategy
Action Plans
6
Strategy
How you choose plans to meet your objectives, not what you choose
5
6
4
7
Measures
Three Questions to Ask:
1. What is my desired outcome?
2. Why is it the right outcome?
3. How do I know the measure predicts the outcome?
8
Observations in contextof desired Outcome
Orient
Decide
Act
Observe
Strategy
Action Plan
Measures
OODA Loop Mapping
VMOSAFactor from SWOT
VMOSA VMOSA
7
8
5
Example Strategies
10
SMART
Specific
Measurable
Achievable
Relevant
Timely
9
10
6
11
Reactive
Not a good strategy
https://www.pexels.com/photo/fire-orange-emergency-burning-1749/
12
Supporting Infosec Operations
Support infosec ops to minimize the likelihood of loss
https://www.pexels.com/photo/group-of-people-in-conference-room-1181304/
11
12
7
13
Economic Engineering
Decrease value proposition to attacker
https://www.pexels.com/photo/photography-of-one-us-dollar-banknotes-545064/
14
Reducing Infosec Risk
Set risk appetite over a given timeframe to work toward
https://www.pexels.com/photo/ace-card-game-cards-casino-297507/
13
14
8
15
Improve Compliance
Pass compliance standards
https://www.pexels.com/photo/auditorium-benches-chairs-class-207691/
16
Implement NIST Framework
Use NIST standards
https://www.pexels.com/photo/gray-metal-building-structure-2308120/
15
16
9
17
Map Risks to Plans
DOTMLPF‐P
Doctrine
Organization
Training
Materiel
Leadership
Personnel
Facilities
Policy
https://web.archive.org/web/20070204073933/http://www.dtic.mil/cjcs_directives/cdata/unlimit/3170_01.pdf
18
Conclusion
Collect vision, mission, objectives, and strategy and make it data‐driven:
Document measures and where they come from Determine why they are the right measures
Use these measures to identify and choose plans
Continually monitor performance
17
18
10
•Business•About the City•Bienvenido•Election
Questions?
Clayton Calvertccalvert@netlogx.com317-919-4043https://netlogx.com/
19