1 / 23

The Role of the CISO

The Role of the CISO. Ron Baklarz CISSP , CISA, CISM, NSA-IAM/IEM **Warning sexually graphic content and subject matter**. Internal Factors Affecting the CISO Role Top 10 Coolest Information Security Jobs What Makes a Good CISO? Corporate culture To Whom does the CISO report?

aram
Télécharger la présentation

The Role of the CISO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Role of the CISO Ron Baklarz CISSP, CISA, CISM, NSA-IAM/IEM **Warning sexually graphic content and subject matter**

  2. Internal Factors Affecting the CISO Role • Top 10 Coolest Information Security Jobs • What Makes a Good CISO? • Corporate culture • To Whom does the CISO report? • What are budget and staffing levels? • External Factors Affecting the CISO Role • Regulatory aspects • Risk factors of the organization • Personal Experience Agenda

  3. The Top 10 of the 20 Coolest Jobs in Information Security • Information Security Crime Investigator/Forensic Expert • System, Network and/or Web Penetration Tester • Forensic Analyst • Incident Responder • Security Architect • Malware Analyst • Network Security Engineer • Security Analyst • Computer Crime Investigator • CISO/ISO or Director of Security www.sans.org

  4. “Key responsibilities of a CSO include asset management, security assessments, development of a security strategy and risk management plan, certification and audit. In a nutshell, the CSO manages risks for the organization and advises senior management about risks to the business and recommends a treatment for the risk. “ May 30, 2007 Nalneesh Gaur www.csoonline.com

  5. What makes a good CISO? - The ability to affect change. - An understanding of how business processes and information interact. - An understanding of the technologies used in your organization - An understanding of legal and compliance issues. May 15, 2009 Boaz Gelbord

  6. Experience • Military-focused organization • Government • Private Sector • Humanitarian • Healthcare • Transportation Corporate Cultures

  7. GLBA SOX HIPAA PCI FISMA Regulatory Aspects

  8. Titles: CISO, CSO, CRO, ISSO, Director, Manager Reports To: CIO, CFO, CRO, CEO, CTO Never realized convergence of physocal and logical security Reporting & Organizational Structures

  9. Wearing the Chief Risk Officer Hat

  10. Chronology of Data Breaches - Started in 2005 subsequent to the Choicepoint breach • As of September 25, 2009: 263, 674,426 records compromised www.privacyrights.org

  11. www.privacyrights.org

  12. $3.5 Billion non-profit • Largest healthcare system in the Washington DC-Baltimore area • 8 hospitals and over 50 offices and services • 25,000 employees • 5,000 affiliates Personal Experience - MedStar Health

  13. Wearing the Chief Hacking Officer Hat

  14. MedStar Health – 2007 WebInspect

  15. Wearing the Chief Investigative Officer Hat

  16. Personal Experience – MedStar Health

  17. What is DLP? DLP – Data Loss Prevention

  18. DLP – First 45 minutes

  19. DLP – First 45 minutes & More

  20. Affiliated physician • Coming in through VPN with static IP assignment • Had VPN trail, firewall trail, DLP corroboration • DLP easily assembled cases • FBI/BCPD investigated – confiscated work computer DLP – First 45 minutes & More

  21. DLP – First 45 minutes DLP – “The Officer is not a gentleman”

  22. “Attachments F and G are screenshots from direct access to PC xxx.xxx.xxx.xxx and specifically the “My Pictures/Pics” folder. The details of this folder show that there are 49 subfolders with a total of over 1,300 mostly pornographic images of different women compartmentalized on a by-folder basis. “ Excerpt from investigative report CISO.2007.155 dated October 1, 2007 DLP – “The Officer is not a gentleman”

  23. Q & A End of Presentation

More Related