Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)
•
2 gostaram•512 visualizações
By Dhananjay Rokde, CISO, Cox & Kings Group Dhananjay has an enhanced ability at managing global information security programs for large enterprises, with experience of Governance Risk & Compliance (GRC) unification & implementation programmes. He has received the ‘Top 100 CISO Award’, ‘Future CIO Award’ and the ‘CIO Masters Award for excellence in Information Security’. He is presently in-charge of the overall information & infrastructure security operations, risk management and compliance of the entire group. He also has an advanced diploma in IT Cyber Laws & Data Privacy from the Asian School of Cyber Laws.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (11)
Semelhante a Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)
Semelhante a Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14) (20)
Último
Último (20)
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Security_Seminar_Sept19'14)
- 1. In association with Presented by Supported by BUILD A BUSINESS CASE – GET THE MANAGEMENT'S ATTENTION Dhananjay Rokde, CISO, Cox & Kings Group SEPT 19, 2014 Hotel Digital Security Seminar
- 2. Presented by In association with Supported by Dhananjay Rokde Dhananjay has an enhanced ability at managing global information security programs for large enterprises, with experience of Governance Risk & Compliance (GRC) unification & implementation programmes. He has received the ‘Top 100 CISO Award’, ‘Future CIO Award’ and the ‘CIO Masters Award for excellence in Information Security’. He is presently in-charge of the overall information & infrastructure security operations, risk management and compliance of the entire group. He also has an advanced diploma in IT Cyber Laws & Data Privacy from the Asian School of Cyber Laws. By X Events Hospitality (www.x-events.in) 2 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
- 3. Presented by In association with Supported by Agenda By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 3 ¨ Establishing ‘measurable’ expectations ¨ Always promise value – not ROI ¨ Strategize in advance – don’t wait ¨ Train, educate and continuous awareness ¨ Implement established standards ¨ Reporting ¨ Further reading
- 4. Establishing ‘measurable’ expectations Presented by In association with Supported by By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 4 ¨ Establish a clear ‘written’ agreement on the organizations ‘acceptable risk criteria’ (ARC) ¤ Regularly audit, assess, modify and sign-off on this criteria ¨ Define constraints within the ARC for ¤ Confidentiality ¤ Integrity ¤ Availability ¨ Mark boundaries for the asset classification ¤ Data classification ¤ People, Process & Technology ¨ Clearly imply that there will NO ‘negotiations’ on statutory compliance & local laws ¨ Have clearly defined exceptions and exclusions.
- 5. Presented by In association with Supported by Always promise value – not ROI By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 5 ¨ It is NOT possible to justify all security investments! ¤ They are not your average CapEx or OpEx items ¤ ROI is derived over (very) long periods of time ¤ Standard depreciation, asset valuation does not apply to these investments ¨ REMEMBER – Its always about what we have to ‘loose’, than gain.
- 6. Presented by In association with Supported by Strategize in advance – don’t wait By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 6 ¨ Have a long term information security vision and mission ¨ It is good to define at least a 5 year roadmap with distinct milestones ¤ There should be a ‘measurable’ increase in the security posture after every milestone ¤ This should typically be done along with the understanding and agreement of the CxO layer ¤ The business strategy and security strategy should go hand-in-hand ¨ Leave room for contingencies. There will be some. ¨ Have a focussed continuous improvement plan ¨ REMEMBER – your security strategy is NOT a project plan
- 7. Presented by In association with Supported by Implement established standards By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 7 ¨ Agree with the management on implementing global best practices ¤ ISMS – ISO 27001 ¤ Application Security – OWASP & SAMM ¤ Risk Management– ISO 31000 ¤ BCP – ISO 25999
- 8. Presented by In association with Supported by Reporting By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 8 ¨ Basic ¤ Risk reviews ¤ Impact Assessments ¤ Corrective action plans ¨ Advanced ¤ Global risk heat maps ¤ Balanced score cards
- 9. Presented by In association with Supported by Further reading By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 9 ¨ The 5 R’s of building an Information Security business case ¤ http://www.csoonline.com/article/2124269/metrics-budgets/the-five- rs--building-a-business-case-for-information-security.html ¨ The business model for information security ¤ http://www.isaca.org/Knowledge-Center/Research/Documents/ Introduction-to-the-Business-Model-for-Information- Security_res_Eng_0109.pdf ¨ OWASP ¤ www.owasp.org ¨ SAMM ¤ www.samm.org
- 10. Presented by In association with Supported by By X Events Hospitality 10 Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in)
- 11. Presented by In association with Supported by About us HATT is India's young and premium community for CXOs from the Hospitality, Healthcare, Aviation, Travel and Tourism industries. o With over 1,000 members across India, we are now poised to expand globally with a presence in South East Asia and the Middle East by 2016. www.hattforum.com Hotel Digital Security Seminar & Webinar, Sept 19, 2014 11 X Events manages & supports events exclusively for the hospitality & travel industries. o Our USP is that we are hoteliers by training. We focus on the two most important aspects of an event; content quality and impact. o We do it because we believe in it. www.x-events.in By X Events Hospitality (www.x-events.in) FB/hattforum
- 12. Presented by In association with Supported by Our host – Brian Pereira Brian is a veteran technology journalist with two decades of experience. He has served as editor for two magazines: CHIP and InformationWeek India. He is a respected speaker & host at conferences worldwide. In his current role at Hannover Milano Fairs India, Brian serves as project head for CeBIT Global Conferences, the world's largest ICT fair that will debut in India this November, in Bangalore. By X Events Hospitality (www.x-events.in) 12 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
- 13. Presented by In association with Supported by Hotel Digital Security Seminar & Webinar, Sept 19, 2014 13 Five expert speakers 1. Latest threats in digital security (Worms, attacks, viruses, flaws) - Santosh Satam, CEO, SecurBay Services. 2. The immediate action needed to tighten up (Priority list, cost, internal policies) - Ambarish Deshpande, MD - India & SAARC, Blue Coat 3. Information loss prevention (Principles & practices) - Geet Lulla, VP - India & ME, Seclore 4. How to build a business case & get the management's attention - Dhananjay Rokde, CISO, Cox & Kings Group. 5. Global cyber security outlook - A. K. Viswanathan, Senior Director - Enterprise Risk Services, Deloitte India. By X Events Hospitality (www.x-events.in) The seminar schedule
- 14. Presented by In association with Supported by Our sponsors & supporters By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 14 Thank You
- 15. In association with Presented by Supported by HOTEL DIGITAL SECURITY SEMINAR SEPT 19, 2014 www.x-events.in