Web & Social Media Analytics Previous Year Question Paper.pdf
UK Conference 2018_How to engage your IT security team and fund your SAM programme_AJ Witt
1. The ITAM Review UK Conference 2018
How to engage your IT Security Team -
and fund your SAM programme
AJ Witt, Industry Analyst, The ITAM Review
2. The ITAM Review UK Conference 2018
About Me
• Former IT Asset Manager
• Now Industry Analyst for the ITAM Review
• Managed 5000+ device estate, half of which was floating!
• Reported to Director of Security, Risk, and Compliance
3. The ITAM Review UK Conference 2018
Agenda
• The IT Security Challenge
• Stakeholder analysis for ITSec teams
• How can ITAM Help ITSec?
• What does this mean for your SAM programme?
4. The ITAM Review UK Conference 2018
ITAM-ITSEC
alignment –
end state
• Mutual support for removal of technical
debt
• Justification for ongoing support/
maintenance budgets
• Reduction in volume of authorised software
titles
• Hero status - Maersk
5. The ITAM Review UK Conference 2018
Maersk – NotPetya Response
• 20% of worldwide container shipments
• Complete infrastructure rebuild
– 10 days
– 4,000 new servers
– 45,000 new PCs
– 2,500 applications
• Chairman – “heroic effort to do over 10 days which should take 6 months”
• Still operated at 80% capacity during that time
• Revenue impact $250-300m
• How would you respond?
6. The ITAM Review UK Conference 2018
Power/Interest Stakeholder Analysis - ITAM
7. The ITAM Review UK Conference 2018
Stakeholder Analysis - Attitude
• Interest and Power tell you who is important, but not how you
should engage them.
• A High Power, High Interest stakeholder can either be a Champion
or a Blocker, depending on their attitude to your programme.
• You can’t easily change their power or interest but you can
influence their attitude.
• How do you turn a Blocker into a Champion? Understand their
motivations and goals and tailor your interactions accordingly.
8. The ITAM Review UK Conference 2018
ITSec – Mindset
• Similar mindset and stakeholders to an ITAM team
– Risk Management
– Management of Technical Debt
– Audit Response
– Proof of Compliance
– Detail-obsessed
• Some differences
– Planned audit schedule – requirement for continuous compliance
– Subject to internal audit
– Manage unknown threats
9. The ITAM Review UK Conference 2018
ITSec – Current focus
• Increasing demands and increasing focus
– Lethal payload malware such as Wannacry
– PCI-DSS & SOX compliance
– Vulnerability Reporting
– Patching
– Privacy, including GDPR
• What does this mean?
– £/$/€ being thrown at your ITSec team
– Senior Management focus
– Programme momentum
10. The ITAM Review UK Conference 2018
What can ITAM do to help?
• Additional trusted inventory source
• Version control
• Usage stats
• Vulnerability Reporting
• Automation tools
• Some SAM tool vendors are offering GDPR-specific functionality
11. The ITAM Review UK Conference 2018
Conclusions
• Working closely with ITSec is mutually beneficial
• You may pick up budget and headcount
• You may be a hero
• You will have a powerful ally