SlideShare uma empresa Scribd logo

Compliance what does security have to do with it

Transferir como PPTX, PDF
nCircle - a Tripwire Company
nCircle - a Tripwire Company

nCircle Compliance Webinar July 2012

Tecnologia
1 de 13
Compliance: What Does Security Have To Do With It? Thank you for joining us. The webinar will start shortly. © nCircle 2012. All rights reserved.
Compliance: What Does Security Have To Do With It? © nCircle 2012. All rights reserved.
Introductions: Panelists Rodney Brown CISSP, GIAC GISP, ITILv3 Andrew Storms Shelley Boose Dir. Security Operations Dir., Public Relation nCircle Tim Erlin Elizabeth Ireland Dir., IT Security and Risk Strategy VP, Marketing nCircle 3 © nCircle 2012 All rights reserved. nCircle Company Confidential
Which compliance regulations does your organization need to comply with? (check all that apply)  SOX  NERC  FISMA  HIPAA  PCI  GLBA  PIPEDA  Too many to name 4 © nCircle 2012 All rights reserved. nCircle Company Confidential
How often does your organization have audits?  Annually  Quarterly  Monthly  Auditors live here 5 © nCircle 2012 All rights reserved. nCircle Company Confidential
Does your security team spend too much time on audit requests?  Seems like that’s all we do  Audit requests take at more than half of our time  Occasional resource problem  We have plenty of resources to do both 6 © nCircle 2012 All rights reserved. nCircle Company Confidential
In your experience, how aligned are security and compliance efforts?  Mostly aligned  Somewhat aligned  Barely related 7 © nCircle 2012 All rights reserved. nCircle Company Confidential
Does your security team have the necessary executive support?  Yes  No  What executive support? 8 © nCircle 2012 All rights reserved. nCircle Company Confidential
In your organization, do security efforts suffer because compliance requirements drive the budget?  Yes  No 9 © nCircle 2012 All rights reserved. nCircle Company Confidential
What percentage of your security operations program is automated?  25% or less  26 – 50%  more than 50% 10 © nCircle 2012 All rights reserved. nCircle Company Confidential
In which of the following types of tools has your organization invested the most budget?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 11 © nCircle 2012 All rights reserved. nCircle Company Confidential
What’s the next major tool investment your organization has planned?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 12 © nCircle 2012 All rights reserved. nCircle Company Confidential
Thank you for participating! Continue the conversation in our online community connect.ncircle.com 13 © nCircle 2012 All rights reserved. nCircle Company Confidential

Recomendados

Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)John Dillard
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityTerell Jones
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredNetIQ
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 

Recomendados

Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)John Dillard
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityTerell Jones
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredNetIQ
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsnickjplott
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the SilosNeil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDITShahzeb Pirzada
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationThomas Bronack
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?🙃 Mario Platt
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)HCL Technologies
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practicetimmay0220
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic Thang Cao (He/Him)
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plainssurferdave71
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)nCircle - a Tripwire Company
 
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionnCircle - a Tripwire Company
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 

Mais conteúdo relacionado

Mais procurados

Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsnickjplott
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDITShahzeb Pirzada
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationThomas Bronack
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?🙃 Mario Platt
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)HCL Technologies
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practicetimmay0220
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plainssurferdave71
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 

Mais procurados (19)

Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findings
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDIT
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate Certification
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practice
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final Final
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plains
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodes
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 

Semelhante a Compliance what does security have to do with it

Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionnCircle - a Tripwire Company
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierThe Lorenzi Group
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThreatConnect
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyChris Niggel
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Investorideas.com
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?Randy Morgan CSP, CPC
 
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqFinding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqJoe Oringel
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012AT Internet
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-CompliancePCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliancekhalavak
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! EMC
 

Semelhante a Compliance what does security have to do with it (20)

Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)
 
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security Policy
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?
 
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqFinding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRC
 
Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012
 
Continuous Monitoring 2.0
Continuous Monitoring 2.0Continuous Monitoring 2.0
Continuous Monitoring 2.0
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-CompliancePCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
 

Último

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Compliance what does security have to do with it

  • 1. Compliance: What Does Security Have To Do With It? Thank you for joining us. The webinar will start shortly. © nCircle 2012. All rights reserved.
  • 2. Compliance: What Does Security Have To Do With It? © nCircle 2012. All rights reserved.
  • 3. Introductions: Panelists Rodney Brown CISSP, GIAC GISP, ITILv3 Andrew Storms Shelley Boose Dir. Security Operations Dir., Public Relation nCircle Tim Erlin Elizabeth Ireland Dir., IT Security and Risk Strategy VP, Marketing nCircle 3 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 4. Which compliance regulations does your organization need to comply with? (check all that apply)  SOX  NERC  FISMA  HIPAA  PCI  GLBA  PIPEDA  Too many to name 4 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 5. How often does your organization have audits?  Annually  Quarterly  Monthly  Auditors live here 5 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 6. Does your security team spend too much time on audit requests?  Seems like that’s all we do  Audit requests take at more than half of our time  Occasional resource problem  We have plenty of resources to do both 6 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 7. In your experience, how aligned are security and compliance efforts?  Mostly aligned  Somewhat aligned  Barely related 7 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 8. Does your security team have the necessary executive support?  Yes  No  What executive support? 8 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 9. In your organization, do security efforts suffer because compliance requirements drive the budget?  Yes  No 9 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 10. What percentage of your security operations program is automated?  25% or less  26 – 50%  more than 50% 10 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 11. In which of the following types of tools has your organization invested the most budget?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 11 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 12. What’s the next major tool investment your organization has planned?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 12 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 13. Thank you for participating! Continue the conversation in our online community connect.ncircle.com 13 © nCircle 2012 All rights reserved. nCircle Company Confidential