Cookie Consent by Free Privacy Policy Generator โœ… Expertenwissen รผber das Thema "iPad"

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š CISO workshop slides


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: blog.noticebored.com

The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142):


Aside from my gripes with the example metrics (see below), the remainder of the presentation has a lot of useful information, lots of details, plenty of busy, thought-provoking diagrams and, as I said, an uncommon polish for free slide decks.

Here's a nice, fairly simple example slide that I could happily present and discuss in some depth as part of a workshop or training course:

ย 

Naturally, the slide deck emphasises Microsoft's own 'security posture', such as:

  • IT, cyber and data-centric, virtually ignoring the wider field of information risk and security management (e.g. protecting and exploiting workers' knowledge and other intangible forms of intellectual property) with limited, almost incidental reference to information risk and security management being truly driven by business objectives;
  • Hacking and malware i.e. deliberate, malicious and often targeted attacks, downplaying accidental threats (e.g. floods and fires) and other incidents such as human error, theft, sabotage and fraud, plus enterprise risk management as a whole (e.g. financial risk, market risk, compliance risk, strategic risk ....);
  • Zero-trust - whatever that means to the presenter and audience;
  • Cloud - meaning Azure, specifically;
  • DevOps and DevSecOps - whatever those terms mean ;
  • MS threat intelligence including artificial intelligence/machine learning rapid responses to novel malware (a cool idea, provided it works reliably).

I'm intrigued by their choice of example Security Scorecard Metrics (slide 63):


These examples supposedly focus on 'continuous improvement' (of what I'm not exactly sure), so let's take a closer look:

  1. Business Enablement appears to refer to IT and IT security services 'enabling' the business, although 'Number of security interruptions in user workflow' implies the need to prevent security getting in the way of business, a curious take on 'enable'.

  2. Security Posture suggests a confusing mix of application and account security metrics. I'm really not sure what 'security posture' even means in this context, and curious as to why those two aspects in particular have been selected as example metrics. Other slides in the deck appear to equate 'security posture' to vulnerability management and software/systems patching - a rather narrow/specific technical concern for metrics suggested to senior management, although arguably it is a major factor in cybersecurity - or to security strategy. Personally, I favour a much broader perspective on the organisation's overall posture (meaning its brands, corporate personality, customer perceptions ...) including security-relevant aspects (e.g. being a trusted partner).ย  Generally, though, the risk management and security arrangements quietly support and enable the business from the inside, as it were, rather than being exposed externally - unless they fail anyway!

  3. Security Response: the example metrics suggest the classical (outdated!) incident-response-and-recovery line i.e. dealing with business discontinuity, although thankfully later slides (#82-85) discuss resilience:




  4. Security Improvement as a category within this set of example metrics all supposedly focused on continuous improvement, confuses me. If these metrics are about improving security, what are the others improving? The example metrics don't help clarify the intent of this category either, referring to 'modernization' and automation (possibly in the realm of security, but not stated), although '# of Lessons learned from internal/external incidents' could indicate security improvements provided they are counted rationally (e.g. is an incident relating to weak passwords counted as just one incident or one per account compromised?).

For me, continuous improvement implies three things that don't exactly sing out from the example metrics:

  1. Clarity on the meaning of 'improve' in the present context, implying the need for management to understand what are the key parameters, as well as being able to measure and control/drive them in a positive direction.

  2. Some version of the classic Deming-style Plan-Do-Check-Act cycle.

  3. Process maturity, leading naturally towards maturity metrics.

So, I have concerns about the overall thrust, the categories and the individual metrics offered as examples ... which is ironic given that the very next slide hints at an altogether better approach:

How is management supposed to achieve those objectives without the corresponding metrics ... or is the previous slide intended to illustrate the selection of metrics for just one of these bullets? How would the others be measured?ย  What's more, how were these 'key business outcomes' selected for the slide? What about all the other 'key business outcomes' - of which there are many, especially in any sizeable, mature, complex organisation. Even a tiny micro-business has to juggle numerous objectives simultaneously within its finite resources - a significant information risk right there.

All in all, though, it's well worth browsing the slides and thinking about what's included and what's missing, in your own context. Rather than Microsoft's normal crude in-yer-face full-on marketing, it's a reasonably subtle, well-balanced, comprehensive and interesting presentation. Thank you MS for releasing it.
...



๐Ÿ“Œ CISO workshop slides


๐Ÿ“ˆ 37.85 Punkte

๐Ÿ“Œ markdown-slides: modern slides with markdown


๐Ÿ“ˆ 34.12 Punkte

๐Ÿ“Œ Toolbox for Google Slides 7.0.1 - Collection of professional slideshow templates for Google Slides.


๐Ÿ“ˆ 34.12 Punkte

๐Ÿ“Œ Chief Security Information Officer (CISO): Der CISO - Aufklรคrer, Polizist und Bergfรผhrer in Personalunion


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ Chief Security Information Officer (CISO): Der CISO - Aufklรคrer, Polizist und Bergfรผhrer in Personalunion


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ CISO Interview: Role of the CISO, Why Do You Need a vCISO? - Carlos Becerra - BSW #186


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ CISO MindMap 2022, Top CISO Strategies, & The Missing Link in Cybersecurity - BSW #263


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ CISO Reporting Structure, 5 CISO Traps, and Communicating Cybersecurity Best Practice - BSW #293


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ Liability Fears Damaging CISO Role, Says Former Uber CISO


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ CISO Interview Series: The challenges of being the CISO for the University of Oxford.


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ CISO Interview Series: The thinking of a CISO at the front end of the cyber threat landscape.


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ Do You Need a CISO, & Employee Contract May Keep CISO Out of Jail - BSW #307


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ Top 3 CISO Priorities #infosecnews #podcast #CISO #podcastclips #infosec


๐Ÿ“ˆ 22.91 Punkte

๐Ÿ“Œ CISO Workshopโ€‹ empower yourself โ€“ Join for Free


๐Ÿ“ˆ 20.79 Punkte

๐Ÿ“Œ De-Workshop Auto Workshop Portal 1.0 SQL Injection


๐Ÿ“ˆ 18.67 Punkte

๐Ÿ“Œ Fools Workshop Owls Workshop 1.0 index.php file directory traversal


๐Ÿ“ˆ 18.67 Punkte

๐Ÿ“Œ Steam Workshop: How to Access Steam Workshop, What It Is


๐Ÿ“ˆ 18.67 Punkte

๐Ÿ“Œ Steam Workshop: How to Access Steam Workshop, What It Is


๐Ÿ“ˆ 18.67 Punkte

๐Ÿ“Œ Steam Workshop gets even better with shareable Workshop Collections


๐Ÿ“ˆ 18.67 Punkte

๐Ÿ“Œ FlipDot HackerSpace Kassel - 2011 StartUP Slides


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Kali Moto End of Life & Kali Dojo Slides


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ FlipDot HackerSpace Kassel - 2011 StartUP Slides


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ FlipDot HackerSpace Kassel - 2011 StartUP Slides


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Googles Office-Paket G Suite: Vorlagen in Google Docs, Sheets, Slides und Forms erstellen


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ FlipDot HackerSpace Kassel - 2011 StartUP Slides


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Kali Moto End of Life & Kali Dojo Slides


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ FlipDot HackerSpace Kassel - 2011 StartUP Slides


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ FlipDot HackerSpace Kassel - 2011 StartUP Slides


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Googles Office-Paket G Suite: Vorlagen in Google Docs, Sheets, Slides und Forms erstellen


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Google Docs, Sheets, and Slides Get Updates on Android and iOS


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Google Docs, Sheets and Slides Get Update With Retrieve Trashed Files Feature


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Snapdragon 835 Slides and Specs Leak Ahead of CES 2017


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Bitcoin Slides as China's Central Bank Launches Checks On Exchanges


๐Ÿ“ˆ 17.06 Punkte











matomo