the 30-second security pitch

Rebecca Herold, LLCRebecca Herold, LLCRebecca Herold, LLCRebecca Herold, LLC

Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI

The 30-Second Security Pitch

April 27, 2008 4:00pm

Rebecca Herold, LLChttp://www.privacyguidance.com

Rebeccaherold@rebeccaherold.com

April 27, 2008 4:00pm

Be Prepared For The Common Executive Questions

5 commonly recurring questions

April 27, 2008 4:00pm

1. What Is My Personal Risk?

“What are the personal risks that business

executives face if they fail to implement effective security controls or do not comply

with data protection regulations?”

April 27, 2008 4:00pm

1. What Is My Personal Risk?

One possibility:

You, as our organization’s business leader, are ultimately responsible for ensuring we have a strong security program in place. If you don’t, you personally could get substantial fines and penalties, even including jail time. You also subject our organization to significant fines and penalties, civil suits, diminished brand value, lost customers, and possibly the loss of our business.

April 27, 2008 4:00pm

2. How Do We Start A Program?

“What approach should we take to start an effective risk management, security

or privacy program?”

April 27, 2008 4:00pm

2. How Do We Start A Program?

One possibility:

Our risk management and information protection program needs to be improved. It will be more effective with the following four components:

1. Your strong and visible support for the program.2. A good team representing the enterprise, with a strong and

experienced leader.3. A foundation built upon proven information control and technology

frameworks.4. Controls based upon our organization’s own unique risks

April 27, 2008 4:00pm

3. How Is Information Leaked?

“What are some of the most common ways What are some of the most common ways What are some of the most common ways What are some of the most common ways that information is leaked or that information is leaked or that information is leaked or that information is leaked or

compromised?compromised?compromised?compromised?”

April 27, 2008 4:00pm

3. How Is Information Leaked?One possibility:

We are vulnerable to having PII and sensitive data leaked, resulting in costly information security incidents and privacy breaches, largely due to the following:

• Sensitive data included within or attached to email messages.

• Mobile computing devices and storage devices that are lost or stolen.

• Applications and systems that are built without properly addressing security controls.

• Authorized persons making mistakes or purposefully doing malicious things.

• Disposing of computers, storage media, and paper without first removing sensitive information.

I need your support for the initiatives to address these vulnerabilities.

April 27, 2008 4:00pm

4. How to Secure Mobile Data?

“What can we do to secure our mobile data?”

April 27, 2008 4:00pm

4. How to Secure Mobile Data?One possibility:

PII and other types of sensitive information that pass through networks and are stored on mobile computers and storage devices are highly susceptible to security incidents and privacy breaches. We need to protect this mobile data by:

• Having business leaders, such as yourself, strongly support policies and procedures for protecting mobile data.

• Encrypting mobile PII.

• Providing training and ongoing awareness to personnel for how tosafeguard mobile data.

I need the support and resources to protect our mobile data.

April 27, 2008 4:00pm

5. How to Deal With The Insider Threat?

“What should we do to keep personnel from

making mistakes or doing malicious activities?”

April 27, 2008 4:00pm

5. How to Deal With The Insider Threat?

One possibility:

People will make costly mistakes if they do not receive information security training and ongoing awareness communications. Personnel who want to misuse their authorization to commit fraud, crime, and perform other malicious acts will be able to do so more easily if the workforce is not provided information security education and taught how to recognize the red flags of those around them. If you visibly and actively support our information security and privacy education efforts, we will have personnel who safeguard our business information better, and ultimately improve our business.

April 27, 2008 4:00pm

Unique Issues

What other issues are you struggling with?

April 27, 2008 4:00pm

Be Prepared!

1. Relationship with CxOs

2. Quickly point out business risk area

3. Not the time for details

4. Develop rapport

5. Raise awareness

6. Ask for support!

April 27, 2008 4:00pm

Questions or Comments?

Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMIRebecca Herold, LLC

http://www.privacyguidance.comRebeccaherold@rebeccaherold.com

the 30-second security pitch

flmirebecca herold

security pitchrebecca

flmi rebecca herold

common executive questions5

Business

real talk: your 30-second elevator pitch and your investor...

verifying second-level security protocols

[201702]qubit security pitch deck

the 30-second (elevator) · pdf filean elevator pitch, ......

the 30-second (elevator) pitch - office of human...

career knowledge networking 30 second pitch informational...

the 30-second pitch/hook

30 second elevator pitch - concrete pipe second...

open 2013: 30-second elevator pitch blended...

talking to investors - américaeconomía · overview 1.%%30...

the 9-second elevator pitch

second pitch

getting to wow! how to nail your 20 second pitch

second period, communications security, history …

apj security perfect pitch contest...apj security perfect...

the first movement of bartók’s second string quartet,...

real security, really convenient second ... - hikvision

the 30 second pitch/hook

60 second pitch

your 60 second elevator pitch nov 2010