developing excellence in information security from corporate enterprise to homeland security
DESCRIPTION
Understanding The Problem, Defining “Information Security Excellence”, Key Attribute To Achieving Superiority In Information SecurityTRANSCRIPT
Developing Excellence In Information Security
From Corporate Enterprise To Homeland Security
Ahmed M. Al EnizyIT Security Manager
International Systems Engineering
04/14/20232
Understanding The Problem Defining “Information Security Excellence” Key Attribute To Achieving Superiority In
Information Security
Agenda
04/14/20233
Understanding the Problem
From dashlane
04/14/20234
Why big companies with huge resources got hacked?◦ 96% of the attacks not highly difficult◦ 97% of breaches were avoidable through simple
or intermediate controls Why CISOs with big guns failed to prevent
the hack? Why hackers are always able to hit their
targets? Why hackers are always one step ahead?
Understanding the Problem
04/14/20235
Excellence◦ A talent or quality which is unusually good and
so surpasses ordinary standards.
◦ Aristotle once said. "We are what we repeatedly do . . . excellence, then, is not an act, but a habit.“
◦ The equivalent concept in Muslim philosophy is Ihsan
Excellence?
04/14/20236
Understanding the Problem
≠Knowledge
Time
Money
Tools
Opportunity
Motivation
Cause
Habit
Passion
Pride Freedom
Knowledge
Time
Money
Tools
Opportunity
?
?
?
?
? ?
04/14/20237
Excellence covers the next mile that is giving hackers the tactical advantage.
◦ There is “something” that ignites hackers minds and makes it reach new levels of creativity and dig deeper and deeper to find or create this tactical advantage which at the end is translated to means to hit their targets without any resistance.
◦ Does your security capability has this?
Defining “Information Security Excellence”
04/14/20238
Defining “Information Security Excellence”
With Standards and Frameworks
Quality
Excellence
Without Standards and Frameworks
04/14/20239
Acquiring and maintaining talented employees◦ Security talents
Habit Research Curiosity Discipline
◦ Finding and acquiring (Interview and recruitment)◦ Challenging◦ Maintaining
Key Attributes To Achieving Superiority In Information Security
04/14/202310
Center of excellence◦ Refers to a team, a shared facility or an entity that
provides leadership, evangelization, best practices, research, support and/or training for a focus area. (Wikipedia)
Responsibilities◦ Support◦ Guidance◦ Shared Learning◦ Measurements◦ Governance(Jon Strickler, agileelements.wordpress.com)
Key Attributes To Achieving Superiority In Information Security
04/14/202311
Excellence in one field depends on excellence in other fields◦ Quality◦ Process◦ Project Management◦ Service◦ Assurance◦ Business Analysis◦ Risk and Compliance◦ Human Resources
Key Attributes To Achieving Superiority In Information Security
04/14/202312
Excellence needs a lighthouse to guide it. The key element of excellence is the right
people in the right place. Patch the gap between business motivation
for security (which is reducing money lose) and the motivations that ignites security specialists to match hackers
Conclusion
04/14/202313
Thank youQ / A
http://sa.linkedin.com/in/ahmadalanazy
@SaudiSecurity