Download - Developing excellence in information security from corporate enterprise to homeland security
![Page 1: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/1.jpg)
Developing Excellence In Information Security
From Corporate Enterprise To Homeland Security
Ahmed M. Al EnizyIT Security Manager
International Systems Engineering
![Page 2: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/2.jpg)
04/14/20232
Understanding The Problem Defining “Information Security Excellence” Key Attribute To Achieving Superiority In
Information Security
Agenda
![Page 3: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/3.jpg)
04/14/20233
Understanding the Problem
From dashlane
![Page 4: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/4.jpg)
04/14/20234
Why big companies with huge resources got hacked?◦ 96% of the attacks not highly difficult◦ 97% of breaches were avoidable through simple
or intermediate controls Why CISOs with big guns failed to prevent
the hack? Why hackers are always able to hit their
targets? Why hackers are always one step ahead?
Understanding the Problem
![Page 5: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/5.jpg)
04/14/20235
Excellence◦ A talent or quality which is unusually good and
so surpasses ordinary standards.
◦ Aristotle once said. "We are what we repeatedly do . . . excellence, then, is not an act, but a habit.“
◦ The equivalent concept in Muslim philosophy is Ihsan
Excellence?
![Page 6: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/6.jpg)
04/14/20236
Understanding the Problem
≠Knowledge
Time
Money
Tools
Opportunity
Motivation
Cause
Habit
Passion
Pride Freedom
Knowledge
Time
Money
Tools
Opportunity
?
?
?
?
? ?
![Page 7: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/7.jpg)
04/14/20237
Excellence covers the next mile that is giving hackers the tactical advantage.
◦ There is “something” that ignites hackers minds and makes it reach new levels of creativity and dig deeper and deeper to find or create this tactical advantage which at the end is translated to means to hit their targets without any resistance.
◦ Does your security capability has this?
Defining “Information Security Excellence”
![Page 8: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/8.jpg)
04/14/20238
Defining “Information Security Excellence”
With Standards and Frameworks
Quality
Excellence
Without Standards and Frameworks
![Page 9: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/9.jpg)
04/14/20239
Acquiring and maintaining talented employees◦ Security talents
Habit Research Curiosity Discipline
◦ Finding and acquiring (Interview and recruitment)◦ Challenging◦ Maintaining
Key Attributes To Achieving Superiority In Information Security
![Page 10: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/10.jpg)
04/14/202310
Center of excellence◦ Refers to a team, a shared facility or an entity that
provides leadership, evangelization, best practices, research, support and/or training for a focus area. (Wikipedia)
Responsibilities◦ Support◦ Guidance◦ Shared Learning◦ Measurements◦ Governance(Jon Strickler, agileelements.wordpress.com)
Key Attributes To Achieving Superiority In Information Security
![Page 11: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/11.jpg)
04/14/202311
Excellence in one field depends on excellence in other fields◦ Quality◦ Process◦ Project Management◦ Service◦ Assurance◦ Business Analysis◦ Risk and Compliance◦ Human Resources
Key Attributes To Achieving Superiority In Information Security
![Page 12: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/12.jpg)
04/14/202312
Excellence needs a lighthouse to guide it. The key element of excellence is the right
people in the right place. Patch the gap between business motivation
for security (which is reducing money lose) and the motivations that ignites security specialists to match hackers
Conclusion
![Page 13: Developing excellence in information security from corporate enterprise to homeland security](https://reader033.vdocuments.us/reader033/viewer/2022052622/5592e5c51a28ab26698b463b/html5/thumbnails/13.jpg)
04/14/202313
Thank youQ / A
http://sa.linkedin.com/in/ahmadalanazy
@SaudiSecurity