getting the board’s buy-in through soc metrics...implementation, and building and managing...
TRANSCRIPT
Copyright MKA Cyber © 2017. All rights reserved.
Getting the Board’s Buy-In Through SOC Metrics Mischel Kwon, CEO
MKACyber
2
Not your average Data Center IT anymore…
3
Current Cyber Threats
4
Current Cyber Attacks
5
Change in Use – Change in Risk
• Digital Revenue
• Societal Use
- Social Media
- New Outlets
- Elections
• Operational II
- Medical Devices
- Transportation
- Communication
• Cloud and Outsourced Application
• Mobile Devices and BYOD
• Supply Chain
- Chips
• Communications
• Data Storage and Processing
• In House Applications
• Desktops
• Data Centers
6
What Makes you Vulnerable – Why?
• Lack of Threat Understanding
• Lack of Visibility
• Lack of Patching
• Weak Security Controls
• Antiquated Technology
• Unclear Cloud Role
• Un-managed Outsourced Applications
• Poor Code
• Supply Chain
• Staffing
• Methodology
• Technology
• Tooling
• Relationships
• Contracts
How Do We Fix This?
7
Embracing the “C” level
8
Business Hierarchy, Priorities, Communication
BOARD OF DIRECTORS
BUSINESS UNIT
CIO / CISO
TECHNICAL MANAGEMENT
CEO
9
Business Unit Leader’s Priorities
RISK MANAGEMENT
PROFITABILITY ANALYSIS
FORECASTING
BUSINESS INTELLIGENCE
PERFORMANCE MANAGEMENT
BUSINESS UNIT
BUDGETING
STRATEGIC PLANNING
10 10
• Metrics are NO longer time to deliver, SLA-based
• Metrics should be a contribution to the P&L
• Metrics should always tie back to the balance sheet
• Statistics capture the
current status of what
you are measuring
• Metrics tell the story of
how well what you are
measuring is performing
STATISTICS
METRICS
Statistics vs. Metrics
11
Being a Participating Member of the Business Leadership Team
Be a
Business
Unit Leader
Show cost efficiency
Solution delivery remediation
High performing, transparent team
Just right – organized data, tooling, staff – just in time
Business
goal
12
Organize, Automate, Report, Improve, Protect
13
Mischel Kwon
CEO, MKACyber
Over 35 years of experience
in application development,
network architecture and
implementation, and building
and managing Security
Operations Centers (SOC).
Former, Head of US-
CERT
Former, Chief IT
Security Technologist,
Department of Justice
Founder, Cybersecurity
Diversity Foundation