Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Trends in information security and the role of CISO
1. Trends in information security and the role of CISO
Paul Drake, Chief information security officer, DrakeLong Limited
14/11/2017
1
2. Paul Drake
Chief information security officer
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 2
3. Typical risk heat map
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 3
3. Significant
Financial
risk
Breach risk
Reputational
riskImpact
2. Moderate
Operational risk
People risk
Regulatory
risk
1. Minor
1. Unlikely 2. Possible 3. Likely
Likelihood
4. Function of information security
»Reduce the size of the attack surface: Internal and external;
Malicious and accidental; all forms of information; all sources of risk
»Identify the attacks continually faster: Intrusion detection and
prevention technologies; staff training and awareness
»Minimise damage and return to ‘business as usual’ as quickly as
possible: good and well practiced incident management; great
communication, both internally and externally
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 4
5. Chief information security officer
Reasons for CISO prominence
»Strategy; policy; enterprise
architecture
»Emerging threats and
technologies
»Risk and compliance;
User experience;Training
and awareness
»Security programmes and
Security Services
Typical functions under CISO
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 5
6. Information security maturity over time
Information
Security as
a blocker
Information
Security as a
facilitator
Information
Security as
an enabler
Information
Security as a
business driver
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 6
8. Summary
»Relationship between information security and risk management
»Trends affecting information security and strategies
› Security as a service
› Shared CISO
› Security as a business driver
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 8
9. jisc.ac.uk
Paul Drake
Chief information security officer
DrakeLong Limited
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 9