SlideShare a Scribd company logo

Enterprise Cybersecurity: From Strategy to Operating Model

Eryk Budi Pratama
Eryk Budi Pratama

Presented at 11th CDEF Community Meetup at Tiket.com Strategy Development Operating Model Case Study

Services
1 of 27
Download to read offline
Enterprise Cybersecurity From Strategy to Operating Model Eryk Budi Pratama 11th Meetup | 27 Feb 2020
WHO AM I? • Cyber Security & Community Enthusiast • Cybersecurity & IT Advisory Consultant, Global Consulting Firm • Experiences: CyberSec, IT GRC, IT Audit, IT Advisory • Versatilist • Knowledge Hunter • Do some “magic” • https://medium.com/@proferyk • https://www.slideshare.net/proferyk
Let’s Start
Why we need strategy at first? Source: https://archerint.com/what-is-cybersecurity/
Enrich and leverage your point of view are very important to develop cybersecurity strategy and operating model Area 1 Area 2 Area 3 Area 4 Area 1 Area 2 Area 3 Area 4 silos
Theory when I was in college Ward & Peppard Model, 2002 Strategic information system planning Source: Ward & Peppard, Strategic Information System Planning, Wiley, 2002 Keywords: ❑ Business environment (external and internal) ❑ IS/IT environment (external and internal) ❑ Business IS strategies ❑ IT strategy and management ❑ Application portfolio (current and future)
Accumulation of my experiences • Financial Services • Maritime • Startup • Education Local Projects Regional Projects Global Projects • Financial Service• Oil & Gas • Telco Related Personal Experiences Cybersecurity TransformationIT Strategic / Master Plan IT Maturity Assessment IT Audit IT Governance, Risk, Compliance Technical Assessment Technology & Security Architecture Business Case Development Third Party Risk others ☺
Understand the business is very important SAMPLE Source: https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector What should we learn? ❑ Related regulation ❑ Services ❑ Key stakeholders ❑ Reference model of port systems ❑ Data and information flow ❑ Asset taxonomy (IT & OT) – Crown Jewels ❑ Threat taxonomy ❑ BENCHMARK
Concept + Experience Benchmark+ Make it happen !!
Where is my cybersecurity budget? Source: https://i.redd.it/ywjqwsmrftx31.jpg
Cyber Security Strategy Development
Common mistakes in cyber strategy development Common mistakes based on my experience and other people deliverables ▪ Lack of “context” (external and internal) understanding ▪ Limit perspective / point of view on cybersecurity only ▪ Lack of key stakeholder involvement ▪ Focus only on “gap assessment” and “maturity level” result ▪ More focus on TECHNOLOGY aspect upss ! ☺
Basic process Strategic Driver Analysis ▪ Interviews with key stakeholders ▪ Documentation review ▪ Understand current: ✓ Business strategy ✓ Security risk ✓ Compliance ▪ Evaluate any related external and internal drivers Target State Design Gap Analysis Roadmap ▪ Define the baseline ▪ Industry benchmark ▪ Define proposed services, architecture , and focus areas for the program ▪ Recommend maturity level ▪ Conduct gap assessment and analysis ▪ Identify key controls to support the defense of the enterprise cybersecurity ▪ Develop roadmap ▪ Prioritize projects/ initiatives and map inter-dependencies ▪ Investment plan ▪ Socialization
What should considered as the input Several recommended input based on my experience ▪ External and internal context (e.g regulation, business trends) ▪ Current and future threats (OT & IT) ▪ Current and future risks (Threat Actors, Targets, Methods, Vulnerabilities) ▪ Stakeholder (business) expectations ▪ Audit finding ▪ Current IT Strategic Plan ▪ Enterprise Architecture (Security Architecture) Find the key problems is the best way to start !!
How we combine all insights Activities we should consider Determine your: ▪ Baseline ▪ Framework ▪ Standard Documentation review Interview Workshop / FGD Questionnaire Gap Assessment Maturity Assessment
Deliverables Cybersecurity strategy themes, goals, and initiatives Transformation journey / roadmap Program and Organization Structure Operating Model Investment Plan / Budget What should considered as the input Next topic
Cyber Security Operating Model
Basic definition What is an IT Operating Model? • Creates an integrated view of how IT services will be provided • Provides a consolidated description of each IT function and the underlying processes • Supported by a diagram of how all elements will fit together IT Strategic Planning & Governance IT Operating Model “What should IT be doing for the business ?” “How does IT structure itself to deliver on the strategy ?” Solutions to facilitate development of a company’s statement of the future state IT vision it is building toward in terms of guiding principles, investment plans & priorities, sourcing, skills and governance. Strategy is reflected as a series of strategic initiatives , delivered through development of a sound IT operating model. Solutions to facilitate the transformation of IT structures necessary to deliver the strategy. Operating models address key characteristics of the IT function such as organizational structure, processes, roles & responsibilities, sourcing, locations, etc. ITSP ITOM
Operating Model Basic Components Organization Governance Service Management Organization structure, roles, and responsibilities Sourcing options (in, out, hybrid) Capabilities development and monitoring Governance model (e.g steering committee) Service offering and delivery Security Architecture *
“Plan your execution. Execute your plan.” - Anonymous
Cyber Transformation in OT Environment [redacted]
Put the foundation as input Business Objectives Audit Findings Threat Landscape Current projects Risk Themes Goal cards - examples Key Inputs
From strategy to execution (3 years) ▪ Benefit ▪ Success Factors ▪ Metrics ▪ How to Achieve the Goal ▪ Dependencies NIST Cybersecurity Framework Control Baseline – Goal X XYZ Risk Profile Process Control Domain XXX Process Control Integrity Framework
Ensure fix the basics done well Core Assessment Organizational Maturity & Capability Process Safety General Control & Process Control Audit Site Survey Details Assessment Categories Process-based Assessment ▪ Workstations and Servers ▪ Network assets ▪ Policies, Procedures, Standard ▪ Physical Security ▪ Network Security ▪ Host Security ▪ Safety ▪ OT/ICS/SCADA System ▪ Asset Lifecycle ▪ > 10 Process Domain ▪ Risks for each Process Domain Sample Goal X
Closing
“Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat.” - Sun Tzu
Thank You https://medium.com/@proferyk https://www.slideshare.net/proferyk

Recommended

NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 

Recommended

NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk AssessmentSmart Assessment
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Ict startegy and architecture
Ict startegy and architecture Ict startegy and architecture
Ict startegy and architecture Nikola Terziev, CISA
 
april2023.pptx
april2023.pptxapril2023.pptx
april2023.pptxData For Good Regina
 

More Related Content

What's hot

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 

What's hot (20)

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 

Similar to Enterprise Cybersecurity: From Strategy to Operating Model

Gaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxGaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxRobert Sheesley, CBA, CPHIMS
 
CGEIT Course Content InfosecTrain.pdf
CGEIT Course Content InfosecTrain.pdfCGEIT Course Content InfosecTrain.pdf
CGEIT Course Content InfosecTrain.pdfinfosec train
 
CGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainCGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainShivamSharma909
 
Developing IT strategy
Developing IT strategyDeveloping IT strategy
Developing IT strategyAnurag Purohit
 
EA for MA - London June 15 - FINAL v1.1
EA for MA - London June 15 - FINAL v1.1EA for MA - London June 15 - FINAL v1.1
EA for MA - London June 15 - FINAL v1.1Andrew Swindell
 
Crafting a winning ICT Strategy .pptx
Crafting a winning ICT Strategy .pptxCrafting a winning ICT Strategy .pptx
Crafting a winning ICT Strategy .pptxPeterOwenje1
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Frameworks to drive value from your investment in Information Technology
Frameworks to drive value from your investment in Information TechnologyFrameworks to drive value from your investment in Information Technology
Frameworks to drive value from your investment in Information TechnologyJohn Halliday
 
Align technology and business with Enterprise Architecture assessments
Align technology and business with Enterprise Architecture assessmentsAlign technology and business with Enterprise Architecture assessments
Align technology and business with Enterprise Architecture assessmentsThe Spitfire Group
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxanthonywanjohi5
 
Building a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture MindsetBuilding a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture MindsetDaljit Banger
 
TASSCC Presentation.ppt
TASSCC Presentation.pptTASSCC Presentation.ppt
TASSCC Presentation.pptpkumars
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Project Portfolio Optimization and Governance
Project Portfolio Optimization and GovernanceProject Portfolio Optimization and Governance
Project Portfolio Optimization and GovernanceValue Amplify Consulting
 
Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction Daljit Banger
 

Similar to Enterprise Cybersecurity: From Strategy to Operating Model (20)

Ict startegy and architecture
Ict startegy and architecture Ict startegy and architecture
Ict startegy and architecture
 
april2023.pptx
april2023.pptxapril2023.pptx
april2023.pptx
 
Gaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxGaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptx
 
CGEIT Course Content InfosecTrain.pdf
CGEIT Course Content InfosecTrain.pdfCGEIT Course Content InfosecTrain.pdf
CGEIT Course Content InfosecTrain.pdf
 
CGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainCGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrain
 
Developing IT strategy
Developing IT strategyDeveloping IT strategy
Developing IT strategy
 
EA for MA - London June 15 - FINAL v1.1
EA for MA - London June 15 - FINAL v1.1EA for MA - London June 15 - FINAL v1.1
EA for MA - London June 15 - FINAL v1.1
 
Enterprise Architecture
Enterprise Architecture Enterprise Architecture
Enterprise Architecture
 
Crafting a winning ICT Strategy .pptx
Crafting a winning ICT Strategy .pptxCrafting a winning ICT Strategy .pptx
Crafting a winning ICT Strategy .pptx
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application Security
 
Frameworks to drive value from your investment in Information Technology
Frameworks to drive value from your investment in Information TechnologyFrameworks to drive value from your investment in Information Technology
Frameworks to drive value from your investment in Information Technology
 
Align technology and business with Enterprise Architecture assessments
Align technology and business with Enterprise Architecture assessmentsAlign technology and business with Enterprise Architecture assessments
Align technology and business with Enterprise Architecture assessments
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptx
 
Building a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture MindsetBuilding a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture Mindset
 
A6.final it professional perspective
A6.final it professional perspectiveA6.final it professional perspective
A6.final it professional perspective
 
TASSCC Presentation.ppt
TASSCC Presentation.pptTASSCC Presentation.ppt
TASSCC Presentation.ppt
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
IT Risk Assessments
IT Risk AssessmentsIT Risk Assessments
IT Risk Assessments
 
Project Portfolio Optimization and Governance
Project Portfolio Optimization and GovernanceProject Portfolio Optimization and Governance
Project Portfolio Optimization and Governance
 
Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction
 

More from Eryk Budi Pratama

Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceEryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsEryk Budi Pratama
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsEryk Budi Pratama
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationEryk Budi Pratama
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
 

More from Eryk Budi Pratama (20)

Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & Assurance
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOps
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT Skills
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)
 

Recently uploaded

Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCRCall Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCRsafdarjungdelhi1
 
9911558886 Cash on Hand Low Costly Russian Call Girls In Naraina Vihar
9911558886 Cash on Hand Low Costly Russian Call Girls In Naraina Vihar9911558886 Cash on Hand Low Costly Russian Call Girls In Naraina Vihar
9911558886 Cash on Hand Low Costly Russian Call Girls In Naraina Viharmalikasharmakk1
 
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All StarCall Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All StarLipikasharma29
 
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)ayushiverma1100
 
Genuine Call Girls In {Mahipalpur Delhi} 9667938988 Indian Russian High Profi...
Genuine Call Girls In {Mahipalpur Delhi} 9667938988 Indian Russian High Profi...Genuine Call Girls In {Mahipalpur Delhi} 9667938988 Indian Russian High Profi...
Genuine Call Girls In {Mahipalpur Delhi} 9667938988 Indian Russian High Profi...aakahthapa70
 
WHATSAPP CALL - 9540619990 RUSSIAN CALL GIRLS GHAZIABAD
WHATSAPP CALL - 9540619990 RUSSIAN CALL GIRLS GHAZIABADWHATSAPP CALL - 9540619990 RUSSIAN CALL GIRLS GHAZIABAD
WHATSAPP CALL - 9540619990 RUSSIAN CALL GIRLS GHAZIABADmalikasharmakk1
 
9643097474 Full Enjoy @24/7 Call Girls in Dwarka Mor Delhi NCR
9643097474 Full Enjoy @24/7 Call Girls in Dwarka Mor Delhi NCR9643097474 Full Enjoy @24/7 Call Girls in Dwarka Mor Delhi NCR
9643097474 Full Enjoy @24/7 Call Girls in Dwarka Mor Delhi NCRthapariya601
 
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...gitathapa4
 
9643097474 Full Enjoy @24/7 Call Girls in Paschim Vihar Delhi NCR
9643097474 Full Enjoy @24/7 Call Girls in Paschim Vihar Delhi NCR9643097474 Full Enjoy @24/7 Call Girls in Paschim Vihar Delhi NCR
9643097474 Full Enjoy @24/7 Call Girls in Paschim Vihar Delhi NCRthapariya601
 
Tibetan Call Girls In Majnu Ka Tilla Delhi 9911107661
Tibetan Call Girls In Majnu Ka Tilla Delhi 9911107661Tibetan Call Girls In Majnu Ka Tilla Delhi 9911107661
Tibetan Call Girls In Majnu Ka Tilla Delhi 9911107661safdarjungdelhi1
 
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts ServiceBook Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts Servicemonikaservice1
 
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncrthapariya601
 
Call Us ≽ 9643900018 ≼ Call Girls In Dwarka Sector 7 (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Dwarka Sector 7 (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Dwarka Sector 7 (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Dwarka Sector 7 (Delhi)ayushiverma1100
 
Call Girls in Majnu ka Tilla Delhi 💯 Call Us 🔝9711014705🔝
Call Girls in Majnu ka Tilla Delhi 💯 Call Us 🔝9711014705🔝Call Girls in Majnu ka Tilla Delhi 💯 Call Us 🔝9711014705🔝
Call Girls in Majnu ka Tilla Delhi 💯 Call Us 🔝9711014705🔝thapagita
 
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)ayushiverma1100
 
Justdial Call Girls In Moolchand Metro Delhi 9911191017 Escorts Service
Justdial Call Girls In Moolchand Metro Delhi 9911191017 Escorts ServiceJustdial Call Girls In Moolchand Metro Delhi 9911191017 Escorts Service
Justdial Call Girls In Moolchand Metro Delhi 9911191017 Escorts Servicesafdarjungdelhi1
 
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncrthapariya601
 
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsTrusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsLipikasharma29
 
(9818099198) Noida Escorts Service Sector 60 (NOIDA CALL GIRLS)
(9818099198) Noida Escorts Service Sector 60 (NOIDA CALL GIRLS)(9818099198) Noida Escorts Service Sector 60 (NOIDA CALL GIRLS)
(9818099198) Noida Escorts Service Sector 60 (NOIDA CALL GIRLS)riyaescorts54
 
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts ServiceFULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts ServiceCALLGIRLS DELHI
 

Recently uploaded (20)

Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCRCall Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
 
9911558886 Cash on Hand Low Costly Russian Call Girls In Naraina Vihar
9911558886 Cash on Hand Low Costly Russian Call Girls In Naraina Vihar9911558886 Cash on Hand Low Costly Russian Call Girls In Naraina Vihar
9911558886 Cash on Hand Low Costly Russian Call Girls In Naraina Vihar
 
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All StarCall Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
 
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
 
Genuine Call Girls In {Mahipalpur Delhi} 9667938988 Indian Russian High Profi...
Genuine Call Girls In {Mahipalpur Delhi} 9667938988 Indian Russian High Profi...Genuine Call Girls In {Mahipalpur Delhi} 9667938988 Indian Russian High Profi...
Genuine Call Girls In {Mahipalpur Delhi} 9667938988 Indian Russian High Profi...
 
WHATSAPP CALL - 9540619990 RUSSIAN CALL GIRLS GHAZIABAD
WHATSAPP CALL - 9540619990 RUSSIAN CALL GIRLS GHAZIABADWHATSAPP CALL - 9540619990 RUSSIAN CALL GIRLS GHAZIABAD
WHATSAPP CALL - 9540619990 RUSSIAN CALL GIRLS GHAZIABAD
 
9643097474 Full Enjoy @24/7 Call Girls in Dwarka Mor Delhi NCR
9643097474 Full Enjoy @24/7 Call Girls in Dwarka Mor Delhi NCR9643097474 Full Enjoy @24/7 Call Girls in Dwarka Mor Delhi NCR
9643097474 Full Enjoy @24/7 Call Girls in Dwarka Mor Delhi NCR
 
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
 
9643097474 Full Enjoy @24/7 Call Girls in Paschim Vihar Delhi NCR
9643097474 Full Enjoy @24/7 Call Girls in Paschim Vihar Delhi NCR9643097474 Full Enjoy @24/7 Call Girls in Paschim Vihar Delhi NCR
9643097474 Full Enjoy @24/7 Call Girls in Paschim Vihar Delhi NCR
 
Tibetan Call Girls In Majnu Ka Tilla Delhi 9911107661
Tibetan Call Girls In Majnu Ka Tilla Delhi 9911107661Tibetan Call Girls In Majnu Ka Tilla Delhi 9911107661
Tibetan Call Girls In Majnu Ka Tilla Delhi 9911107661
 
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts ServiceBook Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
 
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
 
Call Us ≽ 9643900018 ≼ Call Girls In Dwarka Sector 7 (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Dwarka Sector 7 (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Dwarka Sector 7 (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Dwarka Sector 7 (Delhi)
 
Call Girls in Majnu ka Tilla Delhi 💯 Call Us 🔝9711014705🔝
Call Girls in Majnu ka Tilla Delhi 💯 Call Us 🔝9711014705🔝Call Girls in Majnu ka Tilla Delhi 💯 Call Us 🔝9711014705🔝
Call Girls in Majnu ka Tilla Delhi 💯 Call Us 🔝9711014705🔝
 
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
 
Justdial Call Girls In Moolchand Metro Delhi 9911191017 Escorts Service
Justdial Call Girls In Moolchand Metro Delhi 9911191017 Escorts ServiceJustdial Call Girls In Moolchand Metro Delhi 9911191017 Escorts Service
Justdial Call Girls In Moolchand Metro Delhi 9911191017 Escorts Service
 
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
 
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsTrusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
 
(9818099198) Noida Escorts Service Sector 60 (NOIDA CALL GIRLS)
(9818099198) Noida Escorts Service Sector 60 (NOIDA CALL GIRLS)(9818099198) Noida Escorts Service Sector 60 (NOIDA CALL GIRLS)
(9818099198) Noida Escorts Service Sector 60 (NOIDA CALL GIRLS)
 
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts ServiceFULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
 

Enterprise Cybersecurity: From Strategy to Operating Model

  • 1. Enterprise Cybersecurity From Strategy to Operating Model Eryk Budi Pratama 11th Meetup | 27 Feb 2020
  • 2. WHO AM I? • Cyber Security & Community Enthusiast • Cybersecurity & IT Advisory Consultant, Global Consulting Firm • Experiences: CyberSec, IT GRC, IT Audit, IT Advisory • Versatilist • Knowledge Hunter • Do some “magic” • https://medium.com/@proferyk • https://www.slideshare.net/proferyk
  • 4. Why we need strategy at first? Source: https://archerint.com/what-is-cybersecurity/
  • 5. Enrich and leverage your point of view are very important to develop cybersecurity strategy and operating model Area 1 Area 2 Area 3 Area 4 Area 1 Area 2 Area 3 Area 4 silos
  • 6. Theory when I was in college Ward & Peppard Model, 2002 Strategic information system planning Source: Ward & Peppard, Strategic Information System Planning, Wiley, 2002 Keywords: ❑ Business environment (external and internal) ❑ IS/IT environment (external and internal) ❑ Business IS strategies ❑ IT strategy and management ❑ Application portfolio (current and future)
  • 7. Accumulation of my experiences • Financial Services • Maritime • Startup • Education Local Projects Regional Projects Global Projects • Financial Service• Oil & Gas • Telco Related Personal Experiences Cybersecurity TransformationIT Strategic / Master Plan IT Maturity Assessment IT Audit IT Governance, Risk, Compliance Technical Assessment Technology & Security Architecture Business Case Development Third Party Risk others ☺
  • 8. Understand the business is very important SAMPLE Source: https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector What should we learn? ❑ Related regulation ❑ Services ❑ Key stakeholders ❑ Reference model of port systems ❑ Data and information flow ❑ Asset taxonomy (IT & OT) – Crown Jewels ❑ Threat taxonomy ❑ BENCHMARK
  • 9. Concept + Experience Benchmark+ Make it happen !!
  • 10. Where is my cybersecurity budget? Source: https://i.redd.it/ywjqwsmrftx31.jpg
  • 12. Common mistakes in cyber strategy development Common mistakes based on my experience and other people deliverables ▪ Lack of “context” (external and internal) understanding ▪ Limit perspective / point of view on cybersecurity only ▪ Lack of key stakeholder involvement ▪ Focus only on “gap assessment” and “maturity level” result ▪ More focus on TECHNOLOGY aspect upss ! ☺
  • 13. Basic process Strategic Driver Analysis ▪ Interviews with key stakeholders ▪ Documentation review ▪ Understand current: ✓ Business strategy ✓ Security risk ✓ Compliance ▪ Evaluate any related external and internal drivers Target State Design Gap Analysis Roadmap ▪ Define the baseline ▪ Industry benchmark ▪ Define proposed services, architecture , and focus areas for the program ▪ Recommend maturity level ▪ Conduct gap assessment and analysis ▪ Identify key controls to support the defense of the enterprise cybersecurity ▪ Develop roadmap ▪ Prioritize projects/ initiatives and map inter-dependencies ▪ Investment plan ▪ Socialization
  • 14. What should considered as the input Several recommended input based on my experience ▪ External and internal context (e.g regulation, business trends) ▪ Current and future threats (OT & IT) ▪ Current and future risks (Threat Actors, Targets, Methods, Vulnerabilities) ▪ Stakeholder (business) expectations ▪ Audit finding ▪ Current IT Strategic Plan ▪ Enterprise Architecture (Security Architecture) Find the key problems is the best way to start !!
  • 15. How we combine all insights Activities we should consider Determine your: ▪ Baseline ▪ Framework ▪ Standard Documentation review Interview Workshop / FGD Questionnaire Gap Assessment Maturity Assessment
  • 16. Deliverables Cybersecurity strategy themes, goals, and initiatives Transformation journey / roadmap Program and Organization Structure Operating Model Investment Plan / Budget What should considered as the input Next topic
  • 18. Basic definition What is an IT Operating Model? • Creates an integrated view of how IT services will be provided • Provides a consolidated description of each IT function and the underlying processes • Supported by a diagram of how all elements will fit together IT Strategic Planning & Governance IT Operating Model “What should IT be doing for the business ?” “How does IT structure itself to deliver on the strategy ?” Solutions to facilitate development of a company’s statement of the future state IT vision it is building toward in terms of guiding principles, investment plans & priorities, sourcing, skills and governance. Strategy is reflected as a series of strategic initiatives , delivered through development of a sound IT operating model. Solutions to facilitate the transformation of IT structures necessary to deliver the strategy. Operating models address key characteristics of the IT function such as organizational structure, processes, roles & responsibilities, sourcing, locations, etc. ITSP ITOM
  • 19. Operating Model Basic Components Organization Governance Service Management Organization structure, roles, and responsibilities Sourcing options (in, out, hybrid) Capabilities development and monitoring Governance model (e.g steering committee) Service offering and delivery Security Architecture *
  • 20. “Plan your execution. Execute your plan.” - Anonymous
  • 21. Cyber Transformation in OT Environment [redacted]
  • 22. Put the foundation as input Business Objectives Audit Findings Threat Landscape Current projects Risk Themes Goal cards - examples Key Inputs
  • 23. From strategy to execution (3 years) ▪ Benefit ▪ Success Factors ▪ Metrics ▪ How to Achieve the Goal ▪ Dependencies NIST Cybersecurity Framework Control Baseline – Goal X XYZ Risk Profile Process Control Domain XXX Process Control Integrity Framework
  • 24. Ensure fix the basics done well Core Assessment Organizational Maturity & Capability Process Safety General Control & Process Control Audit Site Survey Details Assessment Categories Process-based Assessment ▪ Workstations and Servers ▪ Network assets ▪ Policies, Procedures, Standard ▪ Physical Security ▪ Network Security ▪ Host Security ▪ Safety ▪ OT/ICS/SCADA System ▪ Asset Lifecycle ▪ > 10 Process Domain ▪ Risks for each Process Domain Sample Goal X
  • 26. “Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat.” - Sun Tzu