SlideShare une entreprise Scribd logo
1  sur  20
Télécharger pour lire hors ligne
Selling Data security
             to the CEO



    Licensed under the Creative Commons Attribution License
                        Danny Lieberman
    dannyl@controlpolicy.com http://www.controlpolicy.com/ 

                               
Sell high




               “it's a lot easier to manage a 
                big project than a small one”




    Boaz Dotan – Founder of Amdocs (NYSE:DOX), $5.3BN Cap.
                                  
Agenda



•   Introduction and welcome
•   What is data security?
•   Defining the problem
•   After Enron
•   Weak sales strategy
•   The valley of death
•   Strong sales strategy
•   Execution




                            
Introduction




• Our mission today
    –   How to sell data security to the CEO




                       
What the heck is data security?




•   Security
     –   Ensure we can survive & add value
           •   Physical, information, systems, people
•   Data security
     –   Protect data directly in all realms




                           
Defining the problem




•   You can't sell to a need that's never been 
    observed(*)

     –   Little or no monitoring of data
         theft/abuse
            •   Perimeter protection, access control
                   –   Firewall/IPS/AV/Content/AD




                                                        Lord Kelvin
                                       (*) Paraphrase of 
What happened since Enron


•       Threat scenario circa 1999
         –    Bad guys outside
         –    Lots of proprietary protocols
         –    IT decides
•       Threat scenario circa 2009
         –    Bad guys inside
         –    Everything on HTTP
         –    Vendors decide




                               
Weak sales strategy




IT – 
data security is 
“very important”
...Forrester



                         Management board – 
                         fraud/data theft can maim or 
                         destroy the company
                         ...Sarbanes­Oxley

                      
Mind the gap



IT – 
We can get DLP 
technology for 100K 
and the first 6 
months are free.
...Websense


                           Management board – We 
                           have Euro 100M VaR
                           ...PwC


                        
The valley of death


      Logical &rational

                                                                             Emotional & Political


IT Requirements 
                   Compliance 
                   requirements   Meet                                            Close
                                  vendors     Evaluate
                                              alternatives
                                                             Capabilities                            Project
                                                             Presentation



                                       Talk to
                                       analysts
                                                                            Losing control




       Month 1                                    Month 5                                      Month 12­18
                                                         
Why you lose control




•   Issues shift
     –   Several vendors have technology
           •   Non-product differentiation
•   Divided camps
     –   Nobody answers all requirements
           •   Need a political sponsor
•   Loss of momentum
     –   No business pain
     –   No power sponsors

                           
Strong sales strategy




•   Build business pain
     –   Focus on biggest threat to the firm
     –   Rational


•   Get a power sponsor
     –   CEO,COO, CFO,CIO
     –   Personal



                        
Close the gap


Toxic customer data 
­ VaR: 100M
­ VaR reducation: 20M
­ Cost: 1M over 3 years
...Security & Risk



                              Management board – We 
                              have 100M VaR
                              ...PwC


                           
Execution – building business pain




•    Prove 2 hypotheses:
      –   Data loss is happening now.
      –   A cost effective solution exists that
          reduces risk to acceptable levels.




                          
H1: Data loss is happening




•   What keeps you awake at night?
•   What data types and volumes of data leave the network?
•   Who is sending sensitive information out of the company?
•   Where is the data going?
•   What network protocols have the most events?
•   What are the current violations of company AUP?




                                      
H2: A cost effective solution exists




•    Value of information assets on PCs, servers & mobile devices?
•    What is the Value at Risk?
•    Are security controls supporting the information behavior you want 
     (sensitive assets stay inside, public assets flow freely, controlled 
     assets flow quickly)
•    How much do your current security controls cost?
•    How do you compare with other companies in your industry?
•    How would risk change if you added, modified or dropped security 
     controls?




                                     
What keeps you awake at night


                  Asset has value, fixed over time or variable
                     Plans to privatize, sell 50% of equity



               Threat exploits vulnerabilities & damages assets.
               IT staff read emails and files of management board
                          Employee leaks plans to press
                       Buyer  sues for breach of contract.



    Vulnerability is a state of                Countermeasure has a cost
    weakness mitigated by a                    fixed over time or recurring.
        countermeasure.                       Monitor abuse of privilege &
            IT staff                                Prevent leakage of
          have access                         management board documents
       to mail/file servers                           on all channels.
                                        
Calculating Value at Risk




                                                                   Value at Risk
Metrics                                                            =Threat Damage to 
Asset value,                                                       Asset x Asset Value x 
Threat damage to asset,                                            Threat Probability
Threat probability




                                      
                                          (*)PTA ­Practical threat analysis risk model
Coming attractions




•   Sep 17:   Selling data security technology
•   Sep 24:   Write a 2 page procedure
•   Oct 1:    Home(land) security
•   Oct 8:    SME data security



      http://www.controlpolicy.com/workshops 

                          
Learn more




•   Presentation materials and resources
    http://www.controlpolicy.com/workshops/data-security-workshops/


•   Software to calculate Value at Risk
    PTA Professional
    http://www.software.co.il/pta




                              

Contenu connexe

Tendances

Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
On Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data ProtectionOn Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data ProtectionTripwire
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...BIOVIA
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Robert beggs incident response teams - atlseccon2011
Robert beggs   incident response teams - atlseccon2011Robert beggs   incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Atlantic Security Conference
 
Zenith Infotech Mirror Cloud Presentation. 112211
Zenith Infotech    Mirror Cloud Presentation. 112211Zenith Infotech    Mirror Cloud Presentation. 112211
Zenith Infotech Mirror Cloud Presentation. 112211hdmchughgmailcom
 
Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)sonnysonare
 
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...Karen Graham
 
Managing Risk in IT
Managing Risk in ITManaging Risk in IT
Managing Risk in ITNTEN
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 
Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2KBIZEAU
 

Tendances (15)

Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar Association
 
Yakhouba
YakhoubaYakhouba
Yakhouba
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
 
On Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data ProtectionOn Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data Protection
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
Robert beggs incident response teams - atlseccon2011
Robert beggs   incident response teams - atlseccon2011Robert beggs   incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011
 
Zenith Infotech Mirror Cloud Presentation. 112211
Zenith Infotech    Mirror Cloud Presentation. 112211Zenith Infotech    Mirror Cloud Presentation. 112211
Zenith Infotech Mirror Cloud Presentation. 112211
 
Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)
 
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
Tech Support Confidential: Insider Advice for Nonprofits on Selecting the Rig...
 
Managing Risk in IT
Managing Risk in ITManaging Risk in IT
Managing Risk in IT
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
 
College Presentation
College PresentationCollege Presentation
College Presentation
 
Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2
 

En vedette

Campbell’s Pitch presentation
Campbell’s Pitch presentationCampbell’s Pitch presentation
Campbell’s Pitch presentationLexyKhoo
 
Win more ad agency new business pitches. It’s easier than you think.
Win more ad agency new business pitches. It’s easier than you think.Win more ad agency new business pitches. It’s easier than you think.
Win more ad agency new business pitches. It’s easier than you think.Fuel Lines Business Development
 
Pitch Perfect: Agency Secrets to Winning More Business
Pitch Perfect: Agency Secrets to Winning More BusinessPitch Perfect: Agency Secrets to Winning More Business
Pitch Perfect: Agency Secrets to Winning More BusinessWP Engine
 
How To Get Clients & Sell Without Selling (Social Selling)
How To Get Clients & Sell Without Selling (Social Selling)How To Get Clients & Sell Without Selling (Social Selling)
How To Get Clients & Sell Without Selling (Social Selling)Jane Frankland
 
Arming Agencies for the Pitch
Arming Agencies for the PitchArming Agencies for the Pitch
Arming Agencies for the PitchCrimson Hexagon
 
Airbnb pitch brief
Airbnb pitch briefAirbnb pitch brief
Airbnb pitch briefCubeyou Inc
 
Via NYC Agency Brand pitch
Via NYC Agency Brand pitchVia NYC Agency Brand pitch
Via NYC Agency Brand pitchMathias Jakobsen
 
Chesamel Communications Creds
Chesamel Communications CredsChesamel Communications Creds
Chesamel Communications Credsjncofie
 
Cadbury campaign pitch presentation (naked idea agency)
Cadbury campaign pitch presentation (naked idea agency)Cadbury campaign pitch presentation (naked idea agency)
Cadbury campaign pitch presentation (naked idea agency)yanahada
 
Star Group - Digital Agency Of Record Pitch
Star Group - Digital Agency Of Record PitchStar Group - Digital Agency Of Record Pitch
Star Group - Digital Agency Of Record PitchLyndon Hale
 
Selling Agency Ideas to Clients (Or Account Executives)
Selling Agency Ideas to Clients (Or Account Executives)Selling Agency Ideas to Clients (Or Account Executives)
Selling Agency Ideas to Clients (Or Account Executives)Second Wind
 
From Selling Technology to Selling Value (2008)
From Selling Technology to Selling Value (2008) From Selling Technology to Selling Value (2008)
From Selling Technology to Selling Value (2008) Marc Jadoul
 
The Pitch Process: Turning client briefs into great ideas, then selling them
The Pitch Process: Turning client briefs into great ideas, then selling themThe Pitch Process: Turning client briefs into great ideas, then selling them
The Pitch Process: Turning client briefs into great ideas, then selling themBeyond
 
Business Development Frameworks & Tips for Agencies
Business Development Frameworks & Tips for AgenciesBusiness Development Frameworks & Tips for Agencies
Business Development Frameworks & Tips for AgenciesLeslie Bradshaw
 

En vedette (17)

Campbell’s Pitch presentation
Campbell’s Pitch presentationCampbell’s Pitch presentation
Campbell’s Pitch presentation
 
Win more ad agency new business pitches. It’s easier than you think.
Win more ad agency new business pitches. It’s easier than you think.Win more ad agency new business pitches. It’s easier than you think.
Win more ad agency new business pitches. It’s easier than you think.
 
Pitch Perfect: Agency Secrets to Winning More Business
Pitch Perfect: Agency Secrets to Winning More BusinessPitch Perfect: Agency Secrets to Winning More Business
Pitch Perfect: Agency Secrets to Winning More Business
 
Selling Value
Selling ValueSelling Value
Selling Value
 
How To Get Clients & Sell Without Selling (Social Selling)
How To Get Clients & Sell Without Selling (Social Selling)How To Get Clients & Sell Without Selling (Social Selling)
How To Get Clients & Sell Without Selling (Social Selling)
 
Arming Agencies for the Pitch
Arming Agencies for the PitchArming Agencies for the Pitch
Arming Agencies for the Pitch
 
Airbnb pitch brief
Airbnb pitch briefAirbnb pitch brief
Airbnb pitch brief
 
Via NYC Agency Brand pitch
Via NYC Agency Brand pitchVia NYC Agency Brand pitch
Via NYC Agency Brand pitch
 
Chesamel Communications Creds
Chesamel Communications CredsChesamel Communications Creds
Chesamel Communications Creds
 
Cadbury campaign pitch presentation (naked idea agency)
Cadbury campaign pitch presentation (naked idea agency)Cadbury campaign pitch presentation (naked idea agency)
Cadbury campaign pitch presentation (naked idea agency)
 
Star Group - Digital Agency Of Record Pitch
Star Group - Digital Agency Of Record PitchStar Group - Digital Agency Of Record Pitch
Star Group - Digital Agency Of Record Pitch
 
Selling Agency Ideas to Clients (Or Account Executives)
Selling Agency Ideas to Clients (Or Account Executives)Selling Agency Ideas to Clients (Or Account Executives)
Selling Agency Ideas to Clients (Or Account Executives)
 
From Selling Technology to Selling Value (2008)
From Selling Technology to Selling Value (2008) From Selling Technology to Selling Value (2008)
From Selling Technology to Selling Value (2008)
 
The Pitch Process: Turning client briefs into great ideas, then selling them
The Pitch Process: Turning client briefs into great ideas, then selling themThe Pitch Process: Turning client briefs into great ideas, then selling them
The Pitch Process: Turning client briefs into great ideas, then selling them
 
Business Development Frameworks & Tips for Agencies
Business Development Frameworks & Tips for AgenciesBusiness Development Frameworks & Tips for Agencies
Business Development Frameworks & Tips for Agencies
 
The art of selling value
The art of selling valueThe art of selling value
The art of selling value
 
Build a Better Entrepreneur Pitch Deck
Build a Better Entrepreneur Pitch DeckBuild a Better Entrepreneur Pitch Deck
Build a Better Entrepreneur Pitch Deck
 

Similaire à Selling Data Security Technology

Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachFlaskdata.io
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...FaithWestdorp
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information SecurityRyan Elkins
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetFlaskdata.io
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Black Duck by Synopsys
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!Dahamoo GmbH
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
Dynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsDynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsClear Technologies
 

Similaire à Selling Data Security Technology (20)

Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based Approach
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budget
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
 
Dynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsDynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton Communications
 

Plus de Flaskdata.io

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata.io
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?Flaskdata.io
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedFlaskdata.io
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2Flaskdata.io
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemFlaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcareFlaskdata.io
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Flaskdata.io
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devicesFlaskdata.io
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2Flaskdata.io
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkFlaskdata.io
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickFlaskdata.io
 

Plus de Flaskdata.io (16)

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical data
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trials
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeed
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC system
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcare
 
The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devices
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest link
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stick
 

Selling Data Security Technology

  • 1. Selling Data security to the CEO Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com http://www.controlpolicy.com/     
  • 2. Sell high “it's a lot easier to manage a  big project than a small one” Boaz Dotan – Founder of Amdocs (NYSE:DOX), $5.3BN Cap.    
  • 3. Agenda • Introduction and welcome • What is data security? • Defining the problem • After Enron • Weak sales strategy • The valley of death • Strong sales strategy • Execution    
  • 4. Introduction • Our mission today – How to sell data security to the CEO    
  • 5. What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms    
  • 6. Defining the problem • You can't sell to a need that's never been  observed(*) – Little or no monitoring of data theft/abuse • Perimeter protection, access control – Firewall/IPS/AV/Content/AD     Lord Kelvin (*) Paraphrase of 
  • 7. What happened since Enron • Threat scenario circa 1999 – Bad guys outside – Lots of proprietary protocols – IT decides • Threat scenario circa 2009 – Bad guys inside – Everything on HTTP – Vendors decide    
  • 8. Weak sales strategy IT –  data security is  “very important” ...Forrester Management board –  fraud/data theft can maim or  destroy the company ...Sarbanes­Oxley    
  • 10. The valley of death Logical &rational Emotional & Political IT Requirements  Compliance  requirements Meet Close vendors Evaluate alternatives Capabilities Project Presentation Talk to analysts Losing control Month 1 Month 5 Month 12­18    
  • 11. Why you lose control • Issues shift – Several vendors have technology • Non-product differentiation • Divided camps – Nobody answers all requirements • Need a political sponsor • Loss of momentum – No business pain – No power sponsors    
  • 12. Strong sales strategy • Build business pain – Focus on biggest threat to the firm – Rational • Get a power sponsor – CEO,COO, CFO,CIO – Personal    
  • 14. Execution – building business pain • Prove 2 hypotheses: – Data loss is happening now. – A cost effective solution exists that reduces risk to acceptable levels.    
  • 15. H1: Data loss is happening • What keeps you awake at night? • What data types and volumes of data leave the network? • Who is sending sensitive information out of the company? • Where is the data going? • What network protocols have the most events? • What are the current violations of company AUP?    
  • 16. H2: A cost effective solution exists • Value of information assets on PCs, servers & mobile devices? • What is the Value at Risk? • Are security controls supporting the information behavior you want  (sensitive assets stay inside, public assets flow freely, controlled  assets flow quickly) • How much do your current security controls cost? • How do you compare with other companies in your industry? • How would risk change if you added, modified or dropped security  controls?    
  • 17. What keeps you awake at night Asset has value, fixed over time or variable Plans to privatize, sell 50% of equity Threat exploits vulnerabilities & damages assets.  IT staff read emails and files of management board Employee leaks plans to press Buyer  sues for breach of contract. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & IT staff  Prevent leakage of have access management board documents to mail/file servers on all channels.    
  • 18. Calculating Value at Risk Value at Risk Metrics =Threat Damage to  Asset value,  Asset x Asset Value x  Threat damage to asset, Threat Probability Threat probability      (*)PTA ­Practical threat analysis risk model
  • 19. Coming attractions • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops     
  • 20. Learn more • Presentation materials and resources http://www.controlpolicy.com/workshops/data-security-workshops/ • Software to calculate Value at Risk PTA Professional http://www.software.co.il/pta