Embed Size (px)
Citation preview
TÍTULO TÍTULO TITULOSubtítulo Subtítulo Subtítulo
The Board Pitch
• How to improve the CISO &
Board relationship?
Prasanna Ramakrishnan
May 23, 2018
Source: BDO Board survey
© Statista 2018
OMG! It’s the Doctor
• This is what a doctor said to his patient…
OMG! It’s the Doctor
• This is what a doctor said to his patient…
You have a condition where you periodically experience a 'synchronous diaphragmatic flutter' which can last anywhere between few minutes to
several hours. But worry not, all you have to do is swallow a 235ml solution of dihydrogen monoxide in a single gulp!
OMG! It’s the Doctor
• This is what he really meant
OMG! It’s the Doctor
• This is what he really meant
What I meant to say was that you often get hiccups, and when you do get them, you could just drink a cup of water!
This baby said what??
A Dutch Baby…
This baby said what??
This baby said what???
Oh…so cute…
Mommy, that one, that one, that one
This is what the baby really meant
What am I trying to say?
We have a
DROWNED IN COMPLEXITY
&
LOST IN TRANSLATION
Problem
Proving my point…
2018 EY Global InfoSec Survey
Agenda
History of the
Corporate Boards
Typical Board’s process
Common Pitfalls
How to change the
dialogue
My TRUST Framework for CISOs
My DIRECT Framework
for the Board
TÍTULO TÍTULO TITULOSubtítulo Subtítulo SubtítuloHistory of the
corporate board
History of the Board of Directors
• British origin, First reference in 1599
History of the Board of Directors
•British origin, First reference in 1599
•Bank of England used the structure in 1694, spread to Dutch merchants
History of the Board of Directors
•British origin, First reference in 1599
•Bank of England used the structure in 1694, spread to Dutch merchants
•European entities used this structure to manage & decision making
History of the Board of Directors
• British origin, First reference in 1599
• Bank of England used the structure in 1694, spread to Dutch merchants
• European entities used this structure to manage & decision making
• Japanese structure – Obligation based, Discussion based decision making
History of the Board of Directors
• British origin, First reference in 1599
• Bank of England used the structure in 1694, spread to Dutch merchants
• European entities used this structure to manage & decision making
• Japanese structure – Obligation based, Discussion based decision making
• European Colonization spread the board structure to the west
History of the Board of Directors
• British origin, First reference in 1599
• Bank of England used the structure in 1694, spread to Dutch merchants
• European entities used this structure to manage & decision making
• Japanese structure – Obligation based, Discussion based decision making
• European Colonization spread the board structure to the west
• The primary role of BOD - ‘Govern’ has political roots
History of the Board of Directors• British origin, First reference in 1599
• Bank of England used the structure in 1694, spread to Dutch merchants
• European entities used this structure to manage & decision making
• Japanese structure – Obligation based, Discussion based decision making
• European Colonization spread the board structure to the west
• The primary role of BOD - ‘Govern’ has political roots
• Single level and multi-level boards in practice
TÍTULO TÍTULO TITULOSubtítulo Subtítulo SubtítuloTypical board’s
process
A Typical Board’s process
A Typical Board’s process
A Typical Board’s process
A Typical Board’s process
A Typical Board’s process
A Typical Board’s process
TÍTULO TÍTULO TITULOSubtítulo Subtítulo Subtítulo
Common pitfalls
Common Pitfalls
SECURITY IS A TECHNOLOGY
ISSUE
Common Pitfalls
SECURITY IS A TECHNOLOGY ISSUE
RISKS EXPRESSED IN TECHNICAL JARGONS LIKE DDOS, SQL INJECTION ETC.
Common Pitfalls
SECURITY IS A TECHNOLOGY ISSUE
RISKS EXPRESSED IN TECHNICAL JARGONS LIKE DDOS, SQL INJECTION ETC.
HIDING REAL INFORMATION TO PAINT A ROSY PICTURE
Common Pitfalls
SECURITY IS A TECHNOLOGY ISSUE
RISKS EXPRESSED IN TECHNICAL JARGONS LIKE DDOS, SQL INJECTION ETC.
HIDING REAL INFORMATION TO PAINT A ROSY PICTURE
NO DIRECT ACCESS TO CISO
Common Pitfalls
SECURITY IS A TECHNOLOGY ISSUE
RISKS EXPRESSED IN TECHNICAL JARGONS LIKE DDOS, SQL INJECTION ETC.
HIDING REAL INFORMATION TO PAINT A ROSY PICTURE
NO DIRECT ACCESS TO CISO
“BIGGER IS BETTER”
Common Pitfalls
SECURITY IS A TECHNOLOGY ISSUE
RISKS EXPRESSED IN TECHNICAL JARGONS LIKE DDOS, SQL INJECTION ETC.
HIDING REAL INFORMATION TO PAINT A ROSY PICTURE
NO DIRECT ACCESS TO CISO
“BIGGER IS BETTER”
YOU WORK FOR THE BOARD
Is it time for a change?
YES
TÍTULO TÍTULO TITULOSubtítulo Subtítulo Subtítulo
Perfect opportunity
Perfect Opportunity
Attacks have changed
Perfect Opportunity
New SEC
Disclosure directive
Attacks have changed
Perfect Opportunity
It is
personal
now
New SEC disclosure directive
Attacks have changed
Perfect Opportunity
Information
economy
It is personal now
New SEC disclosure directive
Attacks have changed
TÍTULO TÍTULO TITULOSubtítulo Subtítulo SubtítuloChanging the
dialogue
Changing the dialogue
Complex to Simple
• cyber security fatigue
Changing the dialogue
System impact to Business Impact
• Business value@risk
Changing the dialogue
From ‘IF’ to ‘WHEN’
• Either you are or you don’t know
Changing the dialogue
From past to future
• Where are we headed?
Changing the dialogue
Compliance to Risk management
• Maturity
Changing the dialogue
Detective to Preventive to Predictable
• We live in a dangerous world
TÍTULO TÍTULO TITULOSubtítulo Subtítulo SubtítuloChief inside sales
officer
CISO – Chief inside sales Officer
Sell your Program
Know your audience
Don’t be on an island
Great people think alike
Hygiene, Innovation,
Business enabler
Be the ‘Trends master’
TÍTULO TÍTULO TITULOSubtítulo Subtítulo Subtítulo
TRUST framework
My TRUST framework for Security Leaders
Tell the TruthT
My TRUST framework for Security Leaders
Tell the TruthT
Reach out to a buddyR
My TRUST framework for Security Leaders
Tell the TruthT
Reach out to a buddy
Unclutter
R
U
My TRUST framework for Security Leaders
Tell the TruthT
Reach out to a buddy
Unclutter
Tell a Story
R
U
S
My TRUST framework for Security Leaders
Tell the TruthT
Reach out to a buddy
Unclutter
Tell a Story
Talk the Walk
R
U
S
T
TÍTULO TÍTULO TITULOSubtítulo Subtítulo Subtítulo
Direct framework
My DIRECT framework for the Board
Develop Digital ExpertiseD
My DIRECT framework for the Board
get Intimate with the CISOI
Develop Digital ExpertiseD
My DIRECT framework for the Board
get Intimate with the CISOI
accept ResponsibilityR
Develop Digital ExpertiseD
My DIRECT framework for the Board
get Intimate with the CISOI
accept Responsibility
Empower management
R
E
Develop Digital ExpertiseD
My DIRECT framework for the Board
get Intimate with the CISOI
accept Responsibility
Empower management
have Clarity
R
E
C
Develop Digital ExpertiseD
My DIRECT framework for the Board
get Intimate with the CISOI
accept Responsibility
Empower management
have Clarity
create Trigger points
R
E
C
T
Develop Digital ExpertiseD
TÍTULO TÍTULO TITULOSubtítulo Subtítulo Subtítulo
Final thoughts
Final thoughts & Takeaways
The Board has a personal
responsibility on info security
Involvement is improving, but
hacks are increasing faster
We have a COMPLEXITY & TRANSLATION
problem
The CISO is a business leader
It is a two way street !
