Discover practical governance advice for running a security program effectively in this 54-minute conference talk from Derbycon 7. Learn from security experts Justin Leapline and Rockie Brockw as they delve into essential security skills, frameworks, and goals. Explore core requirements for successful security management, including understanding your audience and executive management. Gain insights on assessing breach risks, protecting critical data, and identifying assets. Master the art of defining risk measurement categories, conducting business risk assessments, and implementing effective metrics. Dive into Enterprise Security Architecture, Threat Management Metrics, and Executive Level Metrics. Get a demo of GRC tools, PCI compliance strategies, and learn about authoritative sources, risk cataloging, and dynamic search techniques. Equip yourself with the knowledge to run your security program like a boss and prepare for future challenges in the ever-evolving cybersecurity landscape.
Overview
Syllabus
Intro
About us
Justin Leapline
Security skills
Frameworks
Goals
Core requirements
Know your audience
Understand your executive management
Are we in risk of a breach
Protecting business critical data
Know your environment
Identify your assets
Define and align risk measurement categories
Define a business risk assessment
Qualitative example
Metrics
Enterprise Security Architecture
Threat Management Metrics
Executive Level Metrics
Security Architecture
Demo
GRC tools
PCI compliance
authoritative sources
risk
cataloging
dynamic search
future goals
Related Courses
-
Certified Information Security Manager (CISM)
4.0 -
Don't Blame That Checklist for Your Crappy Security Program
-
Compliance vs Security - How to Build a Secure Compliance Program
-
GRC Governance Ruses Confusion
-
Articulating Risk to Senior Management - Enabling Informed Decision-Making
-
Securing Your M&A Activity with Cybersecurity Due Diligence
