SlideShare a Scribd company logo

Template to Pitch Security Programs to CxO MGT

P
pangel4

A template to use for Presenting ('selling') a Security Program (strategy) to CxO Management. Ref - Security Program to CxO MGT_2013_July30v2

Technology
1 of 8
Download to read offline
Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
 What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
 What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
 What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
 Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
 Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐

Recommended

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboardsteve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Propositionnycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales PlaybookPeter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECCSECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guideTony Hague
 

Recommended

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboardsteve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Propositionnycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales PlaybookPeter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECCSECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guideTony Hague
 
CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCorporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psTristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software SalesJohn Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationRamkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMProduct School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to ExecutionAlithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - WebinarGramener
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015Alessandro Braga
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015Alessandro Braga
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfScryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01laboratoridalbasso
 
6 Sigma
6 Sigma6 Sigma
6 Sigmaalexjoseph813
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business ArchitectureEnterprise Architects
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&ASecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

More Related Content

Similar to Template to Pitch Security Programs to CxO MGT

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCorporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psTristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software SalesJohn Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationRamkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMProduct School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to ExecutionAlithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - WebinarGramener
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfScryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01laboratoridalbasso
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&ASecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 

Similar to Template to Pitch Security Programs to CxO MGT (20)

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architecture
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv ps
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software Sales
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email Processing
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organization
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PM
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to Execution
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Sys
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdf
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01
 
6 Sigma
6 Sigma6 Sigma
6 Sigma
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business Architecture
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&A
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 

Recently uploaded

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Template to Pitch Security Programs to CxO MGT

  • 1. Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
  • 2.  What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
  • 3.  What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
  • 4.  What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
  • 5.  Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
  • 6.  Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
  • 7. Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
  • 8. About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐