SlideShare una empresa de Scribd logo

Template to Pitch Security Programs to CxO MGT

P
pangel4

A template to use for Presenting ('selling') a Security Program (strategy) to CxO Management. Ref - Security Program to CxO MGT_2013_July30v2

Tecnología
1 de 8
Descargar para leer sin conexión
Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
 What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
 What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
 What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
 Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
 Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐

Recomendados

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboardsteve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Propositionnycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales PlaybookPeter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECCSECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guideTony Hague
 

Recomendados

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboardsteve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Propositionnycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales PlaybookPeter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECCSECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guideTony Hague
 
CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCorporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psTristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software SalesJohn Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationRamkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMProduct School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to ExecutionAlithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - WebinarGramener
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015Alessandro Braga
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015Alessandro Braga
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfScryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01laboratoridalbasso
 
6 Sigma
6 Sigma6 Sigma
6 Sigmaalexjoseph813
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business ArchitectureEnterprise Architects
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&ASecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Más contenido relacionado

Similar a Template to Pitch Security Programs to CxO MGT

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCorporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psTristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software SalesJohn Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationRamkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMProduct School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to ExecutionAlithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - WebinarGramener
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfScryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01laboratoridalbasso
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&ASecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 

Similar a Template to Pitch Security Programs to CxO MGT (20)

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architecture
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv ps
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software Sales
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email Processing
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organization
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PM
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to Execution
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Sys
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdf
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01
 
6 Sigma
6 Sigma6 Sigma
6 Sigma
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business Architecture
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&A
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 

Último

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Último (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Template to Pitch Security Programs to CxO MGT

  • 1. Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
  • 2.  What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
  • 3.  What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
  • 4.  What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
  • 5.  Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
  • 6.  Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
  • 7. Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
  • 8. About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐