Professional Documents
Culture Documents
#RSAC
#RSAC
Presenter’s Company
Logo – replace or
Source: www.milanostyle.com
delete on master slide 2
#RSAC
Presenter’s Company
Logo – replace or
Source: www.unsplash.com
delete on master slide 3
#RSAC
Presenter’s Company
Logo – replace or
Source: www.unsplash.com
delete on master slide 4
#RSAC
An Intensifying Storm
Presenter’s Company
Logo – replace or
delete on master slide 5
#RSAC
Other priorities in the organization taking precedence over security initiatives 26%
Presenter’s Company
Logo – replace or
delete on master slide
© 2019 FORRESTER. REPRODUCTION PROHIBITED. 7
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide
© 2019 FORRESTER. REPRODUCTION PROHIBITED. 8
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide
© 2019 FORRESTER. REPRODUCTION PROHIBITED. 9
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide
© 2019 FORRESTER. REPRODUCTION PROHIBITED. 11
#RSAC
But…….
Presenter’s Company
Logo – replace or
Source:
delete Forrester’s
on masterAnalytics
slide Global Business Technographics Security Survey 2018
© 2019 FORRESTER. REPRODUCTION PROHIBITED. 12
#RSAC
Presenter’s Company
Logo – replace or
Source:
deleteForrester’s
on masterAnalytics
slide Global Business Technographics Security Survey 2018
© 2019 FORRESTER. REPRODUCTION PROHIBITED. 13
#RSAC
“Into which department or office does the senior-most security decision-maker directly
report?”
CIO 34%
CEO/president 23%
IT Operations 22%
Board of directors 6%
CFO 2%
Firms all over the APAC region are ramping up security transformations, because CEOs
now understand that they’re playing catch-up as cyberattacks proliferate. This
realization has come about from intense media attention, new breach notification laws,
and boards of directors slowly but surely taking this issue seriously. CISOs in the region
are finding that they finally have the attention they’ve always wanted; they now need to
prove their value by leapfrogging to more advanced security capabilities. To succeed,
APAC CISOs must:
FROM TO
Presenter’s Company
Logo – replace or
delete on master slide 19
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 20
#RSAC
Without A
Strategy, You
Are Left
Rudderless
Presenter’s Company
Logo – replace or
delete on master slide 21
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 22
#RSAC
• Understandable • Platitude
• Known • Doesn’t consider people
• Utilized and sustainable • Shelfware
• Business focused and risk-aligned • One dimensional
• People and culture at the heart • Inflexible
Presenter’s Company
Logo – replace or
delete on master slide 23
#RSAC
Three Paths To
Strategy
Presenter’s Company
Logo – replace or
delete on master slide 24
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 25
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 26
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 27
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 28
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 30
#RSAC
Mission Statement
Presenter’s Company
Logo – replace or
delete on master slide 31
#RSAC
Mission Example 1
CLEAR STATEMENTS OF AMBITION AND PURPOSE
► Have a cyber security capability which protects the continued provision of 24/7 financial transaction services
Presenter’s Company
Logo – replace or
delete on master slide 32
#RSAC
Mission Example 2
AN APPROACH TO LEADERSHIP FOR THE SECURITY FUNCTION
► Collaborate with the business by providing security expertise that aids but does not hinder them
3. No net new security technology investment without clear business benefit
► Depart from old habit of technology acquisition without adequate business case. With clear value for the
business and its strategy
Presenter’s Company
Logo – replace or
delete on master slide 33
#RSAC
Mission Example 3
MINISTER’S FOREWORD (NSW GOVERNMENT CYBER SECURITY STRATEGY)
Presenter’s Company
Logo – replace or
delete on master slide 34
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 35
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 36
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 37
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 38
#RSAC
Risk, Governance
and Operating
Model
Proactive
Protection of
Detection of
Most Valuable
Threats
Information
Strengthened Oversight of
Third Parties
Presenter’s Company
Logo – replace or
delete on master slide 39
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 40
#RSAC
Our current issues: We will address this by: Enabling the following
business benefits:
• Low maturity security • Transforming security • 30% decrease in
function as assessed function to become a customer complaints
during recent internal trusted business partner related to security
audit • Addressing risks • 20% reduction in security
• Reactive to incidents highlighted by audit waivers
rather than proactive • Delivering a forward- • Partnership scores of
• Inhibits business growth thinking security 8/10 on business
and not seen as a trusted function that drives new projects that we support
business partner technology adoption • Decrease in incidents
• Embryonic capabilities in • Refreshing perimeter based on 2015 to 2018
most areas controls and enhancing average
monitoring capability
Presenter’s Company
Logo – replace or
delete on master slide 42
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 43
#RSAC
Presenter’s Company
Logo – replace or
delete on master slide 45
#RSAC
References
Source: North American Consumer Technographics Consumer Technology Survey Q2, 2014 and Consumer
Technographics® North American Online Benchmark Survey (Part 2), 2017
See Forrester Report, “Use Forrester’s CISO strategic Canvas To Align Security With Business”, November
2018
See Forrester Report, “How To Talk To Your Board About Cybersecurity”, December 2018
See Forrester Report, “Instill A Security Culture By Elevating Communication”, October 2018
See Forrester Report, “Transform Your Cybersecurity Capability”, August 2018
Presenter’s Company
Logo – replace or
delete on master slide 48