Winning the war

April 2012 Access Control & Identity Management

McAfee has announced the launch of Security Battleground: An Executive Field Manual a book based on the author’s security experience with large global corporations. Michael Fey, Brian Kenyon, Kevin Reardon, Bradon Rogers, and Charles Rosshave identified a group of individuals who increasingly find themselves responsible for ensuring that their enterprises are secure. The book was written for the chief information officers (CIOs), chief information security officers (CISOs) and other C-level executives because they are all responsible for material threats to their enterprises, and today information security qualifies as one of the top material threats. Security Battleground provides the security obligated executive with guidance about the hard questions to ask when validating a security team’s strategic plan, its budget, and its operations.

“I consider myself to be a security-obligated executive both for the Intel Corporation and for the information technology community of which our enterprise is a member,” said Paul Otellini, chief executive officer at Intel. “As CEO, I have launched initiatives to make information security a top priority at Intel – for ourselves, as well as for our customers. For me, this is what Security Battleground is all about. It is a field manual in the military tradition – a practical handbook for executives who have a day job and, in an oversight capacity, have the final responsibility to ensure that the enterprise is durable in the face of threats and compliance obligations.”

Part I – Field manual for the battleground

Surveying the Battleground explains the origin of the book as a field manual written for a security-obligated executive who has accepted responsibility for overseeing the security organisation. The first section focuses on: Assessing Mission Readiness shows how to assess the security team’s maturity and encourage improvements in the team’s approach to security threats and counter measures.

Developing the Strategy provides an overview of the strategic planning process with a special emphasis on building a plan based on a foundation of clearly documented business risks and compliance obligations. This is the chapter that sets the expectation that security organisations should plan strategy just like any other line of business.

Part II – Preparing for battle

This section gives advice on methodology for gathering information, analysis, regulations and developing a strategic security plan.

Recognising and Capturing Risk reveals the authors’ methodology for gathering key business information. An exercise called Riches, Ruins & Regulations is the centrepiece. Performing Threat Analysis explains how the security team methodically marries business risk to vulnerabilities and threats.

Adhering to Regulations addresses the issues of regulatory compliance, which is another form of business risk. Failure to pass a compliance audit can lead to fines and sanctions that can be as harmful as a hacker’s attack. Preparing the Strategic Plan shows how the building blocks fit together. Threats and compliance obligations are pitted against programs that provide controls (i.e. protection).

Part III – Winning the war

This section gives practical information about budgets, measurement, crises, cooperation with other businesses and looking towards the future. Funding the War is about the budget and the books approach is not traditional. While building a business case remains a fundamental building block, security budgeting inevitably depends on a forthright discussion with security-obligated executives as to what risks the company is willing to tolerate.

Measuring Success provides guidance about the use of security metrics to manage and optimise security operations. Managing Crises is a proactive guide in preparing for the likely event that there will be a security breach. We identify four key steps beginning with containment and ending with remediation.

Aligning the Allies speaks to the need for security organisations to cultivate shared understandings within and outside the company. The traditional company boundaries have evolved and we focus on how to align resources to work in concert with trading partners toward the shared goal of strong security.

Future Proofing is a look to the security horizon with an emphasis on anticipating the next generation of threats. In this chapter we focus discussion on current trends such as cloud computing, virtualised processing and storage systems, and the consumerisation of IT.

“Any top company or institution can suffer irreparable harm at the hands of cyber-attackers. Today it is estimated that over 1 trillion dollars in damages can be attributed to this battle – and this number is expected to skyrocket to over 5 trillion within the next five years alone, said Michael Fey, senior vice president at McAfee. “This is a battle that has turned into a war and is being fought unlike any other and this was the question that started our journey to write this book.”

Security Battleground: An Executive Field Manual was designed to provide a primer to help executives better understand their roles and obligations with respect to information security. The principles outlined in this book will continue to evolve over time, much like the security battleground itself.

http://www.mcafee.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Defending against SIM swap fraud
Access Control & Identity Management
Mobile networks must not be complacent about SIM swap fraud, and they need to prioritise the protection of customers, according to Gur Geva, Founder and CEO of iiDENTIFii.

Read more...
Access Selection Guide 2024
Access Control & Identity Management
The Access Selection Guide 2024 includes a range of devices geared specifically for the access control and identity management market.

Read more...
Biometrics Selection Guide 2024
Access Control & Identity Management
The Biometrics Selection Guide 2024 incorporates a number of hardware and software biometric identification systems aimed at the access and identity management market of today.

Read more...
Smart intercoms for Sky House Projects
Nology Access Control & Identity Management Residential Estate (Industry)
DNAKE’s easy and smart intercom solution has everything in place for modern residential buildings. Hence, the developer selected DNAKE video intercoms to round out upmarket apartment complexes, supported by the mobile app.

Read more...
Authentic identity
HID Global Access Control & Identity Management
As the world has become global and digital, traditional means for confirming authentic identity, and understanding what is real and what is fake have become impractical.

Read more...
Research labs secured with STid Mobile ID
Access Control & Identity Management
When NTT opened its research centre in Silicon Valley, it was looking for a high-security expert capable of protecting the company’s sensitive data. STid readers and mobile ID solutions formed part of the solution.

Read more...
Is voice biometrics in banking secure enough?
Access Control & Identity Management AI & Data Analytics
As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.

Read more...
Unlocking efficiency and convenience
OPTEX Access Control & Identity Management Transport (Industry)
The OVS-02GT vehicle detection sensor is the newest member of Optex’s vehicle sensor range, also known as ‘virtual loop’, and offers reliable motion detection of cars, trucks, vans, and other motorised vehicles using microwave technology.

Read more...
Protecting our most vulnerable
NEC XON Access Control & Identity Management Products & Solutions
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

Read more...
Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Read more...