managing for sanitycdn.ttgtmedia.com/rms/editorial/anne kuhns_keynote... · 2013. 10. 10. ·...
TRANSCRIPT
![Page 1: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/1.jpg)
events.techtarget.com
Managing for Sanity
![Page 2: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/2.jpg)
events.techtarget.com
Information Security Decisions | © TechTarget
Presented by Anne Kuhns, CISSP, CRISC, Information
Security Professional & Former CISO for The Walt Disney
Company
Executive Keynote Address -
Managing for Sanity
![Page 3: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/3.jpg)
Abstract
● Information security professionals deal with an incredible amount of
change in their discipline. The rate of change in technology
advancements accelerates unchecked, there are four generations of
employees in the work place, data is everywhere, data volume
skyrocketing, all while the threat landscape and our exposure
footprint has never been more diverse. As security professionals, we
face new challenges and new choices every day. How do we keep
up? Can we?
● In this keynote, Anne will discuss her thoughts about how to she was
able to maintain some semblance of order amidst all the chaos which
may give you some thoughts about how you, too, can keep your
sanity through it all.
Information Security Decisions | © TechTarget
![Page 4: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/4.jpg)
Bio
● Anne is the former VP, Information Security and
CISO for The Walt Disney Company
● Spent 5+ years in the enterprise CISO role, 8
years as the information security lead for the
Parks & Resorts segment
● Broad background in IT
● CISSP and CRISC certifications
● Recipient of ISE™ Information Security
Executive of the Year Award - Southeast (2007),
ISE ™ People’s Choice Award - North America
(2009), ISE ™ Luminary Leadership Award
(2012)
Information Security Decisions | © TechTarget
![Page 5: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/5.jpg)
events.techtarget.com
Information Security Decisions | © TechTarget
Setting the Stage
![Page 6: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/6.jpg)
Key Issues
Information Security Decisions | © TechTarget
The workforce and workplace is more diverse than ever
Threat landscape continues to escalate
The rate of change is not slowing down
Data is everywhere and growing
Exposure footprint is more diverse than ever
![Page 7: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/7.jpg)
Rate of Change
The rate of change is not slowing down
- Technology advancements/adoption
Information Security Decisions | © TechTarget
![Page 8: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/8.jpg)
Rate of Change
● Business models are changing
- Globalization
- On-line/Internet
- Collaboration/Social Media
- Mergers/Acquisitions/Divestitures
Information Security Decisions | © TechTarget
“Times and conditions change so rapidly that we must
keep our aim constantly focused on the future.” -Walt Disney
![Page 9: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/9.jpg)
Workforce/Workplace Diversity
● The workforce and workplace is more diverse
than ever
Information Security Decisions | © TechTarget
![Page 10: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/10.jpg)
The Generations
Information Security Decisions | © TechTarget
Traditionalist Born 1925 - 1945
Baby Boomers Born 1946-1964
GenX Born 1965-1980
GenY / Millennial Born 1981 and after
Gen Z-Nexters-born after 2000
Harrison Ford Barack Obama/Anne Kuhns Julia Roberts Justin Beiber/Mackenzie Foy
TEAM PLAYERS
INDIRECT IN
COMMUNICATING
LOYAL TO THE
ORGANIZATION
RESPECT THE AUTHORITY
DEDICATION AND SACRIFICE
DUTY BEFORE PLEASURE
OBEDIENCE
RESPOND WELL TO DIRECTIVE
LEADERSHIP
SENIORITY AND AGE
CORRELATED
ADHERENCE TO RULES
BIG PICTURE/SYSTEMS IN
PLACE
BRING FRESH PERSPECTIVE
DO NOT RESPECT THE TITLES
DISAPPROVE ABSOLUTES AND
STRUCTURE
OPTIMISM
TEAM ORIENTATION
UNCOMFORTABLE WITH
CONFLICT
PERSONAL GROWTH
SENSITIVE TO FEEDBACK
HEALTH AND WELLNESS
PERSONAL GRATIFICATION
POSITIVE ATTITUDE
IMPATIENCE
GOAL ORIENTATED
MULTI-TASKING
THINKING GLOBALLY
SELF-RELIANCE
FLEXIBLE HOURSE,
INFORMAL WORK ENVIRONMENT
JUST A JOB
TECHNO-LITERAL
INFORMAL - BALANCE
GIVE THEM A LOT TO DO
AND FREEDOM TO DO
THEIR WAY
QUESTION THE AUTHORITY
CONFIDENCE
SOCIABILITY
MORALITY
STREET SMARTS
DIVERSITY
COLLECTIVE ACTION
HEROIC SPIRIT
TENACITY
TECHNOLOGICAL SAVY
LACK OF SKILLS FOR DEALING
WITH DIFFICULT PEOPLE
MULTITASKING
NEED FLEXIBILITY
![Page 11: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/11.jpg)
Data Data Data
Organizations are storing approximately 11–15 terabytes of security data a week, a figure that Gartner
Group predicts will double annually through 2016. To put that in perspective, 10 terabytes is the
equivalent of the printed collection of the Library of Congress .
Source: Infosecurity Magazine June 18, 2013
Information Security Decisions | © TechTarget
![Page 12: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/12.jpg)
Threat Landscape
Information Security Decisions | © TechTarget
![Page 13: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/13.jpg)
Exposure Footprint
Information Security Decisions | © TechTarget
![Page 14: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/14.jpg)
Exposure Footprint
Information Security Decisions | © TechTarget
![Page 15: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/15.jpg)
Exposure Footprint
Information Security Decisions | © TechTarget
![Page 16: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/16.jpg)
Exposure Footprint
Information Security Decisions | © TechTarget
![Page 17: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/17.jpg)
Information Security Decisions | © TechTarget
![Page 18: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/18.jpg)
Is it Possible?
Information Security Decisions | © TechTarget
![Page 19: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/19.jpg)
events.techtarget.com
Information Security Decisions | © TechTarget
Or, How Did I Manage to Stay Sane?
Making Order out of Chaos
![Page 20: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/20.jpg)
Three Primary Areas
Information Security Decisions | © TechTarget
CHOICES
PERSONAL
PHILOSOPHIES
STRATEGY
![Page 21: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/21.jpg)
About Choices
Given the limited resources we all
have, we can’t do everything. I’m
fond of saying “we can do
anything but we are not going to
do everything”.
“The hardest choices in life aren't
between what's right and what's
wrong but between what's right and
what's best.”
Information Security Decisions | © TechTarget
― Jamie Ford, Hotel on the Corner of Bitter and Sweet
![Page 22: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/22.jpg)
More About Choices
“The choice is not in what you
do. The choice is in the why.”
-- Emma Raveling, Billow
“If you have a goal, write it
down. If you do not write it
down, you do not have a goal -
you have a wish.”
-- Steve Mariboli, Life, The
Truth and Being Free
Information Security Decisions | © TechTarget
![Page 23: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/23.jpg)
Strategy
● Strategy is nothing more than a series of choices that
describe what you will do and why.
● Strategy must be risk based for the biggest bang for the
buck.
“Desires dictate our priorities, priorities shape our choices,
and choices determine our actions.” ― Dallin H. Oaks
Information Security Decisions | © TechTarget
![Page 24: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/24.jpg)
Strategy
● Common Questions
- Are we secure?
- How much security is enough?
Information Security Decisions | © TechTarget
![Page 25: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/25.jpg)
There is no silver bullet
Information Security Decisions | © TechTarget
![Page 26: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/26.jpg)
Roadmap to Strategy
Information Security Decisions | © TechTarget
![Page 27: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/27.jpg)
Roadmap to Strategy
● Data
● Devices
● Networks
● Applications
● Identities
● What?
● Where?
● Who owns it?
● Value?
● Who has
access to it?
Enumerate – Measure – Measure Again
Information Security Decisions | © TechTarget
● Current
posture
● Priorities
● Threats/Risk
● Integration
● Impact
![Page 28: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/28.jpg)
Personal Philosophies
Information Security Decisions | © TechTarget
![Page 29: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/29.jpg)
Interpersonal Skills/Team
“I’ve learned that people
will forget what you said,
people will forget what you
did, but people will never
forget how you made them
feel.”
–Maya Angelou
Information Security Decisions | © TechTarget
![Page 30: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/30.jpg)
The Ability to Learn, Unlearn and Re-learn Fast is
Critical
“What got you
here won’t get
you there.” – Marshall Goldsmith
Information Security Decisions | © TechTarget
![Page 31: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/31.jpg)
Sometimes You Make Your Opportunities
“If opportunity doesn't knock,
build a door” ― Milton Berle
Information Security Decisions | © TechTarget
![Page 32: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/32.jpg)
High Expectations
Information Security Decisions | © TechTarget
![Page 33: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/33.jpg)
Character – Integrity – Reputation
Information Security Decisions | © TechTarget
![Page 34: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/34.jpg)
Everyone Can Make a Difference
Information Security Decisions | © TechTarget
![Page 35: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/35.jpg)
Summary
● Issues are not going away and they are not slowing
down. Focus on what is best for your organization.
● Have a sound, risk-based, well-thought out and
defendable strategy.
● Be yourself, know your strengths, but most of all have the
courage of your convictions.
● Have fun.
Information Security Decisions | © TechTarget
![Page 36: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/36.jpg)
Final Thought
● My objectives were to:
- Add value
- Make a difference
- Have fun
● My challenge to you is to do the same: go add value, go
make a difference and have a little fun along the way.
Information Security Decisions | © TechTarget
“If you think you're too small to have an impact, try going
to bed with a mosquito in the room.” ― Anita Roddick
![Page 37: Managing for Sanitycdn.ttgtmedia.com/rms/editorial/Anne Kuhns_Keynote... · 2013. 10. 10. · Security Professional & Former CISO for The Walt Disney Company ... Group predicts will](https://reader036.vdocuments.net/reader036/viewer/2022071504/612406fa58d24762a11eb926/html5/thumbnails/37.jpg)
Thanks For Your Attention
Contact:
Anne Kuhns, CISSP, CRISC
Information Security Decisions | © TechTarget