ntxissacsc4 - business geekdom: 1 = 3 = 5
TRANSCRIPT
![Page 1: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/1.jpg)
@NTXISSA#NTXISSACSC3
BusinessGeekdom:1=3=5
GrantGilliamCISSP,CISM,CISAManagingDirectorGilliamSecurity,LLCOctober7,2016
![Page 2: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/2.jpg)
@NTXISSA#NTXISSACSC3
Situation:ComplianceNightmare
NTXISSACyberSecurityConference– October2-3,2015 2
COBIT4
COBIT5
HITRUST
ITILv3
ITIL2011
COSO2013
NISTCIF
FFIECSecurity
NERCCCIP
GLBA-FACTA
SANSCSC
DoD8500.2
PCIDSS3.1/3.2
HIPAASec.Rule
NIST800-53Rev4
NIST800-171
CSAv3.0.1
IRS1075
ISO27001:2013
CJIS5.5
AICPASOC
![Page 3: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/3.jpg)
@NTXISSA#NTXISSACSC3
Yielding…
• Nomeanstomeasurecompliance• Severalmanhoursmaintaining• Novisibilityintoframeworks• Decentralizedgovernance• Increasedcomplexity• Duplicationofeffort
NTXISSACyberSecurityConference– October7-8,2016 3
![Page 4: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/4.jpg)
@NTXISSA#NTXISSACSC3
Problem
Eachdifferentbusinessunitisunabletotranslaterequirementstoanothergroup,therebycausingthe“Geek”effect.
“It’sonlyaproblemifyouhaveasolution.”AnnaKendrickUpInTheAir,2009
NTXISSACyberSecurityConference– October2-3,2015 4
![Page 5: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/5.jpg)
@NTXISSA#NTXISSACSC3
UseCaseResources Cost
Human Capital
SecurityResource $170
Security Leadership $250
Outside Consultants $500
Business Owner x1hr
HoursSpent
Costfor onemeeting $920
NTXISSACyberSecurityConference– October2-3,2015 5
UseCase:1hourcompliancemeeting
Usuallywehavenomoreinformationthanwhereweinitiallystarted.
![Page 6: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/6.jpg)
@NTXISSA#NTXISSACSC3
Whatisbusinessgeekdom?
Define:business geekdomAdifferentbusinessunitunabletotranslaterequirementstoanothergroupthatoftenperceivestheotherasa‘geek’.
NTXISSACyberSecurityConference– October2-3,2015 6
![Page 7: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/7.jpg)
@NTXISSA#NTXISSACSC3
BusinessBenefit• Metricstoenableinstantaneousgapassessmentsacrossthebusiness
• Minimalheadcountmaintainingseveraldifferentframeworks
• Visibilitytocurrentandfuturestatebusinessrequirements
• Reducedcomplexityduetoasinglesetofcontrols• Nomoreduplicationofeffortacrossdepartments• Centralizedgovernanceacrossthebusiness
NTXISSACyberSecurityConference– October2-3,2015 7
![Page 8: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/8.jpg)
@NTXISSA#NTXISSACSC3
Solution:1=3=5
NTXISSACyberSecurityConference– October2-3,2015 8
SecurityControl
Framework
Acentralizedtranslatortomakeframeworksincongruencewithoneanother
![Page 9: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/9.jpg)
@NTXISSA#NTXISSACSC3
Example
NTXISSACyberSecurityConference– October2-3,2015 9
Anenterprisesecurityarchitecturealigningyourrequirements,suchas:
- HIPAA- HITRUST- NISTCIF- NIST800-53- NIST800-171- PCIDSSv3.1- COBIT5- …
Finding:Mostframeworkshavealargeoverlapwithothermajorframeworks.
AddedBonus:Guidancefromothermajorframeworks.
![Page 10: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/10.jpg)
@NTXISSA#NTXISSACSC3
Example
NTXISSACyberSecurityConference– October2-3,2015 10
Legislative &Mandated
NIST800 Series
NISTCybersecurityFramework
DoDI8500Series
PCIDataSecurityStandard
Gramm-Leach-BlileyAct
NERC/ FERC
HIPAASecurityRule
FFIEC SecurityHandbook
IRS1075
BestPractices
ISO/IEC27000Series
CloudSecurityAlliance
SANSCritical SecurityControls
COSO 2013Principles
COBIT 5
COBIT4
HITRUST
Internal
ITILversion3
ITIL2011
IntegrationtoGRCTool
![Page 11: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/11.jpg)
@NTXISSA#NTXISSACSC3
FutureUseCase
NTXISSACyberSecurityConference– October2-3,2015 11
UseCase:1hourcompliancemeeting
UsuallyWehavenomoreinformationthanwhereweinitiallystarted.
Resources Cost
Human Capital
SecurityResource $170
Security Leadership $250
Outside Consultants $500
Business Owner x1hr
HoursSpent
Costfor onemeeting $920$420
![Page 12: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/12.jpg)
@NTXISSA#NTXISSACSC3
ConceptinHistory
NTXISSACyberSecurityConference– October2-3,2015 12
Source:http://jessepaedia.blogspot.com/2014/04/what-living-language-is-closest-to-latin.html
RomanceLanguages
![Page 14: NTXISSACSC4 - Business Geekdom: 1 = 3 = 5](https://reader031.vdocuments.net/reader031/viewer/2022030402/587059a91a28aba2118b62cb/html5/thumbnails/14.jpg)
@NTXISSA#NTXISSACSC3@NTXISSA#NTXISSACSC3
The Collin College Engineering DepartmentCollin College StudentChapteroftheNorthTexasISSA
NorthTexasISSA(InformationSystemsSecurityAssociation)
NTXISSACyberSecurityConference– October7-8,2016 14
Thankyou