practical insights in the day-to-day routine of an information security officer
DESCRIPTION
Douwe Pieter van den Bos Practical insights in the day-to-day routine of an information security officer How to be realistic about information security and don’t stress out. Practical tips that will help any organization.TRANSCRIPT
How to be realistic about information security and don’t stress out.
Practical tips that will help any organization.
Practical insights in the
day-to-day routine of an
information security officer
Douwe Pieter van den Bos
Plan
Do
Check
Act
• Risk Appetite
• Maturity
• Risk Analysis
• Secure Software Development
• Project Management
• Security Advise
• Security Testing
• Security Audits
• Red-teaming
• Risk Management
• Improvement Planning
Information Security Management
Information Security in a fast moving world
Gaining threads
Legislation
Privacy concerns
Customer awareness
Information Security is
becoming a larger issue
for all organizations,
including Oracle
customers.
Risk Maturity
Ad Hoc Opportunistic Systematic Managed Optimized
Plan
Do
Check
Act
Be realistic Plan
Do
Check
Act
Risk Appetite Plan
Do
Check
Act
Risk Analysis
Confidentiality
Integrity
Availability
Fra
ud
Dete
cti
on
Com
pliance
Report
ing
Risk Classification Plan
Do
Check
Act
Risk ClassificationImpact
Chance
Secure Software Development
Best Practices
Plan
Do
Check
Act
https://www.ncsc.nl/dienstverlening/expertise-
advies/kennisdeling/whitepapers/ict-beveiligingsrichtlijnen-voor-
webapplicaties.html
http://www.oracle.com/technetwork/topics/entarch/itso-165161.html
http://www.nist.gov/cyberframework/
http://www.cip-overheid.nl/downloads/grip-op-ssd/
Security Advices Plan
Do
Check
Act
https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-
incidenten/beveiligingsadviezen
Learn and Act Fast! Plan
Do
Check
Act
An audit is not scary. It’s just a quick
way to investigate what you’re
doing right and where you might
improve.
Red Team! Plan
Do
Check
Act
Who is the owner of risk?
http://www.taskforcebid.nl/producten/instrumenten-informatieveiligheid/
Plan
Do
Check
Act
Risk Management
Risk
Quick Win Plan Accept
Low costs Low impact / chance
Just do it.
These risks are
easily
mitigated. Low
cost, despite of
the impact or
chance.
Make a project
out of it. You
will have to
plan and
prioritize.
The impact is
so low, or the
chance of
occurrence is
so low that you
can decide to
accept the risk.
Plan
Do
Check
Act
Improvement Planning
Target 1
Target 2
Target 3
Target 4Target 5
Plan
Do
Check
Act