PROF-403

Building Security Models To Help M k B iMake Business Decisions Dave Cullinane Gordon Shevlin Preston Wood William Tang 04/29/09 | Session ID: PROF-403 Agenda Establish a Security Framework Obtain Security & Business MetricsObtain Security & Business Metrics P S it R t I t t (ROI)Prove Security Return on Investment (ROI) Develop Forward Looking Strategy & Models 1 “Apply” Slide • After RSA, actions attendees should ‘apply’ back at the office:at the office: – Identify a function of Information Security that business and security metrics can easily be gathered. – Begin gathering business metrics such as cost, time, and effort for a set amount of time (e.g. 3 or 6 months). – Identify the root cause of issues or the most common cause of y security issues. – Implement a solution and track business metrics and results. Measure ROI (remember that positive ROI isn’t the right answer– Measure ROI (remember that positive ROI isn t the right answer, being able to calculate ROI in business is the real value). – Leverage experience and information to develop a security strategy and roadmap 2 strategy and roadmap.