Stefan Wahe, Madison:The CISO’s Empty Cooking Pot
Goals: Describe the baseling of Cyber Security Strategif Plan; Learn how to gain participation in achieving the plan; identify how you may help Cyber Security on your campus.
Background: If a strategy’s posted on a website does it make a sound? UW Madison 2011 IT Security Strategy.
People forgot about the strategy – no reporting, no accountability. Positive outcomes: Consolidated two competing groups, elevated security to report through CIO’s office. New CISO with risk-based methodology. Created a 100 day plan including drafting a cyber-security plan. Hired a Chief Data Officer – brings governance groups together to talk about data.
Baseline strategy will: have a commonly agreed to purpose; be understood by the community; establish a governance model; assign accountability; have a communications plan; be flexible or adaptable to change
Cyber Security Baseline: Identifies current and emerging threats to support the strategy; identifies the responsibilities of the CISO and IT Security org; identify and empower governance groups to participate in and evolve the strategy; Identify goals, assign accountability and timeframes; Align with the campus and IT strategies.
Strategic Elements: Complete data governance and information classification plan; establish risk management framework to reduce cybersecurity risk; build a community of experts; consolidate seccurity operations; improve cyber threat intelligence analysis, dissemination, and remidation; optimize services, establish metrics, promote compliance. Each element has SMART goals.
Enabling Objectives: Tactical things that need to be done. Establish restricted data environments; centralize data collection, etc.
Governance: Identify governance groups to empower community to meet goals.