1 / 23

Robert Fullagar CISSP CISM CRISC Clas CEH

Robert Fullagar CISSP CISM CRISC Clas CEH. “Security is everyone’s responsibility”. Security Programme Structure and Methodology. Contents People Structure Key positions Roles of individuals Methodology/Approach Deliverables. People. Senior Manager/Board Member.

graiden-scott
Download Presentation

Robert Fullagar CISSP CISM CRISC Clas CEH

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”

  2. Security Programme Structure and Methodology Contents • People Structure • Key positions • Roles of individuals • Methodology/Approach • Deliverables

  3. People Senior Manager/Board Member Business Representatives Business Representatives Business Representatives Business Representatives Programme Manager Project Managers Senior Security SME Delivery Teams External Resource Security SME

  4. Delivery Team Structure Programme Manager Project Manager Security SME Infrastructure Lead External Resource Do’ers

  5. Other People Security Architects Legal Specialist PMO Support Technical Architects Procurement HR Etc

  6. Roles Senior Manager/Board Member • Influencer • Has a vested interest in improving security • Can keep the momentum going • Able to procure budget

  7. Roles • Set/agree scope for the business area • Set priority based on risk for the business area • Monitor progress • They are decision makers Business Representatives Business Representatives Business Representatives Business Representatives

  8. Roles Programme Manager Project Managers Senior Security SME • Action the decisions of the business representatives • Translate the business and technical requirements • Bring resource and structure to deliver the scope • Provide budgetary figures to the programme board • Select and evaluate solutions

  9. Roles Delivery Teams External Resource Security SME • These are the do’ers, the engine room • The detail people, they bring to bear that detailed specific knowledge • They do the actual work, hands on work • They help make the projects boards scope a reality

  10. Initiator • Legislative • Contractual • External standards • Business driver or direction • Infrastructure replacement project • Consolidate security in finished project • Because its “Best Practice”

  11. What happens when Discovery 6-18 Months Risk Assessment provides Input to phase 1 Phase 0 Phase 0 – Eye on Phase 1 scope and long term strategy Foundation 18 months – 2 years Delivery phase 1 scope Phase 1 Phase 1 – Define long term strategy Leverage 2-5 Years + Phase 2 Delivery phase 2 scope BAU Security Cycle

  12. Board Deliverables Senior Manager/Board Member Phase 0 - Scope • Business area • Drivers – why • Financial commitment • Time and resource commitment • Draft strategy Business Representatives Business Representatives Business Representatives Business Representatives

  13. Programme Deliverables Programme Manager Project Managers Senior Security SME Delivery Teams External Resource Security SME Phase 0 • Plan – Resource and tasks • Budget +/- 100% • Approach • Quick wins • Minimal cost • Risk Assessment

  14. Board Deliverables Senior Manager/Board Member Phase 1 • Priorities the items from the risk assessment • Financial support • Allocate and commit resource • Long term strategy Business Representatives Business Representatives Business Representatives Business Representatives

  15. Programme Deliverables Programme Manager Project Managers Senior Security SME Delivery Teams External Resource Security SME Phase 1 • Risk assessment • Proposals to remediate • Accurate costs • Plan, time and resource • Deliver agreed scope

  16. Summary Phase 0 Board Phase 0 • Business Driver • Vision • Initial Budget • Commitment Programme

  17. Summary Phase 0 Board Phase 0 • Plan • Budget • Approach • Quick wins Programme

  18. Summary Phase 1 Board GO

  19. Summary Phase 1 Board Phase 1 • Risk Assessment • Remediation actions • Budget to remediate • Outline plan Programme

  20. Summary Phase 1 Board Phase 1 • Priorities Risks • Financial support • Commitment • Agree plans Programme

  21. Summary Phase 1 Board Long term strategy

  22. BAU Security Plan Act Do Check

  23. Thank You Questions

More Related