inovement portfolio
DESCRIPTION
Inovement PortfolioTRANSCRIPT
![Page 1: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/1.jpg)
1
![Page 2: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/2.jpg)
2
Index
1. Problem Statement2. Solutions: Portfolio
![Page 3: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/3.jpg)
3
Index
1. Problem Statement2. Solutions: Portfolio
![Page 4: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/4.jpg)
4
Complexity
![Page 5: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/5.jpg)
5
P Solutions
Cost
Risk
Imp
act
Probability
I - So
lutions
Usability
Man
agea
bili
ty
Complexity
![Page 6: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/6.jpg)
6
Organizationand
Environment
![Page 7: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/7.jpg)
7
Changes (Organization)
and moreChanges
(Environment)
![Page 8: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/8.jpg)
8
Incomplete Information
![Page 9: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/9.jpg)
9
Levels of detail
![Page 10: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/10.jpg)
10
Limited Resources
![Page 11: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/11.jpg)
11
Limited Influence
![Page 12: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/12.jpg)
12
“Negative” Results
![Page 13: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/13.jpg)
13
Trust
![Page 14: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/14.jpg)
14
Activity and Results are
Weakly Linked
![Page 15: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/15.jpg)
15
Misunderstanding
![Page 16: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/16.jpg)
16
It can be difficult to tell the Good…
![Page 17: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/17.jpg)
17
…from the Lucky
![Page 18: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/18.jpg)
18
From Doorman Mentality…
![Page 19: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/19.jpg)
19
…To Manager Mentality
![Page 20: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/20.jpg)
20
From Invulnerability...
![Page 21: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/21.jpg)
21
...To Return on Investment
![Page 22: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/22.jpg)
22
FromIncidents = Failure…
![Page 23: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/23.jpg)
23
…ToIncidents =
Opportunity for Improvement
![Page 24: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/24.jpg)
24
From Protect the asset...
![Page 25: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/25.jpg)
25
...To Protect business bjectives
![Page 26: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/26.jpg)
26
FromThreats…
![Page 27: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/27.jpg)
27
…To Results
![Page 28: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/28.jpg)
28
FromPreventing policy violations...
![Page 29: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/29.jpg)
29
...To Providing value
![Page 30: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/30.jpg)
30
Level of Commitment
Goals Obligations
Success What we want to What we have to
Quality As well as we want to
As well as we have to
Security As reliably as we want to
As reliably as we have to
Providing value: Governance Playground
![Page 31: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/31.jpg)
31
Providing value: Security PlayGround
Level of Commitment
Goals Obligations
Success What we have to
Quality
Security As reliably as we want to
![Page 32: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/32.jpg)
32
From Contrarian view of business and security....
![Page 33: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/33.jpg)
33
...To Security seen as part of the
business.
![Page 34: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/34.jpg)
34
Continuous Improvement
![Page 35: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/35.jpg)
35
“We want to prevent attacks from succeeding”. With this approach, to be secure means to be invulnerable.
An incident is any loss of confidentiality, integrity or availability.
You look at a piece of data and think: Is it confidential, has it got integrity, is it available?
Traditional approach to security:
![Page 36: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/36.jpg)
36
“We want to guarantee that our business objectives are met”. With this approach, to be secure means to be reliable, despite attacks, accidents and errors.
An incident is a failure to meet a security objective resulting from accidents, errors or attacks.
You look at a piece of data and think: What properties of this data must be protected for it to have business value?
Inovement style Approach:
![Page 37: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/37.jpg)
37
Use case – Malware Management
Use case – Traditional management Motivation: Clean viruses or your business will sink. Objective: No system should get a virus ever Activity: Install antivirus on personal computers, servers, mail
servers, add antivirus functionality to firewalls, add antispyware, antitrojan, antirookit to the mix.
Policy: Prevent any USB, DVD, to touch any company system without being searched for viruses.
Success criterion: When no system gets ever a virus. Continuous improvement: Add more antimalware controls
(Tripwire, CORE, etc)
![Page 38: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/38.jpg)
38
Use Case – Inovement-style management Motivation: Unfortunately systems, specially Windows and malware prone.
We should invest proportionally to the damage they can make. Goal: Systems should accomplish their business role with or without
malware. Activity: Install antimalware in vulnerable systems. Measure activity, scope,
update and availability of antimalware. Consider other measures, like using less malware prone systems.
Policy: Use in every system the antimalware protection that will detect malware and prevent the system from failing to play its business role.
Success criterion: When protected system play their business role without interruption or degradation.
Continuous improvement: Use metrics to improve the antimalware protection and use those with better effectively and ROI.
Use case – Malware Management
![Page 39: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/39.jpg)
39
Index
1. Problem Statement2. Solutions: Portfolio
![Page 40: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/40.jpg)
40
Portfolio
Communication ServicesKnowledge Management ServicesProcess Orientation
Education ServicesConsulting
![Page 41: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/41.jpg)
41
Communication Services - Problem
Both users and IT find it difficult to explain what they need in terms of security (Symptom: They never ask for anything)
Security finds it difficult to understand what the business needs (Symptom: Users and IT avoid meetings with security, difficulties getting budget for projects, lack of collaboration or even conflicts with other departments)
Security feels they don’t have enough power in the organization to get things done.
![Page 42: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/42.jpg)
42
Communication Services - Solution
Learn a new language, “O-ISM3”, including:Security Objectives, which remove ambiguity
and streamline communication.Security Targets, which simplify risk
assessment, and make it easy to relate investment and results.
Processes, which make obvious what is the value provided to the organization.
![Page 43: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/43.jpg)
43
Communication Services - Benefits
Streamline Communication.Improve the alignment of efforts and business
needs.Enable Benefits Realization.Make cristal clear who is responsible for what.Gain influence in the organization.
![Page 44: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/44.jpg)
44
Knowledge Management - Problem
Every task is performed differently depending on who performs it.
When an improvement is identified it is slow to spread among the team, or even lost.
High dependency on the supplier, making the cost of switching very high.
Replacing resources of the team is difficult, requires a high level of effort or it is even risky.
Holidays, attending events and courses, sick leave, become stressing events for the team to be avoided.
Audits are highly disruptive, as there nothing is documented or archived.
![Page 45: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/45.jpg)
45
Knowledge Management - Solution
Identification and archival of all outputs of the activities of the team.
Formal structure and framework for documentation.
Switch from Word documents to Wiki.Clear distribution of knowledge management
responsibilities.Knowledge management integrates seamlessly
with day to day operations.
![Page 46: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/46.jpg)
46
Knowledge Management - Benefits
Every task is performed consistently.Improvement are identified and implemented
quickly and uniformly across the team.No depedency on suppliers.Replacing resources becomes a non-event.More freedom for the work team, improving
motivation and performance, lowering rotation.Audits become painless.
![Page 47: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/47.jpg)
47
Process Management - Problem
There are literally hundreds of activities.Activities are assigned depending on skills.The main driver for activities are compliance with
standards, rather than business needs.Priorities change too frequently.When new activities are created, older activities
become abandoned rather than cancelled.There are activities that don’t show up on the
Follow-up Reports.There are few metrics that infrequently drive
decisions.There is no schedule for activities, or the deadlines
are failed with few exceptions.
![Page 48: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/48.jpg)
48
Process Management - Solution
Switch from activities to processes.Switch from “doing things” to “making deliverables”Group activities with common goals in processes.Prioritize activities depending on business value.Report everything the process performs.Distribute supervisory, audit, operation
responsibilities.Use Activity, Scope, Availability, Load, Quality,
Effectiveness and Efficiency Metrics.
![Page 49: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/49.jpg)
49
Process Management - Benefits
Improve the value for the business.Make better use of resources.Reach higher levels of capability and maturity.Continuous improvement becomes possible.Interface better with other process based methods,
like ITIL.Maintain compliance with standards painlessly.
![Page 50: Inovement portfolio](https://reader031.vdocument.in/reader031/viewer/2022013011/54c55f344a7959aa2d8b475f/html5/thumbnails/50.jpg)
50
Portfolio
Communication ServicesKnowledge ManagementProcess Orientation
Education ServicesConsulting