All Articles

List Of CISO Platform Task Force & Goals

Posted by pritha on April 13, 2016 at 7:30pm

Below are the few indicator topics upon which we will centre our discussion for different domains.

Cloud Security

  • How to assess the organizational need and readiness for cloud services
  • How to define the policies and controls for protection against risk in cloud services
  • How to evaluate the risk factors while opting for cloud services
  • How to evaluate cloud security providers
  • How to comply with regulations and standards and address data residency related concerns

Threat Modeling for Banking & Telcos

  • Understanding the various models of for conducting threat model
  • Practical use cases for threat modeling
  • Practical exercise of Threat Modeling for specific industry verticals
  • Threat Modeling for Banking Ecosystem (Only for participating banks)
  • Threat Modeling for Telcos (Only for participating telecom organizations)

SOC and SIEM

  • Learn how to architect your SOC or SIEM solution
  • Learn the benefits of moving from traditional SIEM to Security analytics
  • How to assess your organizational maturity for SIEM solutions?
  • How to evaluate SIEM vendors/tools
  • How to build Security and operations center
  • How to build incident response process and organization
  • Learn the Success and failure factors behind SIEM implementation from experts

Enterprise Mobility Security

  • Learn the taxonomy of EMM solution
  • How to architect your Mobility solution
  • How to apply data security policies to users/devices that frequent on and off your corporate network 
  • How to enable BYOD trend without compromising on the security of data and violating the regulatory mandates
  • How to evaluate different Mobility vendors/tools

iAM

  • How do you plan for IAM, PIM and PAM tool deployment in your organization 
  • How do you sell your idea to implement IAM solution to your management 
  • How do you evaluate IAM/PIM vendors and tools ?
  • How do you decide between the Multiple deployment options ?
  • How do you audit and report the actions of privileged users ?
  • What are the best practices, success and failure factors in IAM tool implementation ?
  • How do you measure the effectiveness of your IAM/PIM deployment

Data Security and DLP

  • How to do data classification ?
  • How to assess the organizational need and readiness for DLP solution
  • How to define requirements for selecting proper data security solution
  • How to evaluate a DLP vendor/Tool ?
  • What are the Success factors and failure factors in DLP implementation ?
  • How to define metrics to  measure the effectiveness of DLP tool ?

Advanced Persistent Threats

  • How do you deal with targeted and sophisticated attacks?
  • Critical capabilities for a APT solution and taxonomy
  • How do you prevent and respond to Ransomware attacks ?
  • How to you Identify and block complex javascript based attacks ?
  • What are the questions to ask APT vendor before selecting any APT solution ?
  • What metrics can be used to define & measure the effectiveness of your APT solution ?

DDOS attacks

  • How to Identify and remediate DDOS attacks ?
  • What are the different ways and tools to protect yourself from DDOS attacks ?
  • Critical capabilities for a DDOS security solution
  • How to evaluate DDOS vendors and tools ?
  • What are the best practices in implementing DDOS solution ?

Vendor risk management

  • Understanding the Vendor risks
  • How do you assess and manage the risk associated by the use of third party IT products and services ?
  • How to create a vendor risk management process and framework within your organization

SCADA Security

  • Understanding the risks and attack vectors for SCADA
  • Critical controls for SCADA security
  • Building a roadmap for securing SCADA

Enterprise Security Strategy

  • How to understands the Information Risk Model of your organization
  • Connecting the risks to controls using frameworks like COBIT
  • Building a roadmap and dashboard
  • Framework to present enterprise security strategy to management

IT GRC

  • Learn how to architect for GRC solution
  • How to Jumpstart your GRC program with freely available tools and content
  • Assess your organization's readiness for IT GRC solution
  • Learn to set up and  risk assessment workflow, risk acceptance process and IT risk metrics
  • Learn how to automate incidence response workflows
  • Learn to  measure and report compliance with regulation and other standards.
  • Critical capabilities for a IT GRC solution and taxonom
  • CISOs who implemented GRC to share their real life experiences
Views: 143
E-mail me when people leave their comments –
Follow
Posted by pritha

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)