This presentation will cover the many nuances of a security program and the most important question for today’s savvy businesses. How much security is enough? Too many times companies and people spend more than they need on policies, technologies, people and it may have been too much. This topic will explore the Keep Information Security Simple approach to getting the biggest bang for your buck. (e.g. Confidentiality, Integrity, Availability). Core theme – ideas and suggestions on how to ‘right-size’ any security program. Why buy a tank when a 4×4 truck will do? The most important question to ask with any program is ‘What are we securing?” If the security program can not tie back to this, then the program must change and/or the analysis/risk assessment must change to better align security program with the threats, vulnerabilities, risks of the organization.
- Overview on Keeping Information Security Simple (KISS)
- Short example of quality vs quantity analysis of Security Programs
- Formula to 'right size' the security program.
- Some organizations spend money on their security program without being able to confirm it addresses the right things for their company.
About Steen Fjalstad
Steen Fjalstad, MS, CISA, CISSP, CGEIT, CRISC
Steen currently works for Midwest Reliability Organization (MRO) as part of the Critical Infrastructure Protection team helping to secure the U.S. electric grid. Working for MRO Steen has managed, led, and supported over forty energy sector Critical Infrastructure Protection (CIP) Security Audits.
Prior to joining MRO, Steen obtained significant experience as a security, audit, risk, and project manager with a focus on securing, designing, implementing, and auditing information technology processes. In addition, he led multiple audits and project implementations for some of the largest Deloitte & Touche clients. Steen has served more than eighty organizations spanning three continents.