Enterprise security architecture is a process to integrate security as a part of business and technology initiatives handled by any organization. When an organizational business goals and objectives are aligned with security goals and objectives, the organization can make informed decisions about business ventures and protecting organizational assets from ever-emerging security threats and risks.
In this presentation, we’ll discuss introducing ESA to organization leadership using a multi-phased approach to:
- Establish the current maturity level of the security program by collecting key performance indicators from the management, operations, and technical areas of the business and presenting the KPIs to leadership and business owners in terms of risk and actionable items to reduce risk.
- Develop a desired state of security establishing corporate risk appetite and identifying desired KPI maturity levels.
- Prepare a gap analysis, determine Opx, CapX, and internal labor cost for single of multi-year projects identified in the gap analysis, and develop a risk roadmap / heatmap of projects necessary to achieve maturity in the security program.
Frank Platt is a management consultant and security architect with 30+ years of experience as a client focused independent consultant. His consulting career began in the telecom industry when he co-founded Hospital Communications Consultants focusing on the procurement and implementation of large scale telecom systems for hospitals. He brought his consulting and project management skills to help form Cottonwood, an IT and telecom consulting firm. In 2000, he began focusing on Information Security developing security programs for clients needing to improve the security posture of their organization and in 2007 earned the designation of CISSP®(107408).
Today he evaluates and develops security programs for clients in Health Care, Finance, Legal, Manufacturing, Government, and Educational by employing recognized frameworks from NIST, ISO and SANS to meet regulatory and compliance requirements including HIPAA, FISMA/FIBS, PCI, etc.