Maximizing Investments in IT Security

Brian Fuller

Text Only Version

  1. Maximizing Investments in IT Security
  2. Agenda
  3. Security Wake Up Call!!
  4. ROSI Challenges
  5. Measuring ROSI
  6. Managing Risk and Security Investments
  7. Managing Risk; Managing Returns
  8. Defining Risk
  9. Can We Eliminate Risk?
  10. Managing Risk and Security Investments
  11. Choosing a Security Framework
  12. Federal Information Security Management Act (FISMA)
  13. FISMA’s Effect on State Agencies
  14. Getting More Bang for the Buck
  15. Key Area 1: Risk Assessment (RA)
  16. Key Area 2: Configuration Management (CM)
  17. Key Area 3: Access Control (AC)
  18. Building an Enterprise Security Program
  19. Defining an Enterprise Security Program
  20. Characteristics of an Effective ESP
  21. Implementing an Effective ESP
  22. NIST Resources (www.csrc.nist.gov)
  23. Measuring Success – Key Takeaways
  24. Questions?
  25. BearingPoint

Return to Format List