so you want to be an information security officer
play

So You Want to Be an Information Security Officer? Presented by: - PowerPoint PPT Presentation

Nov 11, 2022 •544 likes •778 views

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer Background Personal Starion Bank Arts Goals Highlight the typical responsibilities of an Information Security Officer from

  1. So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer

  2. Background • Personal • Starion Bank

  3. Art’s Goals • Highlight the typical responsibilities of an Information Security Officer from technical to non-technical aspects • Emphasize the soft-skills necessary to be effective and successful in this role • Be Inspiring

  4. Agenda • Job Purpose • Primary Accountabilities • 5 Functional Responsibilities – Information Security Program – Business Continuity Program – Incident Response Program – Vendor Management Program – Audit • Identify Soft Skills Needed to Be Effective

  5. Job Purpose • “Provide oversight and management to protect the information assets of the bank and support the information governance policies and processes, compliance, information security and business continuity plans.”

  6. Job Purpose (continued) • “Actively work with business unit owners and other service providers to institutionalize a solid security and overall information technology governance framework .”

  7. Primary Accountabilities • “Responsible for the development and ongoing management of the bank’s information security program to ensure it is compatible with applicable laws and regulations .”

  8. 5 Functional Responsibilities 1. Information Security Program 2. Business Continuity Program 3. Incident Response Program 4. Vendor Management Program 5. Audit

  9. Information Security Program (1) • Develop, implement and administer all segments of the Bank’s ISP • Partner with business units and users to develop and enforce information security policy and procedures

  10. Information Security Program (2) • Provide consultation and written reports to Senior Management, Audit Committee and the Board of Directors • Ensure proper training is provided to staff

  11. Information Security Program (3) • Proactive compliance with industry IS regulations • Partner with the Bank’s Security Officer to ensure overall security of the bank

  12. Information Security Program (4) • IT Risk Assessment – Inherent Risk – Residual Risk – Future Risk

  13. Business Continuity Program (1) • Business Continuity Plan (BCP) – Business Continuity Steering Committee – Crisis Management Team • Business Impact Analysis

  14. Business Continuity Program (2) • BCP Calendar (January) – Monthly DR Tests – Exercises • Table Top • Workplace Relocation/Recovery • Education and Awareness

  15. Incident Response Program • Administer program in the event of a cyber security breach that compromises Confidentiality, Integrity, and /or Availability

  16. Vendor Management Program • Administer program to validate new and existing vendors to protect our organization and our customers

  17. Audit • Conduct Audits of various IT processes • Address requests from internal and external auditors

  18. Skills • Active Listening • Technical • Inquisitive • Organizational • Analytical • Team Player • Proactive • Leadership • Positive Attitude • Effective Communication • Inspirational • Mentoring • People Person • Creativity • Interpersonal Communication • Attention to Detail

  19. Agenda Recap • Job Purpose • Primary Accountabilities • 5 Functional Responsibilities – Information Security Program – Business Continuity Program – Incident Response Program – Vendor Management Program – Audit • Skills Needed

  20. Art’s Goals Recap • Highlight the typical responsibilities of an Information Security Officer from technical to non-technical aspects • Emphasize the soft-skills necessary to be effective and successful in this role • Be Inspiring

  21. Questions?

  22. Thank You! • Art Bakke Information Security Officer artb@starionbank.com (701) 667-7554

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information

Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information

Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information Security Services Mark Martens Security Risk Management Analyst 1 Areas for Review Commonwealth ISO Certification IT Security

832 views • 40 slides
INFORMATION SECURITY A DAY IN THE LIFE WHO AM I? Security officer for MIE CISSP , CISA,

INFORMATION SECURITY A DAY IN THE LIFE WHO AM I? Security officer for MIE CISSP , CISA,

INFORMATION SECURITY A DAY IN THE LIFE WHO AM I? Security officer for MIE CISSP , CISA, CGEIT, CRISC, CRMA, PMP , FLMI and studying for CISM RMR and JA Interactive session share stories THREAT SOURCES Nation States

491 views • 26 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012 Introduction

353 views • 12 slides
Don Randall MBE Chief Information Security Officer Bank of England Measuring the future value of

Don Randall MBE Chief Information Security Officer Bank of England Measuring the future value of

Don Randall MBE Chief Information Security Officer Bank of England Measuring the future value of Security Physical, Technical and Cyber to ensure boardroom engagement 20 th November 2014 Warsaw Approach Technical Threats

1.12k views • 33 slides
YOUR SPEAKER 2016 CHIEF SECURITY OFFICER PRAETORIAN CONSULTING INTERNATIONAL (CYBER

YOUR SPEAKER 2016 CHIEF SECURITY OFFICER PRAETORIAN CONSULTING INTERNATIONAL (CYBER

YOUR SPEAKER 2016 CHIEF SECURITY OFFICER PRAETORIAN CONSULTING INTERNATIONAL (CYBER SECURITY AUTOMATION) 2014 HEAD OF INFORMATION SECURITY WORLDLINE (ATOS GROUP) (LEVEL ONE SERVICE PROVIDER) 2014 CISO LEVEL SECURITY, RISK

266 views • 24 slides
EPP Self Test Tool Anne-Marie Eklund-Lwinder Chief Information Security Officer .SE (The

EPP Self Test Tool Anne-Marie Eklund-Lwinder Chief Information Security Officer .SE (The

EPP Self Test Tool Anne-Marie Eklund-Lwinder Chief Information Security Officer .SE (The Internet Infrastructure Foundation) @amelsec amel@iis.se Background EPP Created 2000. Draft RFC 2004. Full RFC 2007. .SE implemented EPP

583 views • 9 slides
Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal

Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal

Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal Credit Union Topics Cybersecurity news and headlines What are the threats and targets? Hackers and malware Email - Phishing

854 views • 50 slides
Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG

Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG

Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O., R. Cowles SLAC (past member), J. Basney NCSA (new member), Ron Cudzwicz FNAL, Rob Quick

340 views • 19 slides
HIPAA Security Rule Overview Jennings Aske, JD, CISSP, CIPP/US VP Chief Information Security

HIPAA Security Rule Overview Jennings Aske, JD, CISSP, CIPP/US VP Chief Information Security

HIPAA Security Rule Overview Jennings Aske, JD, CISSP, CIPP/US VP Chief Information Security Officer NewYork-Presbyterian Hospital The Use of Electronic Technology in Healthcare Over the past decade the health care industry began to rely

256 views • 14 slides
Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy Bennett 2019 Cybersecurity Awareness Month Event October 22, 2019 2019 Texas Headlines Ransomware Ransomware Cyber criminals holding your data and

450 views • 23 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
Karl Kopper Caltrans Privacy and Chief Information Security Officer Four Questions Every Auditor

Karl Kopper Caltrans Privacy and Chief Information Security Officer Four Questions Every Auditor

Karl Kopper Caltrans Privacy and Chief Information Security Officer Four Questions Every Auditor Should Know the Answer To What is What is PII? De- Identification? What is Re-Identification? Privacy Internal Controls & Behavioral

765 views • 45 slides
EUDAT AND SECURITY Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE W

EUDAT AND SECURITY Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE W

EUDAT AND SECURITY Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE W orkshop for I nformation S ecurity for E -infrastructures 2015-10-20, Barcelona This work is licensed under the Creative Commons CC-BY 4.0

563 views • 30 slides
EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau Chief, Information Security and Technology 1 What is HIPAA? 2 HIPAA What: Health Insurance Portability and How: Congress mandated the establishment

444 views • 9 slides
How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik

How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik

How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik GmbH Introduction R-IT CERT Idea Introduction to ITIL Example Vulnerability Management Lessons Learned How to set up a CSIRT in

380 views • 16 slides
Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1

Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1

Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1 Outline Problems Requirements A Solution Next Step Page 2 Page 2 Problems Need a common security policy specification language

201 views • 6 slides
The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response

The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response

The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response Michael Melore, CISSP IBM Cyber Security Advisor @MichaelMelore June 2018 May 2018 May 2018 Threat Hunting Workflow Cognitive Advanced Analytics

443 views • 15 slides
What do ALL NGIs need to do? Requirements for operational security Sven Gabriel (Nikhef) EGEE

What do ALL NGIs need to do? Requirements for operational security Sven Gabriel (Nikhef) EGEE

Enabling Grids for E-sciencE What do ALL NGIs need to do? Requirements for operational security Sven Gabriel (Nikhef) EGEE Operational Security Coordination Team http://cern.ch/osct/ www.eu-egee.org Information Society and media EGEE-III

311 views • 13 slides
Grid Operational Security: from EGEE to EGI Mingchao Ma STFC RAL, UK ISGC 2010, Taipei,

Grid Operational Security: from EGEE to EGI Mingchao Ma STFC RAL, UK ISGC 2010, Taipei,

Grid Operational Security: from EGEE to EGI Mingchao Ma STFC RAL, UK ISGC 2010, Taipei, Taiwan Overview Current EGEE operational security Transition - a regional view ROC in EGEE NGI in EGI Challenges in EGI and

638 views • 19 slides
The work of security teams Mateusz Kocielski shm@NetBSD.org LogicalTrust pkgsrccon Krak ow,

The work of security teams Mateusz Kocielski shm@NetBSD.org LogicalTrust pkgsrccon Krak ow,

The work of security teams Mateusz Kocielski shm@NetBSD.org LogicalTrust pkgsrccon Krak ow, July 02, 2016 THANKS kamil@ & co-organizers THANKS kamil@ & co-organizers *applause.wav* whoami(1) pentester at LogicalTrust

355 views • 18 slides
MANAGING INF ORMAT ION PRIVACY & SE CURIT Y RE MOT E L Y Pr e se nte d by: Mar y

MANAGING INF ORMAT ION PRIVACY & SE CURIT Y RE MOT E L Y Pr e se nte d by: Mar y

MANAGING INF ORMAT ION PRIVACY & SE CURIT Y RE MOT E L Y Pr e se nte d by: Mar y Golab, IPO In c ollabor ation with Damian Hollow, URO & She lle y Gar r e tt, CISO Offic e F OI P L ia iso n Offic e r (F L O) Me e ting

263 views • 12 slides
Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise ,

Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise ,

Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise , Riccardo Traverso, Anh Truong FBK-Irst, Trento, Italy Metodi dichiarativi nella verifica di sistemi parametrici Milano, 25-26 Settembre, 2014 Ranise

577 views • 40 slides

More recommend