- 9
- 23 962
Archistry
เข้าร่วมเมื่อ 21 ส.ค. 2014
Why "cyber" Is Business Risk
One of the things we really get wrong - and I mean *really* get wrong - in cyber and information security is in the way we think about risk. However, this problem isn't just limited to cyber and information security professionals. It impacts a lot of people doing Enterprise Risk Management (ERM) and even the understanding many executives (CEO, CFO, COO, CRO) and Board members have about risk.
You see, we've been taught that there are different types of risk, and that each type of risk needs to be managed differently.
This just isn't true.
And in this video, I'm going to not only prove it to you...
...I'm going to show you a way to think about the business and enterprise risk that can't help but give you some critical insights you need today to link your security controls - and your entire cybersecurity program as a CISO - firmly to the business in a way that budgeting should no longer be an issue.
If you like this video, don't forget to smash the Like button, share this information with your friends, your boss and your colleagues - both directly here and on your socials - and subscribe to the channel. Additionally, make sure you're subscribed to my daily emails at agilesecuritysystem.com or archistry.com so you can go deeper into the things I'm talking about in the video. All the good stuff *always* goes there first.
But if you're ready to take the next steps, then here's a few links that can help you.
Get the book: agilesecuritysystem.com/start
Join the Club: archistry.club
And if there's anything you'd like me to cover in this special series and "sneak peek" at the kinds of things you get full access to as a member of the Archistry Club, just drop it in the comments below.
You see, we've been taught that there are different types of risk, and that each type of risk needs to be managed differently.
This just isn't true.
And in this video, I'm going to not only prove it to you...
...I'm going to show you a way to think about the business and enterprise risk that can't help but give you some critical insights you need today to link your security controls - and your entire cybersecurity program as a CISO - firmly to the business in a way that budgeting should no longer be an issue.
If you like this video, don't forget to smash the Like button, share this information with your friends, your boss and your colleagues - both directly here and on your socials - and subscribe to the channel. Additionally, make sure you're subscribed to my daily emails at agilesecuritysystem.com or archistry.com so you can go deeper into the things I'm talking about in the video. All the good stuff *always* goes there first.
But if you're ready to take the next steps, then here's a few links that can help you.
Get the book: agilesecuritysystem.com/start
Join the Club: archistry.club
And if there's anything you'd like me to cover in this special series and "sneak peek" at the kinds of things you get full access to as a member of the Archistry Club, just drop it in the comments below.
มุมมอง: 83
วีดีโอ
Architecture-Based Security in Action: Ransomware
มุมมอง 1242 หลายเดือนก่อน
Most people don't really understand what security architecture is all about-at least when it's done correctly, from a conceptual perspective and in terms of value delivery. In this video, I present an overview of the steps of a ransomware attack, highlighting potential control points at the conceptual level, not just the physical infrastructure. This video gives you an introduction to the advan...
The Problem With Security - On Just One Slide
มุมมอง 292 หลายเดือนก่อน
I believe we have a handful of core problems with security that keep us from doing the job we're supposed to do in enabling and protecting our organizations. Here's one of them. Learn more about The Agile Security System™: agilesecuritysystem.com Get the book: agilesecuritysystem.com/start Sign up for my daily emails: archistry.com
A Definition of Security That Can Change An Entire Industry
มุมมอง 482 หลายเดือนก่อน
If we want to solve the big problems we have in security, we need to go back to the fundamentals. In fact, we need to go back to the very definition of what we do itself. And if we do, we can change an entire industry. If you like this video, don't forget to give it a like and subscribe to the channel. To get more, in-depth thoughts about building a more effective security program right in your...
The Problem With Thinking You Already Know The Value Of Your Security Program
มุมมอง 292 หลายเดือนก่อน
Many CISOs, regardless of their level of experience, have a mistaken estimation of the reliability of the way they estimate - and therefore communicate - the value of their security program. This mistake ends up leading to all sorts of problems: everything from unnecessary fights over budget and resources to potentially career-ending breaches. In this video, Andrew walks through some of the iss...
SABSA® in 18 Minutes
มุมมอง 2.8Kปีที่แล้ว
This is an excerpt from the Supercharge Your Security Architecture Program where I cover the 2 of the 3 core concepts of SABSA, along with the architecture layers and the activities of the SABSA Lifecycle. However, what I don't cover in this video is the fundamentals of the critical 3rd element, which is the governance model. The governance model is covered at the core of Day 2 of the program, ...
Supercharge Your Security Architecture TODAY!
มุมมอง 81ปีที่แล้ว
If you've ever wondered what it would take to make a dramatic, step-change in your security architecture practice, then this video is for you! In it, you'll find an overview of the 5-day Supercharge Your Security Architecture Challenge program where I give you 3 concrete strategies for either starting or expanding your enterprise security architecture program using SABSA® and The Agile Security...
S1 Ep 01 - Are you making this credibility killing mistake?
มุมมอง 534 ปีที่แล้ว
In this video I talk about ways you can build - or kill - your credibility as a security leader. If you like this video, please subscribe to my daily emails at archistry.com for a lot more tips like this-every single day.
SABSA Overview - Archistry
มุมมอง 21K9 ปีที่แล้ว
This video is our "classic" introduction to the SABSA® methodology, and we've come a long way since then. If you want to know where we are right now in our thinking, then the best place to go is the Archistry website to read more: archistry.com/sabsa-security-architecture-framework-methodology/ Alternatively, if you want to sty on the cutting edge, then the best way to do that is to visit archi...
keren
RSVP !! ZZZZzzzzz.....
very well explained.
very well explained, and this is how it work but mostly in large big corporations only.
Hi @iMentorCloud. Thanks for the feedback. Actually, I've worked with organizations of various sizes to implement this approach. Sure, it's often easier to get the support for doing things with security in larger organizations because they're big enough to have plenty of problems around actually getting the right things in place. However, as I talk about in the video and in the book (agilesecuritysystem.com/start), if you focus on the 3 core concepts of SABSA, and you take a systems thinking approach, it turns out applying the Principles, Practices and Perspectives of The Agile Security System can be done at any scope-from a 20-year strategic plan to a 20-minute phone call. Feel free to reach out if you'd like to talk about it in more detail.
Thank you! I am just thinking this out. Sherwood Applied Business Security Architecture (SABSA). So you can’t just worry about the end of the architectural design, you need to address security design on a higher level. So if you were building a house, the architect wouldn’t come on board just to complete the structure; they come on board at the beginning to address the conceptual design and connect it to the structure design. Is this accurate?
Thanks for the feedback, @adriennecrosby4105! To answer your question, yes. That's correct. I wrote about this in some detail in the Security Sanity™ print newsletter a few times. What you really want is a collaborative and consultative relationship where the customer describes what they want and the architect gives them options on how to realize it. Based on this interaction and refinement, a finished design emerges. This is how it works with traditional building architects, and it's no different in the technical architecture arena. Fundamentally, with any kind of technical architecture - including security - it's all down to the quality of the conceptual models you build and communicate with the rest of the team. Another take on this is the 3 conceptual models Don Norman talks about in his book, Design of Everyday Things.
Bullseye strike .. I cannot agree more and think that the massage applies to everything Enterprise and Solution Architects do
Thanks for the feedback. And you're exactly right. Once you understand what SABSA is really about, it's pretty clear that it will apply for any kind of architecture-especially for enterprise architecture. In fact, I've worked with organizations who've started with SABSA for security and then filled a void for EA with it once the rest of IT saw what it could really do for them.
straight to the point. Seeing things in a multidimensional way is the correct strategy to implement any security framework. Thank you and well done!
Thanks for the feedback. There's really no other way to try and understand complex systems other than as n-dimensional interactions beyond simple cause and effect. The basic two-way traceability taught in Foundation is a great place to start, but once you're applying the 3 core concepts to map out the value delivery network of your organization, you can't help working in multiple dimensions.
Very interesting and informative. Thanks
Thanks! Glad it was useful. Remember, if you'd like to go deeper in putting SABSA to work, please feel free to reach out. It's not nearly as hard as a lot of people think. And once you get started, the value increases exponentially with linear amounts of effort. Sometimes, even without any effort at all!
Beautiful and beautifully explained Great job.... Thank you very much
Although factually correct, this video is starving for a hook to the story. Maybe open with a recent example of where a poor architecture resulted in a major breach. Otherwise, this is another lecture from the Sherwood book.
Nice overview
SABSA Overview