Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 15 • 1:30pm - 2:30pm
Keynote | Activating Security Through Resilience

Sign up or log in to save this to your schedule and see who's attending!

I propose discussing the core Gartner Point of View on effective cybersecurity: the six principles of resilience with a focus on the challenges unique to higher education. We believe every successful digital enterprise will have to adopt these six principles:

From Check-Box Compliance to Risk-Based Thinking: While this idea is not new, the urgency to embrace it is. New regulations are inevitable, but following a regulation, or a framework, or just doing what your auditors tell you to do, has never resulted in appropriate or sufficient protection for an organization. “Risk-based thinking” is about understanding the major risks your business will face and prioritizing controls and investments in security to achieve business outcomes.

From Technology to Outcomes: We must move from a singular focus on protecting the infrastructure, to a new focus on supporting organizational outcomes. For the last two decades, our investment decisions have been heavily focused on protecting the infrastructure. But now we need to elevate security strategy to protect the things the business actually cares about. You CAN connect these outcomes to the work you do in IT risk and security.

Defender to Facilitator: As part of the transition to supporting the business outcome mindset, we must move from being the righteous defenders of the organization to acting as the facilitators of a balance...a balance between the needs to protect the organization and the needs to achieve our desired business outcomes. This is particularly challenging in the higher ed environment, where decision making is diffused.

From Controlling Information to Understanding Information Flow: Next, we must move from trying to control the flow of information to understanding how information flows so we can improve its resilience and the outcomes it supports. Digital business will introduce massive new volumes and types of information that must be understood and appropriately protected. In the world of digital business every enterprise will be a link in a global chain. We can’t do this alone.

From Technology Focus to People Focus: We must understand the limits of security technology......and recognize that properly motivated people—properly engaged and educated people—can be the strongest links in our chain. So we need to shape behavior and motivate people to do the right thing, not just try to force people to do what we want.

From Prevention Only to Detect and Respond: The sixth principle requires the most profound shift in focus. It begins by understanding that compromise of our systems is inevitable. We must move from a singular focus on trying to “prevent” compromise to acknowledge that we will never have perfect prevention: we need to be able to detect compromise and react faster. The disparity between the speed of compromise and the speed of detection is one of the starkest failures discovered in breach investigations. In the digital world, the pace of change will be too fast to anticipate and defend against every type of attack.

We must invest in capabilities—technical, procedural and human—to detect when a compromise occurs. We must provide the tools for first responders to react quickly and investigate the source and impact of the breach.

Resilience is our new standard of success. Applying these six principles will help conference attendees gain a seat at the planning table and propel Penn State to a successful digital business future.


Speakers
avatar for Mary Wujek

Mary Wujek

Director, Global Security and Risk Management, Gartner, Inc.
Mary Wujek has extensive expertise in information security, portfolio and program management, business continuity, strategic planning, and product management. As Director of Global Security and Risk Management at Gartner, Inc.—a leading information technology research and advisory company—she has led many IT/Business product, service, and culture change projects, establishing new services in identity management, financial services... Read More →


Thursday October 15, 2015 1:30pm - 2:30pm
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel