{"id":50092,"date":"2020-08-11T09:40:34","date_gmt":"2020-08-11T09:40:34","guid":{"rendered":"https:\/\/www.eccu.edu\/?p=50092"},"modified":"2023-06-05T10:25:42","modified_gmt":"2023-06-05T10:25:42","slug":"a-new-path-for-better-managing-information-security","status":"publish","type":"post","link":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/cyber-talks\/a-new-path-for-better-managing-information-security\/","title":{"rendered":"A new path for better managing information security"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\"John<\/p>

Speaker<\/strong> John Kupcinski,
Designation:<\/strong> Director of Information Security Transformation – Freddie Mac
Topic:<\/strong> A new path for better managing information security
Date of Webinar:<\/strong> 18th<\/sup> Nov, 2020
Time and Location:<\/strong> 10:00 am EDT\/ 8:30 pm IST\/ 3:00 pm GMT<\/p>

Watch Now<\/a>

<\/strong><\/p>

Speaker Bio:<\/strong>
Mr. Kupcinski leads Freddie Mac\u2019s Information Security Transformation team to help execute the firm\u2019s cyber agenda and realizes corporate cyber goals by building and improving internal processes and technology environments. Over the last two decades, Mr. Kupcinski has built and improved information security organizations and aligned the cyber agenda towards evolving business and technology programs by providing greater visibility and understanding of changing risks. Additionally, he has helped a wide range of firms understand how to align their cyber agenda with dynamic business and compliance priorities.
Topic Abstract: <\/strong>
InfoSec portfolios are often constrained by waterfall methods for delivery and are heavily cyber tools and technology-centric. In this model, business cases are largely used for larger investments. However, they prioritize a feature roadmap that allows for limited flexibility on the scope. This leads to situations where security is unable to adjust to business demands with long lead times associated with delivery. This often leads to superficial attempts to patch the undesirable nature of the infosec capability with the technical debt continuing to accumulate. Ultimately the organization is left with inefficient, home-grown infosec processes, with an over-reliance on spreadsheets and PowerPoints and highly customized tools that are difficult to maintain.<\/p>

Efforts to address delivery of new capabilities fall flat because of a lack of empowerment for those who are responsible for delivering and relegated to the role of the \u201cproject manager mercenaries\u201d. For all of these reasons and more, infosec organizations are slow to adapt and often spend too much time fixing what is broken versus innovating.<\/p>

Inherently, information security will continue to experience disruption and commoditization across all areas. As such, the future of the information security portfolio requires us to identify ways to more closely link business and delivery teams; increase velocity of feature releases; minimize & simplify dependencies; and evaluate \u201chorizon\u201d capabilities.<\/p>

This discussion will explore the concept of productization and how it might be applied to the information security portfolio. Additionally, what kinds of preconditions would need to exist in order to begin the transition to a product-centric approach. Finally, we would discuss information security frameworks that can be leveraged in order to link compliance requirements to target state maturity and facilitate this transition.<\/p>

Key takeaways:<\/strong><\/p>