Your SlideShare is downloading. ×
Ryan Jones - Security Convergence – Gold Mines and Pitfalls
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Ryan Jones - Security Convergence – Gold Mines and Pitfalls

1,006
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,006
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security Convergence – Gold Mines and Pitfalls
    Ryan Jones
  • 2. A Little About Me
    Ryan Jones
    Employment History:
    • Manager of Physical Security and Social Engineering Practice, TrustwaveSpiderlabs
    • 3. Previous places include Alternative Technology, IBM Security & Privacy, Safe Harbor, US West, .com’s
    • 4. Red teaming, pentesting, business intelligence, etc.
    Random other facts:
    • Tiger Team, Exotic Liability podcast
  • Security Convergence
    Definition
    Formal cooperation between two previously disjointed security functions
    NOTE: This does NOT always mean an organizational chart change
  • 5. Technologies Used
    You’ve seen it and probably not realized it
    Smart Cards – RFID, chip, etc
    IP Cameras
    Access controlled doors
    Physical Security Management systems
  • 6. Security Convergence
    Quick History
    Up until now typical corporate structure maintained two independent groups
    IT Security
    • Confidentiality
    • 7. Integrity
    • 8. Availability
    Physical Security (or Facilities)
  • Security Convergence
    Quick History
    Separate but similar
    Protecting data
    Business continuity
    Corporate asset protection
    Life cycle of employee
  • 12. Security Convergence
    Present
    Why are we starting to see this change?
    Need to cut costs
    Corporate Compliance
    Attackers taking path of least resistance
    Blended threats
    Gains in efficiency
  • 13. Benefits to Security Convergence
    • A complete security strategy helps keeps security goals in sync with business goals
    • 14. Single point of contact
    • 15. Information sharing increases
    • 16. More versatile staff
    • 17. Save money
  • Security Convergence
    This all sounds great!
    So why are you giving this speech?
  • 18. Possible Pitfalls
    • Single point of failure
    • 19. A network breach can now affect you physically as well
    • 20. People’s egos
    • 21. 'I'm not going to do anything to hurt your system or inhibit your business processes. I'm here to protect you so our CEO isn't standing before a congressional committee someday explaining why credit reports are in front of some gym locker.’ – Mecsics @ Equifax
    • 22. Cultural differences
    • 23. Information sharing
  • But wait… there’s more
    • Combining of very different methodologies and capabilities
    • 24. Without proper evaluation of new tools and software, you can be introducing even more vulnerabilities and risks into your environment
    • 25. Long term cost benefit is there, but initial cost is very high
    training
    hardware installation/upgrades
    let’s not forget the cost in TIME
  • 26. Security Convergence
    YOU HAVE TO PLAN!
    This is not something you do because you read about it in a trade rag
    This is not something you copy from what another company did
    This is not something that will just plug and play into your organization
    This is not something that will necessarily even work for your organization currently
    This is not a quick fix for all your security problems
  • 27. Planning
    Determine what style of merger will work best for YOUR organization
    Policies and procedures will need to change
    Make sure the right people are in the right jobs and are properly trained
    Network design
    Technology options
    Pilot deployment
    Obtain upper management support
  • 28. More Information
    ASIS – http://www.asisonline.org
    Alliance for Enterprise Security Risk Management – http://www.aesrm.org
    ASIS, ISACA, and ISSA
    Contact:
    Ryan Jones
    Twitter: lizborden
    Email: rjones2@trustwave.com
  • 29. That’s it
    QUESTIONS?