Arvind Mehrotra

971 views
883 views

Published on

Presentation given by Arvind Mehrotra, Designation - Executive Vice President & Head – Global Strategic Initiatives, NIIT Technologies Ltd. on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
971
On SlideShare
0
From Embeds
0
Number of Embeds
192
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Arvind Mehrotra

  1. 1. Information Management <br />&<br /> Security<br />3rdAugust,2011<br />Arvind Mehrotra<br />President APAC,NIIT Technologies<br />arvind.mehrotra@niit-tech.com<br />
  2. 2. Increased IT Spending| Increased Regulations <br />Indian Public IT spending to grow to $5.1 billion by 2011, indicating a compounded annual growth rate (CAGR) of nearly 19 percent from 2007 to 2011<br /><ul><li> Information Technology Act 2009- India
  3. 3. Software Assurance & Security Audit-India
  4. 4. The Penal Code - India</li></ul>The public sector IT spending in Singapore is set to reach US$ 1.2 billion in 2013, growing at a compound annual growth rate (CAGR) of 4.8 percent from 2008-13<br /><ul><li>CMA -Singapore
  5. 5. The Penal Code (Cap. 224) - Singapore</li></ul>Governments will spend $61.5 billion on information systems and professional IT services by 2015, an compound annual growth rate (CAGR) of 3.1 <br /><ul><li>The Counterfeit Access Device and Computer Fraud and Abuse Law of 1984- US
  6. 6. National Information Infrastructure Protection Act of 1996 (NIIPA)-US
  7. 7. Computer Misuse Act of 1990 (CMA) -UK</li></li></ul><li>Trends in Information Security Crimes<br /><ul><li>270 INDIAN Official websites including CBI have been hacked by Pakistani Hackers
  8. 8. NCRB reported steep rise of 300% in cyber crimes in India(Year 2009)
  9. 9. 420 cyber crime cases were reported in India in 2009 of which 233 were related to hacking
  10. 10. 75 Million scam emails are sent everyday claiming 2000 victims
  11. 11. The average internet crime will cost the victim 128$
  12. 12. 25% of cyber crime remains unsolved
  13. 13. Cyber Crimes lead to Reputational loss, Loss Of Revenue, Data Leakage ,Reduced Productivity etc.</li></li></ul><li>Data Management<br />IntrusionProtection<br />NoiseReduction<br /><ul><li>Intelligent Down Stream Suppression</li></ul>Millions<br /><ul><li>Raw event data
  14. 14. Distributed
  15. 15. Heterogeneous</li></ul>Security Data<br />Log<br />Archival<br />Events Logs<br />Event Management<br />Thousands<br /><ul><li>Relevant Events
  16. 16. Explicit event collection & Log Analysis</li></ul>Events<br />Events <br />Threats<br />Threat<br />Analysis<br />Incidents<br />Threats<br />Correlation & Visualization<br />Hundreds<br /><ul><li>Prioritized lists
  17. 17. Actionable items</li></ul>Incidents<br />Structured<br />Process<br />Reporting & Forensics<br />IncidentResponse<br />Key Challenges <br />
  18. 18. Focus on Infra<br />Address Critical<br />Assemblies - Apps<br />Not Integrated<br />Integrated<br />Not addressing <br />Business Risks<br />Process Based<br />Paradigm Shift in Security&Risk Management <br />DISCONTINUITY CURVE<br />New Criteria<br /><ul><li> Mandatory
  19. 19. Competitive Advantage
  20. 20. Proactive
  21. 21. Risk Driven
  22. 22. On-Demand </li></ul>Old Criteria<br /><ul><li> Optional
  23. 23. Health of Business
  24. 24. Reactive
  25. 25. Meet Regulation
  26. 26. On-Premises </li></ul>vs.<br />RETURNS<br />Paradigm Shift<br />New<br />Old<br />EFFORT / TIME<br />
  27. 27. Information Security&Risk Management Solutions for New World<br />SOC - SIMS <br /><ul><li>Provide 24x7x365 Incident monitoring services through multiple location model
  28. 28. Capture events qualified as security incidents from various Applications
  29. 29. Display real-time alerts in the incident monitoring console
  30. 30. Establish correlation & analysis from different engines
  31. 31. Establish service against agreed SLA</li></ul>AssureEasy Platform<br />A cloud Based Platform that<br /><ul><li>Helps define Customer’s Business Processes, Regulations etc.
  32. 32. Define Risk related to the Business Processes, Regulations.
  33. 33. Define Controls for Risk Mitigation
  34. 34. Run Period Assessments to evaluate the strength of controls.
  35. 35. Generate highly interactive reports for macro and micro assessments</li></li></ul><li>raw log<br />Logging<br />Logging<br />Logging<br />Logging<br />Agent<br />Agent<br />Agent<br />Agent<br />Perimeter Controls<br />IDS / Response<br />System Management<br /><ul><li> Routers
  36. 36. Firewalls
  37. 37. Content scanners
  38. 38. Network IDS
  39. 39. Network IPS
  40. 40. Other sensors
  41. 41. Host & DB configuration
  42. 42. Patch management
  43. 43. Vulnerability management</li></ul>SOC - SIMS Delivery Framework<br />VISUALIZATION / ADMINISTRATION<br />OPERATIONS INTEGRATION<br />Security alerts<br />Reports<br />Help desk ticketing<br />Visualization<br />Network / security operations<br />REAL-TIME ANALYSIS / RESPONSE<br />LONG-TERM STORAGE / AUDIT / INVESTIGATION<br />Policies / compliance rules<br />Signatures / attack patterns<br />101010001011100110<br />COLLECTION / AGGREGATION / CORRELATION<br />Mitigate<br />Central / master collector<br />RESPONSE<br />RESPONSE<br />Distributed collectors<br />INPUTS<br />Identity Management<br /><ul><li>Access control
  44. 44. Directories
  45. 45. Provisioning</li></ul>7<br />7<br />
  46. 46. AssureEasy Platform <br />Compliance Management<br />Operational Risk<br />Technology Risk<br /><ul><li>Loss Event Capture & Reporting
  47. 47. Key Risk Indicator Management
  48. 48. Capital Modeling
  49. 49. Service Delivery Risk Management
  50. 50. Supply Chain / 3rd Party Risk
  51. 51. IT / Info Security Controls Management
  52. 52. Regulatory & Standards Gap Assessment
  53. 53. Enterprise Threat Assessment
  54. 54. Breach & Records Retention Law Analysis
  55. 55. Vendor Risk Management
  56. 56. Internal Controls Management
  57. 57. Regulatory / Standards Management
  58. 58. Assessment & Audit Management
  59. 59. Policy & Procedure Management
  60. 60. Financial Controls Management
  61. 61. Incident Management
  62. 62. Certification Management
  63. 63. Issues Management </li></ul>Assure Easy Solutions<br />
  64. 64. Case Studies<br />AssureEasy Incident Management for a IT services giant<br />Security Incident Monitoring for a global Bank<br /><ul><li>On-demand visibility into incident Status
  65. 65. Used by Compliance management; Business function managers; Executive management
  66. 66. 24*7 Security Monitoring system deployed in bank
  67. 67. Custom agents interfaces built for Sybase;Oracle;BACS
  68. 68. VPN connectivity to facilitate Remote monitoring system</li></li></ul><li>10<br />NIIT ‘s Proposed Solutioning For Government <br />Envision<br />Enable<br />Excel<br />Empower<br />Identify Vision for Security and Risk Management<br />Identify Regulatory Needs<br />Create Security Incident Monitoring Framework<br />Establish Key Controls<br />Identify, analyze and track issues through rules setting and automation<br />Enable Assessment Capability<br />Model & simulate risk scenarios<br />Empower your organization to capitalize risks<br /> Compliance Controls Assessments Capitalize<br />SIMS<br />AssureEasy<br />
  69. 69. Questions <br />

×