Your SlideShare is downloading. ×
Information Security Cost Effective Managed Services
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Information Security Cost Effective Managed Services

1,364
views

Published on

Published in: Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,364
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
61
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Leveraging Managed Services for Cost effective Infosec Operations +973-36040991 jorge.sebastiao@its.ws
  • 2. ICT Security 2009 - Risks • 79% - don’t believe Security Software of Digital Signature provides Sufficient Protection • 50% - Organization not protected against Malware based on attack trends • 62% - not enough time resources to address vulnerabilities • 66% - out of work during recession will lead to more people joining cyber-criminal underground
  • 3. ICT Security 2009 – Arms Race • 41% - increase in sophistication of attacks • 45% - increase in phishing attacks on employees • 49% - (financial services) increase in technical sophistication of attacks • 63% - infected web site biggest cause of compromise of online security
  • 4. Quote “Every morning in Africa a gazelle wakes up. It knows it must outrun the fastest lion or it will be killed. Every morning in Africa a lion wakes up. It knows it must run faster than the slowest gazelle or it will starve. It doesn’t matter if you’re a gazelle or a lion: when the sun comes up, you had better be running.” - H.H. Sheikh Mohammed Bin Rashid Al Maktoum.
  • 5. Securing Information Today Threats Cyber terrorism Viruses Industrial Threats Espionage Environmental Natural Unintended results Disasters (The “OOPS” factor)
  • 6. Securing Information Today Business Risks Financial Intellectual loss capital Public Business Litigation Image/Trust Risks Employee & Legislative customer violations privacy
  • 7. Threats to Infrastructure DATA CORRUPTION COMPONENT FAILURE APPLICATION FAILURE HUMAN ERROR MAINTENANCE SITE OUTAGE
  • 8. Do you have risk mgmt plan?
  • 9. ICT Risks are changing
  • 10. Hacking is now a business Criminals
  • 11. Hacker don’t follow rules?
  • 12. More sophisticated Attacks
  • 13. Business vs Inforsec Priorities
  • 14. Security focus on Business
  • 15. Views of Security and Risk Management Business View Service and Continuity Customer Focus Managing Risks Operation Risk Controls Auditing Governance & Compliance IT Infrastructure Disaster Recovery High Availability
  • 16. Risk Management Elimination Reduction/Controls Transfer/Outsource Insurance Not all risk can be Residual eliminated via controls
  • 17. Why should you care? Better Incidence Response & Availability Best Practices Quick troubleshooting Knowledge base Higher Availability Efficient Security Operations Support Availability of qualified resources Infrastructure protection Infosec, BCM, ITIL Best Practices 24x7x365 Monitoring Vendor Management Managed People, Process, Technology
  • 18. Scope of Management & Value
  • 19. Technology is not enough Technology People Process
  • 20. Holistic Implementation  SLA  24x7x365 Process  Industry Best Practices  ITIL based processes  Data Center Best Practices Technology  Latest Monitoring tools  State of the Art knowledge base  Secure technology  Certified and Trained Staff People  Technical Experts  Cross Training  Onsite and Offsite
  • 21. Infosec: Global Delivery Services - GDS • On-site & Off-site resource Mix • Fully managed and supported environment • Enterprise Management Solution (EMS) • Predictable cost model • Performance & Trend analysis • Alert, Monitoring, Notification & Escalation • Training and Knowledge Transfer • 24x7x365 with SLA
  • 22. Managed Services Provide Agility • Knowledge Base •Incidence diagnosis •Root Cause analysis •Quicker Response •Response Planning •Certified Resources •Single Vendor Management
  • 23. Infrastructure Best Practices
  • 24. 3 key Drivers for outsourcing
  • 25. Flexibility Managed Traditional ITO/FM Services Centralized Management 0% Onsite Flexible 100% Onsite Managed Services 100% Approach 0% Offsite Offsite Decentralized Management
  • 26. Cost Effective Management Mix Network Platforms Database Applications Storage Level-1 Monitoring, Incident and Problem Management Resolution Processes 80-100% Offsite Change, Configuration and Release Management Level-2 Capacity and Availability Management Operational Processes Service Continuity, Security 20-80% Offsite Service Level Management Level-3 Capacity planning and Financial Management Strategic Processes 100% Onsite Business Relationship and Supplier Management
  • 27. Best Practices Structure Organization Goals and Objectives Policies How to achieve Processes, Pro organization goals and cess Diagrams & objectives Models How to perform the Procedures and activities that are needed Guidelines Artifacts used to perform activities Templates, Forms, Checklists References to use for Self Help, Knowledge efficient performance Articles, Project Artifacts
  • 28. Managed Services Framework Aggregated Reporting / Portal / I2MP, Service Desk ITIL Compliant Best Practices Monitoring, Automation Tools Redundancy / High Availability / Disaster Recovery Desktop Network Servers Databases Storage Applications Center of Onsite Offsite Vendor A Vendor B Call Center Excellence
  • 29. Implementation Continuous Detection Response • 24x7x365 • Security monitoring • Managed Services • Automatic Alerting Incident Response • Incidence Response Lessons Restore • Vulnerability Eliminate Assessment Contain Analyse • Patch Management Communicate Continuous Monitoring • Forensic Analysis Policy Refine Policy T-1 T0 T1 T1 T3 T4 TN • Integration
  • 30. CIO Security Metrics
  • 31. Security = Time Protection Anti-virus VPN Firewall Access Control SECURITY P>D+R Response Detection Intrusion Prevention Vulnerability Testing Managed Services Intrusion Detection Patch Mgmt Log Correlation CIRT CCTV
  • 32. Security in Depth
  • 33. Security in Depth Revised People Technology Process Prevent Detect Respond/ Recover
  • 34. Structured Delivery Managed Services
  • 35. SETA = Security +Training + Awareness + Education
  • 36. Structured Implementation Steady State Due Transition Diligence Plan Transformation Optimization
  • 37. Focus on Risk Risk Analysis Matrix High Medium Area of Major Low Concern Low Medium High
  • 38. Focus on Risk Business Impact High Medium Low High A B C Vulnerability Medium B B C Low C C D
  • 39. Security with 20/20 Vision Logical Physical Integration Continuous Skilled ICT Model Resources Security Best Practices
  • 40. Questions +973-36040991 jorge.sebastiao@its.ws

×