Information Security Cost Effective Managed Services

1,892 views
1,657 views

Published on

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,892
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
72
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Information Security Cost Effective Managed Services

  1. 1. Leveraging Managed Services for Cost effective Infosec Operations +973-36040991 jorge.sebastiao@its.ws
  2. 2. ICT Security 2009 - Risks • 79% - don’t believe Security Software of Digital Signature provides Sufficient Protection • 50% - Organization not protected against Malware based on attack trends • 62% - not enough time resources to address vulnerabilities • 66% - out of work during recession will lead to more people joining cyber-criminal underground
  3. 3. ICT Security 2009 – Arms Race • 41% - increase in sophistication of attacks • 45% - increase in phishing attacks on employees • 49% - (financial services) increase in technical sophistication of attacks • 63% - infected web site biggest cause of compromise of online security
  4. 4. Quote “Every morning in Africa a gazelle wakes up. It knows it must outrun the fastest lion or it will be killed. Every morning in Africa a lion wakes up. It knows it must run faster than the slowest gazelle or it will starve. It doesn’t matter if you’re a gazelle or a lion: when the sun comes up, you had better be running.” - H.H. Sheikh Mohammed Bin Rashid Al Maktoum.
  5. 5. Securing Information Today Threats Cyber terrorism Viruses Industrial Threats Espionage Environmental Natural Unintended results Disasters (The “OOPS” factor)
  6. 6. Securing Information Today Business Risks Financial Intellectual loss capital Public Business Litigation Image/Trust Risks Employee & Legislative customer violations privacy
  7. 7. Threats to Infrastructure DATA CORRUPTION COMPONENT FAILURE APPLICATION FAILURE HUMAN ERROR MAINTENANCE SITE OUTAGE
  8. 8. Do you have risk mgmt plan?
  9. 9. ICT Risks are changing
  10. 10. Hacking is now a business Criminals
  11. 11. Hacker don’t follow rules?
  12. 12. More sophisticated Attacks
  13. 13. Business vs Inforsec Priorities
  14. 14. Security focus on Business
  15. 15. Views of Security and Risk Management Business View Service and Continuity Customer Focus Managing Risks Operation Risk Controls Auditing Governance & Compliance IT Infrastructure Disaster Recovery High Availability
  16. 16. Risk Management Elimination Reduction/Controls Transfer/Outsource Insurance Not all risk can be Residual eliminated via controls
  17. 17. Why should you care? Better Incidence Response & Availability Best Practices Quick troubleshooting Knowledge base Higher Availability Efficient Security Operations Support Availability of qualified resources Infrastructure protection Infosec, BCM, ITIL Best Practices 24x7x365 Monitoring Vendor Management Managed People, Process, Technology
  18. 18. Scope of Management & Value
  19. 19. Technology is not enough Technology People Process
  20. 20. Holistic Implementation  SLA  24x7x365 Process  Industry Best Practices  ITIL based processes  Data Center Best Practices Technology  Latest Monitoring tools  State of the Art knowledge base  Secure technology  Certified and Trained Staff People  Technical Experts  Cross Training  Onsite and Offsite
  21. 21. Infosec: Global Delivery Services - GDS • On-site & Off-site resource Mix • Fully managed and supported environment • Enterprise Management Solution (EMS) • Predictable cost model • Performance & Trend analysis • Alert, Monitoring, Notification & Escalation • Training and Knowledge Transfer • 24x7x365 with SLA
  22. 22. Managed Services Provide Agility • Knowledge Base •Incidence diagnosis •Root Cause analysis •Quicker Response •Response Planning •Certified Resources •Single Vendor Management
  23. 23. Infrastructure Best Practices
  24. 24. 3 key Drivers for outsourcing
  25. 25. Flexibility Managed Traditional ITO/FM Services Centralized Management 0% Onsite Flexible 100% Onsite Managed Services 100% Approach 0% Offsite Offsite Decentralized Management
  26. 26. Cost Effective Management Mix Network Platforms Database Applications Storage Level-1 Monitoring, Incident and Problem Management Resolution Processes 80-100% Offsite Change, Configuration and Release Management Level-2 Capacity and Availability Management Operational Processes Service Continuity, Security 20-80% Offsite Service Level Management Level-3 Capacity planning and Financial Management Strategic Processes 100% Onsite Business Relationship and Supplier Management
  27. 27. Best Practices Structure Organization Goals and Objectives Policies How to achieve Processes, Pro organization goals and cess Diagrams & objectives Models How to perform the Procedures and activities that are needed Guidelines Artifacts used to perform activities Templates, Forms, Checklists References to use for Self Help, Knowledge efficient performance Articles, Project Artifacts
  28. 28. Managed Services Framework Aggregated Reporting / Portal / I2MP, Service Desk ITIL Compliant Best Practices Monitoring, Automation Tools Redundancy / High Availability / Disaster Recovery Desktop Network Servers Databases Storage Applications Center of Onsite Offsite Vendor A Vendor B Call Center Excellence
  29. 29. Implementation Continuous Detection Response • 24x7x365 • Security monitoring • Managed Services • Automatic Alerting Incident Response • Incidence Response Lessons Restore • Vulnerability Eliminate Assessment Contain Analyse • Patch Management Communicate Continuous Monitoring • Forensic Analysis Policy Refine Policy T-1 T0 T1 T1 T3 T4 TN • Integration
  30. 30. CIO Security Metrics
  31. 31. Security = Time Protection Anti-virus VPN Firewall Access Control SECURITY P>D+R Response Detection Intrusion Prevention Vulnerability Testing Managed Services Intrusion Detection Patch Mgmt Log Correlation CIRT CCTV
  32. 32. Security in Depth
  33. 33. Security in Depth Revised People Technology Process Prevent Detect Respond/ Recover
  34. 34. Structured Delivery Managed Services
  35. 35. SETA = Security +Training + Awareness + Education
  36. 36. Structured Implementation Steady State Due Transition Diligence Plan Transformation Optimization
  37. 37. Focus on Risk Risk Analysis Matrix High Medium Area of Major Low Concern Low Medium High
  38. 38. Focus on Risk Business Impact High Medium Low High A B C Vulnerability Medium B B C Low C C D
  39. 39. Security with 20/20 Vision Logical Physical Integration Continuous Skilled ICT Model Resources Security Best Practices
  40. 40. Questions +973-36040991 jorge.sebastiao@its.ws

×