ITS Datamatix Gitex Conference 2009 New ICT Security V2


Published on

This provides an update on the new ICT challenges for Security and how to address them in a practical way.
This presentation was conducted at Burj AlArab in Dubai during the Gitex conference organized by Datamatix.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Computer Associates International, Inc. January 29, 2001
  • Computer Associates International, Inc. January 29, 2001
  • Computer Associates International, Inc. January 29, 2001
  • Computer Associates International, Inc. January 29, 2001
  • Computer Associates International, Inc. January 29, 2001
  • Computer Associates International, Inc. January 29, 2001
  • Computer Associates International, Inc. January 29, 2001
  • ITS Datamatix Gitex Conference 2009 New ICT Security V2

    1. 1. Implementing New Approaches of Global ICT Security Management +973-36040991 [email_address]
    2. 2. <ul><li>79% - don’t believe Security Software of Digital Signature provides Sufficient Protection </li></ul><ul><li>50% - Organization not protected against Malware based on attack trends </li></ul><ul><li>62% - not enough time resources to address vulnerabilities </li></ul><ul><li>66% - out of work during recession will lead to more people joining cyber-criminal underground </li></ul>ICT Security 2009 - Risks
    3. 3. <ul><li>41% - increase in sophistication of attacks </li></ul><ul><li>45% - increase in phishing attacks on employees </li></ul><ul><li>49% - (financial services) increase in technical sophistication of attacks </li></ul><ul><li>63% - infected web site biggest cause of compromise of online security </li></ul>ICT Security 2009 – Arms Race
    4. 4. eCrime 2009 – UAE Costly
    5. 5. Complexity is a big issue FIREWALLS EMAIL HYGIENE COMPLIANCE POLICY IM / VolP SECURITY 1990 2000 2005 2010 TIME VolP & Unified Messaging Content Control Spam +AV Control Perimeter Security
    6. 6. ICT Risks are changing
    7. 7. More sophisticated Attacks
    8. 8. Criminals Hacking is now a business
    9. 9. Hacker don’t follow rules?
    10. 10. There is much more?
    11. 11. Importance of Critical Infrastructures
    12. 12. People is the biggest problem?
    13. 13. Technology Process People Technology is not enough
    14. 14. Scope of Security Management & Value
    15. 15. Security focus on Business
    16. 16. Integrated Security Mgmt Business Security Management Physical Security Management ICT Security Management
    17. 17. Infrastructure Best Practices
    18. 18. Risk Classification
    19. 19. Managing Risk Threats Vulnerabilities Controls Risks Assets Security Requirements Business Impact exploit expose increase increase increase have protect against met by indicate reduce
    20. 20. Business View Service and Continuity Customer Focus Managing Risks Operation Risk Controls Auditing Governance & Compliance IT Infrastructure Disaster Recovery High Availability Views of Security and Risk Management
    21. 21. <ul><li>Not all risk can be eliminated via controls </li></ul>Elimination Reduction/Controls Transfer/Outsource Insurance Residual Risk Management
    22. 22. Technology People <ul><li>SLA </li></ul><ul><li>24x7x365 </li></ul><ul><li>Industry Best Practices </li></ul><ul><li>ITIL based processes </li></ul><ul><li>Data Center Best Practices </li></ul><ul><li>Latest Monitoring tools </li></ul><ul><li>State of the Art knowledge base </li></ul><ul><li>Secure technology </li></ul><ul><li>Certified and Trained Staff </li></ul><ul><li>Technical Experts </li></ul><ul><li>Cross Training </li></ul><ul><li>Onsite and Offsite </li></ul>Holistic Implementation Process
    23. 23. How to achieve organization goals and objectives Organization Goals and Objectives How to perform the activities that are needed Artifacts used to perform activities References to use for efficient performance Best Practices Structure
    24. 24. Managed Security Framework Desktop Network Servers Databases Storage Applications Monitoring, Automation Tools ITIL Compliant Best Practices Aggregated Reporting / Portal / I2MP, Service Desk Redundancy / High Availability / Disaster Recovery Onsite Offsite Vendor A Vendor B Call Center Center of Excellence
    25. 25. Implementation Continuous Detection Response <ul><li>24x7x365 </li></ul><ul><li>Security monitoring </li></ul><ul><li>Managed Services </li></ul><ul><li>Automatic Alerting </li></ul><ul><li>Incidence Response </li></ul><ul><li>Vulnerability Assessment </li></ul><ul><li>Patch Management </li></ul><ul><li>Forensic Analysis </li></ul><ul><li>Integration </li></ul>Incident Response Analyse Contain Eliminate Restore Lessons Policy Refine Policy Continuous Monitoring T-1 T 0 T 1 T 1 T 3 T 4 T N Communicate
    26. 26. CIO Security Metrics
    27. 27. Not enough security – system is at risk Too much security – system is unusable Practical Security Mix
    28. 28. Protection Detection Response SECURITY P>D+R Security = Time Anti-virus VPN Firewall Access Control Intrusion Prevention Managed Services Patch Mgmt CIRT Vulnerability Testing Intrusion Detection Log Correlation CCTV
    29. 29. Security in Depth
    30. 30. Security in Depth Revised People Technology Process Prevent Respond/ Recover Detect
    31. 31. Knowledge fills gaps SETA = Security +Training + Awareness + Education
    32. 32. Transformation Optimization Due Diligence Transition Plan Implementation Process
    33. 33. Chose right balance Controls & Trade-Offs Secure Fast/Easy Cheap
    34. 34. ICT Security Skilled Resources Logical Physical Integration Best Practices Continuous Model Security with 20/20 Vision
    35. 35. Questions