ITS Datamatix Gitex Conference 2009 New ICT Security V2

Implementing New Approaches of Global ICT Security Management +973-36040991 [email_address]

79% - don’t believe Security Software of Digital Signature provides Sufficient Protection
50% - Organization not protected against Malware based on attack trends
62% - not enough time resources to address vulnerabilities
66% - out of work during recession will lead to more people joining cyber-criminal underground
ICT Security 2009 - Risks

41% - increase in sophistication of attacks
45% - increase in phishing attacks on employees
49% - (financial services) increase in technical sophistication of attacks
63% - infected web site biggest cause of compromise of online security
ICT Security 2009 – Arms Race

eCrime 2009 – UAE Costly

Complexity is a big issue FIREWALLS EMAIL HYGIENE COMPLIANCE POLICY IM / VolP SECURITY 1990 2000 2005 2010 TIME VolP & Unified Messaging Content Control Spam +AV Control Perimeter Security

ICT Risks are changing

More sophisticated Attacks

Criminals Hacking is now a business

Hacker don’t follow rules?

There is much more?

Importance of Critical Infrastructures

People is the biggest problem?

Technology Process People Technology is not enough

Scope of Security Management & Value

Security focus on Business

Integrated Security Mgmt Business Security Management Physical Security Management ICT Security Management

Infrastructure Best Practices

Risk Classification

Managing Risk Threats Vulnerabilities Controls Risks Assets Security Requirements Business Impact exploit expose increase increase increase have protect against met by indicate reduce

Business View Service and Continuity Customer Focus Managing Risks Operation Risk Controls Auditing Governance & Compliance IT Infrastructure Disaster Recovery High Availability Views of Security and Risk Management

Not all risk can be eliminated via controls
Elimination Reduction/Controls Transfer/Outsource Insurance Residual Risk Management

Technology People
SLA
24x7x365
Industry Best Practices
ITIL based processes
Data Center Best Practices
Latest Monitoring tools
State of the Art knowledge base
Secure technology
Certified and Trained Staff
Technical Experts
Cross Training
Onsite and Offsite
Holistic Implementation Process

How to achieve organization goals and objectives Organization Goals and Objectives How to perform the activities that are needed Artifacts used to perform activities References to use for efficient performance Best Practices Structure

Managed Security Framework Desktop Network Servers Databases Storage Applications Monitoring, Automation Tools ITIL Compliant Best Practices Aggregated Reporting / Portal / I2MP, Service Desk Redundancy / High Availability / Disaster Recovery Onsite Offsite Vendor A Vendor B Call Center Center of Excellence

Implementation Continuous Detection Response
24x7x365
Security monitoring
Managed Services
Automatic Alerting
Incidence Response
Vulnerability Assessment
Patch Management
Forensic Analysis
Integration
Incident Response Analyse Contain Eliminate Restore Lessons Policy Refine Policy Continuous Monitoring T-1 T 0 T 1 T 1 T 3 T 4 T N Communicate

CIO Security Metrics

Not enough security – system is at risk Too much security – system is unusable Practical Security Mix

Protection Detection Response SECURITY P>D+R Security = Time Anti-virus VPN Firewall Access Control Intrusion Prevention Managed Services Patch Mgmt CIRT Vulnerability Testing Intrusion Detection Log Correlation CCTV

Security in Depth

Security in Depth Revised People Technology Process Prevent Respond/ Recover Detect

Knowledge fills gaps SETA = Security +Training + Awareness + Education

Transformation Optimization Due Diligence Transition Plan Implementation Process

Chose right balance Controls & Trade-Offs Secure Fast/Easy Cheap

ICT Security Skilled Resources Logical Physical Integration Best Practices Continuous Model Security with 20/20 Vision

Questions

ITS Datamatix Gitex Conference 2009 New ICT Security V2

by Jorge Sebastiao

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 4

Statistics

ITS Datamatix Gitex Conference 2009 New ICT Security V2 Presentation Transcript

http://www.slideshare.net	3
http://www.linkedin.com	1