Data Driven Infosec Services
Upcoming SlideShare
Loading in...5
×
 

Data Driven Infosec Services

on

  • 544 views

A short preso about data-driven security services.

A short preso about data-driven security services.

Statistics

Views

Total Views
544
Views on SlideShare
544
Embed Views
0

Actions

Likes
1
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Data Driven Infosec Services Data Driven Infosec Services Presentation Transcript

  • A new approach to information security services11101101110111011101110101010000010011010010011001111011000011001111000 A data-driven services portfolio
  • We’re competing in a lemon market ...now what ?
  • 11101101110111011101110101010000010011010010011001111011000011001111000 “ The service provider that understands the art of making use of data wins the trust of the client. ”
  • 11101101110111011101110101010000010011010010011001111011000011001111000 Data driven services penetration vulnerability security testing management monitoring incident SDLC security response services architecture
  • 11101101110111011101110101010000010011010010011001111011000011001111000 Data driven services - create data model per service collect - ensure consistent collection - create security data warehouse store - store data according to data model - create analysis use cases analyze - generate intelligence from collected data
  • 11101101110111011101110101010000010011010010011001111011000011001111000 Data models penetration testing Client Vertical <client> Size ($) <clientdata> Headcount <vertical>Healthcare</vertical> Security Team <size>200,000,000</size> Security budget <headcount>1500</size> <secteam>5</secteam> <secbudget>1,000,000</secbudget> Test </clientdata> <test> Scope <scope>Surgeon Webapp</scope> Type <type>WebApp</scope> Size <size>3</size> Timeframe <timeframe>5</timeframe> <testsubject> Subject <type>front-end server</type> <size>20</size> Type <criticality>9</criticality> Size <finding> Criticality <type>XSS</type> <description>stored XSS by authenticated user</description> <threat>low</threat> Finding <impact>high</impact> Type </finding> Description </testsubject> Threat </test> Impact </client>
  • 11101101110111011101110101010000010011010010011001111011000011001111000 Data models vulnerability management (TBD)
  • 11101101110111011101110101010000010011010010011001111011000011001111000 Data models security monitoring (TBD)
  • 11101101110111011101110101010000010011010010011001111011000011001111000 How ? Data entry Reporting DB Consultants g Reportin t ing or Re p lt i ng su C on Data entry $$$$$ Sales/Marketing/ Management Clients Clients
  • 11101101110111011101110101010000010011010010011001111011000011001111000 Why ? Client • expects our expertise beyond engagement • lacks bandwidth for data analysis • requires more data for various purposes compliance, risk management, reporting, ... We • require a USP in a lemon market • require data to improve service quality • require data to improve service profitability • desire to deepen relationship with customer
  • 11101101110111011101110101010000010011010010011001111011000011001111000 Question Answer Answer = Satisfactory ? End