Your SlideShare is downloading. ×
  • Like
Data Driven Infosec Services
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Data Driven Infosec Services

  • 363 views
Published

A short preso about data-driven security services.

A short preso about data-driven security services.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
363
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. A new approach to information security services11101101110111011101110101010000010011010010011001111011000011001111000 A data-driven services portfolio
  • 2. We’re competing in a lemon market ...now what ?
  • 3. 11101101110111011101110101010000010011010010011001111011000011001111000 “ The service provider that understands the art of making use of data wins the trust of the client. ”
  • 4. 11101101110111011101110101010000010011010010011001111011000011001111000 Data driven services penetration vulnerability security testing management monitoring incident SDLC security response services architecture
  • 5. 11101101110111011101110101010000010011010010011001111011000011001111000 Data driven services - create data model per service collect - ensure consistent collection - create security data warehouse store - store data according to data model - create analysis use cases analyze - generate intelligence from collected data
  • 6. 11101101110111011101110101010000010011010010011001111011000011001111000 Data models penetration testing Client Vertical <client> Size ($) <clientdata> Headcount <vertical>Healthcare</vertical> Security Team <size>200,000,000</size> Security budget <headcount>1500</size> <secteam>5</secteam> <secbudget>1,000,000</secbudget> Test </clientdata> <test> Scope <scope>Surgeon Webapp</scope> Type <type>WebApp</scope> Size <size>3</size> Timeframe <timeframe>5</timeframe> <testsubject> Subject <type>front-end server</type> <size>20</size> Type <criticality>9</criticality> Size <finding> Criticality <type>XSS</type> <description>stored XSS by authenticated user</description> <threat>low</threat> Finding <impact>high</impact> Type </finding> Description </testsubject> Threat </test> Impact </client>
  • 7. 11101101110111011101110101010000010011010010011001111011000011001111000 Data models vulnerability management (TBD)
  • 8. 11101101110111011101110101010000010011010010011001111011000011001111000 Data models security monitoring (TBD)
  • 9. 11101101110111011101110101010000010011010010011001111011000011001111000 How ? Data entry Reporting DB Consultants g Reportin t ing or Re p lt i ng su C on Data entry $$$$$ Sales/Marketing/ Management Clients Clients
  • 10. 11101101110111011101110101010000010011010010011001111011000011001111000 Why ? Client • expects our expertise beyond engagement • lacks bandwidth for data analysis • requires more data for various purposes compliance, risk management, reporting, ... We • require a USP in a lemon market • require data to improve service quality • require data to improve service profitability • desire to deepen relationship with customer
  • 11. 11101101110111011101110101010000010011010010011001111011000011001111000 Question Answer Answer = Satisfactory ? End