Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Internal I.T. Security

Security within an organization’s network
Contents




4/5/2010     Soumitri   2
Overview
• Brief introduction to what this niche segment
  is all about
• IT Security comprises:
      o People, Processes...
Industry Perspective - People
• Identity and Access Management
      – Identity Management
           • Enterprise Employe...
Industry Perspective - Process
• Risk Management
      – Risk Modeling Tools
• Policy Design & Development
      – Templat...
Industry Perspective - Process (2)
• Information Asset Management
      – Inventory of Assets (includes People)
• Systems ...
Industry Perspective - Technology
• Network
      – Perimeter security: Firewalls, WLAN, VPN, NIDPS
• Application
      – ...
What is DLP?
• Data Leak Protection:
    “Systems that identify, monitor, and protect data in use, data in motion,
    and...
DLP Process
1)     Define Confidential Policy
2)     Discover Exposed Data
3)     Enforce Policy
4)     Feedback & Correct...
Usage & Benefits
• Demonstrates Regulatory Compliance
      – HIPAA, GLBA, PCI, BASEL II, SOX
• Helps prevent Identity The...
Conclusion
• Internal IT Security is an evolving technology
• It is a niche area requiring domain & technical
  expertise
...
Conclusion (2)
• Career Path: External Security Consultants, IT
  Security Officer, CISO
• Management & Communication skil...
Thank You
                &
           Best Wishes



4/5/2010       Soumitri   13
Upcoming SlideShare
Loading in …5
×

IT Security Guest Lecture

1,198 views

Published on

Presentation given at Magnus School of Business, Visakhapatnam, India in November 2009

Published in: Technology
  • Be the first to comment

  • Be the first to like this

IT Security Guest Lecture

  1. 1. Internal I.T. Security Security within an organization’s network
  2. 2. Contents 4/5/2010 Soumitri 2
  3. 3. Overview • Brief introduction to what this niche segment is all about • IT Security comprises: o People, Processes & Technologies o Network, Application, Database, Endpoint, Messaging o Policy definition, Policy enforcement, Monitoring & Reporting 4/5/2010 Soumitri 3
  4. 4. Industry Perspective - People • Identity and Access Management – Identity Management • Enterprise Employee Directory – Access Management • Single Sign On, Web Sign On, Tokens, Smart Cards, etc – Privilege Management • Layered solutions, Segregation of Duties – Audit & Reporting – Education & Training 4/5/2010 Soumitri 4
  5. 5. Industry Perspective - Process • Risk Management – Risk Modeling Tools • Policy Design & Development – Templates, External Consultants, etc • Business Continuity & Disaster Recovery – Multiple Geographic Storage Sites • Incident & Threat Management – Incident Response Platforms 4/5/2010 Soumitri 5
  6. 6. Industry Perspective - Process (2) • Information Asset Management – Inventory of Assets (includes People) • Systems Development – Architecture – Modeling Tools – Coding Standards • Operations Management – Monitoring Tools 4/5/2010 Soumitri 6
  7. 7. Industry Perspective - Technology • Network – Perimeter security: Firewalls, WLAN, VPN, NIDPS • Application – Coding standards: Static Analysis Tools, Monitoring • Database – Privilege Management: Encryption, Monitoring • Endpoint – Desktops & Servers: Anti-Virus, DLP Suites, Encryption • Messaging – Anti-Spam/Virus/Malware, Encryption • Data – Disk & File encryption, Monitoring & Management, DRM 4/5/2010 Soumitri 7
  8. 8. What is DLP? • Data Leak Protection: “Systems that identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection, contextual security analysis of transaction and with a centralized management framework” • Data at Rest – Endpoint actions • Data in Motion – Network actions • Data in Use – Data storage • Systems are designed to detect and prevent the unauthorized use and transmission of confidential information 4/5/2010 Soumitri 8
  9. 9. DLP Process 1) Define Confidential Policy 2) Discover Exposed Data 3) Enforce Policy 4) Feedback & Corrective Mechanism 5) Report Generation and Management 4/5/2010 Soumitri 9
  10. 10. Usage & Benefits • Demonstrates Regulatory Compliance – HIPAA, GLBA, PCI, BASEL II, SOX • Helps prevent Identity Theft • Seamless integration in PMO • Protects Brand & Reputation 4/5/2010 Soumitri 10
  11. 11. Conclusion • Internal IT Security is an evolving technology • It is a niche area requiring domain & technical expertise • Compliance: PCI, SOX, BASEL II, GLBA – At least one compliance knowledge is needed • Certifications: SSCP, CISSP • More Info: International Information Systems Security Certification Consortium website 4/5/2010 Soumitri 11
  12. 12. Conclusion (2) • Career Path: External Security Consultants, IT Security Officer, CISO • Management & Communication skills are required • Firm Knowledge of: – Organization’s strategic objectives – Management issues – Impact of Security policies on Business functions – Comprehensive Technical Info – Future Trends 4/5/2010 Soumitri 12
  13. 13. Thank You & Best Wishes 4/5/2010 Soumitri 13

×