Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Epic Sales Presentation


Published on

Information Security Management Service launched in 2009 by Darren Smith on behalf of Strategic Systems Solutions Ltd

  • Be the first to comment

  • Be the first to like this

Epic Sales Presentation

  1. 1. EPIC: Managed Information Security Increase Information Security, reduce costs.
  2. 2. Agenda: <ul><li>What is EPIC? </li></ul><ul><li>A Structured Approach </li></ul><ul><li>Why Information Security Management? </li></ul><ul><li>EPIC </li></ul><ul><ul><li>Level 1: Internal Threats & Vulnerabilities </li></ul></ul><ul><ul><li>Level 2: Vulnerability Scanning (Internet Facing) </li></ul></ul><ul><ul><li>Level 3: Policies & Procedures </li></ul></ul><ul><li>Q&A </li></ul>
  3. 3. What is EPIC? <ul><li>EPIC (Evaluate, Plan, Implement, Control) is a ISO27001 & ITIL-based structured approach to Information Security Management. </li></ul>EPIC Information Security Management Framework PLAN Service Level Agreements Underpinning Contracts Operational Level Agreements Policy Statements EVALUATE External Audits Self Assessments Security Incidents CONTROL Establish Framework Roles & Responsibilities Measurements (KPI’s) IMPLEMENT Create Awareness Information Classification & Registration Personal Security Physical Security Networks, Applications, Computers Access Rights Management Security Incident Procedures
  4. 4. A Structured Approach <ul><li>EPIC comprises of 3 levels: </li></ul><ul><ul><ul><li>Level1: Internal Threats & Vulnerabilities </li></ul></ul></ul><ul><ul><ul><li>Level 2: Vulnerability Scanning (Internet facing) </li></ul></ul></ul><ul><ul><ul><li>Level 3: Policies & Procedures </li></ul></ul></ul>
  5. 5. Why Information Security Management? <ul><li>According to CERT, </li></ul><ul><li>“ The number of reported security vulnerabilities grows exponentially each year; 670 new vulnerabilities per month or 22 per day for 2008” </li></ul><ul><li>The majority of these target business critical applications. </li></ul>
  6. 6. Level 1: <ul><li>Internal Threats & Vulnerabilities: </li></ul><ul><ul><ul><li>Information gathering (via social engineering techniques) </li></ul></ul></ul><ul><ul><ul><li>Physical entry into locations </li></ul></ul></ul><ul><ul><ul><li>Checks for sensitive data on display (Post-It notes, etc) </li></ul></ul></ul><ul><ul><ul><li>Physical access to data network </li></ul></ul></ul><ul><ul><ul><li>Data leakage (via portable devices, email, Internet) </li></ul></ul></ul>
  7. 7. Level 2: <ul><li>Vulnerability Scanning (Internet facing): </li></ul><ul><ul><ul><li>Comprehensive </li></ul></ul></ul><ul><ul><ul><li>Non-destructive </li></ul></ul></ul><ul><ul><ul><li>Monthly, not one-off testing </li></ul></ul></ul><ul><ul><ul><li>Historical reports & trending </li></ul></ul></ul><ul><ul><ul><li>PCI/DSS Compliant </li></ul></ul></ul><ul><ul><ul><li>Level 2Plus Service available (remedial consultancy & support) </li></ul></ul></ul>
  8. 8. Level 3: <ul><li>Policies & Procedures: </li></ul><ul><ul><ul><li>Compliance Health Checks & Benchmarking </li></ul></ul></ul><ul><ul><ul><li>Remediation: to address specific Compliance & Information Security issues. </li></ul></ul></ul><ul><ul><ul><li>Awareness Programmes : to fully engage staff in Compliance & Information Security issues </li></ul></ul></ul><ul><ul><ul><li>Technical Services & Consultancy: for essential logical and Information Security requirements </li></ul></ul></ul>
  9. 9. Q&A <ul><li>Thank you. </li></ul><ul><li>Any Questions? </li></ul>