BAT, a large tobacco company, is undergoing a business transformation and looking to consolidate IT systems. It has outsourced some security functions to a managed security service provider (MSSP) to gain efficiencies. The outsourcing has had some successes like a global firewall and endpoint security, but also issues around costs, customization needs, and meeting expectations. As threats grow more sophisticated, BAT will need to ensure its outsourced security controls can address advanced attacks and that the MSSP aligns with its strategic security needs.
Tictac Managed Cyber Security Services explained. We protect your company against ransomware and Cyber Attacks and we provide managed cyber security services. Our team makes sure that your backups are in place and that there is the ability to restore your data if an incident occurs and we protect your infrastructure agains Cyber Attacks. https://www.tictaclabs.com
Building in-house breach detection and response capabilities is difficult. When chosen right, your managed detection and response service provider actually become your cyber security partner: its capabilities become an extension of your own. One of the biggest reasons why your organization should consider a managed security service instead of an in-house SIEM (security information and event management) deployment for breach detection and response: cost, cost, cost!
MSSP – you’ve probably heard the term, but is it just more industry jargon? With small businesses under constant cyber-attack, the time is ripe to beef up your MSSP offerings.
Many MSPs understand the need for a strong information security portfolio. What they don’t realize, however, is that it’s much more than just a stack of vendor security products and services. You need a strategy and a recipe for success.
Register now to join Eric Rockwell, President and CIO of centrexIT, and Ted Hulsy, VP of Marketing at eFolder, as they share what it means to be a true MSSP. Come get the key ingredients for developing a competitive managed security offering.
Definition of the current global market for Managed Security Services (MSSPs) and a guide to those looking to purchase a service in the future. The presentation also touches on the implications of GDPR on the MSS market.
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
24/7 coverage and skills shortages for post breach detection and response are driving the need for Managed Detection and Response (MDR) Services. Analysts are predicting 15X growth for MDR services over the next few years as security leaders shift their focus from prevention to detection knowing attacks are evading existing defenses, often without malware by using macros and scripts.
Managed services often use MDR marketing messages and this sometimes results in their security monitoring services not meeting expectations. Buyers must learn what to look for in an MDR solution to avoid falling into this trap.
Marlabs helps establish and sustain the client’s company wide vision for cyber security strategies for addressing regulations, audit, and security risks.
Tictac Managed Cyber Security Services explained. We protect your company against ransomware and Cyber Attacks and we provide managed cyber security services. Our team makes sure that your backups are in place and that there is the ability to restore your data if an incident occurs and we protect your infrastructure agains Cyber Attacks. https://www.tictaclabs.com
Building in-house breach detection and response capabilities is difficult. When chosen right, your managed detection and response service provider actually become your cyber security partner: its capabilities become an extension of your own. One of the biggest reasons why your organization should consider a managed security service instead of an in-house SIEM (security information and event management) deployment for breach detection and response: cost, cost, cost!
MSSP – you’ve probably heard the term, but is it just more industry jargon? With small businesses under constant cyber-attack, the time is ripe to beef up your MSSP offerings.
Many MSPs understand the need for a strong information security portfolio. What they don’t realize, however, is that it’s much more than just a stack of vendor security products and services. You need a strategy and a recipe for success.
Register now to join Eric Rockwell, President and CIO of centrexIT, and Ted Hulsy, VP of Marketing at eFolder, as they share what it means to be a true MSSP. Come get the key ingredients for developing a competitive managed security offering.
Definition of the current global market for Managed Security Services (MSSPs) and a guide to those looking to purchase a service in the future. The presentation also touches on the implications of GDPR on the MSS market.
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
24/7 coverage and skills shortages for post breach detection and response are driving the need for Managed Detection and Response (MDR) Services. Analysts are predicting 15X growth for MDR services over the next few years as security leaders shift their focus from prevention to detection knowing attacks are evading existing defenses, often without malware by using macros and scripts.
Managed services often use MDR marketing messages and this sometimes results in their security monitoring services not meeting expectations. Buyers must learn what to look for in an MDR solution to avoid falling into this trap.
Marlabs helps establish and sustain the client’s company wide vision for cyber security strategies for addressing regulations, audit, and security risks.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Established in 1999 Secon Cyber have a long standing experience of providing class leading cyber security solutions to customers ranging from small to large enterprises.
We continuously strive to innovate and develop solutions to enable our customers and partners to work, play and live safely in the connected world. As part of this commitment we have developed our own Managed Detection and Response Service.
In this session David King will discuss the benefits of an MDR service over a traditional MSSP or SIEM solution.
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault
- Overview of the AlienVault USM Platform
- Differentiation through Delivery "Threat Detection That Works"
- Ways to Engage via Managed Services, Security Device Management and Professional Services
- AlienVault MSSP Program Details
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protectioncentralohioissa
Based on the combined experiences of information security professionals protecting some of the world’s most sensitive data, the Sensitive Data Maturity model is built on practical lessons learned while implementing world class data security programs. During this session Gabriel Gumbs will explain the components of the framework that builds on these lessons and provides a path to mature and measure their sensitive data security strategies.
Topics covered in this session include:
• Taxonomy of Sensitive Data
• Domains & Levels of the Sensitive Data Maturity Framework
• Practices & Standards
• Transitional States of Data Protection
• Guide to Improvement Efforts
• Measurement & Analysis
The increasing loss of data either by hacking or misuse along with ever evolving data regulations continue to heighten the need for security professionals to evolve their data protection strategies. During this session I will present a capability model based on real world experience that covers the business functions and security practices necessary to build an effective data protection program.
Vulnerability management is one of the most important, yet most difficult and ‘boring’ information security processes I know. As it includes stakeholders from various business functions it requires delicate design and execution. I see VM as a big data and stakeholder management challenge.
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
Every organization has security concerns. ePlus Security Consulting Services can help you make sense of it all. Contact ePlus today to start addressing today's security challenges.
Read how Synoptek has proven to be an excellent partner for the companies looking to minimize security risk levels and has helped them take preventive and protective measures.
This webinar was hosted by Ignyte Assurance Platform and Federal Publication Seminars on 18 June 2021.
The Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security, launches a campaign to reduce the risk of ransomware. Following an executive order signed by President Biden on May 12, 2021, which aims to increase cybersecurity defenses and resiliency against nation-state data exfiltration and hold global criminals accountable for ransomware attacks.
As we’ve seen with the Solar Winds and Colonial Pipeline hacks, cybercrime isn’t limited to government organizations. In fact, both public and private sectors are vulnerable to an all-too-common type of cyber attack which exposed the gaps in U.S. cyber defenses. New standards such as Cybersecurity Maturity Model Certification (CMMC) are becoming required compliance and cyber hygiene minimum for all organizations involved in the federal supply chain.
This webinar is designed for federal contractors and companies that provide critical infrastructure or any type of software to the government. Our guests and leading data security and compliance experts will explain how both public and private sector organizations need to act now to protect global software supply chains that affect government and private sector computer systems.
Knowing exactly where your cybersecurity and compliance gaps are and the solutions needed to implement and fix them is central to your success. Early adopters demonstrating high security & compliance postures are positioned to win more business over laggards.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
Global regulations are driving the needs for businesses in all sectors to have cybersecurity programs that are designed to fit the organizations risk profile. At the same time, there is a lack of clarity on how much one should spend on managing these risks and the sophistication and number of risk mitigants that are required to manage these risks.
Company executives and board of directors are held personally liable for having the appropriate oversight and management of these controls and are looking for their CISO and CIROs to provide them assurance that these controls are in place and operating effectively. An attempt to balance the requirements and the expectations is a delicate balance. This presentation will look at the regulatory landscape and how this landscape is affecting client, executive, and board-level expectations for cybersecurity risk management. It will also provide some recommendations on how to approach the development of a cybersecurity risk management program.
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
How to Build a Successful Cybersecurity Program?PECB
How to Build a Successful Cybersecurity Program?
Is your cybersecurity program delivering on its promise? How do you know it works? Cybersecurity programs involve a significant investment in people, technology and time, so you need to ensure they help mitigate cyber risk effectively.
The webinar covers:
• Explain why assurance is so important for managing cyber risk
• Describe the key features of a successful cybersecurity program
• Highlight the role of a cyber assurance program in overall risk management
• Present essential steps required to deliver effective cybersecurity.
Date: November 06, 2019
Recorded webinar:
Security Program Development for the Hipster CompanyPriyanka Aash
Cloud services have evolved and can now replace nearly every facet of traditional infrastructure. This movement has enabled rapid scale while introducing a considerable element of risk. This session will discuss a framework for getting started building a security program in an organization that is built purely on cloud services, covering the contradictions and opportunities of that business model.
(Source: RSA USA 2016-San Francisco)
The Benefits of Security From a Managed Services ProviderCSI Solutions
Today’s technology users—both consumers and bankers—who don’t stay informed on the latest in security can open themselves and others to attack.
View this SlideShare to learn what to look for in a solid managed security provider and how it can benefit your financial institution.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Established in 1999 Secon Cyber have a long standing experience of providing class leading cyber security solutions to customers ranging from small to large enterprises.
We continuously strive to innovate and develop solutions to enable our customers and partners to work, play and live safely in the connected world. As part of this commitment we have developed our own Managed Detection and Response Service.
In this session David King will discuss the benefits of an MDR service over a traditional MSSP or SIEM solution.
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault
- Overview of the AlienVault USM Platform
- Differentiation through Delivery "Threat Detection That Works"
- Ways to Engage via Managed Services, Security Device Management and Professional Services
- AlienVault MSSP Program Details
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protectioncentralohioissa
Based on the combined experiences of information security professionals protecting some of the world’s most sensitive data, the Sensitive Data Maturity model is built on practical lessons learned while implementing world class data security programs. During this session Gabriel Gumbs will explain the components of the framework that builds on these lessons and provides a path to mature and measure their sensitive data security strategies.
Topics covered in this session include:
• Taxonomy of Sensitive Data
• Domains & Levels of the Sensitive Data Maturity Framework
• Practices & Standards
• Transitional States of Data Protection
• Guide to Improvement Efforts
• Measurement & Analysis
The increasing loss of data either by hacking or misuse along with ever evolving data regulations continue to heighten the need for security professionals to evolve their data protection strategies. During this session I will present a capability model based on real world experience that covers the business functions and security practices necessary to build an effective data protection program.
Vulnerability management is one of the most important, yet most difficult and ‘boring’ information security processes I know. As it includes stakeholders from various business functions it requires delicate design and execution. I see VM as a big data and stakeholder management challenge.
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
Every organization has security concerns. ePlus Security Consulting Services can help you make sense of it all. Contact ePlus today to start addressing today's security challenges.
Read how Synoptek has proven to be an excellent partner for the companies looking to minimize security risk levels and has helped them take preventive and protective measures.
This webinar was hosted by Ignyte Assurance Platform and Federal Publication Seminars on 18 June 2021.
The Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security, launches a campaign to reduce the risk of ransomware. Following an executive order signed by President Biden on May 12, 2021, which aims to increase cybersecurity defenses and resiliency against nation-state data exfiltration and hold global criminals accountable for ransomware attacks.
As we’ve seen with the Solar Winds and Colonial Pipeline hacks, cybercrime isn’t limited to government organizations. In fact, both public and private sectors are vulnerable to an all-too-common type of cyber attack which exposed the gaps in U.S. cyber defenses. New standards such as Cybersecurity Maturity Model Certification (CMMC) are becoming required compliance and cyber hygiene minimum for all organizations involved in the federal supply chain.
This webinar is designed for federal contractors and companies that provide critical infrastructure or any type of software to the government. Our guests and leading data security and compliance experts will explain how both public and private sector organizations need to act now to protect global software supply chains that affect government and private sector computer systems.
Knowing exactly where your cybersecurity and compliance gaps are and the solutions needed to implement and fix them is central to your success. Early adopters demonstrating high security & compliance postures are positioned to win more business over laggards.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
Global regulations are driving the needs for businesses in all sectors to have cybersecurity programs that are designed to fit the organizations risk profile. At the same time, there is a lack of clarity on how much one should spend on managing these risks and the sophistication and number of risk mitigants that are required to manage these risks.
Company executives and board of directors are held personally liable for having the appropriate oversight and management of these controls and are looking for their CISO and CIROs to provide them assurance that these controls are in place and operating effectively. An attempt to balance the requirements and the expectations is a delicate balance. This presentation will look at the regulatory landscape and how this landscape is affecting client, executive, and board-level expectations for cybersecurity risk management. It will also provide some recommendations on how to approach the development of a cybersecurity risk management program.
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
How to Build a Successful Cybersecurity Program?PECB
How to Build a Successful Cybersecurity Program?
Is your cybersecurity program delivering on its promise? How do you know it works? Cybersecurity programs involve a significant investment in people, technology and time, so you need to ensure they help mitigate cyber risk effectively.
The webinar covers:
• Explain why assurance is so important for managing cyber risk
• Describe the key features of a successful cybersecurity program
• Highlight the role of a cyber assurance program in overall risk management
• Present essential steps required to deliver effective cybersecurity.
Date: November 06, 2019
Recorded webinar:
Security Program Development for the Hipster CompanyPriyanka Aash
Cloud services have evolved and can now replace nearly every facet of traditional infrastructure. This movement has enabled rapid scale while introducing a considerable element of risk. This session will discuss a framework for getting started building a security program in an organization that is built purely on cloud services, covering the contradictions and opportunities of that business model.
(Source: RSA USA 2016-San Francisco)
The Benefits of Security From a Managed Services ProviderCSI Solutions
Today’s technology users—both consumers and bankers—who don’t stay informed on the latest in security can open themselves and others to attack.
View this SlideShare to learn what to look for in a solid managed security provider and how it can benefit your financial institution.
Dedicated to furthering innovation through the rapid identification, integration and adoption of practical, standards-based cybersecurity solutions, the National Cybersecurity Center of Excellence (NCCoE) was established in 2012 through a partnership among National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County. NCCoE senior security engineer Jim McCarthy shares an overview on the center's energy sector use cases and their recent developments.
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Kenneth de Brucq
Businesses are finding great benefits from the Cloud, and are moving towards the next step: Providing a unified way of consuming Cloud resources for their different business lines, branches and departments to use Cloud resources in a simplified way. This session will describe how the creation of a Cloud Catalogue will provide better control and visibility for the use of Cloud within an enterprise and how, once Cloud is within the fabrics of many products and services from providers, Cloud Catalogue is being seen as the next frontier.
While C2M2 is not the love child of C3PO and R2D2 (sorry), the Cybersecurity Capability Maturity Model (C2M2) program under the U.S. Department of Energy's (DOE) Office of Electricity Delivery and Energy Reliability (OE) is helping to enhance the security and resilience of the United States’ critical infrastructure.
• Introduction to information security.
What is information security, threat, risks, vulnerabilities, basic terms and definition?
• Building blocks of information security strategy, policies and standards.
Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
• Actions, roles and responsibilities.
What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
By Vasil Tsvimitidze
Data Consult - Managed Security ServicesJad Bejjani
This slide set presents the Managed Security Services offering of Data Consult.
MSS is a cloud-based subscriptional service that allows you to monitor, analyze and correlate all events happening on your network. It also allows alerts and notifications in case any suspicious activity happens on your network, and allows investigation through its forensic capabilities.
AGC Networks (AGC) is a Global Solution Integrator representing the world’s best brands in Unified Communications, Network Infrastructure & Data Center, Cyber Security (CYBER-i) and Enterprise Applications to evolve the customer’s digital landscape.
AGC’s ability to tailor solutions across quadrants is strengthened through delivery of seamless customer support services. A leader in Enterprise Communications in India, AGC has significant presence across Middle East, Africa, North America, Australia, New Zealand, Singapore, Philippines and UK serving over 3000 customers. In collaboration with global technology leaders like Avaya, Intel Security, Juniper, Cisco, HP, Verint and Polycom among others, AGC delivers Return on Technology Investment (ROTI) thereby accelerating customers’ business.
For more information, log on to www.agcnetworks.com
Securing the Office of Finance in the Cloud -- Separating Fact from FictionWorkday
According to Forrester Research, the global cloud computing market is valued at an estimated $40.7 billion. In the future, this market is expected to grow exponentially, as companies accelerate their adoption of cloud computing.
It's clear that cloud computing is being widely adopted as a cost-effective strategy for deploying mission-critical applications within the enterprise. Yet, myths regarding privacy and security often cloud the decision-making process.
Join us for a Webcast that will explore the facts and fictions of cloud computing for the Office of Finance. In an effort to set the record straight, our distinguished panel of experts will dive into topics that include cloud security, risk management, and finance.
The panelists for this Webcast are:
Moderator: Russ Banham, Contributing Editor, CFO magazine
Dr. Lothar Determann, Partner, Baker & McKenzie LLP
John Hugo, Vice President and Corporate Controller, Life Time Fitness
Stan Swete, Chief Technology Officer, Workday
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
3 focus areas for any organisation's IT & Security department Sandeep S Jaryal
This presentation is focus on 3 areas - Improving the overall security posture of the company, Effective management of outsource service providers and work prioritization. Hope some of these ideas will help someone...
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
Organizations can benefit greatly by allowing an outsourced IT team to manage information technology functions. Here are the top 15 reasons to consider IT Outsourcing for your business.
Clint Harder, Vice President of Product Strategy for TDS HMS presents on "Cloud Services and Enterprise IT Applications: Are They a Match?". Clint Harder takes you through key decision points in selecting cloud services for enterprise applications.
This presentation was given at the Enterprise Cloud Summit on October 16, 2012 - presented by VISI.
Learn more about enterprise cloud computing at http://www.reliacloud.com.
Build a business case for a technology msp in 8 steps a tecala presentation...Tecala
Your challenge is to design an IT resource strategy that ensures you leverage strategic partner capabilities, whilst also fostering the appropriate IT skills in-house for your growing business-as-usual and innovation demands. You cannot do everything on your own, nor do you have to. Have you considered partnering with an MSP?
MSPs are a strategic sourcing option, who bring expert skills, transformation, and platforms for innovation. However, many organisations miss out on getting the most out of their MSP investment, as they fail to build the business case for the long-term partnership that is required for this type of strategic engagement.
Whether you are already engaging with an MSP or are looking to deploy the services of an MSP, we have created a slideshare with the 8 steps for building a business case for an MSP to join your IT resourcing mix. Download and view this guide for your next IT strategy exercise.
In moving towards cloud services, security concerns are often cited as reasons to delay or even abandon the transition. This presentation highlights some basic steps to take to analyse and assess what risk might exist and how to mitigate this. In short, the security concerns regarding cloud deployments will exist in your privately managed data centre environments as well. Outsourcing your service to a Cloud provider does not mean you pass on your liability to your own customers nor responsibility of managing your systems and services.
Business Value Measurements and the Solution Design FrameworkLeo Barella
The presentation covers a process and artifacts to establish better communication between business and IT and improve the quality and consistency of solutions. It also includes a tool to measure business value of the solutions that are being proposed and allows the business audience to make educated choices based on overall IT Business impact.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
2. Who are BAT?
World’s second largest tobacco company founded over 100 years ago.
Operates in approximately 186 countries.
•A number of them being in the more interesting areas of the globe.
•Has 250 brands.
•Approximately 95,000 employees (45,000 ‘knowledge workers’)
•Gross turn over £40bn per year – (£26bn taxes).
Currently undertaking a major re-alignment of business practices from a federated model to a centralised business model.
Looking for consolidation of business practices and supporting IT systems.
Whilst the underlying business is the same, there is a drive for more shared services.
A heavy focus on consolidation to leverage capabilities and reduce costs through -
-Standardisation
-Enterprise class solutions
-Increased governance
3. BAT Security journey
•2010 - Establish a base foundation - Security organisation and capability
•Now - Optimise the foundation (enhanced)
•Right-sized cyber-security (advanced)
We are here
Security – The journey
Security – The toolset
4. Why outsource ?
Challenges of running security with internal team
•Multi-technology, multi-discipline – staff churn
•24x7 capability
•Not a technology company
•Drive for outsourcing
•How to keep contemporary
Benefits of outsourced MSSP
•Centre of excellence
•Provided by a technology company
•Predictable costs
•Leverage core providers
Core Services
Infras security
Identity security
App security
Data security
Assurance
Security services
Threat intelligence
SOC
Monitoring
Governance
5. Strategic expectations of a managed service
Wanted to leverage existing shared services
-Escalator effect
-Contemporary services
-Shared costs
Thought leadership
-Provider invests in service, to sell to others
-Influence BAT security strategy
-BAT can influence provider services strategy
Market maturity was always going to be an issue!
-Unlikely to get (or desire) everything as a managed service today
-Current state and strategic direction often unclear
Hard to assess during RFP
-Different expectations of reference sites
-Different between geographies
-Differences between dedicated and shared.
6. Successes, Issues
Successes:
•Single provider of firewalls across the globe
•Single provider of endpoint security
•Global SOC and security monitoring capability
•And some true managed tools with real value add.
•Quantum leap forwards and delivering real benefits.
Time
Issues:
•Cost and time trump quality.
-Commodity purchase vs partnership
-Provider readiness.
-Customer interferes to drive costs down
•Dedicated services, built to customer specification
-Provider driven to address customer specific requirements
-SLA focussed - lose sight of the business outcome.
-Need for internal resources
•Customer expectations of resultant service.
-Driving CI outside of SLAs ?
-Business outcome driven services
-Internal resourcing model.
7. Security gets harder
Threats gain in sophistication and types
The “Nexus of forces” increases our exposure
What expectations does the business have re cyber-security ?
Mobile – new endpoints, new gateways
Social – Business naïve to the new medium
Cloud – New ways in, collateral damage
Information – Are we ready to secure this ?
Predicting attackers, targets and approaches Detecting sophisticated attacks Responding to compromise Vs. Traditional IT Security prevention, risk management and compliance.
We are dependent on outsourced services to meet the increasing need.
Lots of tools to master! But who is
•looking for suspicious activities ?
•Proposing new capabilities?
•Aligning security to the threat?
8. Cyber-security joins the dots (BAT interpretation)
8
Cyber Security “Assess the posture”
Threat Intelligence
“Identify the threat”
Security Operations Centre “Run the toolset”
IT Security Management “Manage Security”
Prevention
Detection
Response
External sources
Vendor sources
Provider sources
Mgmt boards
ISMS
Policy
What is happening in the wider world
Look for this..
Block this
Initiate response
What is happening inside BAT
Operational security status
Analytics
Reporting
Architecture
Transformation
Analysis
Orchestrate
Assess
What is the status
9. Key points
MSSP managed services work well, when either:
•Provider operates customer’s service
•Provider has existing shared service (System of record)
•Be clear where a provider is selling managed services/ or managed resources.
You cant outsource the risk of the customer being compromised, only the controls we expect the provider to execute
•The need for cyber-security must be justified
•The cybersecurity function is likely an internal function (systems of innovation)
Strategic outsourcing.
•Take true managed services where they really exist and where they fit (Pace Layering)
•Retain design and ownership where they do not
•Cyber-security is key
10. Discussion points (subject to time)
10
•Partner capabilities
•Historically seen as an infrastructure operation and monitoring point solutions.
•We need more e.g. security engineering, life cycle management, incident management and incident response, continuous improvement etc.
•Are the vendors/suppliers able to deliver or are we asking for too much?
•MSSP should form part of the Strategic Capability for Security
•This is against the original cost driver and is not a commodity purchase.
•Not self-standing - requires supplemental internal resource and true partnership with MSSP
•Must be agile to tackle growing cyber threats.
•How do we position this internally and commercially ?
•Structure – Should the MSSP sit
•As part of IT ?
•As part of the CISO office ?
•Or as a separate Operational capability?
•Does separation offer any 'checking' value or does it make it disjointed from the strategy?