This document discusses leveraging managed security services to provide cost-effective information security operations. It notes that many organizations lack sufficient time and resources to properly address vulnerabilities. It then discusses how outsourcing to managed security services can provide around-the-clock monitoring and response, qualified security resources, infrastructure protection, and adherence to best practices in a predictable cost model. Finally, it outlines some of the key components of a managed security services framework, including monitoring tools, high availability, change management processes, and continuous improvement based on lessons learned from incidents.

1. Leveraging Managed
Services for Cost effective
Infosec Operations
+973-36040991
jorge.sebastiao@its.ws

2. ICT Security 2009 - Risks
• 79% - don’t believe Security Software of
Digital Signature provides Sufficient
Protection
• 50% - Organization not protected against
Malware based on attack trends
• 62% - not enough time resources to
address vulnerabilities
• 66% - out of work during recession will
lead to more people joining cyber-criminal
underground

3. ICT Security 2009 – Arms Race
• 41% - increase in sophistication of
attacks
• 45% - increase in phishing attacks on
employees
• 49% - (financial services) increase in
technical sophistication of attacks
• 63% - infected web site biggest cause of
compromise of online security

4. Quote
“Every morning in Africa a gazelle wakes
up. It knows it must outrun the fastest
lion or it will be killed. Every morning in
Africa a lion wakes up. It knows it must
run faster than the slowest gazelle or it
will starve. It doesn’t matter if you’re a
gazelle or a lion: when the sun comes
up, you had better be running.”
- H.H. Sheikh Mohammed Bin Rashid Al Maktoum.

5. Securing Information Today
Threats
Cyber terrorism Viruses
Industrial Threats
Espionage Environmental
Natural Unintended results
Disasters (The “OOPS” factor)

6. Securing Information Today
Business Risks
Financial Intellectual
loss capital
Public Business Litigation
Image/Trust Risks
Employee &
Legislative
customer
violations
privacy

7. Threats to Infrastructure
DATA CORRUPTION COMPONENT FAILURE APPLICATION FAILURE
HUMAN ERROR MAINTENANCE SITE OUTAGE

8. Do you have risk mgmt plan?

9. ICT Risks are
changing

10. Hacking is now a
business
Criminals

11. Hacker don’t follow
rules?

12. More sophisticated
Attacks

13. Business vs Inforsec Priorities

14. Security focus on Business

15. Views of Security and
Risk Management
Business View
Service and
Continuity
Customer Focus
Managing Risks
Operation Risk Controls
Auditing
Governance & Compliance
IT Infrastructure
Disaster Recovery
High Availability

16. Risk Management
Elimination
Reduction/Controls
Transfer/Outsource
Insurance
Not all risk can be Residual
eliminated via
controls

17. Why should you care?
Better Incidence Response & Availability
Best Practices
Quick troubleshooting
Knowledge base
Higher Availability
Efficient Security Operations
Support
Availability of qualified resources
Infrastructure protection
Infosec, BCM, ITIL Best Practices
24x7x365 Monitoring
Vendor Management
Managed People, Process, Technology

18. Scope of Management &
Value

19. Technology is not enough
Technology
People Process

20. Holistic Implementation
 SLA
 24x7x365
Process  Industry Best Practices
 ITIL based processes
 Data Center Best Practices
Technology  Latest Monitoring tools
 State of the Art knowledge base
 Secure technology
 Certified and Trained Staff
People  Technical Experts
 Cross Training
 Onsite and Offsite

21. Infosec:
Global Delivery Services - GDS
• On-site & Off-site resource Mix
• Fully managed and supported environment
• Enterprise Management Solution (EMS)
• Predictable cost model
• Performance & Trend analysis
• Alert, Monitoring, Notification & Escalation
• Training and Knowledge Transfer
• 24x7x365 with SLA

22. Managed Services
Provide Agility
• Knowledge Base
•Incidence diagnosis
•Root Cause analysis
•Quicker Response
•Response Planning
•Certified Resources
•Single Vendor Management

23. Infrastructure Best Practices

24. 3 key Drivers for outsourcing

25. Flexibility
Managed Traditional ITO/FM
Services Centralized Management
0%
Onsite Flexible 100%
Onsite
Managed
Services
100% Approach 0%
Offsite Offsite
Decentralized Management

26. Cost Effective
Management Mix
Network Platforms Database Applications
Storage
Level-1
Monitoring, Incident and Problem Management Resolution Processes
80-100% Offsite
Change, Configuration and Release Management
Level-2
Capacity and Availability Management
Operational Processes
Service Continuity, Security 20-80% Offsite
Service Level Management
Level-3
Capacity planning and Financial Management Strategic Processes
100% Onsite
Business Relationship and Supplier Management

27. Best Practices Structure
Organization Goals and
Objectives Policies
How to achieve Processes, Pro
organization goals and cess Diagrams &
objectives Models
How to perform the Procedures and
activities that are needed Guidelines
Artifacts used to perform
activities Templates, Forms, Checklists
References to use for Self Help, Knowledge
efficient performance Articles, Project Artifacts

28. Managed Services Framework
Aggregated Reporting / Portal / I2MP, Service Desk
ITIL Compliant Best Practices
Monitoring, Automation Tools
Redundancy / High Availability / Disaster Recovery
Desktop Network Servers Databases Storage Applications
Center of
Onsite Offsite Vendor A Vendor B Call Center
Excellence

29. Implementation Continuous
Detection Response
• 24x7x365
• Security monitoring
• Managed Services
• Automatic Alerting Incident Response
• Incidence Response Lessons
Restore
• Vulnerability Eliminate
Assessment Contain
Analyse
• Patch Management Communicate
Continuous Monitoring
• Forensic Analysis Policy Refine Policy
T-1 T0 T1 T1 T3 T4 TN
• Integration

30. CIO Security Metrics

31. Security = Time
Protection
Anti-virus
VPN
Firewall
Access Control
SECURITY
P>D+R
Response Detection
Intrusion Prevention Vulnerability Testing
Managed Services Intrusion Detection
Patch Mgmt Log Correlation
CIRT CCTV

32. Security in Depth

33. Security in Depth
Revised
People Technology Process
Prevent
Detect
Respond/
Recover

34. Structured Delivery
Managed Services

35. SETA = Security +Training +
Awareness + Education

36. Structured Implementation
Steady State
Due Transition
Diligence Plan
Transformation
Optimization

37. Focus on Risk
Risk Analysis Matrix
High
Medium
Area of
Major
Low
Concern
Low Medium High

38. Focus on
Risk
Business Impact
High Medium Low
High
A B C
Vulnerability
Medium
B B C
Low
C C D

39. Security with 20/20 Vision
Logical
Physical Integration
Continuous
Skilled ICT Model
Resources Security
Best Practices

40. Questions
+973-36040991
jorge.sebastiao@its.ws