SlideShare a Scribd company logo

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek

Vladimir Jirasek
Vladimir Jirasek
Technology
1 of 15
Download to read offline
Executive Alliance, Inc. October 16, 2008 New York, New York ISE UK and Ireland Summit and Awards NOMINEE SHOWCASE PRESENTATION October 22, 2008 London, United Kingdom
by ISE Northeast 2008 Executive Alliance, Inc.ISE UK and Ireland 2008 Executive Alliance, Inc. 2 Vladimir Jirasek Information Security & Compliance manage DSG International plc Vulnerability scanning for PCI DSS compliance and risk management
ISE Northeast 2008 Executive Alliance, Inc. Today’s Discussion Points • About DSG International • PCI DSS programme and beyond compliance • Vulnerability scanning project • Lessons learned ISE UK and Ireland 2008 Executive Alliance, Inc. 3
ISE Northeast 2008ISE UK and Ireland 2008 Executive Alliance, Inc. 4 DSG International plc • Major electrical and computing retailer in Europe with both traditional stores and Web store • We own brads like Currys, PC World, Pixmania, The TechGuys, PC City, Electroworld, Elkjop • No 1 in the UK • Head office in Hemel Hempsted, UK • 40,000 employees in the Group • Annual revenue over £6b • Processes large amounts of customer data
ISE Northeast 2008 Executive Alliance, Inc. PCI DSS is good but ... • Why good? The first standard that retailers take seriously • But scope is/can be limited • DSGi started work on PCI DSS in 2007 with most of the projects kicked off • Requirement 11.2 handled by this project • Limited budget • Although the scope is limited the approach was to take risk based approach ISE UK and Ireland 2008 Executive Alliance, Inc. 5
ISE Northeast 2008 Executive Alliance, Inc. Requirements • Compliant with 11.2, i.e. ASV • Whole group in the scope (regardless of the PCI DSS scope) • Minimal operational overhead • Potential to satisfy other requirements • Easy to use • Fit for distributed IT teams in the Group ISE UK and Ireland 2008 Executive Alliance, Inc. 6
ISE Northeast 2008 Executive Alliance, Inc. Goals • Develop patching and vulnerability scanning policy • Quick win - find the state of DSGi network (external then internal) • Deliver first “PASS” PCI DSS scans • Make this activity BAU for IT teams ISE UK and Ireland 2008 Executive Alliance, Inc. 7
ISE Northeast 2008 Executive Alliance, Inc.ISE UK and Ireland 2008 Executive Alliance, Inc. 8 Challenges • Distributed IT teams • No standardised patching policy • Limited budget and overstretched IT resources in most countries • Missing risk assessment in IT patching • Scepticism and wary of vulnerability scanning
ISE Northeast 2008 Executive Alliance, Inc.Executive Alliance, Inc. 9 Project team ISE UK and Ireland 2008 Accountable and project lead: Vladimir Jirasek - DSGi Information security manager Team members: Matt Leggett - Security project manager (UK) Stelios Kavalaris - Security admin (Greece) Samy Elmalki - Network admin (France) Ana Maria Munoz Ponce - System admin (Spain) Lars-Andre Johannessen - System manager (Nordic group) Oyvind Gulikstad - Security manager (Nordic group) Paolo Asioli - Security manager (Italy) Ed Brown - Systems manager (UK, Techguys) Michael Braid - Systems admins (UK, DSGi Business)
ISE Northeast 2008 Executive Alliance, Inc.ISE UK and Ireland 2008 Executive Alliance, Inc. 10 Overcoming challenges • Responsibility for “clean” scans transferred to business units IT managers • Group wide standardised patching policy agreed • Limited budget addressed by using Software as a service model • Qualys service is easy to use and understood by IT teams. Virtually no training required • Business units in Qualys made group wide rollout easy to manage • Testing of impact of scanning to existing IT systems
ISE Northeast 2008 Executive Alliance, Inc. Risk based approach Internet Internal network Head office DMZ mainframe eBusiness VPN GW acquirer setlement Store network
ISE Northeast 2008 Executive Alliance, Inc. Risk based approach (cont) ISE UK and Ireland 2008 Executive Alliance, Inc. 14 Critical Important High Medium Low 5 24 hours 5 days 14 days 20 days 40 days 4 5 days 10 days 20 days 1 month 2 months 3 10 days 20 days 1 month 2 months 3 months 2 6 months* Next release* Next release Next release No fix 1 no fix* no fix* no fix no fix No fix
ISE Northeast 2008 Executive Alliance, Inc. Project results Patching policy agreed buy IT teams Weekly vulnerability scans carried on all external and critical internal assets - 14 internal appliances in 7 business units 80% of security issues fixed across the group within first 3 months Qualys accepted by IT teams as a “good” tool for highlighting security issues Scanning is now BAU activity 13
ISE Northeast 2008 Executive Alliance, Inc. Conclusion • Looked beyond PCI DSS and adopted risk based approach (now compliant with v 1.2) • Each IT team is a separate business unit • Responsibility for scanning and fixing transferred to IT managers ISE UK and Ireland 2008 Executive Alliance, Inc. 15
ISE Northeast 2008 Executive Alliance, Inc. Thank You! • Questions? • Contact Info: • Vladimir.jirasek@dgiplc.com or Vladimir@Jirasek.eu • +447959040187 ISE UK and Ireland 2008 Executive Alliance, Inc. 16

Recommended

Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Vladimir Jirasek
 
Alert Logic - Corporate Overview
Alert Logic - Corporate OverviewAlert Logic - Corporate Overview
Alert Logic - Corporate Overviewbmiller144
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpWeAreEsynergy
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
collateral_datasheet_sungard
collateral_datasheet_sungardcollateral_datasheet_sungard
collateral_datasheet_sungardCheryl Goldberg
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 

Recommended

Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Vladimir Jirasek
 
Alert Logic - Corporate Overview
Alert Logic - Corporate OverviewAlert Logic - Corporate Overview
Alert Logic - Corporate Overviewbmiller144
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpWeAreEsynergy
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
collateral_datasheet_sungard
collateral_datasheet_sungardcollateral_datasheet_sungard
collateral_datasheet_sungardCheryl Goldberg
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
 
21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event 21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event Kyos
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Business Cable Collaboration Group
 
Benefits of an Managed Service Provider
Benefits of an Managed Service ProviderBenefits of an Managed Service Provider
Benefits of an Managed Service ProviderThe TNS Group
 
Solutions For PCI Compliance
Solutions For PCI ComplianceSolutions For PCI Compliance
Solutions For PCI ComplianceJohn Bedrick
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureYokogawa1
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Derk Yntema
 
Computer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouComputer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouCentriqMarketing
 
MEDS
MEDSMEDS
MEDSmielmarketing
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services PresentationScott Gombar
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
Invea - Jiri Tobola
Invea - Jiri TobolaInvea - Jiri Tobola
Invea - Jiri TobolaJan Fried
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsSolarWinds
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services PresentationEduardo Garcia
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is RealePlus
 
Max IT4IT webinar powerpoint
Max IT4IT webinar powerpointMax IT4IT webinar powerpoint
Max IT4IT webinar powerpointMAX Technical Training
 
Cisco systems architecture
Cisco systems architectureCisco systems architecture
Cisco systems architectureDhanesh Gandhi
 

More Related Content

What's hot

Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
 
21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event 21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event Kyos
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Business Cable Collaboration Group
 
Benefits of an Managed Service Provider
Benefits of an Managed Service ProviderBenefits of an Managed Service Provider
Benefits of an Managed Service ProviderThe TNS Group
 
Solutions For PCI Compliance
Solutions For PCI ComplianceSolutions For PCI Compliance
Solutions For PCI ComplianceJohn Bedrick
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureYokogawa1
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Derk Yntema
 
Computer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouComputer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouCentriqMarketing
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services PresentationScott Gombar
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
Invea - Jiri Tobola
Invea - Jiri TobolaInvea - Jiri Tobola
Invea - Jiri TobolaJan Fried
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsSolarWinds
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services PresentationEduardo Garcia
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is RealePlus
 

What's hot (20)

Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
 
21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event 21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
 
Benefits of an Managed Service Provider
Benefits of an Managed Service ProviderBenefits of an Managed Service Provider
Benefits of an Managed Service Provider
 
Solutions For PCI Compliance
Solutions For PCI ComplianceSolutions For PCI Compliance
Solutions For PCI Compliance
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, Secure
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
 
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
 
Computer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost YouComputer Forensics – What You Don’t Know Can Cost You
Computer Forensics – What You Don’t Know Can Cost You
 
MEDS
MEDSMEDS
MEDS
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services Presentation
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data Center
 
Invea - Jiri Tobola
Invea - Jiri TobolaInvea - Jiri Tobola
Invea - Jiri Tobola
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services Presentation
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is Real
 

Similar to ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek

Cisco systems architecture
Cisco systems architectureCisco systems architecture
Cisco systems architectureDhanesh Gandhi
 
Real-Time Visibility into High Speed Networks
Real-Time Visibility into High Speed NetworksReal-Time Visibility into High Speed Networks
Real-Time Visibility into High Speed NetworksSavvius, Inc
 
Enabling Digital Transformation with Alcatel-Lucent Enterprise’s Network-as-a...
Enabling Digital Transformation with Alcatel-Lucent Enterprise’s Network-as-a...Enabling Digital Transformation with Alcatel-Lucent Enterprise’s Network-as-a...
Enabling Digital Transformation with Alcatel-Lucent Enterprise’s Network-as-a...Enterprise Management Associates
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalSyam Madanapalli
 
Organization Wide Performance Methodology (ITIL)
Organization Wide Performance Methodology (ITIL)Organization Wide Performance Methodology (ITIL)
Organization Wide Performance Methodology (ITIL)Moshe Kaplan
 
GadellNet Company Overview
GadellNet Company OverviewGadellNet Company Overview
GadellNet Company OverviewNick Smarrelli
 
easySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitieseasySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitiesAnisha Gupta
 
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...Sogeti Nederland B.V.
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Anti Hack Solution
Anti Hack Solution Anti Hack Solution
Anti Hack Solution Naved Ahmed
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsSPIN Chennai
 
Cloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestCloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestAvere Systems
 
Who are Data Edge?
Who are Data Edge?Who are Data Edge?
Who are Data Edge?James Gorman
 
Systems Management 2.0: How to Gain Control of Unruly & Distributed Networks
Systems Management 2.0: How to Gain Control of Unruly & Distributed NetworksSystems Management 2.0: How to Gain Control of Unruly & Distributed Networks
Systems Management 2.0: How to Gain Control of Unruly & Distributed NetworksKaseya
 
Making AIOps-Driven Network Performance Management a Reality
Making AIOps-Driven Network Performance Management a RealityMaking AIOps-Driven Network Performance Management a Reality
Making AIOps-Driven Network Performance Management a RealityEnterprise Management Associates
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?IT Governance Ltd
 

Similar to ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek (20)

Max IT4IT webinar powerpoint
Max IT4IT webinar powerpointMax IT4IT webinar powerpoint
Max IT4IT webinar powerpoint
 
Cisco systems architecture
Cisco systems architectureCisco systems architecture
Cisco systems architecture
 
Real-Time Visibility into High Speed Networks
Real-Time Visibility into High Speed NetworksReal-Time Visibility into High Speed Networks
Real-Time Visibility into High Speed Networks
 
Enabling Digital Transformation with Alcatel-Lucent Enterprise’s Network-as-a...
Enabling Digital Transformation with Alcatel-Lucent Enterprise’s Network-as-a...Enabling Digital Transformation with Alcatel-Lucent Enterprise’s Network-as-a...
Enabling Digital Transformation with Alcatel-Lucent Enterprise’s Network-as-a...
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
Organization Wide Performance Methodology (ITIL)
Organization Wide Performance Methodology (ITIL)Organization Wide Performance Methodology (ITIL)
Organization Wide Performance Methodology (ITIL)
 
GadellNet Company Overview
GadellNet Company OverviewGadellNet Company Overview
GadellNet Company Overview
 
Helping SME’S to face cybersecurity threats
Helping SME’S to face cybersecurity threatsHelping SME’S to face cybersecurity threats
Helping SME’S to face cybersecurity threats
 
easySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitieseasySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company Capabilities
 
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
Revolutionising Testing with the Power of AI - Deepa Mamtani, Pillay Almira &...
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Anti Hack Solution
Anti Hack Solution Anti Hack Solution
Anti Hack Solution
 
It assessment case study
It assessment case studyIt assessment case study
It assessment case study
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
 
Cloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestCloud Computing Gets Put to the Test
Cloud Computing Gets Put to the Test
 
Who are Data Edge?
Who are Data Edge?Who are Data Edge?
Who are Data Edge?
 
Systems Management 2.0: How to Gain Control of Unruly & Distributed Networks
Systems Management 2.0: How to Gain Control of Unruly & Distributed NetworksSystems Management 2.0: How to Gain Control of Unruly & Distributed Networks
Systems Management 2.0: How to Gain Control of Unruly & Distributed Networks
 
Making AIOps-Driven Network Performance Management a Reality
Making AIOps-Driven Network Performance Management a RealityMaking AIOps-Driven Network Performance Management a Reality
Making AIOps-Driven Network Performance Management a Reality
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 

More from Vladimir Jirasek

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanningVladimir Jirasek
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009Vladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metricsVladimir Jirasek
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White HatsVladimir Jirasek
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011Vladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityVladimir Jirasek
 

More from Vladimir Jirasek (16)

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
 

Recently uploaded

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek

  • 1. Executive Alliance, Inc. October 16, 2008 New York, New York ISE UK and Ireland Summit and Awards NOMINEE SHOWCASE PRESENTATION October 22, 2008 London, United Kingdom
  • 2. by ISE Northeast 2008 Executive Alliance, Inc.ISE UK and Ireland 2008 Executive Alliance, Inc. 2 Vladimir Jirasek Information Security & Compliance manage DSG International plc Vulnerability scanning for PCI DSS compliance and risk management
  • 3. ISE Northeast 2008 Executive Alliance, Inc. Today’s Discussion Points • About DSG International • PCI DSS programme and beyond compliance • Vulnerability scanning project • Lessons learned ISE UK and Ireland 2008 Executive Alliance, Inc. 3
  • 4. ISE Northeast 2008ISE UK and Ireland 2008 Executive Alliance, Inc. 4 DSG International plc • Major electrical and computing retailer in Europe with both traditional stores and Web store • We own brads like Currys, PC World, Pixmania, The TechGuys, PC City, Electroworld, Elkjop • No 1 in the UK • Head office in Hemel Hempsted, UK • 40,000 employees in the Group • Annual revenue over £6b • Processes large amounts of customer data
  • 5. ISE Northeast 2008 Executive Alliance, Inc. PCI DSS is good but ... • Why good? The first standard that retailers take seriously • But scope is/can be limited • DSGi started work on PCI DSS in 2007 with most of the projects kicked off • Requirement 11.2 handled by this project • Limited budget • Although the scope is limited the approach was to take risk based approach ISE UK and Ireland 2008 Executive Alliance, Inc. 5
  • 6. ISE Northeast 2008 Executive Alliance, Inc. Requirements • Compliant with 11.2, i.e. ASV • Whole group in the scope (regardless of the PCI DSS scope) • Minimal operational overhead • Potential to satisfy other requirements • Easy to use • Fit for distributed IT teams in the Group ISE UK and Ireland 2008 Executive Alliance, Inc. 6
  • 7. ISE Northeast 2008 Executive Alliance, Inc. Goals • Develop patching and vulnerability scanning policy • Quick win - find the state of DSGi network (external then internal) • Deliver first “PASS” PCI DSS scans • Make this activity BAU for IT teams ISE UK and Ireland 2008 Executive Alliance, Inc. 7
  • 8. ISE Northeast 2008 Executive Alliance, Inc.ISE UK and Ireland 2008 Executive Alliance, Inc. 8 Challenges • Distributed IT teams • No standardised patching policy • Limited budget and overstretched IT resources in most countries • Missing risk assessment in IT patching • Scepticism and wary of vulnerability scanning
  • 9. ISE Northeast 2008 Executive Alliance, Inc.Executive Alliance, Inc. 9 Project team ISE UK and Ireland 2008 Accountable and project lead: Vladimir Jirasek - DSGi Information security manager Team members: Matt Leggett - Security project manager (UK) Stelios Kavalaris - Security admin (Greece) Samy Elmalki - Network admin (France) Ana Maria Munoz Ponce - System admin (Spain) Lars-Andre Johannessen - System manager (Nordic group) Oyvind Gulikstad - Security manager (Nordic group) Paolo Asioli - Security manager (Italy) Ed Brown - Systems manager (UK, Techguys) Michael Braid - Systems admins (UK, DSGi Business)
  • 10. ISE Northeast 2008 Executive Alliance, Inc.ISE UK and Ireland 2008 Executive Alliance, Inc. 10 Overcoming challenges • Responsibility for “clean” scans transferred to business units IT managers • Group wide standardised patching policy agreed • Limited budget addressed by using Software as a service model • Qualys service is easy to use and understood by IT teams. Virtually no training required • Business units in Qualys made group wide rollout easy to manage • Testing of impact of scanning to existing IT systems
  • 11. ISE Northeast 2008 Executive Alliance, Inc. Risk based approach Internet Internal network Head office DMZ mainframe eBusiness VPN GW acquirer setlement Store network
  • 12. ISE Northeast 2008 Executive Alliance, Inc. Risk based approach (cont) ISE UK and Ireland 2008 Executive Alliance, Inc. 14 Critical Important High Medium Low 5 24 hours 5 days 14 days 20 days 40 days 4 5 days 10 days 20 days 1 month 2 months 3 10 days 20 days 1 month 2 months 3 months 2 6 months* Next release* Next release Next release No fix 1 no fix* no fix* no fix no fix No fix
  • 13. ISE Northeast 2008 Executive Alliance, Inc. Project results Patching policy agreed buy IT teams Weekly vulnerability scans carried on all external and critical internal assets - 14 internal appliances in 7 business units 80% of security issues fixed across the group within first 3 months Qualys accepted by IT teams as a “good” tool for highlighting security issues Scanning is now BAU activity 13
  • 14. ISE Northeast 2008 Executive Alliance, Inc. Conclusion • Looked beyond PCI DSS and adopted risk based approach (now compliant with v 1.2) • Each IT team is a separate business unit • Responsibility for scanning and fixing transferred to IT managers ISE UK and Ireland 2008 Executive Alliance, Inc. 15
  • 15. ISE Northeast 2008 Executive Alliance, Inc. Thank You! • Questions? • Contact Info: • Vladimir.jirasek@dgiplc.com or Vladimir@Jirasek.eu • +447959040187 ISE UK and Ireland 2008 Executive Alliance, Inc. 16

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n