SlideShare a Scribd company logo

RMIT_IPSec_MSS_Case_Study

Iby Boztepe
Iby Boztepe
1 of 2
Download to read offline
Executive Summary Securing digital assets places great pressure on the stretched resources of every IT de- partment. The size and complexity of the operating environment is directly proportional to the number of potential risks that IT professionals must confront. RMIT security staff were swamped with an increasing workload to maintain their security posture and this was adversely affecting service delivery and detrimentally affecting their reputation with- in RMIT. By collaborating with IPSec, the University alleviated some critical workflow bottlenecks and solved operational goals. To meet RMIT’s strategic objective of monitor- ing security safeguards 24*7*365, IPSec implemented their industry leading managed service. Providing this level of protection using internal resources would have meant in- creasing headcount, requiring a sizeable increase in payroll budgets. IPSec helped RMIT achieve enhanced levels of overall security at a fraction of the cost of resourcing this ser- vice internally. CASE STUDY: RMIT University RMIT partners with IPSec to protect the security of one of Australia’s most revered places of learning Employees 5,000 Students 82,000 Founded 1887 Headquarters Melbourne VIC Locations 5 Market Vertical Tertiary Education URL www.rmit.edu.au Client Profile Ranked globally among the world’s top 100 tertiary education providers, RMIT University provides a syl- labus that focuses on technology, design, health, global business and communications. Located in the cosmopolitan city of Melbourne, the University is studded with striking buildings featuring designs that are aesthetically pleasing and in keeping with the University’s sustainability goals. Two campuses situated in Vietnam cater to this rapidly growing market, contributing to the rich diversity of the stu- dent body. RMIT’s global reach touches nearly eve- ry nation through partnerships and business allianc- es, all underpinned by their reputation for consist- ently delivering successful learning outcomes. RMIT University works closely with Australian industry seeking mutually beneficial ways to commercialise the rewards of their research and development ac- tivities. ■ Reducing the security workload has enabled a greater focus on providing consistent and predictable service delivery to RMIT stakeholders ■ Providing around-the-clock security monitoring was prohibitively expensive compared with partnering with the IPSec security team ■ Complex environments are challenging for security personnel to secure and protect ■ RMIT’s Information Services group has garnered prestige by resolving security bottle- necks that affected service delivery throughout the entire supply chain ■ The partnership has injected high-level security skills into the organisation with IPSec employees now treated as valued and trusted members of the RMIT security team “IPSec’s continuous security monitoring and technical expertise has contributed to improving RMIT’s security posture” Ben O’Neill - Deputy Director ICT Infrastructure Delivery RMIT University Photo Credit: ©-RMIT University
Business Driver Like all educational facilities, RMIT University’s budgets were under continuous cost pressures with users demanding better service lev- els combined with uninterrupted service delivery. The University’s security staff were overloaded with the sheer volume of work, par- ticularly the firewall team who were swamped with additions, moves and changes to ensure the comprehensive protection of their security perimeter. Another challenge was the IT leadership team’s desire to provide 24*7*365 security monitoring. If a volatile security scenario arose outside of standard business hours then es- calation and remediation procedures may not have met the IT de- partment’s high quality and service standards. After an exhaustive assessment of security service providers, IPSec were asked to re- view the environment and develop an actionable remediation plan to help solve RMIT’s concerns. IPSec Business Solution IPSec’s first task was to discover RMIT’s security environment and learn how processes and technology interacted. When this ex- tremely complex task was completed the onerous job of auditing firewall rules began. Managing firewall and IPS rules is demanding work, made even more challenging because of the sheer size and reach of the University’s network. Harmonising the firewall and IPS rule-sets was critical to keep the rule base clear and consistent. IPS parameters were finely tuned to reduce false positive alerts. Having established a security baseline with the gateway infrastructure, phase two of the project commenced. In spite of the diligent efforts of RMIT’s IT Executives, failings in service levels were still present. Implementing IPSec’s 24*7*365 security monitoring service, filtered and flagged important security alerts and provided a 15-minute response time for high severity issues. This reduced the staff workload and helped improve user satisfaction levels. Summary Incremental improvements in RMIT’s security posture have been achieved since their relationship with IPSec commenced. Firewall and IPS throughput depends on efficient rule-sets and by simply cleansing and streamlining these, noticeable network performance improvements have been delivered. Even a minor system change or hardware tweak can improve the security so vital in protecting the privacy of RMIT stakeholders. RMIT understood the business bene- fits of the managed services provided by IPSec but quickly learned how the skills and knowledge injection contributed to better overall security. The IT Department’s prestige and reputation within the University has risen because agreed service levels are consistently met. The IT Executive set simple expectations for the IPSec relation- ship: assist the RMIT team to provide reliable and uniform security levels that protected stakeholder’s privacy and the University’s in- tellectual property. A complex security environment has been tamed and a better outcome delivered thanks to RMIT’s partner- ship with IPSec. Services ■ Managed Security Service with industry leading 15 minute SLA ■ Firewall and IPS configuration and a granular rules audit ■ Network discovery and mapping ■ Strategic and Operational Consulting About Us IPSec specialise in protecting your information assets and mitigating security risks. Our team of highly skilled professionals design, implement, audit, and manage every aspect of your information security environment. By applying industry best practice to business processes, IPSec offer unrivalled service levels that protect your organisation and improves your overall security posture. “IPSec provided RMIT with an injection of skills in addition to improving our response time when dealing with a high-severity security event” Ben O’Neill Deputy Director - ICT Infrastructure Delivery RMIT University Photo Credit: ©-RMIT University

Recommended

IPSec_Case_Study_DEECD_Managed_Security_Services
IPSec_Case_Study_DEECD_Managed_Security_ServicesIPSec_Case_Study_DEECD_Managed_Security_Services
IPSec_Case_Study_DEECD_Managed_Security_ServicesIby Boztepe
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is RealePlus
 
Facility Protective Engineering
Facility Protective EngineeringFacility Protective Engineering
Facility Protective EngineeringLevi Zeigler
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016Adel Zayed
 
Reduce admin time by 60% - Here is how
Reduce admin time by 60% - Here is how Reduce admin time by 60% - Here is how
Reduce admin time by 60% - Here is how Craig Willetts ISO Expert
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISAIshita Kundu
 
IT GOVERNANCE OUTSOURCING
IT GOVERNANCE OUTSOURCINGIT GOVERNANCE OUTSOURCING
IT GOVERNANCE OUTSOURCINGArul Nambi
 

Recommended

IPSec_Case_Study_DEECD_Managed_Security_Services
IPSec_Case_Study_DEECD_Managed_Security_ServicesIPSec_Case_Study_DEECD_Managed_Security_Services
IPSec_Case_Study_DEECD_Managed_Security_ServicesIby Boztepe
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is RealePlus
 
Facility Protective Engineering
Facility Protective EngineeringFacility Protective Engineering
Facility Protective EngineeringLevi Zeigler
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016Adel Zayed
 
Reduce admin time by 60% - Here is how
Reduce admin time by 60% - Here is how Reduce admin time by 60% - Here is how
Reduce admin time by 60% - Here is how Craig Willetts ISO Expert
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISAIshita Kundu
 
IT GOVERNANCE OUTSOURCING
IT GOVERNANCE OUTSOURCINGIT GOVERNANCE OUTSOURCING
IT GOVERNANCE OUTSOURCINGArul Nambi
 
Cisco Connected Factory - Security
Cisco Connected Factory - SecurityCisco Connected Factory - Security
Cisco Connected Factory - SecurityConnected Futures
 
10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational Excellence10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational ExcellenceMitch Ackles
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetysarah7887
 
secom : managing information security in a risky world
secom : managing information security in a risky worldsecom : managing information security in a risky world
secom : managing information security in a risky worldInderpreet Singh
 
Cdpse course content infosec train
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec trainShivamSharma909
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Auditvelcomerp
 
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape... Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...NetCom Learning
 
Personnel security
Personnel securityPersonnel security
Personnel securityPLN9 Security Services Pvt. Ltd.
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms ComplianceRamkumar Ramachandran
 
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014Eric Vanderburg
 
Seekintoo-Security Assessment & IR
Seekintoo-Security Assessment & IRSeekintoo-Security Assessment & IR
Seekintoo-Security Assessment & IRPaul Enright
 
WiMAXHealthcare 4G World - Chicago Sep 15-18
WiMAXHealthcare 4G World - Chicago Sep 15-18WiMAXHealthcare 4G World - Chicago Sep 15-18
WiMAXHealthcare 4G World - Chicago Sep 15-18Cisco Service Provider
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 ImplementationPECB
 
IT Pains
IT PainsIT Pains
IT PainsStackIQ
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
The Cyber Security Leap
The Cyber Security LeapThe Cyber Security Leap
The Cyber Security LeapAccenture New Zealand
 
Cyber Eleven flyer
Cyber Eleven flyerCyber Eleven flyer
Cyber Eleven flyerTimmy Chou
 
Group 6 Slides_Updated
Group 6 Slides_UpdatedGroup 6 Slides_Updated
Group 6 Slides_Updatedsuhel1
 
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...ProfessorPrincipiante
 

More Related Content

What's hot

Cisco Connected Factory - Security
Cisco Connected Factory - SecurityCisco Connected Factory - Security
Cisco Connected Factory - SecurityConnected Futures
 
10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational Excellence10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational ExcellenceMitch Ackles
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetysarah7887
 
secom : managing information security in a risky world
secom : managing information security in a risky worldsecom : managing information security in a risky world
secom : managing information security in a risky worldInderpreet Singh
 
Cdpse course content infosec train
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec trainShivamSharma909
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Auditvelcomerp
 
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape... Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...NetCom Learning
 
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014Eric Vanderburg
 
Seekintoo-Security Assessment & IR
Seekintoo-Security Assessment & IRSeekintoo-Security Assessment & IR
Seekintoo-Security Assessment & IRPaul Enright
 
WiMAXHealthcare 4G World - Chicago Sep 15-18
WiMAXHealthcare 4G World - Chicago Sep 15-18WiMAXHealthcare 4G World - Chicago Sep 15-18
WiMAXHealthcare 4G World - Chicago Sep 15-18Cisco Service Provider
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 ImplementationPECB
 
IT Pains
IT PainsIT Pains
IT PainsStackIQ
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
Cyber Eleven flyer
Cyber Eleven flyerCyber Eleven flyer
Cyber Eleven flyerTimmy Chou
 

What's hot (20)

Cisco Connected Factory - Security
Cisco Connected Factory - SecurityCisco Connected Factory - Security
Cisco Connected Factory - Security
 
10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational Excellence10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational Excellence
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safety
 
secom : managing information security in a risky world
secom : managing information security in a risky worldsecom : managing information security in a risky world
secom : managing information security in a risky world
 
Cdpse course content infosec train
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec train
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
 
ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Audit
 
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape... Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
 
Personnel security
Personnel securityPersonnel security
Personnel security
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms Compliance
 
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014
Maximizing Technology Adoption ROI - Eric Vanderburg - CodeMash 2014
 
Seekintoo-Security Assessment & IR
Seekintoo-Security Assessment & IRSeekintoo-Security Assessment & IR
Seekintoo-Security Assessment & IR
 
WiMAXHealthcare 4G World - Chicago Sep 15-18
WiMAXHealthcare 4G World - Chicago Sep 15-18WiMAXHealthcare 4G World - Chicago Sep 15-18
WiMAXHealthcare 4G World - Chicago Sep 15-18
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
 
IT Pains
IT PainsIT Pains
IT Pains
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new exam
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a ciso
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in Dubai
 
The Cyber Security Leap
The Cyber Security LeapThe Cyber Security Leap
The Cyber Security Leap
 
Cyber Eleven flyer
Cyber Eleven flyerCyber Eleven flyer
Cyber Eleven flyer
 

Viewers also liked

Group 6 Slides_Updated
Group 6 Slides_UpdatedGroup 6 Slides_Updated
Group 6 Slides_Updatedsuhel1
 
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...ProfessorPrincipiante
 
Grundlæggendeledelsesuddannelse_Redacted_minuscpr
Grundlæggendeledelsesuddannelse_Redacted_minuscprGrundlæggendeledelsesuddannelse_Redacted_minuscpr
Grundlæggendeledelsesuddannelse_Redacted_minuscprBilal Bahij
 
Almacen calero
Almacen caleroAlmacen calero
Almacen caleroUNACH .
 
Narayaneeyam bengali transliteration with english translation dasakam 028
Narayaneeyam bengali transliteration with english translation dasakam 028Narayaneeyam bengali transliteration with english translation dasakam 028
Narayaneeyam bengali transliteration with english translation dasakam 028Ravi Ramakrishnan
 
[LOWRES] Organisation Profile
[LOWRES] Organisation Profile[LOWRES] Organisation Profile
[LOWRES] Organisation ProfileRini Sucahyo
 
ATLRUG Announcements for Feb. 2016
ATLRUG Announcements for Feb. 2016ATLRUG Announcements for Feb. 2016
ATLRUG Announcements for Feb. 2016jasnow
 

Viewers also liked (10)

Group 6 Slides_Updated
Group 6 Slides_UpdatedGroup 6 Slides_Updated
Group 6 Slides_Updated
 
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...
CONSTRUÇÃO E DESENVOLVIMENTO DE UMA COMUNIDADE DE APRENDIZAGEM PROFISSIONAL D...
 
Tabla en word kelly mora
Tabla en word kelly moraTabla en word kelly mora
Tabla en word kelly mora
 
Grundlæggendeledelsesuddannelse_Redacted_minuscpr
Grundlæggendeledelsesuddannelse_Redacted_minuscprGrundlæggendeledelsesuddannelse_Redacted_minuscpr
Grundlæggendeledelsesuddannelse_Redacted_minuscpr
 
Derivadas
DerivadasDerivadas
Derivadas
 
Presentación1 la robotica
Presentación1 la roboticaPresentación1 la robotica
Presentación1 la robotica
 
Almacen calero
Almacen caleroAlmacen calero
Almacen calero
 
Narayaneeyam bengali transliteration with english translation dasakam 028
Narayaneeyam bengali transliteration with english translation dasakam 028Narayaneeyam bengali transliteration with english translation dasakam 028
Narayaneeyam bengali transliteration with english translation dasakam 028
 
[LOWRES] Organisation Profile
[LOWRES] Organisation Profile[LOWRES] Organisation Profile
[LOWRES] Organisation Profile
 
ATLRUG Announcements for Feb. 2016
ATLRUG Announcements for Feb. 2016ATLRUG Announcements for Feb. 2016
ATLRUG Announcements for Feb. 2016
 

Similar to RMIT_IPSec_MSS_Case_Study

Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group Indigo Advisory Group
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
 
英文网站文案
英文网站文案英文网站文案
英文网站文案成龙 赵
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...360 BSI
 
How to create a secure network architecture.pdf
How to create a secure network architecture.pdfHow to create a secure network architecture.pdf
How to create a secure network architecture.pdfitconsultancynj104
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesNetworkCollaborators
 
SecurityGen's IDS/IPS Solutions for Proactive Threat Management
SecurityGen's IDS/IPS Solutions for Proactive Threat ManagementSecurityGen's IDS/IPS Solutions for Proactive Threat Management
SecurityGen's IDS/IPS Solutions for Proactive Threat ManagementSecurityGen1
 
Unraveling the Web: Exploring Vulnerabilities in Network Security
Unraveling the Web: Exploring Vulnerabilities in Network SecurityUnraveling the Web: Exploring Vulnerabilities in Network Security
Unraveling the Web: Exploring Vulnerabilities in Network SecuritySecurityGen1
 
SecurityGen-IDS_case_study.pdf
SecurityGen-IDS_case_study.pdfSecurityGen-IDS_case_study.pdf
SecurityGen-IDS_case_study.pdfSecurity Gen
 
Beyond the Perimeter IDS, IPS, and Firewall Strategies Unveiled.pdf
Beyond the Perimeter IDS, IPS, and Firewall Strategies Unveiled.pdfBeyond the Perimeter IDS, IPS, and Firewall Strategies Unveiled.pdf
Beyond the Perimeter IDS, IPS, and Firewall Strategies Unveiled.pdfSecurityGen1
 

Similar to RMIT_IPSec_MSS_Case_Study (20)

Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20Services
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
PEO STRI
PEO STRIPEO STRI
PEO STRI
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 
英文网站文案
英文网站文案英文网站文案
英文网站文案
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
 
How to create a secure network architecture.pdf
How to create a secure network architecture.pdfHow to create a secure network architecture.pdf
How to create a secure network architecture.pdf
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response Services
 
SecurityGen's IDS/IPS Solutions for Proactive Threat Management
SecurityGen's IDS/IPS Solutions for Proactive Threat ManagementSecurityGen's IDS/IPS Solutions for Proactive Threat Management
SecurityGen's IDS/IPS Solutions for Proactive Threat Management
 
Unraveling the Web: Exploring Vulnerabilities in Network Security
Unraveling the Web: Exploring Vulnerabilities in Network SecurityUnraveling the Web: Exploring Vulnerabilities in Network Security
Unraveling the Web: Exploring Vulnerabilities in Network Security
 
SecurityGen-IDS_case_study.pdf
SecurityGen-IDS_case_study.pdfSecurityGen-IDS_case_study.pdf
SecurityGen-IDS_case_study.pdf
 
Beyond the Perimeter IDS, IPS, and Firewall Strategies Unveiled.pdf
Beyond the Perimeter IDS, IPS, and Firewall Strategies Unveiled.pdfBeyond the Perimeter IDS, IPS, and Firewall Strategies Unveiled.pdf
Beyond the Perimeter IDS, IPS, and Firewall Strategies Unveiled.pdf
 

RMIT_IPSec_MSS_Case_Study

  • 1. Executive Summary Securing digital assets places great pressure on the stretched resources of every IT de- partment. The size and complexity of the operating environment is directly proportional to the number of potential risks that IT professionals must confront. RMIT security staff were swamped with an increasing workload to maintain their security posture and this was adversely affecting service delivery and detrimentally affecting their reputation with- in RMIT. By collaborating with IPSec, the University alleviated some critical workflow bottlenecks and solved operational goals. To meet RMIT’s strategic objective of monitor- ing security safeguards 24*7*365, IPSec implemented their industry leading managed service. Providing this level of protection using internal resources would have meant in- creasing headcount, requiring a sizeable increase in payroll budgets. IPSec helped RMIT achieve enhanced levels of overall security at a fraction of the cost of resourcing this ser- vice internally. CASE STUDY: RMIT University RMIT partners with IPSec to protect the security of one of Australia’s most revered places of learning Employees 5,000 Students 82,000 Founded 1887 Headquarters Melbourne VIC Locations 5 Market Vertical Tertiary Education URL www.rmit.edu.au Client Profile Ranked globally among the world’s top 100 tertiary education providers, RMIT University provides a syl- labus that focuses on technology, design, health, global business and communications. Located in the cosmopolitan city of Melbourne, the University is studded with striking buildings featuring designs that are aesthetically pleasing and in keeping with the University’s sustainability goals. Two campuses situated in Vietnam cater to this rapidly growing market, contributing to the rich diversity of the stu- dent body. RMIT’s global reach touches nearly eve- ry nation through partnerships and business allianc- es, all underpinned by their reputation for consist- ently delivering successful learning outcomes. RMIT University works closely with Australian industry seeking mutually beneficial ways to commercialise the rewards of their research and development ac- tivities. ■ Reducing the security workload has enabled a greater focus on providing consistent and predictable service delivery to RMIT stakeholders ■ Providing around-the-clock security monitoring was prohibitively expensive compared with partnering with the IPSec security team ■ Complex environments are challenging for security personnel to secure and protect ■ RMIT’s Information Services group has garnered prestige by resolving security bottle- necks that affected service delivery throughout the entire supply chain ■ The partnership has injected high-level security skills into the organisation with IPSec employees now treated as valued and trusted members of the RMIT security team “IPSec’s continuous security monitoring and technical expertise has contributed to improving RMIT’s security posture” Ben O’Neill - Deputy Director ICT Infrastructure Delivery RMIT University Photo Credit: ©-RMIT University
  • 2. Business Driver Like all educational facilities, RMIT University’s budgets were under continuous cost pressures with users demanding better service lev- els combined with uninterrupted service delivery. The University’s security staff were overloaded with the sheer volume of work, par- ticularly the firewall team who were swamped with additions, moves and changes to ensure the comprehensive protection of their security perimeter. Another challenge was the IT leadership team’s desire to provide 24*7*365 security monitoring. If a volatile security scenario arose outside of standard business hours then es- calation and remediation procedures may not have met the IT de- partment’s high quality and service standards. After an exhaustive assessment of security service providers, IPSec were asked to re- view the environment and develop an actionable remediation plan to help solve RMIT’s concerns. IPSec Business Solution IPSec’s first task was to discover RMIT’s security environment and learn how processes and technology interacted. When this ex- tremely complex task was completed the onerous job of auditing firewall rules began. Managing firewall and IPS rules is demanding work, made even more challenging because of the sheer size and reach of the University’s network. Harmonising the firewall and IPS rule-sets was critical to keep the rule base clear and consistent. IPS parameters were finely tuned to reduce false positive alerts. Having established a security baseline with the gateway infrastructure, phase two of the project commenced. In spite of the diligent efforts of RMIT’s IT Executives, failings in service levels were still present. Implementing IPSec’s 24*7*365 security monitoring service, filtered and flagged important security alerts and provided a 15-minute response time for high severity issues. This reduced the staff workload and helped improve user satisfaction levels. Summary Incremental improvements in RMIT’s security posture have been achieved since their relationship with IPSec commenced. Firewall and IPS throughput depends on efficient rule-sets and by simply cleansing and streamlining these, noticeable network performance improvements have been delivered. Even a minor system change or hardware tweak can improve the security so vital in protecting the privacy of RMIT stakeholders. RMIT understood the business bene- fits of the managed services provided by IPSec but quickly learned how the skills and knowledge injection contributed to better overall security. The IT Department’s prestige and reputation within the University has risen because agreed service levels are consistently met. The IT Executive set simple expectations for the IPSec relation- ship: assist the RMIT team to provide reliable and uniform security levels that protected stakeholder’s privacy and the University’s in- tellectual property. A complex security environment has been tamed and a better outcome delivered thanks to RMIT’s partner- ship with IPSec. Services ■ Managed Security Service with industry leading 15 minute SLA ■ Firewall and IPS configuration and a granular rules audit ■ Network discovery and mapping ■ Strategic and Operational Consulting About Us IPSec specialise in protecting your information assets and mitigating security risks. Our team of highly skilled professionals design, implement, audit, and manage every aspect of your information security environment. By applying industry best practice to business processes, IPSec offer unrivalled service levels that protect your organisation and improves your overall security posture. “IPSec provided RMIT with an injection of skills in addition to improving our response time when dealing with a high-severity security event” Ben O’Neill Deputy Director - ICT Infrastructure Delivery RMIT University Photo Credit: ©-RMIT University