Marlabs offers an overview of the kind of threats facing technology today and explains the service offerings that will help ensure data security at all costs.
VSD Infotech (VSDi) is a technology services company specializing in Information Security Services and Networking solutions. We have been working with leaders in the Infrastructure management space, through a hybrid model combining technology and human expertise.
We offer a complete range of IT Services to our customers, focussing on delivery, technology and process excellence in providing top-notch infrastructure management and information security services.
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Marlabs offers an overview of the kind of threats facing technology today and explains the service offerings that will help ensure data security at all costs.
VSD Infotech (VSDi) is a technology services company specializing in Information Security Services and Networking solutions. We have been working with leaders in the Infrastructure management space, through a hybrid model combining technology and human expertise.
We offer a complete range of IT Services to our customers, focussing on delivery, technology and process excellence in providing top-notch infrastructure management and information security services.
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Improving Your Information Security ProgramSeccuris Inc.
Michael walks the audience through the key focus areas in the creation of information security dashboards and discuss topics such as: What about our Information Security Program is important?
How can I represent my Information Security Program in a dashboard? What elements of my program should I measure and report on? What must happen with the output?
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
Microsoft’s strategy is to deliver solutions that focus on what businesses need to operate and be successful:
(1) enabling employees, partners and customers to securely access the information, resources and applications they need to be productive.
(2) Freeing people’s time to focus on what’s important (reduce complexity, increase efficiency, etc.)
(3) Ability to adapt & change dynamically to changing threats, changing business environments/relationship, legal requirements, etc.
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...IBM Sverige
Presentation från IBM Smarter Business 2011. Spår: Hantera risk och säkerhet.
Accenture ger sin vision och sina råd på hur du skapar en IT-säkerhetsstrategi som leverarar värde snabbt men samtidgt håller ner kostnaderna och behåller fokuset på affärsmålen. Dessa råd kommer från år av Accentures global erfarenhet av IT-säkerhetsstrategier.
Talare: Peder Nordvaller & Alexandre Messo, Accenture.
Mer information på www.smarterbusiness.se
• Introduction to information security.
What is information security, threat, risks, vulnerabilities, basic terms and definition?
• Building blocks of information security strategy, policies and standards.
Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
• Actions, roles and responsibilities.
What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
By Vasil Tsvimitidze
The presentations should help security professionals create security architecture that supports business objectives, covers all areas of security technology, and allows for effective measurement of security value.
The presentation was given at BrighTalk
From reactive to automated reducing costs through mature security processes i...NetIQ
Addressing Human Vulnerabilities that Bedevil IT Security:
All systems are susceptible to the social engineering techniques that lie at the root of some or all the well publicized security incidents. But why can’t the industry do more to design out the human vulnerabilities that continue to bedevil even the best security systems?
It is important to understand that good security is ultimately a people issue and that while updating rules in technology to keep pace with threats is reasonably easy, changing human behaviour – and thus reducing the risks of social engineering – is much more difficult to do and maintain consistently.
Automated intelligence and control is the logical next step for how security management solutions solve problems in more complex, fast moving environments. The urgency to make business exception management and end-user policy management more fit for purpose is driven by how regulators are becoming more proactive and demanding.
Enterprise Security Architecture: From access to auditBob Rhubart
Paul Andres' presentation from OTN Architect Day in Pasadena, July 9, 2009.
Find an OTN Architect Day event near you: http://www.oracle.com/technology/architect/archday.html
Interact with Architect Day presenters and participants on Oracle Mix: https://mix.oracle.com/groups/15511
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
1000+ Apps are released on Google Play and Appstore every day!
The most popular ones are downloaded
75 000 times a day.
There are many success factors that must be met for your app to be successful and one of these are trust
Dedicated to furthering innovation through the rapid identification, integration and adoption of practical, standards-based cybersecurity solutions, the National Cybersecurity Center of Excellence (NCCoE) was established in 2012 through a partnership among National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County. NCCoE senior security engineer Jim McCarthy shares an overview on the center's energy sector use cases and their recent developments.
Improving Your Information Security ProgramSeccuris Inc.
Michael walks the audience through the key focus areas in the creation of information security dashboards and discuss topics such as: What about our Information Security Program is important?
How can I represent my Information Security Program in a dashboard? What elements of my program should I measure and report on? What must happen with the output?
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
Microsoft’s strategy is to deliver solutions that focus on what businesses need to operate and be successful:
(1) enabling employees, partners and customers to securely access the information, resources and applications they need to be productive.
(2) Freeing people’s time to focus on what’s important (reduce complexity, increase efficiency, etc.)
(3) Ability to adapt & change dynamically to changing threats, changing business environments/relationship, legal requirements, etc.
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...IBM Sverige
Presentation från IBM Smarter Business 2011. Spår: Hantera risk och säkerhet.
Accenture ger sin vision och sina råd på hur du skapar en IT-säkerhetsstrategi som leverarar värde snabbt men samtidgt håller ner kostnaderna och behåller fokuset på affärsmålen. Dessa råd kommer från år av Accentures global erfarenhet av IT-säkerhetsstrategier.
Talare: Peder Nordvaller & Alexandre Messo, Accenture.
Mer information på www.smarterbusiness.se
• Introduction to information security.
What is information security, threat, risks, vulnerabilities, basic terms and definition?
• Building blocks of information security strategy, policies and standards.
Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
• Actions, roles and responsibilities.
What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
By Vasil Tsvimitidze
The presentations should help security professionals create security architecture that supports business objectives, covers all areas of security technology, and allows for effective measurement of security value.
The presentation was given at BrighTalk
From reactive to automated reducing costs through mature security processes i...NetIQ
Addressing Human Vulnerabilities that Bedevil IT Security:
All systems are susceptible to the social engineering techniques that lie at the root of some or all the well publicized security incidents. But why can’t the industry do more to design out the human vulnerabilities that continue to bedevil even the best security systems?
It is important to understand that good security is ultimately a people issue and that while updating rules in technology to keep pace with threats is reasonably easy, changing human behaviour – and thus reducing the risks of social engineering – is much more difficult to do and maintain consistently.
Automated intelligence and control is the logical next step for how security management solutions solve problems in more complex, fast moving environments. The urgency to make business exception management and end-user policy management more fit for purpose is driven by how regulators are becoming more proactive and demanding.
Enterprise Security Architecture: From access to auditBob Rhubart
Paul Andres' presentation from OTN Architect Day in Pasadena, July 9, 2009.
Find an OTN Architect Day event near you: http://www.oracle.com/technology/architect/archday.html
Interact with Architect Day presenters and participants on Oracle Mix: https://mix.oracle.com/groups/15511
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
1000+ Apps are released on Google Play and Appstore every day!
The most popular ones are downloaded
75 000 times a day.
There are many success factors that must be met for your app to be successful and one of these are trust
Dedicated to furthering innovation through the rapid identification, integration and adoption of practical, standards-based cybersecurity solutions, the National Cybersecurity Center of Excellence (NCCoE) was established in 2012 through a partnership among National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County. NCCoE senior security engineer Jim McCarthy shares an overview on the center's energy sector use cases and their recent developments.
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Kenneth de Brucq
Businesses are finding great benefits from the Cloud, and are moving towards the next step: Providing a unified way of consuming Cloud resources for their different business lines, branches and departments to use Cloud resources in a simplified way. This session will describe how the creation of a Cloud Catalogue will provide better control and visibility for the use of Cloud within an enterprise and how, once Cloud is within the fabrics of many products and services from providers, Cloud Catalogue is being seen as the next frontier.
While C2M2 is not the love child of C3PO and R2D2 (sorry), the Cybersecurity Capability Maturity Model (C2M2) program under the U.S. Department of Energy's (DOE) Office of Electricity Delivery and Energy Reliability (OE) is helping to enhance the security and resilience of the United States’ critical infrastructure.
The Benefits of Security From a Managed Services ProviderCSI Solutions
Today’s technology users—both consumers and bankers—who don’t stay informed on the latest in security can open themselves and others to attack.
View this SlideShare to learn what to look for in a solid managed security provider and how it can benefit your financial institution.
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
As you move your IT Infrastructure into the cloud, how secure can you expect your applications to be? Join Alert Logic and Internap on this webcast for an enlightening discussion on the state of cloud security and how it impacts security management decisions, especially in the context of deploying infrastructure to hosted and cloud environments.
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
A challenge security professionals often face is ensuring security is aligned with the business strategy. Enterprise Security Architecture can solve that problem, but to do so you need a way to make it easy for the rest of IT to follow the security architecture. Security Patterns is one solution to that problem.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Elevating Tactical DDD Patterns Through Object Calisthenics
Sw keynote
1.
2. <Insert Picture Here>
Security Inside Out
Cost-Effective Security and Compliance
Steve Wainwright
Senior Director Information Security
UK, Ireland & Israel
3. More data than ever…
Growth
Doubles
Yearly
1,800 Exabytes
2006 2011
Source: IDC, 2008
Oracle Confidential
3
4. More breaches than ever…
Data Breach Once exposed, the data is out there – the bell can’t be un-rung
PUBLICLY REPORTED DATA BREACHES
400
300
630%
Increase
200
100
Total Personally
Identifying Information
Records Exposed 0
(Millions) 2005 2006 2007 2008
Average cost of a data breach $202 per record
Average total cost exceeds $6.6 million per breach
Source: DataLossDB, Ponemon Institute, 2009
Oracle Confidential
4
5. More threats than ever…
70% attacks originate inside the firewall
90% attacks perpetrated by employees with privileged access
Oracle Confidential
5
6. More regulations than ever…
• Federal, state, local,
industry…adding more
mandates every year!
• Need to meet AND demonstrate
compliance
• Compliance costs are
unsustainable
? Report and audit
90% Companies behind in compliance
Source: IT Policy Compliance Group, 2007.
7. Higher Costs Than Ever…
• User Management Costs
• User Productivity Costs
• Compliance &
Remediation Costs
• Security Breach
Remediation Costs $
It Adds Up
8. Market Overview: IT Security In 2009
Protecting the organization's information assets is the top
issue facing security programs: data security (90%) is most
often cited as an important or very important issue for IT
security organizations.
8
10. The Information World Has Changed
Organised crime Identity Theft
Online Fraud Terrorism
Insider Threats
Economic Climate
Regulatory Pressures
Phone, internet and mail order fraud is up 37% on 2006 to £290m in the UK
11. Business Drivers
Reasons for Investment in Security
• Cost reduction
• Compliance to regulations
• Improved customer experience
• Protect organisation for reputation
damage
• Increase agility and enter new markets
• Increase competitive advantage
• Improved efficiencies
• Make security transparent
• Improved collaborative working
Source: Security Café Workshop at InfoSec 2009
11
13. Security Framework
Domain Approach
Physical Security Control
Client Perimeter
and
Security Security
Management
Access Management
Infrastructure Security
Employee
Resources
Documents/Data
Applications/Processes
Customers
Resource Security
Partners
Security Standards and Policies
Process
Audit and Report
13
14. Security - Layered Defence
The need for a joined up approach
• Identity Administration
Access
• Access Enforcement
• Application/Process Security
Application
• Data Security
• Infrastructure Security
Data
• Physical Security
14
21. Security Framework
The value of this approach
Principles Benefits
• Ensure Principle of “Security First” • Creates agility to meet changing threat
• Built-in not Bolt-on Security landscapes and create new models
• Enforce controls • Leads to re-useable patterns
• Improved management • Provides joined up protection against
• Holistic not silo solutions data loss, fraud and theft
• Platform for agility and flexibility • Achieves greater compliance for lower
cost
• Creates better customer experience
• Builds “trusted” brand
21
22. Oracle Security Inside Out
Database Security
• Encryption and Masking
• Privileged User Controls
• Multi-Factor Authorization
• Activity Monitoring and Audit
• Secure Configuration
Identity Management
• User Provisioning
• Role Management
• Entitlements Management
Information • Risk-Based Access Control
Infrastructure • Virtual Directories
Databases Information Rights
Applications Management
Content • Centralized document access control
• Digital shredding
• Document Activity Monitoring and Audit
Oracle Confidential
22
23. Complete, Open, Integrated
Systems
• Engineered to work together
• Tested together
• Certified together
• Packaged together
• Deployed together
• Upgraded together
• Managed together
• Supported together
24. Together, We Will Spend $4.3 Billion In
R&D In Our First Full Fiscal Year
$4.3
R&D Spending
USD $Bs
$2.7 $2.8
$2.2
$1.9
$1.5
FY05 FY06 FY07 FY08 FY09 … FY11
25. Industry specific cover image
Telco X Identity Management Assessment
Oracle Insight Report - Issue 1.0
January 28th 2009
Rob McManus
Insight Programme Director, Technology Solutions & Channels
Jason Rees
Insight Programme Director, Technology Solutions & Channels
26. Oracle Recommendations – Flight Path
Governance User Management Access Management
& Architecture
Data
Increase
OpCo adoption Management
Implement new
Web Access Mgt
Increase number
of integrated
applications
IdM Service
Management
Virtual directory Authorisation &
technologies
Authentication
Management
Automation of Enterprise SSO
Standards for
Rules and application
Workflows integration Role Management
Principles and
Standards
Strong
Implement Authentication
New IdM
Replacement of Audit &
hardware tokens
Institute Reporting
Governanc
e Board
Automate
re-certification
and Attestation
Timescale 1-6 months 6-12 months Year 2
26
27. Prioritisation of IdM Capability Areas
“SECONDARY
“TARGETS”
TARGETS”
User Management
Audit & Reporting
High
Governance
Access Management
Primary Focus
Architecture
PRIORITY LEVEL
Medium
Secondary Focus
Authorisation Management
Authentication Management
“LONGER TERM”
Future Phases
Low
Performed Planned and Well Mature Industry
Locally Tracked Defined Leading
OPERATING PERFORMANCE
27
28. Investment in IdM Should Produce Strong Value for Telco X
Oracle Estimates an ROI of 410% based on Conservative Case,
Payback in 16 months
5 Year Net Present Value:
£12 million
£14,000,000
£12,329,802
£12,000,000
£10,000,000
Benefits Achieved
£8,654,465
£8,000,000
Total Costs
£6,000,000
£4,391,073
£4,000,000 Accumulated
discounted cash
flow (NPV)
£2,000,000
£1,174,242
£0
Year -£639,858
1 Year 2 Year 3 Year 4 Year 5
-£2,000,000
-£4,000,000
Source: Discovery workshops; data provided; Oracle analysis
Note: Implementation costs are very approximate at this early stage; discount rate used is 16%; costs do not include all relevant non-
Oracle items, e.g. internal Telco Ximplementation costs, hardware costs and training costs; benefits do not include productivity
gains
28 28
29. Benefits of Oracle’s Recommendation
Benefit Area/Driver Type FINANCIAL IMPACT
Conservative Pragmatic Aggressive
1a. Increase productivity of new hires Productivity £1,239,854 £1,859,781 £2,479,708
1b. Reduce Joiner Administrative effort for Line Managers Productivity £929,891 £1,859,781 £2,789,672
1c. Employee searches Productivity £290,591 £348,709 £406,827
1d. Fewer systems to update Productivity £1,210,795 £2,421,590 £3,632,385
2a. Reduction in Help Desk administration costs for account requests Headcount £1,832,727 £2,618,182 £3,403,636
2b. Incremental Productivity - reduced password reset calls to helpdesk Productivity £6,974,179 £11,623,632 £16,273,085
2c. Reduction in Help Desk Administration costs - Password Resets Headcount £1,846,154 £3,000,000 £3,692,308
3a. Reduction in Administrative Labour Costs for Certification Headcount £660,000 £1,100,000 £1,540,000
3b. Reduction in Attestation Review Effort Headcount £651,375 £1,085,625 £1,519,875
3c. Reduction in Audit Remediation Costs Headcount £250,000 £250,000 £250,000
3e. Replace Hardware Tokens Saving £120,000 £120,000 £120,000
4a. Cost of assisting staff present and past following loss of personal data Saving £337,500 £675,000 £1,012,500
4b. Fraud Avoidance and Reduction Saving £500,000 £500,000 £500,000
4c. Application development savings Saving £1,250,000 £3,000,000 £4,000,000
Total £18,093,066 £30,462,301 £41,619,997
Note 1: Potential annual benefits
Note 2: Based on Oracle experiences, analyst reports and information gained through interviews with Telco X
Note 3: Includes Productivity savings which have been removed from ROI calculation overleaf
29 29
We completed a number of interactive session at InfoSec this year, at Oracle Security Café Workshops. We found that the top 4 business drivers were:Cost reduction – providing in controls to reduce cost, example being secure consolidation of IT services and the ability to outsource in a controlled and trusted wayCompliance to regulations - Still a popular topic – we have had SOX, HIPPA and PCI DSS – what is next?Improved customer experience – allowing user to interact with the enterprise in a secure way, and build brand trustProtect organisation for reputation damage – How much is reputation worth to an organisation? Should orgnaisations be worried? – Well a study of US workers found that 59% of people made redundant would steal data, so in this economic climate….Improved efficienciesCollaborative workingIncrease agility and enter new marketsIncrease competitive advantage2 mins
Information is at the heart of anything we do.Security is part of all business, process, tecnology and information viewpoints . Risk Appetite and Assessments allows the organisation make decision how they want to approach security.But are also cultural and educational needs, and business governance help to bridge the gaps between business and security. Again remembering that technology is just part of the overall ability of an organisation to deliver the right security controls.2 min
Security Frameworks (or Architecture) provide a common chassis for the organisation. This is not a one size fits all approach, the framework can provide multiple baselines and solutions patterns. These patterns can be captured for re-use against the changing threat landscape and different business models i.e.: Managed Fraud ServicesResources Resources are all types of information, data, structured or unstructured – the data is the crown jewels. Ultimately everything that goes in front, process and application, access management is just a way to mediate access to resources.BUILD SLIDESAsk the question: What is the value of resource to the business? What is the associated risk appetite of the your organisation?Summarise:Oracle has been working in the security space pretty much since day 1. The very first Oracle customers were in the government space back in 19778 mins
Only as strong as the weakness linkWe must take a joined up and layered approach to our end to end security solutions and patterns.No point in having strong access enforcement if your identity administration (i.e.: recruitment and vetting) is weak. No point in having great application security, if a user or system can access the data directlyNo point in having strong access security if someone can enter a data centre and steal an un-encrypted disk from the server2 mins
Look at some of the examples where security has been a positive benefit;The government pensions department used to require 4 forms to be completed for pension enquiries, secure collaboration of information now allows enquiries to be resolved with a single phone call.Amazon have built such a strong brand that they could release Cloud services. Security is a huge part of that, stories in the press about lost credit cards etc would have damaged the brand to an extent where Cloud services might not be trusted. Taking this further Amazon have to be sure about the security of the Cloud itself so as not to damage existing customer perception from their traditional channels.Talk about the principles of security, then the benefits4 mins