SlideShare a Scribd company logo

The Security Ecosystem

A
Anthony Bertuzzi

Capabilities you need to prepare for the inevitable breach.

Technology
1 of 48
Download to read offline
CHANCES ARE YOU WILL BE BREACHED. It’s a matter of when and how bad. START
ARE YOU PREPARED? STOP
YOU CAN BE IF YOU... ARE ACCOUNTABLE TO THE BUSINESS PERFORM DUE DILIGENCE TURN DATA INTO ACTIONABLE INSIGHT
ACCOUNTABLE TO THE BUSINESS? YES, THROUGH STRATEGY. Relate your security efforts to your business – organizational objectives, industry context, compliance requirements, critical assets, business processes and risks you’re willing to take.
DUE DILIGENCE? YES, BY INVOLVING THE BUSINESS. Interview the people on the front lines of the business, the ones who own process. They know what business- critical data really is and what really has value. Ask them, “If someone were to come in and steal something from you, what would freak you out the most? What would have the most impact on YOUR line of business?”
DATA INTO ACTIONABLE INSIGHT? YES, YOU’LL BECOME MORE AWARE AND MAKE BETTER DECISIONS. When you get to the right data, you’ll have understanding and visibility. In other words, AWARENESS. When you take everything you know and learn, focus and prepare, you’ll have better control and the foundation for resiliency. In other words, INTELLIGENCE.
SO HOW DO YOU GET THERE? It’s not a destination, rather a constant iteration.iteration.
IT’S BUILDING CAPABILITIES. You don’t have to be a superstar in all of them. But you should be doing all of them. Capabilities Bu ild Pr epare Oper ate Resp ond
IT’S WORKING TOWARD DEFINED OUTCOMES — strategic, proactive, ongoing and restored security Capabilities Outcomes Bu ild Pr epare Oper ate Resp ond Str ategic Pro active Ongoi ng Resto red
BUILD: focus on strategy, compliance, policies, business context, technology controls and implementation. Capabilities Bu ild Resp ond
Capabilities Outcomes Bu ild Oper ate Str ategic IF YOU BUILD RIGHT, YOUR SECURITY WILL BE STRATEGIC compliant; policy driven; aligned with the business; having the right controls, from the right vendors, implemented properly
Capabilities PREPARE: gather constant insight, test and identify vulnerabilities. Bu ild Pr epare Str atata egic
Capabilities Outcomes Bu ild Pr epare Str atata egic Pro active IF YOU PREPARE RIGHT, YOUR SECURITY WILL BE PROACTIVE constant insight, testing and vulnerability identification
Capabilities Bu ild Pr e r e r parerer Oper ate Str atata egic Proror active OPERATE: focus on monitoring the process, health and analytics.
Capabilities Outcomes Bu ild Pr e r e r parerer Oper ate Str atata egic Proror active Ongoi ng IF YOU OPERATE RIGHT, YOUR SECURITY WILL BE ONGOING devices and analysis
Capabilities Bu ild Pr e r e r parerer Oper ate Resp ond Str atata egic Proror active Ongoi ng RESPOND: act quickly, with insight when events do occur.
Capabilities Outcomes Bu ild Pr e r e r parerer Oper ate Resp ond Str atata egic Proror active Ongoi ng Resto red IF YOU RESPOND RIGHT, YOUR SECURITY WILL BE RESTORED. And you’ll have the insight you need to pivot and adapt in the build, prepare and operate stages until you need to respond again.
THINK ABOUT THIS: if you have great operations, but your strategy is off, you’re probably going to fail to achieve business outcomes and protect critical assets.
YOU CAN HAVE AWESOME STRATEGY AND OPERATIONS, but without the ability to respond, you’ll probably kick yourself if something does happen.
ANY ONE WEAKNESS, IN ANY AREA, can impact your overall security.
FIND YOUR BALANCE, and you’ll find better outcomes.
WHY SHOULD I CARE? Glad you asked.
Bu ild Pr epare Oper ate Resp ond Str ategic Pro active Ongoi ng Resto red WHY SHOULD I CARE? Glad you asked. If your wheel (we like to call it an ecosystem) is in balance… Capabilities Outcomes
Bu ild Pr epare Oper ate Resp ond Str ategic Pro active Ongoi ng Resto red WHY SHOULD I CARE? Glad you asked. If your wheel (we like to call it an ecosystem) is in balance... …then you’re running a MATURE security practice. Capabilities Outcomes
WHAT’S THE VALUE OF MATURITY?
WHAT’S THE VALUE OF MATURITY? In security, a lot.
WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently
WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be more aware
WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be way more aware ■ That big, bad breach won’t seem so big and bad after all
WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be way more aware ■ That big, bad breach won’t seem so big and bad after all ■ You’ll constantly be getting better
WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be way more aware ■ That big, bad breach won’t seem so big and bad after all ■ You’ll constantly be getting better ■ You’ll have the info you need to change your strategy, how you operate and what you test for
WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be way more aware ■ That big, bad breach won’t seem so big and bad after all ■ You’ll constantly be getting better ■ You’ll have the info you need to change your strategy, how you operate and what you test for ■ And you’ll be kicking some benchmarking butt
GREAT, SO NOW WHAT DO I DO?
GREAT, SO NOW WHAT DO I DO? We’d thought you’d never ask.
CALL TELUS. NOT the phone guys. The security experts. Yes, the security experts. US.
We have really strong capabilities to help you build, prepare, operate and/or respond. JUST ASK IDC! IDC recognized TELUS as a leader in the managed security services market in Canada.
Don’t believe the phone guys are also the security pros? Check out what we offer. Stage Customer Responsibilities Security Services Outcomes Build Identify business need, determine risk tolerance, develop governance and management frameworks, build security roadmap, align budgets, develop strategy, determine resources, align tactical controls to business needs, identify required controls and associated capabilities, compare options, design security infrastructure/ architecture, deploy tactical controls. ■ Security Governance Review ■ Security Framework Optimization ■ Design and Architecture ■ Controlled Delivery Strategic Security – sound security investments, risk management, reasonable controls Prepare Monitor compliance with regulatory and internal standards, monitor policy framework, threat and vulnerability testing, demonstrate the evidence ■ Security exposure identification ■ Validation of existing controls ■ Recommendations for exposure resolution Proactive Security – the security that was built and that is operating is working as intended; insight to amend policies, procedures and controls to get to adequate and effective security Operate Program management, monitor activity, track incidents (trends and metrics), detect anomalies and malicious threats, counteract threats (technical or procedural controls), security status reporting (metrics). ■ Next Gen Firewalls ■ IPS ■ SIEM ■ Email & Web Security ■ Security Monitoring & IA ■ Program Management Ongoing Security -- auditable, repeatable, outcome-focused security that enables continuous improvement Respond Restore security, respond to cyber risk, remediate, perform retrospective, communications plan, revisit security strategy. ■ Forensic Investigation ■ Data analysis ■ Incident handling and recovery ■ Damage assessment Restored Security – back to business and more resilient, aware security
WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS.
WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS. Why? Because we have: track record (proven approaches and solutions); partnership (learn, fail and win with you); substance (all this great security stuff from ONE provider); specialists (recognized experts with specific focus).
WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS. Why? Because we have: track record (proven approaches and solutions); partnership (learn, fail and win with you); substance (all this great security stuff from ONE provider); specialists (recognized experts with specific focus). And most importantly: WE’VE BEEN THERE. We’ve been where you are, doing what you’re doing – we’ve faced the day-to-day realities of what we’re selling.
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared.
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist ■ It’s finding the gaps and filling them
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist ■ It’s finding the gaps and filling them ■ It’s partnering. It’s speaking the same language
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist ■ It’s finding the gaps and filling them ■ It’s partnering. It’s speaking the same language ■ It’s more than a sale. It’s making the right short-term decisions for the right long term outcomes
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist ■ It’s finding the gaps and filling them ■ It’s partnering. It’s speaking the same language ■ It’s more than a sale. It’s making the right short-term decisions for the right long term outcomes ■ It’s TELUS Security Solutions. One security provider. One focus. Making sure you’re prepared for the inevitable
Become more aware, resilient and prepared. Find out more at telus.com/talkssecurity

Recommended

Safestart Overview
Safestart OverviewSafestart Overview
Safestart OverviewKevin_Cobb
 
Work design work environment
Work design work environmentWork design work environment
Work design work environmentCurtin University, Perth, Australia
 
OSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatOSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatNETWAYS
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemPrabath Siriwardena
 
Agility at Emirates Airline
Agility at Emirates AirlineAgility at Emirates Airline
Agility at Emirates AirlineRasmus Runberg
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Dana Gardner
 
Taking Control Of Workplace Safety
Taking Control Of Workplace SafetyTaking Control Of Workplace Safety
Taking Control Of Workplace SafetyPhil La Duke
 

Recommended

Safestart Overview
Safestart OverviewSafestart Overview
Safestart OverviewKevin_Cobb
 
Work design work environment
Work design work environmentWork design work environment
Work design work environmentCurtin University, Perth, Australia
 
OSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatOSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatNETWAYS
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemPrabath Siriwardena
 
Agility at Emirates Airline
Agility at Emirates AirlineAgility at Emirates Airline
Agility at Emirates AirlineRasmus Runberg
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Dana Gardner
 
Taking Control Of Workplace Safety
Taking Control Of Workplace SafetyTaking Control Of Workplace Safety
Taking Control Of Workplace SafetyPhil La Duke
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Behavior Based Safety
Behavior Based Safety Behavior Based Safety
Behavior Based Safety Surendra Marchande
 
Taking Control Of Workplace Safety
Taking Control Of Workplace SafetyTaking Control Of Workplace Safety
Taking Control Of Workplace Safetyladukepc
 
1111.pptx
1111.pptx1111.pptx
1111.pptxmohamednawar21
 
step-observer-refresher-training.pptx
step-observer-refresher-training.pptxstep-observer-refresher-training.pptx
step-observer-refresher-training.pptxInnocent Bhaikwa
 
10 Things an Operations Supervisor can do Today to Improve Reliability
10 Things an Operations Supervisor can do Today to Improve Reliability10 Things an Operations Supervisor can do Today to Improve Reliability
10 Things an Operations Supervisor can do Today to Improve ReliabilityRicky Smith CMRP, CMRT
 
Moving Mountains Through Measurement
Moving Mountains Through MeasurementMoving Mountains Through Measurement
Moving Mountains Through MeasurementJack Nichelson
 
Safety Management System for Hotel Engineering Department.pptx
Safety Management System for Hotel Engineering Department.pptxSafety Management System for Hotel Engineering Department.pptx
Safety Management System for Hotel Engineering Department.pptxSivasubramaniam Subramanian
 
Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019Dave Cole
 
Operational Leadership and Critical Risk Management
Operational Leadership and Critical Risk ManagementOperational Leadership and Critical Risk Management
Operational Leadership and Critical Risk Managementmyosh team
 
Skill Pyramid
Skill Pyramid Skill Pyramid
Skill Pyramid Ted Brauch
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStéphane Nappo
 
Risk or Opportunity – There are 2 Sides to Every Coin
Risk or Opportunity – There are 2 Sides to Every CoinRisk or Opportunity – There are 2 Sides to Every Coin
Risk or Opportunity – There are 2 Sides to Every CoinPECB
 
KE-International seminar
KE-International seminarKE-International seminar
KE-International seminarKestutis (Kasey) Eidukonis
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docxchristiandean12115
 
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Dana Gardner
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to GoResolver Inc.
 
behavior based safety
behavior based safetybehavior based safety
behavior based safetyAhmed Mohammed Alhntoshi
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

More Related Content

Similar to The Security Ecosystem

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Taking Control Of Workplace Safety
Taking Control Of Workplace SafetyTaking Control Of Workplace Safety
Taking Control Of Workplace Safetyladukepc
 
step-observer-refresher-training.pptx
step-observer-refresher-training.pptxstep-observer-refresher-training.pptx
step-observer-refresher-training.pptxInnocent Bhaikwa
 
10 Things an Operations Supervisor can do Today to Improve Reliability
10 Things an Operations Supervisor can do Today to Improve Reliability10 Things an Operations Supervisor can do Today to Improve Reliability
10 Things an Operations Supervisor can do Today to Improve ReliabilityRicky Smith CMRP, CMRT
 
Moving Mountains Through Measurement
Moving Mountains Through MeasurementMoving Mountains Through Measurement
Moving Mountains Through MeasurementJack Nichelson
 
Safety Management System for Hotel Engineering Department.pptx
Safety Management System for Hotel Engineering Department.pptxSafety Management System for Hotel Engineering Department.pptx
Safety Management System for Hotel Engineering Department.pptxSivasubramaniam Subramanian
 
Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019Dave Cole
 
Operational Leadership and Critical Risk Management
Operational Leadership and Critical Risk ManagementOperational Leadership and Critical Risk Management
Operational Leadership and Critical Risk Managementmyosh team
 
Skill Pyramid
Skill Pyramid Skill Pyramid
Skill Pyramid Ted Brauch
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStéphane Nappo
 
Risk or Opportunity – There are 2 Sides to Every Coin
Risk or Opportunity – There are 2 Sides to Every CoinRisk or Opportunity – There are 2 Sides to Every Coin
Risk or Opportunity – There are 2 Sides to Every CoinPECB
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docxchristiandean12115
 
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Dana Gardner
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to GoResolver Inc.
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 

Similar to The Security Ecosystem (20)

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
Behavior Based Safety
Behavior Based Safety Behavior Based Safety
Behavior Based Safety
 
Taking Control Of Workplace Safety
Taking Control Of Workplace SafetyTaking Control Of Workplace Safety
Taking Control Of Workplace Safety
 
1111.pptx
1111.pptx1111.pptx
1111.pptx
 
step-observer-refresher-training.pptx
step-observer-refresher-training.pptxstep-observer-refresher-training.pptx
step-observer-refresher-training.pptx
 
10 Things an Operations Supervisor can do Today to Improve Reliability
10 Things an Operations Supervisor can do Today to Improve Reliability10 Things an Operations Supervisor can do Today to Improve Reliability
10 Things an Operations Supervisor can do Today to Improve Reliability
 
Moving Mountains Through Measurement
Moving Mountains Through MeasurementMoving Mountains Through Measurement
Moving Mountains Through Measurement
 
Safety Management System for Hotel Engineering Department.pptx
Safety Management System for Hotel Engineering Department.pptxSafety Management System for Hotel Engineering Department.pptx
Safety Management System for Hotel Engineering Department.pptx
 
Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019
 
Operational Leadership and Critical Risk Management
Operational Leadership and Critical Risk ManagementOperational Leadership and Critical Risk Management
Operational Leadership and Critical Risk Management
 
Skill Pyramid
Skill Pyramid Skill Pyramid
Skill Pyramid
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
 
Risk or Opportunity – There are 2 Sides to Every Coin
Risk or Opportunity – There are 2 Sides to Every CoinRisk or Opportunity – There are 2 Sides to Every Coin
Risk or Opportunity – There are 2 Sides to Every Coin
 
KE-International seminar
KE-International seminarKE-International seminar
KE-International seminar
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx
 
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to Go
 
behavior based safety
behavior based safetybehavior based safety
behavior based safety
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

The Security Ecosystem

  • 1. CHANCES ARE YOU WILL BE BREACHED. It’s a matter of when and how bad. START
  • 3. YOU CAN BE IF YOU... ARE ACCOUNTABLE TO THE BUSINESS PERFORM DUE DILIGENCE TURN DATA INTO ACTIONABLE INSIGHT
  • 4. ACCOUNTABLE TO THE BUSINESS? YES, THROUGH STRATEGY. Relate your security efforts to your business – organizational objectives, industry context, compliance requirements, critical assets, business processes and risks you’re willing to take.
  • 5. DUE DILIGENCE? YES, BY INVOLVING THE BUSINESS. Interview the people on the front lines of the business, the ones who own process. They know what business- critical data really is and what really has value. Ask them, “If someone were to come in and steal something from you, what would freak you out the most? What would have the most impact on YOUR line of business?”
  • 6. DATA INTO ACTIONABLE INSIGHT? YES, YOU’LL BECOME MORE AWARE AND MAKE BETTER DECISIONS. When you get to the right data, you’ll have understanding and visibility. In other words, AWARENESS. When you take everything you know and learn, focus and prepare, you’ll have better control and the foundation for resiliency. In other words, INTELLIGENCE.
  • 7. SO HOW DO YOU GET THERE? It’s not a destination, rather a constant iteration.iteration.
  • 8. IT’S BUILDING CAPABILITIES. You don’t have to be a superstar in all of them. But you should be doing all of them. Capabilities Bu ild Pr epare Oper ate Resp ond
  • 9. IT’S WORKING TOWARD DEFINED OUTCOMES — strategic, proactive, ongoing and restored security Capabilities Outcomes Bu ild Pr epare Oper ate Resp ond Str ategic Pro active Ongoi ng Resto red
  • 10. BUILD: focus on strategy, compliance, policies, business context, technology controls and implementation. Capabilities Bu ild Resp ond
  • 11. Capabilities Outcomes Bu ild Oper ate Str ategic IF YOU BUILD RIGHT, YOUR SECURITY WILL BE STRATEGIC compliant; policy driven; aligned with the business; having the right controls, from the right vendors, implemented properly
  • 12. Capabilities PREPARE: gather constant insight, test and identify vulnerabilities. Bu ild Pr epare Str atata egic
  • 13. Capabilities Outcomes Bu ild Pr epare Str atata egic Pro active IF YOU PREPARE RIGHT, YOUR SECURITY WILL BE PROACTIVE constant insight, testing and vulnerability identification
  • 15. Capabilities Outcomes Bu ild Pr e r e r parerer Oper ate Str atata egic Proror active Ongoi ng IF YOU OPERATE RIGHT, YOUR SECURITY WILL BE ONGOING devices and analysis
  • 17. Capabilities Outcomes Bu ild Pr e r e r parerer Oper ate Resp ond Str atata egic Proror active Ongoi ng Resto red IF YOU RESPOND RIGHT, YOUR SECURITY WILL BE RESTORED. And you’ll have the insight you need to pivot and adapt in the build, prepare and operate stages until you need to respond again.
  • 18. THINK ABOUT THIS: if you have great operations, but your strategy is off, you’re probably going to fail to achieve business outcomes and protect critical assets.
  • 19. YOU CAN HAVE AWESOME STRATEGY AND OPERATIONS, but without the ability to respond, you’ll probably kick yourself if something does happen.
  • 20. ANY ONE WEAKNESS, IN ANY AREA, can impact your overall security.
  • 21. FIND YOUR BALANCE, and you’ll find better outcomes.
  • 22. WHY SHOULD I CARE? Glad you asked.
  • 23. Bu ild Pr epare Oper ate Resp ond Str ategic Pro active Ongoi ng Resto red WHY SHOULD I CARE? Glad you asked. If your wheel (we like to call it an ecosystem) is in balance… Capabilities Outcomes
  • 24. Bu ild Pr epare Oper ate Resp ond Str ategic Pro active Ongoi ng Resto red WHY SHOULD I CARE? Glad you asked. If your wheel (we like to call it an ecosystem) is in balance... …then you’re running a MATURE security practice. Capabilities Outcomes
  • 26. WHAT’S THE VALUE OF MATURITY? In security, a lot.
  • 27. WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently
  • 28. WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be more aware
  • 29. WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be way more aware ■ That big, bad breach won’t seem so big and bad after all
  • 30. WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be way more aware ■ That big, bad breach won’t seem so big and bad after all ■ You’ll constantly be getting better
  • 31. WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be way more aware ■ That big, bad breach won’t seem so big and bad after all ■ You’ll constantly be getting better ■ You’ll have the info you need to change your strategy, how you operate and what you test for
  • 32. WHAT’S THE VALUE OF MATURITY? In security, a lot. ■ You’ll be realizing business outcomes more consistently ■ You’ll be way more aware ■ That big, bad breach won’t seem so big and bad after all ■ You’ll constantly be getting better ■ You’ll have the info you need to change your strategy, how you operate and what you test for ■ And you’ll be kicking some benchmarking butt
  • 33. GREAT, SO NOW WHAT DO I DO?
  • 34. GREAT, SO NOW WHAT DO I DO? We’d thought you’d never ask.
  • 35. CALL TELUS. NOT the phone guys. The security experts. Yes, the security experts. US.
  • 36. We have really strong capabilities to help you build, prepare, operate and/or respond. JUST ASK IDC! IDC recognized TELUS as a leader in the managed security services market in Canada.
  • 37. Don’t believe the phone guys are also the security pros? Check out what we offer. Stage Customer Responsibilities Security Services Outcomes Build Identify business need, determine risk tolerance, develop governance and management frameworks, build security roadmap, align budgets, develop strategy, determine resources, align tactical controls to business needs, identify required controls and associated capabilities, compare options, design security infrastructure/ architecture, deploy tactical controls. ■ Security Governance Review ■ Security Framework Optimization ■ Design and Architecture ■ Controlled Delivery Strategic Security – sound security investments, risk management, reasonable controls Prepare Monitor compliance with regulatory and internal standards, monitor policy framework, threat and vulnerability testing, demonstrate the evidence ■ Security exposure identification ■ Validation of existing controls ■ Recommendations for exposure resolution Proactive Security – the security that was built and that is operating is working as intended; insight to amend policies, procedures and controls to get to adequate and effective security Operate Program management, monitor activity, track incidents (trends and metrics), detect anomalies and malicious threats, counteract threats (technical or procedural controls), security status reporting (metrics). ■ Next Gen Firewalls ■ IPS ■ SIEM ■ Email & Web Security ■ Security Monitoring & IA ■ Program Management Ongoing Security -- auditable, repeatable, outcome-focused security that enables continuous improvement Respond Restore security, respond to cyber risk, remediate, perform retrospective, communications plan, revisit security strategy. ■ Forensic Investigation ■ Data analysis ■ Incident handling and recovery ■ Damage assessment Restored Security – back to business and more resilient, aware security
  • 38. WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS.
  • 39. WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS. Why? Because we have: track record (proven approaches and solutions); partnership (learn, fail and win with you); substance (all this great security stuff from ONE provider); specialists (recognized experts with specific focus).
  • 40. WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS. Why? Because we have: track record (proven approaches and solutions); partnership (learn, fail and win with you); substance (all this great security stuff from ONE provider); specialists (recognized experts with specific focus). And most importantly: WE’VE BEEN THERE. We’ve been where you are, doing what you’re doing – we’ve faced the day-to-day realities of what we’re selling.
  • 41. SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared.
  • 42. SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service
  • 43. SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist
  • 44. SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist ■ It’s finding the gaps and filling them
  • 45. SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist ■ It’s finding the gaps and filling them ■ It’s partnering. It’s speaking the same language
  • 46. SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist ■ It’s finding the gaps and filling them ■ It’s partnering. It’s speaking the same language ■ It’s more than a sale. It’s making the right short-term decisions for the right long term outcomes
  • 47. SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE. We can help to guide your journey. To be aware. To be intelligent. To be resilient. To be prepared. ■ It’s more than a product or a service ■ It’s more specialist than generalist ■ It’s finding the gaps and filling them ■ It’s partnering. It’s speaking the same language ■ It’s more than a sale. It’s making the right short-term decisions for the right long term outcomes ■ It’s TELUS Security Solutions. One security provider. One focus. Making sure you’re prepared for the inevitable
  • 48. Become more aware, resilient and prepared. Find out more at telus.com/talkssecurity