SlideShare a Scribd company logo

Tom McCann - Sopra

Socitm
Socitm
BusinessTechnology
1 of 26
Download to read offline
Navigating a safe course to better information assurance Enabling Your Business TALENTED TOGETHER SOCITM Conference Oct 2009 1
Agenda 1 1 Introduction Introduction 2 2 Context Context 3 3 Government perspective Government perspective 4 4 Assistance available Assistance available 5 5 Point of view Point of view SOCITM Conference Oct 2009 2
Wrecks – A brief history of non-protection Government, healthcare and education sectors accounted for 60% of data breaches and 60% of identities exposed* *Symantec ISTR vol. XIII, Apr 2008 SOCITM Conference Oct 2009 33
Data Protection Reported DPA breaches 578 since Nov 07 Private sector 172 NHS 162 Local Government 69 Central Government 56 “No organisation handling information can guarantee it will never experience losses. But people have a right to expect that their public services achieve and maintain high standards in this important area. Those involved in delivering those public services must work harder and be more effective to meet and exceed those expectations.” (Sir Gus O’Donnell) SOCITM Conference Oct 2009 4
So what? SOCITM Conference Oct 2009 5
Personal data is now pervasive Network End Point Application DB/FS Storage Enterprise App Database Disk Storage WAN Web Servers Core App Database Disk Storage Backup Tape Custom App Replicated Disk Storage Other sites Database Backup & Partners Exchange Disk Storage Internet Server Backup Disk File Server Disk Storage Backup Portals SOCITM Conference Oct 2009 6
Major threat areas X High Risk Risk Medium Risk Low Risk Network End Point Application DB/FS Storage 3 8 4 Packets sniffed Privileged User Privileged User in transit Breach Breach DBA/FSA 1 5 Database Disk Storage Media lost or Enterprise App WAN Database/File stolen Server Hack Web Servers Core App Database Disk Storage 13 Trojans / Key 9 9 Loggers Application Application Backup Hack Hack Tape Replicated Disk Storage Custom App Other sites Database Backup & Partners 2 6 Disks stolen or (Semi) Trusted discarded media User Misuse exploited Exchange Disk Storage Internet Server Backup 10 Disk (Semi) 14 Trusted User 3 Unintentional Misuse Packets sniffed File Server Disk Storage Distribution in transit 12 Physical theft of media or lost Backup media exploited Internal Portals 7 Unintentional 15 11 Distribution Public Infrastructure Unintentional Access Hack Distribution SOCITM Conference Oct 2009 7
World Economic Forum 2009 SOCITM Conference Oct 2009 8
PCI DSS Requirements for Key Focus Areas for PCI Compliance Compliance Build & Maintain a Secure Network Protect Cardholder Data Information Security Network Maintain a Policies Security Vulnerability Management Program PCI PCI Remediation Encryption Remediation Implement Strong Strategy Strategy Logging Key Management Log Review Access Control Access Control Measures & Management Maintain an Information File Integrity Security Policy Monitoring Regularly Monitor Vulnerability & Test Networks Management SOCITM Conference Oct 2009 9
Real risk of compliance fatigue Increasing stakeholder Citizens Council Central LGA demands Gov’t + Expanding risk & Internal External Corporate Finance Legal Risk control oversight Audit Audit ServicesICO functions + Changing law, policy & directives Policy Privacy BCP InfoSec Op’ Risk = Business fatigue Lack of co-ordination Duplicate effort Risks falling between the cracks Competition for ICT attention SOCITM Conference Oct 2009 10
IA challenges facing Public Sector Government Agenda Shared services v’s privacy v’s efficiency Citizen centric – more online services Global development Citizen expectations Growing threats to UK Plc Expanding compliance requirements New CIA – Convenience / Interoperability / Affordability SOCITM Conference Oct 2009 11
Reviews Conducted Government Reviews Government Reviews Data Handling Report Data Handling Report HMRC – Poynter Review (Kieran Poynter PWC) June 2008 Security Policy F/Work Security Policy F/Work MOD – Burton Review (Sir Edmund Burton) June 2008 New Guidance New Guidance Data Handling Review IA Maturity Model IA Maturity Model (Sir Gus O’Donnell) June 2008 Looking Forward Looking Forward Data Sharing Review (Richard Thomas & Dr Mark Walport) July 2008 SOCITM Conference Oct 2009 12
Reefs and rocks – where things go wrong Cost reduction pressures Competing business priorities now v’s secure Failing to effectively risk manage 3rd parties outsourcing … development … hosting … testing New initiatives cloud computing … offshore … Mobility remote working … mobile computing (32GB of data on a mobile phone..) Compliance fatigue SOCITM Conference Oct 2009 13
Data Handling Report Government Reviews Government Reviews Data Handling Report Data Handling Report Key DHR Recommendations Core measures to protect personal data Security Policy F/Work Security Policy F/Work and other information across Government; New Guidance New Guidance A culture that properly values, protects and uses information; IA Maturity Model IA Maturity Model Stronger accountability mechanisms; and Looking Forward Looking Forward Stronger scrutiny of performance. SOCITM Conference Oct 2009 14
Charts to help you Government Reviews Government Reviews Replaced Manual of Protective Security (MPS) Data Handling Report Data Handling Report Collective responsibility to protect assets Must be able to share information Must have confidence in people Security Policy F/Work Security Policy F/Work Business resilience Mandated Protective Security Policy New Guidance New Guidance For HMG Departments and their Agencies Includes IA Policy 70 Mandatory requirements IA Maturity Model IA Maturity Model 4 Tiers Tiers 1-3 Not Protectively Marked Looking Forward Looking Forward Available to public & WIAC via CSIA Tier 4 – Restricted Available through accredited route New ICO Powers Monetary Penalties Assessment Notices (without permission) New EU e-privacy legislation will drive ‘Breach Notification’ requirement (2-3 years) SOCITM Conference Oct 2009 15
The High Level View Cyber Security Strategy of the UK National Information Assurance Strategy (NIAS) Security Policy Framework (SPF) Data Protection Act 70 Minimum Mandatory Measures Information Act Freedom of Information Assurance Maturity Model (IAMM) HMG IA Standard No. 6 Accreditation Data Handling Review Guidelines CoCo’s Other Legal / Compliance Requirements (PCI, RIPA, etc) SOCITM Conference Oct 2009 16
Some new lighthouses Government Reviews Government Reviews Local Authority Data Handling Guidelines Data Handling Report Data Handling Report Data Handling (NHS) Enhanced Governance Security Policy F/Work Govt level – IADG / IAOB Security Policy F/Work Locally – SIRO / Data ownership Improved professionalism - IISP New Guidance New Guidance IA Good Practice Guides Currently 15 Outsourcing Data Aggregation IA Maturity Model IA Maturity Model Laptops Remote working Secure bulk data transfers Looking Forward Looking Forward IA Standards Existing standards reviewed New risk assessment methodology New Standards (IAS 6) SOCITM Conference Oct 2009 17
Protecting personal data HMG IA Standard No.6 - Protecting Personal Data and Managing Information Risk Outlines minimum measures MUST be implemented by Departments & Agencies bound by the SPF. Key Principles Departments and delivery partners must protect personal data Sensitive personal information must be handled in accordance with specific measures Those with access to sensitive personal data must have appropriate training. SOCITM Conference Oct 2009 18
Government model for IA “The pressure is to deliver quicker, but the advantage will be on those who can build in assurance” (Sir E. Burton) EXTRINSIC INTRINSIC Evaluate Solutions Design in IA Determine Residual Risk OPERATIONAL IMPLEMENTATION Ongoing IA Management Build in IA SOCITM Conference Oct 2009 19
IA Maturity Model (IAMM) Government Reviews Government Reviews IAMM and IA Assessment Framework Published Data Handling Report Data Handling Report in Sept 2008 to assist Senior Information Risk Owners (SIROs) develop IA maturity within their Departments Security Policy F/Work Security Policy F/Work Will assist boards to report improvements in their IA and IRM in their annual reports to Cabinet New Guidance New Guidance Office. Incorporates SPF and DHR requirements and is IA Maturity Model IA Maturity Model aligned to ISO 27001. Looking Forward Looking Forward Departments will need to provide evidence of IA maturity in their Agencies, NDPBs and delivery partners 5 levels – Initial (1) to Optimised (5) Self-assessment and supported self-assessment SOCITM Conference Oct 2009 20
On the horizon Government Reviews Government Reviews NIAS Delivery Data Handling Report Data Handling Report Continued focus on DH (>ICO powers) Security Policy F/Work Security Policy F/Work Increased focus on Training Audit New Guidance Benchmarking New Guidance WIAC adoption DH guidelines IA Maturity Model IA Maturity Model SPF Governance measures Looking Forward Looking Forward Delivery Partner scrutiny Partner with Industry Initiative (PWI) Government Cyber security strategy PCI incorporated into policy SOCITM Conference Oct 2009 21
Safety equipment Education, education, education! Through-life assurance approach build security in & prove it Risk management advice CESG CLAS scheme Ensure 3rd parties know what they need to do & do it! flowdown of any CoCo requirements Technology solutions encryption, DLP, etc Proven ability to react in the event of an incident forensics readiness Ongoing technical assurance CESG CHECK scheme SOCITM Conference Oct 2009 22
Prove that your security is effective Penetration Test (s) (Annual /bi-annual/quarterly) (including CHECK) External Network Mapping Vulnerability Scanning Service of external network Monthly reports Workshops with Security Consultants SOCITM Conference Oct 2009 23
Point of view The recent global events around data loss has been cause for significant reflection as to the effectiveness of information risk management & compliance globally – expect more ‘regulation’ The pace of change in UK Government in particular has been unprecedented – the assurance elements have yet to mature Quality and clarity of guidance available in the UK is unlike any other country globally It is possible to implement an information centric security assurance strategy which reduces compliance cost and minimises duplication of effort Effective information assurance supported by sound governance is key to not repeating the mistakes of the past SOCITM Conference Oct 2009 24 24
A final word from the Information Commissioner … The blunt truth is that all organisations need to take the protection of customer data with the utmost seriousness. I have made it clear publicly on several occasions over the past year that organisations holding individuals’ data must in particular take steps to ensure that it is adequately protected from loss or theft. … Getting data protection wrong can bring commercial reputational, regulatory and legal penalties. Getting it right brings rewards in terms of customer trust and confidence. … Richard Thomas April 2008 SOCITM Conference Oct 2009 25
Questions …? SOCITM Conference Oct 2009 26

Recommended

Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
How can maximize your storage capabilities by using IBM backup & restore solu...
How can maximize your storage capabilities by using IBM backup & restore solu...How can maximize your storage capabilities by using IBM backup & restore solu...
How can maximize your storage capabilities by using IBM backup & restore solu...Agora Group
 
Deduplication and single instance storage
Deduplication and single instance storageDeduplication and single instance storage
Deduplication and single instance storageInterop
 
Microsoft+ +bc-dr+-+28apr2010
Microsoft+ +bc-dr+-+28apr2010Microsoft+ +bc-dr+-+28apr2010
Microsoft+ +bc-dr+-+28apr2010Agora Group
 
Positioning XAM for the Cloud
Positioning XAM for the CloudPositioning XAM for the Cloud
Positioning XAM for the CloudMark Carlson
 
Trusted Edge - Information Governance
Trusted Edge - Information GovernanceTrusted Edge - Information Governance
Trusted Edge - Information Governancejfxm3671
 
IT FUTURE 2011 - Symantec
IT FUTURE 2011 - SymantecIT FUTURE 2011 - Symantec
IT FUTURE 2011 - SymantecFujitsu France
 
Xo Managed Backup Customer Presentation
Xo Managed Backup Customer PresentationXo Managed Backup Customer Presentation
Xo Managed Backup Customer PresentationSimonZXu
 

Recommended

Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
How can maximize your storage capabilities by using IBM backup & restore solu...
How can maximize your storage capabilities by using IBM backup & restore solu...How can maximize your storage capabilities by using IBM backup & restore solu...
How can maximize your storage capabilities by using IBM backup & restore solu...Agora Group
 
Deduplication and single instance storage
Deduplication and single instance storageDeduplication and single instance storage
Deduplication and single instance storageInterop
 
Microsoft+ +bc-dr+-+28apr2010
Microsoft+ +bc-dr+-+28apr2010Microsoft+ +bc-dr+-+28apr2010
Microsoft+ +bc-dr+-+28apr2010Agora Group
 
Positioning XAM for the Cloud
Positioning XAM for the CloudPositioning XAM for the Cloud
Positioning XAM for the CloudMark Carlson
 
Trusted Edge - Information Governance
Trusted Edge - Information GovernanceTrusted Edge - Information Governance
Trusted Edge - Information Governancejfxm3671
 
IT FUTURE 2011 - Symantec
IT FUTURE 2011 - SymantecIT FUTURE 2011 - Symantec
IT FUTURE 2011 - SymantecFujitsu France
 
Xo Managed Backup Customer Presentation
Xo Managed Backup Customer PresentationXo Managed Backup Customer Presentation
Xo Managed Backup Customer PresentationSimonZXu
 
Taneja Group on ProtecTIER's IP Native Replication
Taneja Group on ProtecTIER's IP Native ReplicationTaneja Group on ProtecTIER's IP Native Replication
Taneja Group on ProtecTIER's IP Native ReplicationIBM India Smarter Computing
 
Transform Microsoft Application Environment With EMC Information Infrastructure
Transform Microsoft Application Environment With EMC Information InfrastructureTransform Microsoft Application Environment With EMC Information Infrastructure
Transform Microsoft Application Environment With EMC Information InfrastructureEMC Forum India
 
Skadoit Brochure
Skadoit BrochureSkadoit Brochure
Skadoit Brochuretomrufe
 
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...Lumension
 
Introduction of file based workflows 111004 vfinal
Introduction of file based workflows 111004 vfinalIntroduction of file based workflows 111004 vfinal
Introduction of file based workflows 111004 vfinalMarie Josée (MJ) Drouin
 
Securing Your Endpoints Using Novell ZENworks Endpoint Security Management
Securing Your Endpoints Using Novell ZENworks Endpoint Security ManagementSecuring Your Endpoints Using Novell ZENworks Endpoint Security Management
Securing Your Endpoints Using Novell ZENworks Endpoint Security ManagementNovell
 
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...EMC Forum India
 
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceMS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceSpiffy
 
EMC Forum India 2011, Day 2 - Welcome Note by Manoj Chugh
EMC Forum India 2011, Day 2 - Welcome Note by Manoj ChughEMC Forum India 2011, Day 2 - Welcome Note by Manoj Chugh
EMC Forum India 2011, Day 2 - Welcome Note by Manoj ChughEMC Forum India
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profileMetasoftSolutionsPvtLtd
 
Business Driven Security Securing the Smarter Planet pcty_020710_rev
Business Driven Security Securing the Smarter Planet pcty_020710_revBusiness Driven Security Securing the Smarter Planet pcty_020710_rev
Business Driven Security Securing the Smarter Planet pcty_020710_revShanker Sareen
 
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure to Enable Data Analysis CollaborationThe Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure to Enable Data Analysis CollaborationCybera Inc.
 
Microsoft India - Leighton Case Study
Microsoft India - Leighton Case StudyMicrosoft India - Leighton Case Study
Microsoft India - Leighton Case StudyMicrosoft Private Cloud
 
Maximizing Security Training ROI
Maximizing Security Training ROIMaximizing Security Training ROI
Maximizing Security Training ROISymosis Security (Previously C-Level Security)
 
Dell - Storage 12sept2012
Dell - Storage 12sept2012Dell - Storage 12sept2012
Dell - Storage 12sept2012Agora Group
 
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy BurtonVMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy BurtonEMCTechMktg
 
Adding intelligence to your dcim solution rf code
Adding intelligence to your dcim solution rf codeAdding intelligence to your dcim solution rf code
Adding intelligence to your dcim solution rf codeAFCOM
 
Veritas Storage Foundation
Veritas Storage FoundationVeritas Storage Foundation
Veritas Storage FoundationSymantec
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Agora Group
 
Joe baguley cloudcamp london intro 24.10.12
Joe baguley cloudcamp london intro 24.10.12Joe baguley cloudcamp london intro 24.10.12
Joe baguley cloudcamp london intro 24.10.12Chris Purrington
 
CloudCamp London #17 Intro
CloudCamp London #17 IntroCloudCamp London #17 Intro
CloudCamp London #17 IntroJoe Baguley
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Eventintellectsecurity
 

More Related Content

What's hot

Taneja Group on ProtecTIER's IP Native Replication
Taneja Group on ProtecTIER's IP Native ReplicationTaneja Group on ProtecTIER's IP Native Replication
Taneja Group on ProtecTIER's IP Native ReplicationIBM India Smarter Computing
 
Transform Microsoft Application Environment With EMC Information Infrastructure
Transform Microsoft Application Environment With EMC Information InfrastructureTransform Microsoft Application Environment With EMC Information Infrastructure
Transform Microsoft Application Environment With EMC Information InfrastructureEMC Forum India
 
Skadoit Brochure
Skadoit BrochureSkadoit Brochure
Skadoit Brochuretomrufe
 
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...Lumension
 
Introduction of file based workflows 111004 vfinal
Introduction of file based workflows 111004 vfinalIntroduction of file based workflows 111004 vfinal
Introduction of file based workflows 111004 vfinalMarie Josée (MJ) Drouin
 
Securing Your Endpoints Using Novell ZENworks Endpoint Security Management
Securing Your Endpoints Using Novell ZENworks Endpoint Security ManagementSecuring Your Endpoints Using Novell ZENworks Endpoint Security Management
Securing Your Endpoints Using Novell ZENworks Endpoint Security ManagementNovell
 
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...EMC Forum India
 
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceMS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceSpiffy
 
EMC Forum India 2011, Day 2 - Welcome Note by Manoj Chugh
EMC Forum India 2011, Day 2 - Welcome Note by Manoj ChughEMC Forum India 2011, Day 2 - Welcome Note by Manoj Chugh
EMC Forum India 2011, Day 2 - Welcome Note by Manoj ChughEMC Forum India
 
Business Driven Security Securing the Smarter Planet pcty_020710_rev
Business Driven Security Securing the Smarter Planet pcty_020710_revBusiness Driven Security Securing the Smarter Planet pcty_020710_rev
Business Driven Security Securing the Smarter Planet pcty_020710_revShanker Sareen
 
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure to Enable Data Analysis CollaborationThe Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure to Enable Data Analysis CollaborationCybera Inc.
 
Dell - Storage 12sept2012
Dell - Storage 12sept2012Dell - Storage 12sept2012
Dell - Storage 12sept2012Agora Group
 
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy BurtonVMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy BurtonEMCTechMktg
 
Adding intelligence to your dcim solution rf code
Adding intelligence to your dcim solution rf codeAdding intelligence to your dcim solution rf code
Adding intelligence to your dcim solution rf codeAFCOM
 
Veritas Storage Foundation
Veritas Storage FoundationVeritas Storage Foundation
Veritas Storage FoundationSymantec
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Agora Group
 

What's hot (19)

Taneja Group on ProtecTIER's IP Native Replication
Taneja Group on ProtecTIER's IP Native ReplicationTaneja Group on ProtecTIER's IP Native Replication
Taneja Group on ProtecTIER's IP Native Replication
 
Transform Microsoft Application Environment With EMC Information Infrastructure
Transform Microsoft Application Environment With EMC Information InfrastructureTransform Microsoft Application Environment With EMC Information Infrastructure
Transform Microsoft Application Environment With EMC Information Infrastructure
 
Skadoit Brochure
Skadoit BrochureSkadoit Brochure
Skadoit Brochure
 
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...
 
Introduction of file based workflows 111004 vfinal
Introduction of file based workflows 111004 vfinalIntroduction of file based workflows 111004 vfinal
Introduction of file based workflows 111004 vfinal
 
Securing Your Endpoints Using Novell ZENworks Endpoint Security Management
Securing Your Endpoints Using Novell ZENworks Endpoint Security ManagementSecuring Your Endpoints Using Novell ZENworks Endpoint Security Management
Securing Your Endpoints Using Novell ZENworks Endpoint Security Management
 
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...
Track 2, Session 2, worlds most powerful intelligent and trusted storage syst...
 
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceMS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
 
EMC Forum India 2011, Day 2 - Welcome Note by Manoj Chugh
EMC Forum India 2011, Day 2 - Welcome Note by Manoj ChughEMC Forum India 2011, Day 2 - Welcome Note by Manoj Chugh
EMC Forum India 2011, Day 2 - Welcome Note by Manoj Chugh
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profile
 
Business Driven Security Securing the Smarter Planet pcty_020710_rev
Business Driven Security Securing the Smarter Planet pcty_020710_revBusiness Driven Security Securing the Smarter Planet pcty_020710_rev
Business Driven Security Securing the Smarter Planet pcty_020710_rev
 
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure to Enable Data Analysis CollaborationThe Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
 
Microsoft India - Leighton Case Study
Microsoft India - Leighton Case StudyMicrosoft India - Leighton Case Study
Microsoft India - Leighton Case Study
 
Maximizing Security Training ROI
Maximizing Security Training ROIMaximizing Security Training ROI
Maximizing Security Training ROI
 
Dell - Storage 12sept2012
Dell - Storage 12sept2012Dell - Storage 12sept2012
Dell - Storage 12sept2012
 
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy BurtonVMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
VMworld 2012 - Spotlight Session - EMC Transforms IT - Jeremy Burton
 
Adding intelligence to your dcim solution rf code
Adding intelligence to your dcim solution rf codeAdding intelligence to your dcim solution rf code
Adding intelligence to your dcim solution rf code
 
Veritas Storage Foundation
Veritas Storage FoundationVeritas Storage Foundation
Veritas Storage Foundation
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012
 

Similar to Tom McCann - Sopra

Joe baguley cloudcamp london intro 24.10.12
Joe baguley cloudcamp london intro 24.10.12Joe baguley cloudcamp london intro 24.10.12
Joe baguley cloudcamp london intro 24.10.12Chris Purrington
 
CloudCamp London #17 Intro
CloudCamp London #17 IntroCloudCamp London #17 Intro
CloudCamp London #17 IntroJoe Baguley
 
Data Loss Prevention de RSA
Data Loss Prevention de RSAData Loss Prevention de RSA
Data Loss Prevention de RSAAEC Networks
 
Track 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahaniTrack 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahaniEMC Forum India
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Securityebuc
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 
Scality, Cloud Storage pour Zimbra
Scality, Cloud Storage pour ZimbraScality, Cloud Storage pour Zimbra
Scality, Cloud Storage pour ZimbraAntony Barroux
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...IMEX Research
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the CloudWSO2
 
Apptio up cloud conference 2012 [final].pptx
Apptio up cloud conference 2012 [final].pptxApptio up cloud conference 2012 [final].pptx
Apptio up cloud conference 2012 [final].pptxKhazret Sapenov
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron? Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron? Risk Crew
 
Private&publish cloud present
Private&publish cloud presentPrivate&publish cloud present
Private&publish cloud presentnisitgolf
 
Cloud Computing Best Practices
Cloud Computing Best PracticesCloud Computing Best Practices
Cloud Computing Best PracticesArmor
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012itandlaw
 

Similar to Tom McCann - Sopra (20)

Joe baguley cloudcamp london intro 24.10.12
Joe baguley cloudcamp london intro 24.10.12Joe baguley cloudcamp london intro 24.10.12
Joe baguley cloudcamp london intro 24.10.12
 
CloudCamp London #17 Intro
CloudCamp London #17 IntroCloudCamp London #17 Intro
CloudCamp London #17 Intro
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Event
 
Data Loss Prevention de RSA
Data Loss Prevention de RSAData Loss Prevention de RSA
Data Loss Prevention de RSA
 
Track 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahaniTrack 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahani
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
 
Software as a Service
Software as a ServiceSoftware as a Service
Software as a Service
 
Scality, Cloud Storage pour Zimbra
Scality, Cloud Storage pour ZimbraScality, Cloud Storage pour Zimbra
Scality, Cloud Storage pour Zimbra
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the Cloud
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the Cloud
 
Apptio up cloud conference 2012 [final].pptx
Apptio up cloud conference 2012 [final].pptxApptio up cloud conference 2012 [final].pptx
Apptio up cloud conference 2012 [final].pptx
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron? Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron?
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
 
Private&publish cloud present
Private&publish cloud presentPrivate&publish cloud present
Private&publish cloud present
 
Cloud Computing Best Practices
Cloud Computing Best PracticesCloud Computing Best Practices
Cloud Computing Best Practices
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012
 

More from Socitm

G cloud presentation
G cloud presentation G cloud presentation
G cloud presentation Socitm
 
Socitm Highlights July 2015
Socitm Highlights July 2015Socitm Highlights July 2015
Socitm Highlights July 2015Socitm
 
The Digital Journey - A Local Government Perspective
The Digital Journey - A Local Government PerspectiveThe Digital Journey - A Local Government Perspective
The Digital Journey - A Local Government PerspectiveSocitm
 
Top Talent 2015 Workshop Slides
Top Talent 2015 Workshop SlidesTop Talent 2015 Workshop Slides
Top Talent 2015 Workshop SlidesSocitm
 
Digital Public Services Strategy
Digital Public Services StrategyDigital Public Services Strategy
Digital Public Services StrategySocitm
 
Insights into Leadership
Insights into Leadership Insights into Leadership
Insights into Leadership Socitm
 
Top Talent 2014 - My Experiences
Top Talent 2014 - My ExperiencesTop Talent 2014 - My Experiences
Top Talent 2014 - My ExperiencesSocitm
 
Socitm Supplier Briefing London
Socitm Supplier Briefing LondonSocitm Supplier Briefing London
Socitm Supplier Briefing LondonSocitm
 
Socitm Supplier Briefing Birmingham
Socitm Supplier Briefing BirminghamSocitm Supplier Briefing Birmingham
Socitm Supplier Briefing BirminghamSocitm
 
Socitm Supplier Briefing Bolton
Socitm Supplier Briefing BoltonSocitm Supplier Briefing Bolton
Socitm Supplier Briefing BoltonSocitm
 
14 dec russell sutton final
14 dec russell sutton final14 dec russell sutton final
14 dec russell sutton finalSocitm
 
14 dec tim rainey
14 dec tim rainey14 dec tim rainey
14 dec tim raineySocitm
 
14 dec terry madgwick wts presentation
14 dec terry madgwick wts presentation14 dec terry madgwick wts presentation
14 dec terry madgwick wts presentationSocitm
 
14 dec sheenagh reynolds
14 dec sheenagh reynolds14 dec sheenagh reynolds
14 dec sheenagh reynoldsSocitm
 
14 dec fil thurlow
14 dec fil thurlow14 dec fil thurlow
14 dec fil thurlowSocitm
 
14 dec ellen jessett cais presentation
14 dec ellen jessett cais presentation14 dec ellen jessett cais presentation
14 dec ellen jessett cais presentationSocitm
 
14 dec vicky sargent
14 dec vicky sargent14 dec vicky sargent
14 dec vicky sargentSocitm
 
Customer Access - Improvement Service
Customer Access - Improvement ServiceCustomer Access - Improvement Service
Customer Access - Improvement ServiceSocitm
 
Rich Gwyther - Microsoft - A practical approach to realising actual cost savings
Rich Gwyther - Microsoft - A practical approach to realising actual cost savingsRich Gwyther - Microsoft - A practical approach to realising actual cost savings
Rich Gwyther - Microsoft - A practical approach to realising actual cost savingsSocitm
 
Richard brandon - MLL Telecom - Delivering shared networks for local authorities
Richard brandon - MLL Telecom - Delivering shared networks for local authoritiesRichard brandon - MLL Telecom - Delivering shared networks for local authorities
Richard brandon - MLL Telecom - Delivering shared networks for local authoritiesSocitm
 

More from Socitm (20)

G cloud presentation
G cloud presentation G cloud presentation
G cloud presentation
 
Socitm Highlights July 2015
Socitm Highlights July 2015Socitm Highlights July 2015
Socitm Highlights July 2015
 
The Digital Journey - A Local Government Perspective
The Digital Journey - A Local Government PerspectiveThe Digital Journey - A Local Government Perspective
The Digital Journey - A Local Government Perspective
 
Top Talent 2015 Workshop Slides
Top Talent 2015 Workshop SlidesTop Talent 2015 Workshop Slides
Top Talent 2015 Workshop Slides
 
Digital Public Services Strategy
Digital Public Services StrategyDigital Public Services Strategy
Digital Public Services Strategy
 
Insights into Leadership
Insights into Leadership Insights into Leadership
Insights into Leadership
 
Top Talent 2014 - My Experiences
Top Talent 2014 - My ExperiencesTop Talent 2014 - My Experiences
Top Talent 2014 - My Experiences
 
Socitm Supplier Briefing London
Socitm Supplier Briefing LondonSocitm Supplier Briefing London
Socitm Supplier Briefing London
 
Socitm Supplier Briefing Birmingham
Socitm Supplier Briefing BirminghamSocitm Supplier Briefing Birmingham
Socitm Supplier Briefing Birmingham
 
Socitm Supplier Briefing Bolton
Socitm Supplier Briefing BoltonSocitm Supplier Briefing Bolton
Socitm Supplier Briefing Bolton
 
14 dec russell sutton final
14 dec russell sutton final14 dec russell sutton final
14 dec russell sutton final
 
14 dec tim rainey
14 dec tim rainey14 dec tim rainey
14 dec tim rainey
 
14 dec terry madgwick wts presentation
14 dec terry madgwick wts presentation14 dec terry madgwick wts presentation
14 dec terry madgwick wts presentation
 
14 dec sheenagh reynolds
14 dec sheenagh reynolds14 dec sheenagh reynolds
14 dec sheenagh reynolds
 
14 dec fil thurlow
14 dec fil thurlow14 dec fil thurlow
14 dec fil thurlow
 
14 dec ellen jessett cais presentation
14 dec ellen jessett cais presentation14 dec ellen jessett cais presentation
14 dec ellen jessett cais presentation
 
14 dec vicky sargent
14 dec vicky sargent14 dec vicky sargent
14 dec vicky sargent
 
Customer Access - Improvement Service
Customer Access - Improvement ServiceCustomer Access - Improvement Service
Customer Access - Improvement Service
 
Rich Gwyther - Microsoft - A practical approach to realising actual cost savings
Rich Gwyther - Microsoft - A practical approach to realising actual cost savingsRich Gwyther - Microsoft - A practical approach to realising actual cost savings
Rich Gwyther - Microsoft - A practical approach to realising actual cost savings
 
Richard brandon - MLL Telecom - Delivering shared networks for local authorities
Richard brandon - MLL Telecom - Delivering shared networks for local authoritiesRichard brandon - MLL Telecom - Delivering shared networks for local authorities
Richard brandon - MLL Telecom - Delivering shared networks for local authorities
 

Recently uploaded

7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 

Recently uploaded (20)

7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 

Tom McCann - Sopra

  • 1. Navigating a safe course to better information assurance Enabling Your Business TALENTED TOGETHER SOCITM Conference Oct 2009 1
  • 2. Agenda 1 1 Introduction Introduction 2 2 Context Context 3 3 Government perspective Government perspective 4 4 Assistance available Assistance available 5 5 Point of view Point of view SOCITM Conference Oct 2009 2
  • 3. Wrecks – A brief history of non-protection Government, healthcare and education sectors accounted for 60% of data breaches and 60% of identities exposed* *Symantec ISTR vol. XIII, Apr 2008 SOCITM Conference Oct 2009 33
  • 4. Data Protection Reported DPA breaches 578 since Nov 07 Private sector 172 NHS 162 Local Government 69 Central Government 56 “No organisation handling information can guarantee it will never experience losses. But people have a right to expect that their public services achieve and maintain high standards in this important area. Those involved in delivering those public services must work harder and be more effective to meet and exceed those expectations.” (Sir Gus O’Donnell) SOCITM Conference Oct 2009 4
  • 5. So what? SOCITM Conference Oct 2009 5
  • 6. Personal data is now pervasive Network End Point Application DB/FS Storage Enterprise App Database Disk Storage WAN Web Servers Core App Database Disk Storage Backup Tape Custom App Replicated Disk Storage Other sites Database Backup & Partners Exchange Disk Storage Internet Server Backup Disk File Server Disk Storage Backup Portals SOCITM Conference Oct 2009 6
  • 7. Major threat areas X High Risk Risk Medium Risk Low Risk Network End Point Application DB/FS Storage 3 8 4 Packets sniffed Privileged User Privileged User in transit Breach Breach DBA/FSA 1 5 Database Disk Storage Media lost or Enterprise App WAN Database/File stolen Server Hack Web Servers Core App Database Disk Storage 13 Trojans / Key 9 9 Loggers Application Application Backup Hack Hack Tape Replicated Disk Storage Custom App Other sites Database Backup & Partners 2 6 Disks stolen or (Semi) Trusted discarded media User Misuse exploited Exchange Disk Storage Internet Server Backup 10 Disk (Semi) 14 Trusted User 3 Unintentional Misuse Packets sniffed File Server Disk Storage Distribution in transit 12 Physical theft of media or lost Backup media exploited Internal Portals 7 Unintentional 15 11 Distribution Public Infrastructure Unintentional Access Hack Distribution SOCITM Conference Oct 2009 7
  • 8. World Economic Forum 2009 SOCITM Conference Oct 2009 8
  • 9. PCI DSS Requirements for Key Focus Areas for PCI Compliance Compliance Build & Maintain a Secure Network Protect Cardholder Data Information Security Network Maintain a Policies Security Vulnerability Management Program PCI PCI Remediation Encryption Remediation Implement Strong Strategy Strategy Logging Key Management Log Review Access Control Access Control Measures & Management Maintain an Information File Integrity Security Policy Monitoring Regularly Monitor Vulnerability & Test Networks Management SOCITM Conference Oct 2009 9
  • 10. Real risk of compliance fatigue Increasing stakeholder Citizens Council Central LGA demands Gov’t + Expanding risk & Internal External Corporate Finance Legal Risk control oversight Audit Audit ServicesICO functions + Changing law, policy & directives Policy Privacy BCP InfoSec Op’ Risk = Business fatigue Lack of co-ordination Duplicate effort Risks falling between the cracks Competition for ICT attention SOCITM Conference Oct 2009 10
  • 11. IA challenges facing Public Sector Government Agenda Shared services v’s privacy v’s efficiency Citizen centric – more online services Global development Citizen expectations Growing threats to UK Plc Expanding compliance requirements New CIA – Convenience / Interoperability / Affordability SOCITM Conference Oct 2009 11
  • 12. Reviews Conducted Government Reviews Government Reviews Data Handling Report Data Handling Report HMRC – Poynter Review (Kieran Poynter PWC) June 2008 Security Policy F/Work Security Policy F/Work MOD – Burton Review (Sir Edmund Burton) June 2008 New Guidance New Guidance Data Handling Review IA Maturity Model IA Maturity Model (Sir Gus O’Donnell) June 2008 Looking Forward Looking Forward Data Sharing Review (Richard Thomas & Dr Mark Walport) July 2008 SOCITM Conference Oct 2009 12
  • 13. Reefs and rocks – where things go wrong Cost reduction pressures Competing business priorities now v’s secure Failing to effectively risk manage 3rd parties outsourcing … development … hosting … testing New initiatives cloud computing … offshore … Mobility remote working … mobile computing (32GB of data on a mobile phone..) Compliance fatigue SOCITM Conference Oct 2009 13
  • 14. Data Handling Report Government Reviews Government Reviews Data Handling Report Data Handling Report Key DHR Recommendations Core measures to protect personal data Security Policy F/Work Security Policy F/Work and other information across Government; New Guidance New Guidance A culture that properly values, protects and uses information; IA Maturity Model IA Maturity Model Stronger accountability mechanisms; and Looking Forward Looking Forward Stronger scrutiny of performance. SOCITM Conference Oct 2009 14
  • 15. Charts to help you Government Reviews Government Reviews Replaced Manual of Protective Security (MPS) Data Handling Report Data Handling Report Collective responsibility to protect assets Must be able to share information Must have confidence in people Security Policy F/Work Security Policy F/Work Business resilience Mandated Protective Security Policy New Guidance New Guidance For HMG Departments and their Agencies Includes IA Policy 70 Mandatory requirements IA Maturity Model IA Maturity Model 4 Tiers Tiers 1-3 Not Protectively Marked Looking Forward Looking Forward Available to public & WIAC via CSIA Tier 4 – Restricted Available through accredited route New ICO Powers Monetary Penalties Assessment Notices (without permission) New EU e-privacy legislation will drive ‘Breach Notification’ requirement (2-3 years) SOCITM Conference Oct 2009 15
  • 16. The High Level View Cyber Security Strategy of the UK National Information Assurance Strategy (NIAS) Security Policy Framework (SPF) Data Protection Act 70 Minimum Mandatory Measures Information Act Freedom of Information Assurance Maturity Model (IAMM) HMG IA Standard No. 6 Accreditation Data Handling Review Guidelines CoCo’s Other Legal / Compliance Requirements (PCI, RIPA, etc) SOCITM Conference Oct 2009 16
  • 17. Some new lighthouses Government Reviews Government Reviews Local Authority Data Handling Guidelines Data Handling Report Data Handling Report Data Handling (NHS) Enhanced Governance Security Policy F/Work Govt level – IADG / IAOB Security Policy F/Work Locally – SIRO / Data ownership Improved professionalism - IISP New Guidance New Guidance IA Good Practice Guides Currently 15 Outsourcing Data Aggregation IA Maturity Model IA Maturity Model Laptops Remote working Secure bulk data transfers Looking Forward Looking Forward IA Standards Existing standards reviewed New risk assessment methodology New Standards (IAS 6) SOCITM Conference Oct 2009 17
  • 18. Protecting personal data HMG IA Standard No.6 - Protecting Personal Data and Managing Information Risk Outlines minimum measures MUST be implemented by Departments & Agencies bound by the SPF. Key Principles Departments and delivery partners must protect personal data Sensitive personal information must be handled in accordance with specific measures Those with access to sensitive personal data must have appropriate training. SOCITM Conference Oct 2009 18
  • 19. Government model for IA “The pressure is to deliver quicker, but the advantage will be on those who can build in assurance” (Sir E. Burton) EXTRINSIC INTRINSIC Evaluate Solutions Design in IA Determine Residual Risk OPERATIONAL IMPLEMENTATION Ongoing IA Management Build in IA SOCITM Conference Oct 2009 19
  • 20. IA Maturity Model (IAMM) Government Reviews Government Reviews IAMM and IA Assessment Framework Published Data Handling Report Data Handling Report in Sept 2008 to assist Senior Information Risk Owners (SIROs) develop IA maturity within their Departments Security Policy F/Work Security Policy F/Work Will assist boards to report improvements in their IA and IRM in their annual reports to Cabinet New Guidance New Guidance Office. Incorporates SPF and DHR requirements and is IA Maturity Model IA Maturity Model aligned to ISO 27001. Looking Forward Looking Forward Departments will need to provide evidence of IA maturity in their Agencies, NDPBs and delivery partners 5 levels – Initial (1) to Optimised (5) Self-assessment and supported self-assessment SOCITM Conference Oct 2009 20
  • 21. On the horizon Government Reviews Government Reviews NIAS Delivery Data Handling Report Data Handling Report Continued focus on DH (>ICO powers) Security Policy F/Work Security Policy F/Work Increased focus on Training Audit New Guidance Benchmarking New Guidance WIAC adoption DH guidelines IA Maturity Model IA Maturity Model SPF Governance measures Looking Forward Looking Forward Delivery Partner scrutiny Partner with Industry Initiative (PWI) Government Cyber security strategy PCI incorporated into policy SOCITM Conference Oct 2009 21
  • 22. Safety equipment Education, education, education! Through-life assurance approach build security in & prove it Risk management advice CESG CLAS scheme Ensure 3rd parties know what they need to do & do it! flowdown of any CoCo requirements Technology solutions encryption, DLP, etc Proven ability to react in the event of an incident forensics readiness Ongoing technical assurance CESG CHECK scheme SOCITM Conference Oct 2009 22
  • 23. Prove that your security is effective Penetration Test (s) (Annual /bi-annual/quarterly) (including CHECK) External Network Mapping Vulnerability Scanning Service of external network Monthly reports Workshops with Security Consultants SOCITM Conference Oct 2009 23
  • 24. Point of view The recent global events around data loss has been cause for significant reflection as to the effectiveness of information risk management & compliance globally – expect more ‘regulation’ The pace of change in UK Government in particular has been unprecedented – the assurance elements have yet to mature Quality and clarity of guidance available in the UK is unlike any other country globally It is possible to implement an information centric security assurance strategy which reduces compliance cost and minimises duplication of effort Effective information assurance supported by sound governance is key to not repeating the mistakes of the past SOCITM Conference Oct 2009 24 24
  • 25. A final word from the Information Commissioner … The blunt truth is that all organisations need to take the protection of customer data with the utmost seriousness. I have made it clear publicly on several occasions over the past year that organisations holding individuals’ data must in particular take steps to ensure that it is adequately protected from loss or theft. … Getting data protection wrong can bring commercial reputational, regulatory and legal penalties. Getting it right brings rewards in terms of customer trust and confidence. … Richard Thomas April 2008 SOCITM Conference Oct 2009 25
  • 26. Questions …? SOCITM Conference Oct 2009 26