Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Uncovering the key to a successful psim installation
Similar to Uncovering the key to a successful psim installation (20)
Recently uploaded
Recently uploaded (20)
Uncovering the key to a successful psim installation
- 1. UNCOVERING THE KEY TO A SUCCESSFUL PSIM INSTALLATION. Dr. Bob Banerjee Sr. DirectorTraining and Development, NICE Systems Inc.
- 2. Vision Contained, big picture buy-in, simple budget Ensure others share baby step strategy Trackable goals, justifies growth, deflect pessimists Scope creep: complexity and priority confusion. Operations Expect to expand scope post-rollout Vendor claims backed in writing
- 3. Interfaces Kid in a candy store Vendor API agreements – technical and political hurdles. Beware ‘It can…’ Build once, maintain forever Integration license fees
- 4. Rollout Broad impact. Comfort zone. Senior reinforcement Phased rollout, incorporate lessons learned Low hanging fruit, early success, gain trust, grow
- 5. The Life Cycle Of Security Operations Time ResourceLevel Prediction SituationalAwareness Reconstruction / Investigation Situation Management
- 6. Datafication (Big Data generation) Alarm Correlation from Big Data Big Data Collection Proactive Action based on Big Data Similarity Alarm Unification from Big Data Big Data Mining (Identifying Insights) Proactive Action based on Big Data Abnormality November 19th – 21st @psoce I www.psoce.com Hilton Long Beach & Executive Meeting Center 2013 Port Security Operations Conference & Expo PSOCE – LA I Long Beach
- 7. Training PSIM impacts processes, users change behavior 3-6m to 2-3d. Do prior to rollout to gain confidence Attrition means retraining. Management movement requires re- justification (what and why) Minor tweaks handled by local system admin
- 8. Maintenance Feeding Resources – user, consultant, SI and vendor Roles – sys admin, high level config, low level config, interfaces
- 9. CAPTURE CORRELATE & ANALYZE NICEValue Prop Optimizing Security Operations; Minimizing Risk; Improving Investigations MANAGE Real TimeOffline PSIM & Situation Management Situator Incident Debriefing & Investigation Inform Audio Recording & Management Video Management & Analytics NiceVision Web Insight
- 11. Key Benefits SO WHAT CAN NICE DO FOR YOU…? Faster Response Better Awareness Efficient Use of Resources False Alert Reduction Consistency in Handling Learning and Improving
- 12. The Life Cycle Of Security Operations Time ResourceLevel Prediction SituationalAwareness Reconstruction / Investigation Situation Management Better Awareness False Alert Reduction Efficient Use of Resources Faster Response Consistency in Handling Learning and Improving Learning and Improving
- 13. Return On Investment ROI Shows value and creates interest Helps the ‘CSO’ convince internally Remove opposition and doubt Be customer specific Show potential savings based on customer specific figures Use our success stories Tools at your disposal Internal case study decks ROI ppt ROI excel Better Awareness Faster Response False Alert Reduction Efficient Use of Resources Consistency in Handling Learning and Improving
Editor's Notes
- Initial Visioning Scope – confined, not everything. Other departments need to know the big picture and give their buy-in, but not smother the initial project. Budget from one place, else competing priorities. If you start small, and intend to grow big, you need the confidence that the organization shares that vision. Tangible and measurable goals (saving headcount, alarm reaction time, incident closure time, reduce false alarms, reduce time to be and prove compliance, reduce complaints of other people not knowing, etc. If it meets them, then it is successful – no statements like ‘it isn’t used or it doesn’t do what we want it to. Scope creep pre-installation, beware of touching too many other systems and departments because of added complexity. Also beware of moving from physical security to operations – complexity and especially priorities. Expanding scope post-installation, people start realizing the potential impact once they see it live. It is important to capture these feedback ideas else you start getting ‘well it doesn’t do X’ which affects adoption. Ensure any claims or promises from the vendor are backed up by their professional services group in writing.
- Interfaces Kid in a candy store – ‘we can pull everything together’. Decide what you want to achieve, and let that drive what you want to integrate. Vendor integration agreements – technical and political challenges. Some APIs better than others, supported better, reverse engineering, 1-way or 2-way. Rate of change, also previous integration may be old enough that major rework has to be done to incorporate functionality that did not exist before, or was not implemented. May perceive integration as a threat, loosening choke hold on the customer. A VMS or PACS vendor may have a proprietary PSIM roadmap and may want to exclude any other. Beware the vendor who claims they can integrate to X – demand a letter from X indicating that they will cooperate, and check potential license fees.
- Rollout Sudden change is rarely well received – yanks us out of our comfort zone. Need senior enforcement that this PSIM, the new system of record, is the new way, so people stop using backdoors or other workarounds. Complex projects are invariably better rolled out in phases. Lessons learned can be fed in. If too many stakeholders then makes priorities complicated. Smaller budget, and proof of meeting original goals establishes faith and can further justify investment.
- We can also look at the effort the customer puts into handling each one of these stages, this is an illustration of course but in reality every incident has certain characteristics that we can influence and improve, in the following slides we will discuss how we can improve various aspects of incident handling
- Training Reduces training from 3-6 months to 2-3 days. Do this prior to roll out to gain end user confidence. PSIM affects many people and the way they work, training and practice is more important from a behavioral modification point of view that learning how to use the system. Attrition at the operator level demands continuous training classes. Movement in the management sometimes requires ‘re-justification’ as to why the system does what it does, and in the way it does it. For system administration, frequent tasks should be handled by permanent staff to expedite. PSIM is at the hub of how people and systems interoperate – if it needs tweaking then it may look disproportionately bad if it takes too long.
- Maintenance Monster has to be fed – far from set and forget. It is the center of everything. 4 typical categories of resources that engage: end user, consultant, SI and vendor. 3 broad categories of maintenance work, system admin such as managing users and privileges, contact info and designing real-time reports. High Level System Configuration such as adding/replacing sensors, modifying maps, creating and modifying business rules and procedures, creating reports. Low Level System Configuration such as adding a new or updated subsystem. Interface development and revision.
- Looking at our portfolio we can emphasize that we have products that capture and analyze information in the bottom 2 products Our strength is on adding value to your security operations through smart content analytics sensor correlation that help you make sense of your security big data and increase efficiency and effectiveness. Another talking point is that we help you manage your security needs in real-time and post event Another element of our physical security portfolio is the newly added web insight solution – which compliments our offering with cyber insights (which are taken from open source web) which compliments the solution through the entire life cycle of the event, from prediction, to real time information flow through post event investigation The bottom line is that we help you optimize security operations, reduce risk, and improve investigations We can also emphasize that our products capture masses of data, and add value to your security operations through content analytics and correlations to help make sense of the overflow of information Another talking point is that we help you manage all of that in real time as well as post event Another element of our physical security portfolio is the newly added web insight The bottom line is that we help you optimize security operations, reduce risk, and improve investigations
- Here are the main benefits that NICE can provide These areas apply to almost all customer sin all domains, the trick is to use your customers specific examples and their potential benefits
- Now if we go back to the typical life cycle of an incident we can see the benefits we discussed cover and have an impact on all stages of the process, in the end of the day we reduce the overall effort and the overall time needed to handle incidents. It is important to take your customer’s specific situation, choose the right benefits that make sense for them and show how the improvement can be achieved
- Discussing ROI has a specifically strong impact on the sales process, as you have seem throughout the presentation many of the benefits can be associated to measurable ROI (and if not measureable then certainly implied ROI), this always creates more interests, helps our customer gain internal support and budgets and creates a higher level discussion. It doesn’t always have to be “mathematically” proven, its enough to establish the expectation of significant savings Important to remember – be specific (this requires some preparation on the customer specific case). We have quick a few cases you can learn from, they are described in details in our internal case studies, and in addition there are ROI tools you can use