A new approach to    information security services11101101110111011101110101010000010011010010011001111011000011001111000 ...
We’re competing in a lemon market ...now what ?
11101101110111011101110101010000010011010010011001111011000011001111000   “   The service provider that       understands ...
11101101110111011101110101010000010011010010011001111011000011001111000  Data driven services           penetration     vu...
11101101110111011101110101010000010011010010011001111011000011001111000  Data driven services                        - cre...
11101101110111011101110101010000010011010010011001111011000011001111000  Data models  penetration testing   Client        ...
11101101110111011101110101010000010011010010011001111011000011001111000  Data models  vulnerability management       (TBD)
11101101110111011101110101010000010011010010011001111011000011001111000  Data models  security monitoring       (TBD)
11101101110111011101110101010000010011010010011001111011000011001111000  How ?                             Data entry     ...
11101101110111011101110101010000010011010010011001111011000011001111000  Why ?  Client  • expects our expertise beyond eng...
11101101110111011101110101010000010011010010011001111011000011001111000                           Question                ...
Upcoming SlideShare
Loading in …5
×

Data Driven Infosec Services

730 views

Published on

A short preso about data-driven security services.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
730
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Data Driven Infosec Services

  1. 1. A new approach to information security services11101101110111011101110101010000010011010010011001111011000011001111000 A data-driven services portfolio
  2. 2. We’re competing in a lemon market ...now what ?
  3. 3. 11101101110111011101110101010000010011010010011001111011000011001111000 “ The service provider that understands the art of making use of data wins the trust of the client. ”
  4. 4. 11101101110111011101110101010000010011010010011001111011000011001111000 Data driven services penetration vulnerability security testing management monitoring incident SDLC security response services architecture
  5. 5. 11101101110111011101110101010000010011010010011001111011000011001111000 Data driven services - create data model per service collect - ensure consistent collection - create security data warehouse store - store data according to data model - create analysis use cases analyze - generate intelligence from collected data
  6. 6. 11101101110111011101110101010000010011010010011001111011000011001111000 Data models penetration testing Client Vertical <client> Size ($) <clientdata> Headcount <vertical>Healthcare</vertical> Security Team <size>200,000,000</size> Security budget <headcount>1500</size> <secteam>5</secteam> <secbudget>1,000,000</secbudget> Test </clientdata> <test> Scope <scope>Surgeon Webapp</scope> Type <type>WebApp</scope> Size <size>3</size> Timeframe <timeframe>5</timeframe> <testsubject> Subject <type>front-end server</type> <size>20</size> Type <criticality>9</criticality> Size <finding> Criticality <type>XSS</type> <description>stored XSS by authenticated user</description> <threat>low</threat> Finding <impact>high</impact> Type </finding> Description </testsubject> Threat </test> Impact </client>
  7. 7. 11101101110111011101110101010000010011010010011001111011000011001111000 Data models vulnerability management (TBD)
  8. 8. 11101101110111011101110101010000010011010010011001111011000011001111000 Data models security monitoring (TBD)
  9. 9. 11101101110111011101110101010000010011010010011001111011000011001111000 How ? Data entry Reporting DB Consultants g Reportin t ing or Re p lt i ng su C on Data entry $$$$$ Sales/Marketing/ Management Clients Clients
  10. 10. 11101101110111011101110101010000010011010010011001111011000011001111000 Why ? Client • expects our expertise beyond engagement • lacks bandwidth for data analysis • requires more data for various purposes compliance, risk management, reporting, ... We • require a USP in a lemon market • require data to improve service quality • require data to improve service profitability • desire to deepen relationship with customer
  11. 11. 11101101110111011101110101010000010011010010011001111011000011001111000 Question Answer Answer = Satisfactory ? End

×